hngopher.com

       [HN Gopher] Security lapse exposed Clearview AI source code
       ___________________________________________________________________
        
       Security lapse exposed Clearview AI source code
        
       Author : jbegley
       Score  : 53 points
       Date   : 2020-04-16 19:15 UTC (3 hours ago)
        
 (HTM) web link (techcrunch.com)
 (TXT) w3m dump (techcrunch.com)
        
       | tptacek wrote:
       | Clearview is bad. And I haven't dug into the supporting materials
       | for this story at all. But it's disquieting that this story
       | appears to include sensitive private information obtained through
       | security research and released directly to a media outlet,
       | including camera footage apparently taken from a compromised
       | cloud storage bucket. That's not how security research works.
        
         | jiveturkey wrote:
         | > Hussein, who has previously reported security issues at
         | several startups, including MoviePass, Remine and Blind, said
         | he reported the exposure to Clearview but declined to accept a
         | bounty, which he said if signed would have barred him from
         | publicly disclosing the security lapse.
         | 
         | seems grey to me
        
           | twomoretime wrote:
           | I like this Hussein guy though. Glad he acted selflessly.
           | Need more like him.
        
             | newprint wrote:
             | I like Hussein as well !
        
           | zentiggr wrote:
           | The "accept the money and keep quiet" part? Yep, very gray.
        
         | newprint wrote:
         | It is perfect irony! They left their code wide open out on the
         | web, the same way they went out scraping for people's pictures
         | on the wide open web.
        
       | pushcx wrote:
       | I'm curious if the repo supports the recent story that
       | Clearview's early programmers came from an alt-right social
       | circle. They've publicly denied links that the journalists seemed
       | to support quite well.
       | 
       | https://www.huffpost.com/entry/clearview-ai-facial-recogniti...
       | 
       | Does anyone know the security researcher to ask them to run this?
       | git log --format='%aN' | sort | uniq -c | sort -rn
        
       | iamleppert wrote:
       | Does anyone have a copy of their source code?
        
       | dsalzman wrote:
       | Can we please not do this? "Hussein said that he found some
       | 70,000 videos in one of Clearview's cloud storage buckets, taken
       | from a camera installed at face-height in the lobby of a
       | residential building. The videos show residents entering and
       | leaving the building.
       | 
       | Ton-That explained that, "as part of prototyping a security
       | camera product we collected some raw video strictly for debugging
       | purposes, with the permission of the building management.""
        
       ___________________________________________________________________
       (page generated 2020-04-16 23:00 UTC)