[HN Gopher] Twitch source code and customer data has reportedly ... ___________________________________________________________________ Twitch source code and customer data has reportedly been leaked Author : cvak Score : 974 points Date : 2021-10-06 08:34 UTC (14 hours ago) (HTM) web link (www.videogameschronicle.com) (TXT) w3m dump (www.videogameschronicle.com) | stevefan1999 wrote: | Here's a link to the data: bWFnbmV0Oj94dD11cm46YnRpaDpONUJMWjZYRU | NORUhIQVJISk9WUUFTNFc3VFdSWENTSSZkbj10d2l0Y2gtbGVha3MtcGFydC1vbmU | mdHI9dWRwJTNBJTJGJTJGb3Blbi5zdGVhbHRoLnNpJTNBODAlMkZhbm5vdW5jZQ== | sillysaurusx wrote: | Here's a base64 decoded version: | magnet:?xt=urn:btih:N5BLZ6XECNEHHARHJOVQAS4W7TWRXCSI&dn=twitch- | leaks-part-one&tr=udp%3A%2F%2Fopen.stealth.si%3A80%2Fannounce | k1rcher wrote: | Got it in my seedbox as of 15-20min ago: | | Downloaded: 7.84GB Uploaded: 64.64GB | | sheesh, one popular magnet! | ganoushoreilly wrote: | That sounds like it's just the database. The full leak is | 125.89gb | schleck8 wrote: | the power of foss | stevefan1999 wrote: | jesus, do you want to taste the banhammer? | sergiotapia wrote: | Thanks! | wizzairflyer wrote: | I'm very curious to have a peek but isn't downloading stolen | material a crime? And wouldn't this be compounded by the fact | that with torrent systems you are also helping redistributing | it further? | AnIdiotOnTheNet wrote: | Possibly, but more importantly it is also just plain immoral. | It's disturbing how readily this community wishes to access, | analyze, copy, and redistribute this stolen information. This | same community that bemoans corporate exploitation of data | now getting its rocks off creeping on stolen data. | _hilro wrote: | > It's disturbing how readily this community wishes to | access, analyze, copy, and redistribute this stolen | information | | I know right. Panama papers too. /s | acoard wrote: | At most, it would be copyright infringement if Twitch (or | Amazon) claimed copyright ownership of the code, which I | assume they do. | | There's no such "trade secrets" laws or anything like that | you're violating. Perhaps the hacker has broken laws of | unlawful access (i.e. hacking), but you certainly aren't just | by downloading it. It's as bad as downloading a song or | streaming a movie on a sketchy website. In practice, I've | never heard of anyone getting sued for downloading code in a | large leak. | | When the Windows source code got leaked, so many people | looked at it, including FAANG engineers. As long as you don't | bring any of that stuff to work you're fine. That includes | the knowledge[0] | | [0] https://en.wikipedia.org/wiki/Clean_room_design | AlexCoventry wrote: | I'm curious about which law downloading this would break. | rvnx wrote: | The fact that you are uploader (e.g. distributing the | content) while downloading a torrent seems to me to be the | biggest risk. | xeromal wrote: | If you have a seedbox, you're probably safe. | iamevn wrote: | Here's another link https://sizeof.cat/post/twitch-leaks/ | | Looks real to me based on the archive I managed to download so | far | d3nj4l wrote: | Amouranth making almost as much as shroud is insane and the | fact that it's that high even after twitch's recent moves is | telling. | lemoncookiechip wrote: | The revenue only contains a few data points (below), things | like TTS donations, 3rd party revenues like OnlyFans, | Patreon, Amazon Gifts and sponsorship deals are not included. | Amouranth makes insane amounts from her OF alone (an estimate | of 1 million $ per month based on an interview with | investmenttalk). Odds are that she makes far more than him, | same with a lot of other female streamers who know how to | monetize themselves. Obviously the same (Patreon, | sponsorships...) applies to male streamers but to a lesser | extent. | | 'ad_share_gross', 'sub_share_gross', 'bits_share_gross', | 'bits_developer_share_gross', 'bits_extension_share_gross', | 'prime_sub_share_gross', 'bit_share_ad_gross', | 'fuel_rev_gross', 'bb_rev_gross' | d3nj4l wrote: | Oh yeah of course, twitch is probably a minority of her | earnings. But what I think is more interesting is that | Twitch's moves to make it easy for advertisers to opt out | of streamers like her doesn't seem to have hurt her | earnings all that much if she's still that high. Ofc it | could be that ad revenue went down but sub revenue was way | higher, which, again, is telling. Also could be that ad | buyers didn't blink and continued paying for the hot tubs | category. I think it points to a more plausible future for | softcore streaming - there might be a market for stuff | that's less explicit than camgirls, especially if that | makes it easier for kids to access it. (I don't condone | this, just think it's interesting.) | slightwinder wrote: | Prices for ads is very poor on twitch. The claim was that | amouranth made "just" some ten thousand income with ads, | which considering how many viewers she has is not that | high. The majority of direct income on twitch comes from | donations and subs. The bigger income comes indirectly | from placements and cooperations outside of twitch, which | of course are not part of the leak. | | Twitch is not YouTube. For some reason they had for a | long time big problems to get their ad-business running, | especially outside the USA. It seems because of this the | payment is low for streamers. | frou_dh wrote: | What's the legality of downloading something like this? If | someone is on the torrent they're effectively distributing it | as well as downloading. | joot82 wrote: | it depends which legislation you reside in, I believe most | allow you downloading stuff like that as long as you don't | reshare (uploading and sharing is the part where Amazon could | go legally after you) | hnick wrote: | I think it would at least be the same as sharing other | copyrighted content, whether or not the "hacking" part comes | into it. | GravitasFailure wrote: | In the US, you're fine. The laws that exist barring | possession of information largely revolve around copyright, | CSAM, or classified information (only relevant if you have a | clearance), and none of those really apply here. | hnick wrote: | Source code is copyrighted surely? You can't share ebooks | just because the "source" is open and visible, copyright | applies to all creative works. | waynesonfire wrote: | There is fair use exceptions? I'm no expert here but | Google says, | | Since copyright law favors encouraging scholarship, | research, education, and commentary, a judge is more | likely to make a determination of fair use if the | defendant's use is noncommercial, educational, | scientific, or historical. | hnick wrote: | Probably fine for a journalist to argue, but I'd guess a | tech guy saying it's "research" won't have much luck. | DigitalSea wrote: | If you're going to download it, I would probably use a VPN or | something before you do. Technically, this would be copyright | infringement. I don't know if Amazon would go after people | downloading this, but you just don't know. | [deleted] | OliC wrote: | You might want to delete that link. They've replaced it with | something a little NSFW. | [deleted] | elaus wrote: | They block links that have HN as referer and redirect them to | a NSFW image. But if you copy that URL and paste it in the | browser it will work. | abdullahkhalids wrote: | Hmmm. I thought I had something in Firefox (setting or | addon) that didn't send referrers for external sites when | you click-opened a link in a new tab. But it doesn't seem | like it anymore. | AegirLeet wrote: | There are a number of settings for this: | https://wiki.mozilla.org/Security/Referrer | abdullahkhalids wrote: | Thanks. Do you know if some of these break major websites | if I move away from the default settings? | AegirLeet wrote: | I've had a small number of sites break when not sending | any referer. Can't remember any concrete examples off the | top of my head though. | tenryuu wrote: | I was wondering why I didn't see anything, but I keep | forgetting I drop all my referrer headers | saagarjha wrote: | Ah yes, the jwz policy | d3nj4l wrote: | It's the exact same image, too. Feels like a ripoff, at | least make your own dirty image! | yawaworht1978 wrote: | Don't open this link if you are in the middle of having a meal. | | Paste it to a separate tab, then it works. | Dma54rhs wrote: | jwz doesn't like HN, you just need different referrer address | aaron695 wrote: | Cheers, I guess we'll find out about Dr Disrespect's full story | now. Hopefully nothing to private for him. | _u wrote: | One of the leaked directories is called event- | engineering/covfefe. Haven't had the time to torrent the file. I | wonder what's inside. | madeofpalk wrote: | # Covfefe RTMP relay utility | | This is also a project to enable me to learn go so is probably | over-engineered | jsiepkes wrote: | > An unreleased Steam competitor, codenamed Vapor, from Amazon | Game Studios | | The choosing of the name Vapor is probably no accident when the | main competitor is Steam. | | Just like when IBM launched the "Eclipse foundation" which was | arguably based on one of Sun's most prized possessions; Java. | Asraelite wrote: | Kind of a funny choice when "vaporware" is a thing. | ginko wrote: | Kinda works as a tongue-in-cheek internal code name. | bogwog wrote: | Extra funny with the context of Amazon Game Studios. | dijit wrote: | I worked for Nokia for a brief moment in time and the Nokia E71 | (or another in that line) was internally codenamed "BeeBee" | (like: blackberry) which was comical to me given that the phone | looked a lot like a contemporary era blackberry. | | https://en.wikipedia.org/wiki/Nokia_E71 | | https://en.wikipedia.org/wiki/BlackBerry_Curve | d3nj4l wrote: | The E71 was a god tier device. Owned one for a good bit as a | teen and it was the perfect phone for that time IMO. You | could even WhatsApp on it until relatively recently. | stevecat wrote: | Yep! E71, E72, and E6 were some of my most loved phones. My | love of that form factor meant that my first foray into | Android was the HTC ChaCha - that was a mistake. | kawsper wrote: | I had a Qtek 8300 running Windows Mobile 5.0, it really | felt like a computing device before smart phones | appeared. | | It was slow and buggy, but it felt like a handheld | computer. | | Qtek rebranded to HTC and I bought a HTC Touch running | Windows Mobile 6.0, I am not sure when or what I switched | to afterwards, maybe an Android. | dfox wrote: | IIRC the whole common HW platform of late model E-series | Symbian phones from Nokia was code named BB. Both