AFAIK she got talked to in a police station and decided to pull back her output for the time being. She was trying to white hat a security vulnerability that affected a lot of Chinese devices, but the story got picked up by anti-China tech blogs, and the association stuck to her even though she’s been generally pro-China in the past. It’s not great but it also isn’t the secret police spiriting her away to a labor camp for ten years.
Really aren’t supposed to make exploits you discover public until after you have notified all the proper authorities and waited a specified amount of time to give the effected vendors time to get things patched if possible. Even in the US, just making this stuff public without following these best practices will get you visited by the FBI because they will be wondering if you are naive and need a talking to or you are some kind of agent of chaos wanting to see the world burn.
edit: to cover your ass and prevent companies from trying to pull this shit it’s best to at the same time file a report with the CISA if in the US or the CAC if in China via their websites in addition to making a CVE report.
Ugggh. I hate it when companies pull that shit. Just wastes law enforcements time and tarnishes the companies reputation. It always backfires spectacularly but some of them still try it rather than saying “thank you” and maybe paying a bug bounty reward to encourage people to not just sell the information to a certain Israeli cyber-weapons firm. Apple used to be famous for doing this shit and even they eventually caved after realizing it was counter productive.
It’s shitty. Hunting down bugs and exploits is a clear social good, but capitalists view it as a threat bc it’s often expensive to mitigate the exploit, especially if it’s hardware or firmware. Getting the cops involved in just dirty. The cops very likely don’t have any sympathy for a random white-hat hacker trying to do a good thing, especially once they get in to a “threat to national security” attitude. I hope Naomi is okay. She’s really vulnerable as an out lesbian and just being an outrageously stylish person. : p
AFAIK she got talked to in a police station and decided to pull back her output for the time being. She was trying to white hat a security vulnerability that affected a lot of Chinese devices, but the story got picked up by anti-China tech blogs, and the association stuck to her even though she’s been generally pro-China in the past. It’s not great but it also isn’t the secret police spiriting her away to a labor camp for ten years.
Really aren’t supposed to make exploits you discover public until after you have notified all the proper authorities and waited a specified amount of time to give the effected vendors time to get things patched if possible. Even in the US, just making this stuff public without following these best practices will get you visited by the FBI because they will be wondering if you are naive and need a talking to or you are some kind of agent of chaos wanting to see the world burn.
edit: to cover your ass and prevent companies from trying to pull this shit it’s best to at the same time file a report with the CISA if in the US or the CAC if in China via their websites in addition to making a CVE report.
IIRC she told the company first, but they called the authorities on her, which was the start of the trouble.
Ugggh. I hate it when companies pull that shit. Just wastes law enforcements time and tarnishes the companies reputation. It always backfires spectacularly but some of them still try it rather than saying “thank you” and maybe paying a bug bounty reward to encourage people to not just sell the information to a certain Israeli cyber-weapons firm. Apple used to be famous for doing this shit and even they eventually caved after realizing it was counter productive.
It’s shitty. Hunting down bugs and exploits is a clear social good, but capitalists view it as a threat bc it’s often expensive to mitigate the exploit, especially if it’s hardware or firmware. Getting the cops involved in just dirty. The cops very likely don’t have any sympathy for a random white-hat hacker trying to do a good thing, especially once they get in to a “threat to national security” attitude. I hope Naomi is okay. She’s really vulnerable as an out lesbian and just being an outrageously stylish person. : p