[HN Gopher] Security lapse exposed Clearview AI source code ___________________________________________________________________ Security lapse exposed Clearview AI source code Author : jbegley Score : 53 points Date : 2020-04-16 19:15 UTC (3 hours ago) (HTM) web link (techcrunch.com) (TXT) w3m dump (techcrunch.com) | tptacek wrote: | Clearview is bad. And I haven't dug into the supporting materials | for this story at all. But it's disquieting that this story | appears to include sensitive private information obtained through | security research and released directly to a media outlet, | including camera footage apparently taken from a compromised | cloud storage bucket. That's not how security research works. | jiveturkey wrote: | > Hussein, who has previously reported security issues at | several startups, including MoviePass, Remine and Blind, said | he reported the exposure to Clearview but declined to accept a | bounty, which he said if signed would have barred him from | publicly disclosing the security lapse. | | seems grey to me | twomoretime wrote: | I like this Hussein guy though. Glad he acted selflessly. | Need more like him. | newprint wrote: | I like Hussein as well ! | zentiggr wrote: | The "accept the money and keep quiet" part? Yep, very gray. | newprint wrote: | It is perfect irony! They left their code wide open out on the | web, the same way they went out scraping for people's pictures | on the wide open web. | pushcx wrote: | I'm curious if the repo supports the recent story that | Clearview's early programmers came from an alt-right social | circle. They've publicly denied links that the journalists seemed | to support quite well. | | https://www.huffpost.com/entry/clearview-ai-facial-recogniti... | | Does anyone know the security researcher to ask them to run this? | git log --format='%aN' | sort | uniq -c | sort -rn | iamleppert wrote: | Does anyone have a copy of their source code? | dsalzman wrote: | Can we please not do this? "Hussein said that he found some | 70,000 videos in one of Clearview's cloud storage buckets, taken | from a camera installed at face-height in the lobby of a | residential building. The videos show residents entering and | leaving the building. | | Ton-That explained that, "as part of prototyping a security | camera product we collected some raw video strictly for debugging | purposes, with the permission of the building management."" ___________________________________________________________________ (page generated 2020-04-16 23:00 UTC)