E61 and E91 | call themselves (IIRC) "BB v5.0" in USB descriptors. | bogwog wrote: | That sounds like an internal product name. At launch they'll | probably pick something significantly less clever and more | generic. | | It would be pretty awesome if they stuck with "Vapor" though. | It'd be some WWE-style drama, and great for marketing. | scrollaway wrote: | We could call games released on there Vaporware :) | xdrosenheim wrote: | And sales would come in Vaporwaves. | checkyoursudo wrote: | Oh ho ho! Vapor is what I call my shell function that launches | Steam. Guess I am on to something. | chrisjc wrote: | Eclipse... Sun... how did I go all these years without noticing | this! | Arathorn wrote: | IBM weren't the only people to play that game. The codename | for the SGI Indigo was also Eclipse, for similar reasons, | iirc. | monkeybutton wrote: | And where do explorers like to go? On safaris. | adolph wrote: | Another lovely naming story: | | _When new sounds for System 7 were created, the sounds were | reviewed by Apple 's Legal Department who objected that the new | sound alert "chime" had a name that was "too musical", under | the recent settlement [with Beatles' record label Apple | Records]. Jim Reekes, the creator of the new sound alerts for | System 7, had grown frustrated with the legal scrutiny and | first quipped it should be named "Let It Beep", a pun on "Let | It Be". When someone remarked that that would not pass the | Legal Department's approval, he remarked, "so sue me". After a | brief reflection, he resubmitted the sound's name as sosumi (a | homophone of "so sue me"). Careful to submit it in written form | rather than spoken form to avoid pronunciation, he told the | Legal Department that the name was Japanese and had nothing to | do with music._ | | https://en.wikipedia.org/wiki/Sosumi | junon wrote: | It won't work, I don't understand why they're bothering. You | can't compete with steam, unless you're trying to hit a niche | market. | bluedino wrote: | Amazon would have no problem releasing a 'Fire' console and | they have their own distribution and store... | junon wrote: | And then they would have to convince publishers to target | yet _another_ console. That's a hard ask. | meibo wrote: | Amazon has even more money to throw at studios than Epic, so | they can just force themselves into it. | ryathal wrote: | It's more than just throwing money at it. EA tried and | failed to separate from Steam. Epic might succeed, but it's | not going to be because of money, but because Fortnite let | them capture young gamers before they got into Steam. | Wherever a user gets a critical mass of a library built up | first is going to be the winner. | eric-hu wrote: | Do you remember a time when people were predicting this | deep pocketed company Microsoft would bomb with their | Xbox? It's not a sure thing that Amazon could dislodge | Steam, but there's precedent. | tyrfing wrote: | > Wherever a user gets a critical mass of a library built | up first is going to be the winner. | | This is where they've been throwing money at the problem: | giving away a ridiculous amount of games for free. | | https://www.theverge.com/2021/4/12/22380895/epic-games- | store... | WorldMaker wrote: | Useful to note that Prime Gaming has been doing the exact | same strategy (for longer), backfilling users' catalogs | by throwing a lot of money in games giveaways. Once the | games have been added to your Amazon/Twitch today you can | download an EXE installer from a hard to find Amazon page | or use a really bland "Twitch Launcher" app that clearly | is the first stage towards "Vapor" or whatever the final | brand would be. For a lot of Amazon Prime users that pay | attention to the Prime Gaming page month to month and | click the bright shiny green "Claim" buttons whenever | they show up, Amazon can just go "look at all the games | you already 'own'" when they start actually marketing it | as its own store. | Arrath wrote: | It is quite nice, I think I paid for 1 game of the 14 in | my epic library. | trey-jones wrote: | I wonder how much I paid over the last 15 years for the | 198 games in my Steam library. Not that much, I suspect | between all the Humble Bundles and steam sales of yore. | Nevertheless I was _pissed_ when I had to get Origin in | order to even play Mass Effect 3, and I never even | considered the epic store, so I think the theory of | library investment is sound. Steam has a good head start | on a lot of us. | Arrath wrote: | It absolutely does. The singular reason I signed up for | Epic was Borderlands 3, everything else is in my Steam | library. | junon wrote: | The problem isn't the product. I was going to compete with | Steam at one point and we had objectively better systems | and a better client. | | The problem was the critical mass issue - no users, no | publishers, neither want to join without the other. | | Amazon will definitely get publishers but will users join? | That's not a given. | pc86 wrote: | You just answered your own question. | | > no users, no publishers, neither want to join without | the other | | > Amazon will definitely get publishers but will users | join? | | Well, the publishers will be there. If users have a | reason to go there over Steam, they will. Amazon will | lock in a few exclusives, people will start to come over. | Who knows, maybe there will be some way to verifiably | move your Steam library over to an Amazon account? | | I don't think the bar to compete with Steam is as high as | you're suggesting, but even if it is, if anybody was | going to start listing companies that could conceivably | do it, Amazon would probably be on the list. | ratww wrote: | _> Who knows, maybe there will be some way to verifiably | move your Steam library over to an Amazon account?_ | | The library is the #1 reason people stay in Steam. Lots | of people just buy games in other places and just add it | there. | | Amazon could, for example, offer different royalties | (say, 10% instead of 30%) for publishers willing to have | their old games "moveable" to Amazon's hypothetical new | platform and I bet a lot of studios would take the deal. | This is not unheard of: it's how Apple does iTunes Match. | junon wrote: | > Who knows, maybe there will be some way to verifiably | move your Steam library over to an Amazon account? | | Given that steam has pretty strict terms with publishers | over this, I highly, _highly_ doubt they would do this | unless they wanted to dump a huge ocean of money into | free license comps for developers to make money from and | for users to get free games. | | Competing with Steam isn't only just a money/size thing, | though of course that helps. | lbhdc wrote: | I would imagine they would attempt to secure exclusive | rights to a popular title and only distribute it from | their new platform. I believe that is what epic did when | they launched their store. | AnIdiotOnTheNet wrote: | Yeah, and a lot of people _loathe_ them for it. I 'm one | of them. | trey-jones wrote: | And my axe. | junon wrote: | Yes and it backfired spectacularly. | baud147258 wrote: | Epic did that, plus giving away loads of free games, like | a new free game every two weeks. | gizdan wrote: | Amazon already has customers. If their other products are | to go by, they'll just give you an account if you have an | Amazon account. Probably combined with free games if you | have a prime account and you can imagine that it won't | take much to compete, at least not for a company like | Amazon. | isk517 wrote: | That was my thought. They already give away free games | over Prime, if they leverage that they have already given | a large number of people stake in their new market place. | Plus they own Twitch, I don't believe there is a | publisher who isn't interested in the idea of people | being able to impulse buy whatever there favorite | streamer is playing without even leaving the stream. The | strategy is pretty easy actually, give streamers a cut of | each sale and encourage them to put up notifications when | it happens like they do subs and cheers. | junon wrote: | The free games on prime accounts is probably exactly what | will happen, and will probably be what _needs_ to happen | for it to be any amount of successful. | | Look at Epic which offers free games but sees pretty slow | growth outside of their flagships. Further, look at | Amazon's lumberyard engine, which gathers dust for the | most part. | | I'm not convinced that their 'weight' will automatically | guarantee wide adoption. | rawbot wrote: | By better systems, I hope you are also including, to name | a few: Remote Play, Remote Play Together, Game Streaming, | Screenshot capture, Controller API that also works in | Desktop, a project to help Linux compatibility with zero | effort from the game devs. | | I think people just consider Steam as a store, but it has | become much more than that. | junon wrote: | Never got as far as Remote Play or Game Streaming but | would have been trivial for us to do so given the backend | infrastructure we had already written. | | Game overlays and capture were working fine, and the | controller API was designed to support any number of | controllers (Steam's support is great but their | interfaces are subpar, in our opinion). We were also able | to pull from a well known database of controller | configurations and device IDs, which really made this a | non-issue. | | Linux compatibility was fine as far as the client went | (all of our code was cross-platform and not webkit frames | or the like). The client even ran on Android and iOS. | | If you're referring to Steam's Proton, we really didn't | want to touch that area for a while. But we had much | better systems for searching for new titles, including | those that worked well on the system and also matched all | of the criteria (tags and whatnot). | | Our social system was also designed to support "cross- | talk" between different marketplaces (Steam, GoG Universe | and Epic) but we never got as far as building out any | client functionality - just the initial blackbox proof of | concepts. | | The store aspect was indeed just a smaller part of it, | though it was complicated in its own right. | | The project was a great idea and we were executing well | on it. Lots of cool new tech was developed for it. But | nobody we talked to wanted it - including publishers, | users, investors, or even friends. It didn't matter how | compatible we made it, the fact that we didn't push you | to re-buy games, etc. | | We wanted to make an non-shitty experience for gaming and | the market simply said "no". | o_m wrote: | So does Microsoft, but Xbox has been in decline since after | Xbox 360 | cableshaft wrote: | I think Microsoft is just less concerned about hardware | now, so it looks like they're doing worse when they're | not really. | | Like I haven't touched my Xbox One in years, but I'm | still giving them $10/month for Xbox Game Pass for my PC. | | "In its latest financial results, Microsoft announced | that the gaming division revenue was up 50% year-on-year, | boasting huge $3.53 billion earnings over the past 12 | months. The vast majority of that income stems from Xbox | hardware (largely the launch of the Xbox Series X/S), | which is up 232%." | | https://www.vg247.com/xbox-revenue-hardware-game-pass- | boost-... | | Okay, I guess hardware is still big for them. Huh. | paxys wrote: | Eclipse makes sense, but vapor is just..another word for steam? | incahoots wrote: | >vapor | | >vaporware | | I see no issue here | darklycan51 wrote: | Anyone who played new world private alpha new this, the first | alpha (closed) had an amazon games Epic Games like client, they | choose to remove it for new world public beta and release but I | knew they had been working on it because of it | Semaphor wrote: | This is somewhat hilarious. Just 5 days ago I was complaining | about Twitch's new "Only verified users" setting which requires | me to give them my phone number. One of the reasons I said I'll | not do that was "hacks, leaks". And now this. Sure, I'll give you | my phone number to add TOTP (Why even?) after I've just been | shown how secure that data is. | fooey wrote: | Twitch has a huge problem with waves of hate bots spamming and | overwhelming smaller streamers, and it's been getting worse. | | They really need that verification option just to avoid getting | run off the platform. | jrootabega wrote: | For every conscientious person like you, there are 100 kids, | who don't even have fully formed brains, desperate to | participate in this system. | AnIdiotOnTheNet wrote: | I don't really get this. My phone number is apparently already | known by every scammer and spammer on earth, which is why I | never answer calls from people I don't know, so what am I | losing? | | Meanwhile, Twitch has had a significant bot spamming problem. | slightwinder wrote: | > I don't really get this. My phone number is apparently | already known by every scammer and spammer on earth, which is | why I never answer calls from people I don't know, so what am | I losing? | | The only scammers who know my number are my phone-provider | and my mom. Other scammers either never call me, or just | don't know the number. Protecting your number is possible. | | > Meanwhile, Twitch has had a significant bot spamming | problem. | | Which can be solved without this. The bot-problem is more | about people not using the existing tools well and twitch | sucking in their handling. Adding another features they won't | use will not make anything better. Especially as the phone- | number only rises the bar for bots. | AnIdiotOnTheNet wrote: | The twitch tools for dealing with spam suck ass. You | basically get a blacklist of words and follower/subscriber | only chat modes. | weberer wrote: | Which came first? You giving your phone number away online, | or the scam calls? | zamadatix wrote: | Scam calls just end up ringing every working number these | days and if you pick up even once you're already on the | list of "real people". Targeted scamming of even just | 100,000 potential victims is just wasted effort when with | the same setup you could do untarget scamming of | 100,000,000 potential victims. | Semaphor wrote: | I'm also subscribed to a few channels. I'm pretty sure that | is a far stronger signal that I'm not a bot than getting my | phone number. And unlike most people, I only had 2 or 3 spam | calls, and maybe 10 spam SMS on the number I've had for | almost 20 years. | AnIdiotOnTheNet wrote: | Ok so you don't want them to have your phone number but | you're ok with them having your payment details? | Semaphor wrote: | Pretty much my PayPal account, only. | | And even otherwise, any fuckups there, my bank is liable. | My phone number? Outside of changing my 20-year-old | number, there'd be nithing I could do. | | > And even otherwise, any fuckups there, my bank is | liable. My phone number? Outside of changing my 20-year- | old number, there'd be nothing I could do. | iuri1 wrote: | Probably not everyone has disposable phone numbers or even | know how to manage them, or even choose not to do it out of a | personal decision | Nextgrid wrote: | > so what am I losing? | | The fact that they can use this number to correlate against | contact lists collected from other people. | | Now I don't think Twitch itself is doing this, but they may | provide this information to marketing platforms such as | Facebook which will use this data for ad targeting (and they | definitely have a lot of people's contacts and can infer | social graphs very well as a result). | mariusor wrote: | From what I can see their 2FA is not inhouse. They're using | twilio's Authy (first time I've heard of it, honestly) so maybe | the phone numbers are not in the leak. | reilly3000 wrote: | I'm assuming they may have had access to private API keys so | unfortunately Authy may not be immune. That is unless Authy | hides those details from their customers. | trey-jones wrote: | Authy does hide those details from their customers. | canada_dry wrote: | This is a readily solvable problem i.e. the only phone number I | use/give online is a VOIP# that just redirects to voicemail | immediately (and blocks the call if it's on my SPAMMER list of | persistent annoyances). | | For friends/family they have my cell# and it only lets calls | through if they're in my contacts. | dhimes wrote: | How much does your VOIP cost? | canada_dry wrote: | I use voip.ms and is pay-as-you-go so it's nominal e.g. | $1-2/mnth. It allows setting up all sorts of call handling | rules (time-of-day, CID lists, call trees). | jrootabega wrote: | Even though it should not be, this approach is a luxury that | can only be afforded by those who do not need to take live | calls from previously-unknown numbers. Job hunters, medical | patients, etc. | Semaphor wrote: | It's readily solvable not to require a phone number to add a | TOTP app. | sirclueless wrote: | The point isn't to authenticate control of an account, it's | to tie the account to some kind of expensive-to-replicate | real-world cost, ideally one that most potential customers | are already paying for. | | Phone numbers are nice because the marginal cost to a | customer is low (they probably already have one) while the | marginal cost to a bad actor is high (it's expensive to | acquire many of them or to change one once it's been | identified as malicious). | Semaphor wrote: | My current phone contract: 3.99EUR/month | | My current twitch subscriptions: 11.97EUR/month | | I can't really see how they need my phone number to make | it too expensive to be a bot. | | And if that is the thing, then that'd makes them even | more shady, claiming it's for account security when it's | for their bit protection. | rvr_ wrote: | This kind of leak looks like an insider's job. What measures | should and org take to avoid this? How does big tech deal with | secrecy? | [deleted] | [deleted] | johprats wrote: | It seems that you should start changing your credentials just in | case. A lot of credentials will be sold at a high price. | Copenjin wrote: | Dang, shouldn't we remove the links/magnets? | cvak wrote: | seems like it's already posted here, sorry: | https://news.ycombinator.com/item?id=28770135 | google234123 wrote: | That site is NSFW. This is a better post. Here is the 4chan | thread if people are interested | https://boards.4channel.org/g/thread/83691438 | hyproxia wrote: | The posts should have linked to the 4chan thread directly | imo. | nojito wrote: | Those threads disappear | shultays wrote: | There are archieves | _hilro wrote: | Top earner is a role playing group. How interesting. | | > A band of professional voice actors improvises, role-plays and | rolls their way through a `Dungeon and Dragons' campaign. | the_duke wrote: | Critical Role is a relatively big deal. | | They did a Kickstarter to turn the first season of the live DnD | campaign into an animated show, which finished at over 10 | million. | | The rights have been bought by Amazon and it will release on | Prime. | worrycue wrote: | > Critical Role did a Kickstarter to turn the first season of | the live DnD campaign into an animated show, which finished | at over 10 million. | | Sounds like how Record of Lodoss War got started - RPG | session gets recorded and it went from there. | | https://en.wikipedia.org/wiki/Record_of_Lodoss_War | JonathanFly wrote: | >Top earner is a role playing group. How interesting. | | A group of professional voice actors who put on a real show | every week, with extremely high production quality. A real | standout on the list and well deserving of the #1 spot. | | A personal favorite moment: | https://www.youtube.com/watch?v=Cnl5r3hp1_k | | I've always loved the spells in D&D that talk to plants. "You | imbue plants within 30 feet of you with limited sentience and | animation, giving them the ability to communicate with you and | follow your simple commands." | | Every casting of the spell is a Flowers For Algernon tragedy, | as the plants around you realize they will only be sentient for | 10 minutes and then fade back into nothingness. | yupitr wrote: | Can anyone share magnet? | zalequin wrote: | magnet:?xt=urn:btih:N5BLZ6XECNEHHARHJOVQAS4W7TWRXCSI&dn=twitch- | leaks-part-one&tr=udp%3A%2F%2Fopen.stealth.si%3A80%2Fannounce | irae wrote: | Most comments listing which streamers earn more, commenting on | this being only part of their revenue, etc. | | Would be way more interest to me to know the distribution of | people giving away their money. I personally spend about $20 a | month on Twitch, I wonder in each part of the bell curve I am, | and if it is a bell curve at all. | stunt wrote: | https://www.twitchearnings.com/ | NaturalPhallacy wrote: | I can't help but love the fact that PaymoneyWubby (a fat ginger | nerd who makes interesting content, at least on youtube) makes | more than pokimaine and Amouranth whose primary feature seems | to be young, attractive, and female. Perhaps there's a tiny bit | of justice in the world. | mkishi wrote: | Donations probably dwarf subscription earnings, I'm not sure | it's that black and white. | rasz wrote: | Splitting earnings by gender reveals females arent doing that | hot on twitch. | zeouter wrote: | ... that does sound quite misogynistic. Like the sole | comparisons you raise (and insult) are women. | [deleted] | [deleted] | [deleted] | thinkingemote wrote: | From another site a user commented that it might have proprietary | modifications to ffmpeg which is LGPL/GPL (I think?). Would a | leak be considered to be distribution, could others legally take | these modifications and merge them into the upstream project? | | I imagine other free software might have modifications too. | MrStonedOne wrote: | The GPL can't actually force them to license their downstream | changes, just revoke their ability to use the upstream project | if they don't, and sue for infringement for damages. | sydthrowaway wrote: | Can you use GPL code internally (ie run your backend) if you | never publish it? | bo1024 wrote: | I believe so, and this is why the AGPL was created: | | > The GNU General Public License permits making a modified | version and letting the public access it on a server without | ever releasing its source code to the public. | | > The GNU Affero General Public License is designed | specifically to ensure that, in such cases, the modified | source code becomes available to the community. | | https://www.gnu.org/licenses/agpl-3.0.en.html | sydthrowaway wrote: | So in theory, FAANG could make billions of a random | person's GPL'd code and they'd never know. | kobalsky wrote: | amazon and google both created managed version of popular | open source software like grafana and airflow and they | are priced at a premium. | mrintegrity wrote: | grafana is agplv3 but grafana the company has a deal with | amazon to grant them a special licence | david_allison wrote: | This is a common occurrence. | | Modifications don't need to be shared back to the | community if the software is used internally or behind a | webserver. | thatfunkymunki wrote: | Spoiler alert: vast majority of FAANG systems run on | Linux, making billions for them. | mkr-hn wrote: | Don't they also provide a lot of developer time through | patches? | notsureaboutpg wrote: | They sure do, but having worked at such a place, the | companies are using way more free labor in open source | software than they are giving back. | | In a way, everyone is doing that as well. I certainly use | more free software than I contribute free software / dev | time to free software | shiado wrote: | The IP issues with the leak are interesting. There's got to be | some Stack Overflow copy/pastes, perhaps some variable name | changed license violating code, and I wonder if patent trolls | or even rightful patent owners can now sue based on how backend | code works in a way where they had no way to sue if they didn't | know how it worked from interacting with a frontend. | akersten wrote: | > patent trolls or even rightful patent owners | | What's the difference? | | But seriously, if it takes _trolling_ through the code to | determine that Twitch 's math violated their special way of | doing math that no one else should get to use, it's just more | evidence that software patents aren't helping protect or | encourage innovation (else the violation would have been | apparent from using the service). It would instead clearly be | a "hah, gotcha, turns out we patented the linked-list-inside- | a-hashmap construction you've got going on here, pay up! Only | we can put the Legos together in that way!" | notsureaboutpg wrote: | No, you won't be able to sue if you claim that, based on the | leaked source code, your IP was infringed because leaked | (e.g. stolen) source code won't be admissible in court as | evidence | lights0123 wrote: | No. https://www.gnu.org/licenses/gpl-faq.en.html#StolenCopy | bla15e wrote: | But the source was not stolen, merely copied | zamadatix wrote: | Hence the anchor being "#StolenCopy". | NineStarPoint wrote: | An important distinction indeed. Intellectual Property | theft will get you in much bigger trouble with the Feds | than just stealing something does. | mijoharas wrote: | Interesting! I'd never thought about those kind of cases. (I | also like how nice and clear that FAQ is). | sydthrowaway wrote: | Couldn't help but contrast this to another item on the front | page.. the irony of video game streamers making many times more | than the lifetime earnings of Nobel Prize winners :) | j4qfrost wrote: | Totally fine. My issue is with the streamers who promote | socialism to their fans and say that wealth should be | distributed, meanwhile pocketing a huge paycheck. I guess | there's a market for stupidity. It's both funny and sad. | adolph wrote: | value != earnings | | science != commerce | | something truly novel is hard to evaluate in money | irae wrote: | Sports and Entertainment has always been a way to leap frog | hard work. | | I am not saying at all it is not deserved. I am quite ok with | them earning millions. But it does make a lot of us pull this | comparison, both in achievements for humanity and in effort | spent in their endeavors. | | I personally never played or wish to play the fame lottery, I | prefer the hard work path. | snejad123 wrote: | I think Kobe Bryant working on his free-throws from 4 AM to 8 | PM every day for decades is much harder work than some dude | making dogecoin over a weekend or minting an AI-generated | NFT. | | Wealth is not linear, it's not promised as the result of | "hard work". Hard work helps, but it isn't the determining | factor of whether or not you'll get a payout. | | You must work hard in a domain that has public visibility and | actually produces something of value to people. And yes, | Basketball (and watching it) is extremely valuable to a lot | of people. | SamPatt wrote: | I am guessing the most popular streamers have gotten where | they are by hard work. | | Yes some is luck, attractiveness, etc. But that's true in all | careers. | | Just because they're playing games doesn't mean they aren't | working. Athletes get insane amounts of money to play games. | They exert themselves more physically, but I expect being a | top steamer day in and out isn't a cake walk either. | mdoms wrote: | Ah yes, professional sports people, always finding a way to | not do hard work. | sf_sugar_daddy wrote: | If you knew anyone who plays a sport at the professional | level you would not be saying this | darkcha0s wrote: | There are plenty of professions where the people work just | as hard as professional sports people. The wealth | accumulated has nothing to do with working hard or not | working hard, but rather with the public visibility of the | outcome of the work (and ability to make money with that). | savanaly wrote: | What does any of that have to do with the claim that | professional sports people routinely don't do hard work? | JohnWhigham wrote: | So do many actors. Streamers are just entertainers. | heroku wrote: | what is the irony? | Sirikon wrote: | The magnet: | | magnet:?xt=urn:btih:N5BLZ6XECNEHHARHJOVQAS4W7TWRXCSI | yawaworht1978 wrote: | Was the viewers data also leaked? You know, the twitch users who | simply watch the streams? | jollybean wrote: | HN is vastly concerned about privacy and screaming about FB | transgression on these issues etc., but the top post here is | about disseminating private information of 10's of thousands of | people. | tailspin2019 wrote: | You're not wrong. | zalequin wrote: | Hn is no different from 4chan. Prove me wrong. | 1121redblackgo wrote: | Never used to be like this. At all. | zalequin wrote: | English much. But not to many. | 1121redblackgo wrote: | I agree. This would not have been accepted in years past. | [deleted] | Barrin92 wrote: | at least that table above doesn't reveal much you couldn't have | estimated from their official twitch page to begin with and I | don't really consider earnings that private (neither do most of | the top streamers by the way who tend to display their sub | count on their streams). | | People on HN probably would very much oppose leaking private | DMs but transparency on celebrity earnings is not exactly that | big of a deal. I'd actually like earnings transparency in | general, like it already exists in Sweden. | | Given that children's rights on the internet seem to be a hot | topic, this might give some of them an idea who they're giving | their hard earned money to. | jollybean wrote: | 'Earnings' is absolutely private information. | | So is source code. | cableshaft wrote: | You can't put the toothpaste back in the tube. It's out there | now, might as well examine what you can learn from it and | discuss it. | | FB is a business making conscious and deliberate decisions and | can be called out on it in part because things like this can | happen. I mean they just made such a massive goof that they | completely took down their own site, other massive sites they | owned, and locked their own employees out of their buildings | just two days ago for almost a full day. They can certainly | screw up and be victim to a leak like this as well. | AnIdiotOnTheNet wrote: | This is the same logic that a lot of people used during The | Fappening. If we think it is immoral to steal this data then | we should not condone people copying it and analyzing it as | that's just benefiting from someone else doing the dirty work | for us. | tailspin2019 wrote: | Hey you're not really living up to your username there with | that morally sound logic. | tailspin2019 wrote: | > might as well examine what you can learn from it and | discuss it. | | Thats the sort of high minded thing that WE might do here, | but I worry about how this data is going to be weaponised | against a whole bunch of people just trying to make a living | from things they're passionate about. | | I'm not a streamer (yet?) but I kind of see Twitch as this | haven for a bunch of people who, until the advent of | streaming, didn't really have an outlet, or an easy way to | find like minded people, let alone (in some cases) make a | living. I used to write off Twitch as a crazy fad that didn't | make any sense to me. Then I spent a bit of time on there and | realised what an awesome bunch of people (mainly) inhabit | that place. | | I feel very sorry for anyone caught up in this who goes onto | experience some of the inevitable downsides. I can just see | morons in the chat on various streams constantly bringing up | how much the streamer earns (or doesn't earn) etc. | cableshaft wrote: | Oh no, I definitely feel bad for the people who had their | data leaked and worry what some malicious people will do | about it, but posting about it on HN isn't going to change | that. | | I've done a tiny bit of streaming myself at some point, and | keep meaning to do a bit more. I'll never have any | significant following, but it's a cool website. It sucks | that's it's gotten out there, but it's too late, it's out. | | Might as well satisfy my morbid curiosity of how much some | streamers are making on that site, which is about all I'm | doing with this data. | jollybean wrote: | Information is subject to Supply and Demand like everything | else. | | We don't publish the names of victim of certain crimes, and | they are not widely known even if they are leaked, thus | significantly limiting the damage. Information about how to | make 'violent things' with easily acquired materials, certain | recruiting videos for 'very bad groups' aka ISIS etc. - all | of this is out there on some level but because it's actively | not propagated, the likelihood of it having an impact is | reduced. | | We shouldn't be publishing individual's income, or the | private source code of normal, legit private groups. | aosaigh wrote: | How many other sites of this size have had breaches of this | magnitude (financial, source code, database etc.)? This seems | enormous. | a_f wrote: | The EA one comes to mind, which was recent. They had access to | the source of a number of games, including unreleased ones as | well as the Frostbite engine if I recall correctly. | https://www.bbc.co.uk/news/technology-57431987 | jason_zig wrote: | I'm curious what reaction people have to the info so I made a | poll: | https://share.zigpoll.com/2kParn8gL6RvpveWu/2qZxbgjD3pu2ATqz... | | Personally I'm thinking this is decent PR for twitch since the | market is still small and the payouts can be relatively high even | in the middle tier. | em3rgent0rdr wrote: | Amazon could embrace the sourcecode leak and make Twitch | opensource. | [deleted] | rvz wrote: | > Twitch is aware of the breach, the source said, and it's | believed that the data was obtained as recently as Monday. | | Does that mean that Twitch has very poor security systems that | the entire infrastructure and data of Twitch was breached and it | all fell into the hands of this so-called hacker? | | Compared to the Epik breach weeks ago, this one is a lot worse. | | I don't know what the point around this breach is for but surely | the so-called hackers that have done this have now made matters | worse for all Twitch streamers now. That was Part 1. | | Waiting for what is in Part 2. | herbst wrote: | > Waiting for what is in Part 2. | | Twitch likely stores a lot of payment information too, i don't | see why they would be better secured than anything else in this | dump. Could get interesting | Nextgrid wrote: | Payment information would be tokenized and can only be used | with their own merchant account. I'd be very surprised if | they stored raw card data. | Deukhoofd wrote: | From what I understand there was a way to access their internal | enterprise github instance, which gave them access to all the | source code, and a bunch of internal documents and database | dumps. | bawolff wrote: | Git is one thing, but random db dumps is pretty surprising to | me. | arthur_sav wrote: | So pretty much everything... | bredren wrote: | Any comment on the claimed basis for the leak? | | Had any particular game, caster or community member made waves | above and beyond recently? | lemoncookiechip wrote: | Link to the leak: https://boards.4channel.org/g/thread/83691438 | | Top 10k Streamers by Revenue: https://pastebin.com/LjmaPNam | | Contains the following data points: | | 'ad_share_gross', 'sub_share_gross', 'bits_share_gross', | 'bits_developer_share_gross', 'bits_extension_share_gross', | 'prime_sub_share_gross', 'bit_share_ad_gross', 'fuel_rev_gross', | 'bb_rev_gross' | | (TTS donations, 3rd party revenue like OnlyFans, Patreon, Amazon | Gifts and sponsorship deals... are not included) | | Total gross payout in the leak (2019/8 to 2021/10) was 4.2 | billion dollars across 344k users. (based on data points above | alone but could be wrong since it's annons on 4chan.) | | PS: Make sure to change your Twitch (and possibly Prime) | password. Twitch is already prompting users to do so based on | Reddit posts. | astrange wrote: | > PS: Make sure to change your Twitch (and possibly Prime) | password. Twitch is already prompting users to do so based on | Reddit posts. | | This is not worth worrying about. If Twitch is making you reset | your password, that means you don't need to hurry because | they've already locked your account. If your password hash | leaked, the important thing isn't Twitch, it's every other | place you used the same password. | vsareto wrote: | Just spend 2 minutes and change your password instead of | spending 2 minutes thinking about whether you should. | jeremyjh wrote: | Then you would not be solving the problem because you need | to change everywhere else you used that same password. | andrewzah wrote: | Use a password manager. | adolph wrote: | Just don't worry about it and go through the password | reset anytime you log in. | andrewzah wrote: | That doesn't make any sense. Password management isn't | really that complicated: | | Use a password manager, and reset your password if the | service has been compromised. | atatatat wrote: | What do you do when the PW manager is compromised? | andrewzah wrote: | Cry? Realistically speaking, this isn't going to happen | without physical access to your computer or malware, | though. So don't leave your computer unattended and don't | download sketchy things. | | Expecting people to simply memorize a unique, strong | password for every single website that they use is | unrealistic. Of course, no solution is perfect, but that | doesn't mean we shouldn't improve the current situation | of people reusing passwords with maybe slight | modifications per website. | corobo wrote: | If that is the problem you have a different problem. | Don't reuse passwords. | techrat wrote: | Reusing passwords is one of the single dumbest things you | can do online these days. Do not recycle passwords. Ever. | | Why? Any breach that involves usernames/passwords are | account name and password combos that get tried on EVERY | POSSIBLE SITE after. | | It only takes one pair of username with a reused password | for this to work. | astrange wrote: | There are downsides to asking people to change their | password for everything! (even though this is a big | "everything") | | I remember some services send you a message telling you to | change your password anytime a new device logs in or even | fails to login to your account. That causes most people to | pick weaker passwords, since they're not all using manager | apps. | andy_ppp wrote: | Shouldn't the hash be salted and useless elsewhere? | tinus_hn wrote: | In theory, it should. In practice? Who knows. | par wrote: | In practice it'll be plaintext stored on someones hard | drive. | netflixandkill wrote: | Outside of the same authentication domain with bad auth | token practices (windows) the hash almost always is useless | elsewhere. Salting increases the complexity and thus size | of hash tables or hash comparison (rainbow tables), but if | your manage to break or brute force the entries, salted or | not, the secret often is reused by many users. | csark11 wrote: | It can still be cracked | andy_ppp wrote: | This is the SHA 256 of a phrase... go for it! | | 7BB7DB877943832837046863EF45C252D3A08C92A273F7B665210A6E1 | 2701095 | vsareto wrote: | If this is a phrase to unlock a bitcoin account with 1000 | bitcoins in it, then you can easily convince people to | try and brute force it. | | Do you have Amouranth's or xQcOW's salted hash from this | leak? Might be worth trying to brute force it. | | You try on those kinds of accounts because they might | have re-used it or the password might be patterned or not | completely random, which gives you a _chance_ that the | credential might give you access elsewhere. | prophesi wrote: | A phrase almost certainly has a lot more entropy than the | layman's reused password from other leaks. | DrJaws wrote: | good luck hacking my password horse correct battery | staple | zalequin wrote: | Provided that its hashed with salt / diff methods, sure - | but how can you be sure? | lordlic wrote: | That's not what salting does, and different hashing | methods are irrelevant. The danger of having your hash | leaked is that it can be cracked and the plaintext | password recovered. The hash itself is entirely useless | for logging into other services. | zalequin wrote: | t. infoseclet | aero-glide2 wrote: | Archive link : | https://archive.is/rGpxh#selection-1335.9-1335.34 | ZetaZero wrote: | 81 streamers with 1m+ in revenues. | anonymouse008 wrote: | Are there any consequences for downloading these files? I'd | like to learn best practices from a successful company -- but | not at existential risk. | Ueland wrote: | Depends on the law in your country. | madeofpalk wrote: | Just because it at a "successful" company doesnt mean its a | best practice. | ta988 wrote: | Depends on your local legislations, but be careful that by | default on torrents you are also sharing those files to | others so you are also distributing stolen material, so it | may have an impact on your potential "crime". | MrStonedOne wrote: | I saw the payout pastebin, but i'm _very_ curious what the | amazon vs stream cut is for sub revenue in particular. This is | the key thing steamers negotiate with twitch over, and is | covered by the nda. | | rumor was recently negotiations have been very cut and dry for | newer big/up and coming streamers basically being told to take | some algorithmically assigned cut or give up partner status. | [deleted] | Gravyness wrote: | Post was just deleted and the archiver removed the links: | https://warosu.org/g/thread/83691438, anyone have mirrors? | aero-glide2 wrote: | Mirror : https://archive.is/rGpxh#selection-1335.9-1335.34 | CapricornNoble wrote: | What is HN's policy on sharing magnet links? | | magnet:?xt=urn:btih:N5BLZ6XECNEHHARHJOVQAS4W7TWRXCSI&dn=twitc | h-leaks-part- | one&tr=udp%3A%2F%2Fopen.stealth.si%3A80%2Fannounce | [deleted] | boringg wrote: | Am I the only one a bit disappointed by the gross earnings for | the top 5 earners given how much the media has ben hyping the | money made by e-gamers. For some reason I would have thought | they would make more money over 2 years. Top earner was | grossing $ 9.6M ($4.8M/yr), 10th was $2.9M($1.4M/yr), at 81 you | drop below $1M (500k/yr) on twitch pre-tax revenue. After 81 | you drop below the %1M over two years threshold. | | Actually the more I think about it - that does seem like a lot | if you add in their other rev from youtube channels and other | compensation. I understand why all the pro players started | working on their twitch stream content more than winning | competitions. More stable business and viewer base. | moneywoes wrote: | No donations included I believe | tiborsaas wrote: | Are you kidding? 4.8M / year is stellar revenue. Much much | more than most people make in a lifetime. | | It's even more interesting that for 50k gross, you have to | beat this guy "DEMOLITION_D" at the #4432 place. | falcolas wrote: | Number 1 is Critical Roll. Their website lists 24 employees | (many of whom are professional actors), and I'm sure | there's more behind the scenes. Salaries add up quickly. | theshrike79 wrote: | I'm pretty sure that Critical Role isn't the main income | for most people. | | Also: 4.8M/24 people is still 200k per head. Even if you | assume that various costs take 50% of the revenue, | they're all still making 6 figures for a thing that's | pretty much a side hustle for most of them. | nightski wrote: | Critical role is making a _ton_ more than just Twitch | revenue. | | Also it started out being a side gig but most of them | have switched to it as their primary gig. They are | starting campaign 3 this fall. | walshemj wrote: | 4.8M gross - there is there is all the over head involved | in running the business after overheads it will be less. | rasz wrote: | You think an assistant is being paid same as busy TV | actors? :) | | The most amazing Critical Role fact might be its creation | was indirectly financed by Youtube/Google :o. Felicia Day | knew all of those guys and about their private DnD game, | she invited them to film few episodes for her YT channel | "Geek & Sundry". Channel started with $1Mil advance from | YouTube Original Channel Initiative, one of the rare if | brief successes. | falcolas wrote: | Let's say payroll is half their total costs. Payroll | taxes plus income taxes works out to somewhere around | 40-60% of the remaining amount. Health insurance is | probably in the 10% range per year, leaving them with a | $50k salary. Costs are not, of course, quite that high. | | As a point of comparison, a talented voice actor can | gross around $125k per year, working from home as a | freelancer. I don't feel that the Critical Roll actors | are being overcompensated at all. | jandrese wrote: | That works out to $200k/year for each employee, which | after you account for benefits is a solid middle class | income, assuming they don't live in downtown San | Francisco or something. | | It's basically a regular job at that point. | rasz wrote: | They all live in LA actually :) | bluefirebrand wrote: | I hate to break it to you, but 200k/yr is in the top 4% | of earners in America. That's not "middle class" by any | stretch of the imagination. | rvnx wrote: | It is, according to HN alternate reality | walshemj wrote: | Actually 200k gross is "middle class" what do you think a | lawyer or doctor makes in CA. | jandrese wrote: | After taxes, insurance, retirement, etc... you're taking | home maybe $100k of that. That's "modest home in a nicer | suburb" level money. | Kranar wrote: | It's among the top 4% of income, that's an objective | metric. Being in the top 4% of people in one of the | wealthiest countries in the world is objectively not | middle class. | colinmhayes wrote: | In the bay and LA sure. Everywhere else in the country | you're living large. Even NYC 200k is doing pretty well. | jandrese wrote: | I don't think you've been keeping up with home prices and | insurance costs around the country. $100k take home isn't | all that anymore. You're not food stamp poor, but it's | easy to be house poor at that income level, especially if | you're shooting for a better school district. Health | insurance costs eat up so much of that it is not funny, | even if you are healthy. If you or someone in your family | comes down with an expensive medical condition you'll be | in real trouble. | colinmhayes wrote: | True, these people are all self employed, so insurance | costs would be pretty large. If you're making 200k I'd | still say you've probably got at least 100 left over | after taxes and insurance. That affords you a 600k house | using the 30% of income rule if you can get the down | payment together. | boringg wrote: | That is literally the top earner in the community made up | by a team of people. | | The media/VC etc community has been hyping e-gaming as the | new sports domain. That said the top salary for a sports | player is $168M / year for one player (Lionel Messi) and | number 99 is $35M/year (source: https://en.wikipedia.org/wi | ki/List_of_largest_sports_contrac...) | | It really shows how much of a step change there is between | the sports & e-sports and I would be curious how much of | this Twitch is keeping to themselves instead of paying out. | | Not to mention how much uptime e-gamers have to put in. | [deleted] | somethingor wrote: | Note that streaming is a completely different revenue | source than esports earnings. Top esports earners might | not even stream at all. | boringg wrote: | Good point - I should differentiate more clearly. | Trisell wrote: | Also good to note that most streamers have a side donation | system that more then likely isn't included in these numbers. | Donations seem to be generally run through a non twitch third | party site. And is probably a substantial increase if not a | doubling of their income. | treesknees wrote: | Many of these folks are paid to stay exclusively on Twitch | and to not hop around to other platforms, and I don't | believe that's reflected here either. | mattwest wrote: | Brand deals usually match or exceed their income from Twitch | as well. | InitialLastName wrote: | If you squint a bit, that's not that far off of niche pro | athlete money (especially given that the bottom end doesn't | have the same discrete threshold that pro sports do). Per [0] | the best-paid NHL players are making ~$10M/year, and I would | expect the NHL to be more efficiently monetized than internet | streamers (we know that making money as "talent" on the | internet is a tough proposition). | | [0] https://www.spotrac.com/nhl/rankings/ | jonwachob91 wrote: | A lot of those streamers are pretty open about how twitch | revenue is a small portion of their earnings. | | Ninja was famously paid $1MM for an 8 hour ad of playing Apex | at launch. | | I've had private conversation with large streaming friends | that have all said independently that the amount they get | paid from a short Raid Shadow Legends ad is huge. One said | it's enough to buy a nice car, and if they hit their target | downloads (w/ link) the number jumps up to enough to buy | multiple nice cars. | | There is a lot of big money for streamers, not just big | streamers. | reportingsjr wrote: | I saw a thread on twitter as part of this leak that showed | chat of a streamer turning down around $1.6 million a month | to advertise a gambling website, because another one was | paying more. | | I'm not surprised by any of this. If you ever did any | digging in to how much advertising pays, ran numbers on | twitch subs, etc, these numbers match that quite closely. | falcolas wrote: | Before commenting on how much revenue this seems to be for | the streamer, remember that most streamers hire and maintain | staff. Preach Gaming, for example, has 6 full time staff. | Angry Joe is somewhere around 8. Critical Roll's website | lists 24 employees, plus more who are likely not credited. | | Paying all that talent adds up. | ryanmarsh wrote: | In the vernacular, I ain't clickin that shit | boringg wrote: | You aren't clicking a pastebin CSV file? | jonwachob91 wrote: | pastebin link is dead now. | dannyw wrote: | The leak contains much more than this FYI, there's a hundred | gigabytes of code and resources from dozens of repositories. | | Looks like someone dumped everything on their github | enterprise. | | I wonder if this'll lead to software engineers in big companies | having more restricted access to code? | hnick wrote: | Dozens? The 4chan post said "almost 6,000 internal Git | repositories". We don't use git at work (TFS, yay), and we | definitely aren't on their scale, but that seems high to me. | Do they have a repo for every class? Is this normal? | Shalomboy wrote: | TFS converting to Git/Azure DevOps here. Be the change you | want to see in the world! There's a chance that some of the | people in your org that don't use TFS could use the | organizational tools built into | GitHub/GitLab/BitBucket/DevOps. If you get enough teams on | board with that platform that also happens to use Git, then | you can make that push to IT! | cedilla wrote: | If they use the common github approach of one fork per | contributor, 6,000 repos accumulate quickly. | PUSH_AX wrote: | I've never worked in this way (when I've been part of the | org), is it that common? What are the benefits of making | everyone fork repos vs branching off the original repo? | vultour wrote: | You don't have 500000 garbage leftover branches on the | main repo. | robjan wrote: | I don't think that's a common workflow within companies. | In every org I have worked at, forking is explicitly | disabled | MAGZine wrote: | I worked at a large gaming company and that was | definitely the collaboration model. | | Before per-branch controls, the only way to disable write | access (while maintaining read access, pull-request | privs, etc) to a repository's blessed branches was forks. | _joel wrote: | It's common in general open source projects where you | might want to send a patch for something that you don't | have commit priveleges too, but I've never seen that used | in enterprises as they have central auth / groups with | the users required to work on the code. | BeefWellington wrote: | Note it doesn't say unique git repositories. It could just | mean each employee's fork is included in that count, which | would inflate the number like that. | okl wrote: | Could include dependencies and forks of other public repos. | polote wrote: | > I wonder if this'll lead to software engineers in big | companies having more restricted access to code? | | I don't think that Twitch has closed source code because they | want to keep code private. It's probably more a matter of | don't want to show commit message in case there are some bad | words inside it. And don't want to show the world in case | their source code look bad. | | Twitch without its code source can't work yeah, but imagine | if all the commits of Twitch were public I doubt it would | change anything for them. | | That would be nice if their was a mental change about source | code and that it is fine to show it even if it looks shit. | treesknees wrote: | You don't think the largest streaming platform on the | planet wants to keep their intellectual property a secret? | This isn't about being embarrassed over some comments, it's | about completely revealing the algorithms that move streams | to the promoted views, limitations of their filtering | systems, the time it takes for someone to count as a | 'viewer'... there are many pieces that are no longer secret | and can now be manipulated by people trying to promote | content or game the recommendation system or bypass | filtering. | | There is also the issue of security. I'm sure people will | be combing through the source code to find anything they | can exploit, even if it's a simple XSS attack. It could | either be sold/used for malicious actions or submitted to | the bug bounty program for the reward money. | spelunker wrote: | Of course they want to keep their source code private, like | most software companies do. They consider it their "secret | sauce", their prized IP. | rgallagher27 wrote: | Doubt they care too much about bad words in commit | messages, what they should worry about is if they've ever | checked in passwords/secrets/private keys and not re- | written the git history | AnotherGoodName wrote: | More things to keep an eye out for; | | Snippets of open source code. | | Commit messages that imply anti-competitive behaviour | ("Committing a change to the API to lockout competitor | XYZ"). | | Commit messages that imply code theft ("Using a method | that we used at my previous company"). | | etc. | | Sometimes things that look sketchy might be innocent but | will still cause nightmares for twitch since they'll now | have to play defensively as people call into question | anything that ever went into the repo. | secondaryacct wrote: | It s already the case and actually a big fight we re having | (company of 70k employees spread everywhere) because we cant | reverse engineer our upstream and downstream systems and it | leads to huge bottlenecks trying to understand them when | issues arise, as we need other teams etc. | stunt wrote: | Many of those companies still have a few (not always | skilled) IT people with access to everything! And they | sometimes make it easy for themselves by putting themselves | in 2FA exception groups etc. | walshemj wrote: | Will depend on company back when I worked for British | Telecom, some team leaders with wide access to code & data on | some projects had to go through Developed Vetting (TS | clearance). | | Back in the mid 90's there was a issue in Scotland when a | well known journalist got a job in a call center and looked | up the private telephone numbers for the Queen. | swarnie wrote: | Wagies donating to millionaires is probably the funniest thing | i can imagine. | ttctciyf wrote: | Personally, I do it once a month, to avoid donating to a | billionaire. YMMV. | pradn wrote: | It somewhere between "paying to not see ads" (mechanical) to | "being a fan and wanting to contribute to them" (parasocial). | I don't think most people care if they're a fan of a | millionaire - see sports and entertainment celebrities. | Looking at things reflexively through a wealth-inequality | perspective is done only by a minority of people. | msie wrote: | I was watching a streamer the other day and she was doing | some stunt because another streamer promised her an iphone 13 | pro. But now I realize she could buy hundreds of them! Argh. | Here i am waiting two months so i could afford to put a down | payment on one. | Lamad123 wrote: | Billonnaires couldn't exist without such donations! | tisthetruth wrote: | Wealth concentration on the twitch model is worse than paying | a company. A company does trickle down some of the profits to | it's employees. Vs one person on twitch. | | Then you have the wisdom pov. This money is going to somebody | who is most likely less wise, mainly due to age and lack of | education and experiences. The quality of the content that is | being rewarded and wether its a good influence for society or | for the minds of the young consumers is also highly | questionable. | | Just pop open the YouTube home page and then think about what | someones mind will be made up of if they consume that | linkbait garbage for a considerable amount of time. Then add | the echo chamber effect of the internet. | | It's not a pretty sight. Yet here we are. | | As a simple heuristic. Look at the view count of the noble | minds video vs SSSniperWolf. | youerbt wrote: | I don't get what's so funny about it. | | In streaming case, for whatever reason you want to make a | donation to somebody, not doing it because they are richer | than you seems very strange to me. | TwoNineA wrote: | I "donated" 75$ to see my favorite band two years ago. | swarnie wrote: | You "purchased" a "service". | | Without the payment the service wouldn't be accessible | zouhair wrote: | What service? | TwoNineA wrote: | It was a public concert, freely accessible to anyone. | swarnie wrote: | You must know that's a very atypical business model.... | atatatat wrote: | Will it be? | kremlin wrote: | why did you put "donated" in quotes? | bvm wrote: | without the subs the streamers wouldn't stream | matheusmoreira wrote: | Yeah, it's so absurd it's hilarious. Seeing people make | millions of USD for playing games and mentioning others in a | live stream made me seriously rethink the value of my own | work. | dilyevsky wrote: | Now look at them yo-yos, that's the way you do it! | kinghajj wrote: | You play Among Us on the Twitch.TV! | matheusmoreira wrote: | Money for nothing and chicks for free. | warent wrote: | this is a tired old complaint and anybody could say the | same about pretty much any job that pays more than their | own. | | Telling blue collar workers you work in tech usually gets a | nearly identical reaction to what you just gave. etc etc. | matheusmoreira wrote: | Yeah, and what's wrong with that reaction? I'm supposed | to just accept this stuff? | | The blue collar workers are right too. They should be | getting paid _a lot_ more. Certainly not less than | streamers. It 's not fair and I refuse to accept it. | | Come to think of it, advertisers seem to be a major cause | of these distortions. They distort the value of | activities that happen to have an audience. Yet another | reason to block ads: help restore balance to society by | ensuring people are properly rewarded for the actual | value of their work instead of how many eyeballs they can | summon. | nlitened wrote: | Why wouldn't you start a business, and pay blue collar | workers what they deserve? | matheusmoreira wrote: | Because that's not the field of work I chose for myself. | I do see construction workers on a daily basis though. I | also know the owner of a construction company, he's part | of my extended family. The wealth disparity between the | workers and my family member is obscene. There's no way | I'll ever believe they couldn't be paid better wages. | slightwinder wrote: | To be fair, the number of millionaires is overall pretty low | in numbers. Just some few dozen worldwide. Most top-streamers | "only" earn as much as upper middle-class or less. Compared | to other sketchy businesses, this seems relative ok. Be aware | that those numbers are before taxes and are not including | expenses, which can be quite high in the top league. | FartyMcFarter wrote: | I have donated to some chess streamers who make fun + | educational content I enjoy. I'm fine if that makes them | millionaires or richer than me. | zouhair wrote: | Isn't this what we do when we go see a movie or a sports | event? | meheleventyone wrote: | Isn't that the basis of the economy with the increasing | wealth gap and so on? It's not really materially different to | paying Disney millionaires to go watch the latest Marvel | movie. | swarnie wrote: | Maybe if viewed in a cynical way yes. | | At least when i donate to blue origin i get something | tangible delivered to my door. | | Where is the value exchange in being one of 10k people | building a faux-relationship with a hot tub streamer? | ohgodplsno wrote: | > At least when i donate to blue origin i get something | tangible delivered to my door. | | Undelivered promises and lawsuits against NASA to slow | down space exploration for all of us ? | input_sh wrote: | Same as with paying to see a Disney movie: entertainment. | It's just a bit more interactive, since streamers are a | bit more likely to interact with you after you give them | money. | MMS21 wrote: | >since streamers are a bit more likely to interact with | you after you give them money | | ohwee! the streamer _might_ read out your username along | with a scripted line after a 5 dollar | subscription!1Eleven | input_sh wrote: | Is there a point you're failing at making? In my mind | it's no different than, say, voting for contestants on | talent shows, or paying a camgirl, or pay-per-view WWE | events. Same thing targeting a different demographic. | Geee wrote: | It's a service. Service is a product that is consumed | when it's produced. | A4ET8a8uTh0 wrote: | I think the word you are looking for is entertainment. | You may not appreciate the value of said entertainment, | but then I don't really see a merit of donkey shows, | Kanye or just about any other entertainment figure. That | is the value. | | And by its very nature, it is ephemeral. | InvOfSmallC wrote: | I mean, in all honesty it's entertainment. To me Marvel | is better but someone prefer hot tubs. | meheleventyone wrote: | I mean it's not cynical (at least not anymore than your | initial comment), it's what we're doing and why I used | another entertainment option as a point of comparison. | | Of all the things on Twitch the value of Hot Tub streams | seem very upfront and I think it's pretty telling that | there are vanishingly few successful streamers doing it | and that for all the hot air people spew about its a very | niche part of the site. | kdmytro wrote: | Money transfer does not necessarily mean mutually | beneficial transfer of value. Another example of this is | theft. | bluecatswim wrote: | >It's not really materially different to paying Disney | millionaires to go watch the latest Marvel movie. | | I feel like it's substantially different, you are paying | Disney the money to watch the movie, you don't really care | about the actors or other people who worked on it. | | On the other hand, twitch users pay for the sake of paying | money, it's closer to something like strip clubs. | tsimionescu wrote: | I feel it's a much healthier model, you're paying the | creator directly to create the piece you want to see, and | to show it, for free, to others. | runnerup wrote: | I mean....sure, I guess, if you're only talking about the | top 10 or maybe top 200 streamers. | | My favorite twitch streamer, 'x5_pig' (996th highest | earner on twitch) only grossed $186,000 over 24 months, | and lives in a fairly HCOL area in Australia. I'm happy | to give him $5 or so to help make sure that he continues | to stream an EOL game, Starcraft2. | | Sure, he has other revenue streams as well but I can only | imagine the risk he takes by sticking with a game that's | been EOL'd. When Blizzard shuts down the servers I | imagine he'll have no career left at all and will likely | have to start over in a totally different career. I'd be | surprised if he could start streaming some other strategy | game and maintain enough earnings. | | I pay him $5/month to help swing his risk-reward balance | in favor of continuing to produce the content that I most | enjoy vegetating to after my 12 hour day of | coding/troubleshooting/collaborating. | | Sure, he has other revenue streams (YouTube, announcing | for major tournaments, etc). But I imagine for him it may | be important to earn enough over the 10 year life of | Starcraft2 to mostly-retire in case he ends up without a | "real" career. | | In fact, sometimes I wonder whether income tax brackets | could potentially include consideration for short-lived | high earning careers. Seems it might be slightly broken | to tax someone who has a stable $1MM/year income for 30+ | years (e.g. car dealership owner) the same % as someone | who makes $1MM this year, but next year might be earning | $40,000 working at that car dealership (athletes, | streamers, windfalls, etc). Seems like it might make | sense to allow people to "defer" earnings to future | years, as long as income tax is eventually paid in full. | This could allow people who unexpectedly earn $1MM for | just one year to spread out those earnings over 10 years | and pay a more appropriate % as taxes. Not sure what else | this could break though, or how much of a problem it | really solves vs. other things legislators could be | spending time on. | plywoodtrees wrote: | Some countries have this for selected occupations that | are commonly bursty. It could be good if it was generally | available: | | https://www.ato.gov.au/business/primary-producers/in- | detail/... | everdrive wrote: | >you don't really care about the actors or other people | who worked on it. | | Plenty of people do, of course. Celebrity worship is | quite common. | sbarre wrote: | That's a pretty harsh moral/value judgment on how someone | chooses to spend their entertainment money. | | What about comedy clubs? If I buy a ticket to see Dave | Chappelle, who is clearly wealthy, am I sucker too? | | What about paying cover at my local bar because a local | band is playing that night? | | What about buying tickets to a baseball game, to see a | bunch of millionaires play a game for a few hours? | | You are making it seem like users get nothing for their | money, when there is plenty of established precedent for | giving money in exchange for attending a performance. | | Sure the performance has changed, but the actual | difference here is that these Twitch millionaires (and | the rest who are far from millionaires) are literally | charging "pay what you can" instead of setting a minimum | ticket price for their show. Plenty of people (the | majority in fact) get the show for free. | theshrike79 wrote: | > What about comedy clubs? If I buy a ticket to see Dave | Chappelle, who is clearly wealthy, am I sucker too? | | If you would pay money for Dave to shout "Hey sbarre, | thanks for the donation" from the stage, then you'd be | doing what Twitch fans are doing. | bluecatswim wrote: | Sorry, I didn't mean that in a derogatory way. I just | meant twitch users pay for the sake of giving money to | their favorite streamers rather than paying for a | product. Strip clubs are the first example that came to | my mind, bands or comics also stand. My point was that | OP's argument about comparing twitch to movies doesn't | make sense because paying for a movie is no different | than paying for groceries. | CydeWeys wrote: | Like with strip clubs, when you give money to a Twitch | streamer, you're getting something in return. Twitch | subscribers get lots of exclusive access to stuff. | codetrotter wrote: | > because paying for a movie is no different than paying | for groceries | | Groceries are necessary for survival, and limited in | quantity. | | Movies and streams are similar to each other because they | are both video content. And as long as the creator of the | stream or the company behind a movie get paid enough to | make the content they could've received no more money and | still gotten by fine. | | Streams are a little bit different from movies though | because much of the audience is actively engaging in | conversation with the creator or making requests to them | etc. In that sense a stream has an aspect of limited | supply to it that a movie does not. At some point the | audience of a stream will be too big for the creator to | be able to meaningfully interact with all of them, and at | a point after that maybe even too big to be able to | meaningfully interact with _any_ of them. | | And so if you have a lot of people that want to interact | with you it makes sense to prefer interacting with the | ones paying you money, and to encourage them to do so. | And beyond that, it also makes sense to offer "exclusive" | content to people that pay. So OnlyFans makes sense too. | | What really has me upset though is thinking of the people | that are on the audience, among whom some people have | little money but also get so little attention IRL that | they are paying someone who already has a lot just to | interact with them and maybe even being deluded into | thinking that they have some form of "real" relationship | with them. That is very sad and something I don't think | has been studied enough and is not being talked about | enough. | valeness wrote: | I sub to twitch streamers I watch because dollar per hour | it's the cheapest form of entertainment besides | torrenting for me. | | There was a stint during the GTA V RP craze I had it on | in the background and watched it for approximately 6-8 | hours every day. I subbed to one streamer for like 5 | bucks. | | This averages out to like 2 cents/day for 240 hours of | entertainment. Cheaper than netflix, cheaper than cable, | cheaper than hulu... You catch my drift. I don't know how | this is different than me paying $80 to spend a night out | at the movies with my wife, other than it being insanely | cheaper? | lancesells wrote: | Groceries are so far outside of paying for any form of | entertainment. What does it matter if you pay for a movie | or tip a streamer? It's all content meant to be consumed | and replaced with more content. | | There are three things you need to survive: food, | shelter, and love/community. | | Entertainment can sometimes provide the last one | (love/community) but for the most part it's fulfilling a | need for distraction and/or curiosity. | sbarre wrote: | > I just meant twitch users pay for the sake of giving | money to their favorite streamers rather than paying for | a product. | | I still think this is a narrow view. | | So you don't consider a performance to be a product? | | How is going to the movies different from going to a | baseball game or a concert or a comedy club? | | If those are like movies, and movies are like groceries, | are we not back to the same point that people are | exchanging money for some kind of benefit, whether it's a | tangible thing they take home or an experience they | enjoy? | NineStarPoint wrote: | I think strip clubs are a fair comparison. All of the | things you listed, you pay money for access to the | experience. The money changes hands before you get in the | door. For both strip clubs and twitch, getting in the | door is free. In both cases what you pay money for is the | attention of the streamer/stripper in the moment you are | giving the money (or just because you feel like giving | money to them for the performance you are seeing.) | | A less emotionally evocative example might be giving | money to a street musician who accepts requests for | donations. Either way, the street musician is there | performing and you can enjoy the music whether you pay or | not. But the money gets you a bonus, and you're free to | give money regardless of desire to request a song. | sbarre wrote: | I'm not sure I agree that "paying money to get attention" | is the majority of the monetary interactions on Twitch. | | Or at least, maybe that's a welcome side effect but not | the main motivation for a lot of people. | | I am guessing here, I have no data to back this up, but I | feel like a lot of people sub out of gratitude and as a | show of support, and less to draw attention or get some | kind of shout-out.. | | I do watch a decent amount of streams on Twitch across a | few categories, but I've never subscribed or donated to | any of them, so it's possible I'm wrong here. | | Also I did make the distinction between paid performances | and "pay what you can".. That was indeed my point, that | Twitch differentiates itself by being an essentially "pay | what you can" service where the majority don't pay | anything, but lots of people still manage to make money | giving their work away for free. | Jxl180 wrote: | If the Dave Chappelle show were free but you chose to | donate your money to Dave Chappelle anyway, yes, you're a | sucker. | sbarre wrote: | Sure, I guess you could see it that way. | | Some people, on the other hand, like to reward others if | they enjoy the product/service/performance they provide. | | That's the nature of "pay what you can". If money is | tight, then don't pay, and don't feel bad about it. But | if you have disposable income, and you value the | experience, then give what you can as a form of | gratitude. | | It doesn't need to be said that if everyone took the | "it's free so I don't have to pay anything" route, then | there would be no show to see. | valeness wrote: | Twitch streams aren't free though. If nobody paid then | they wouldn't exist. It's just a voluntaryist model. | Those that pay, do, those that can't or don't want to, | don't. So I'm not a sucker for choosing to fund a form of | entertainment I find valuable. | | I treat museums the same way. When I was young and poor | my parents didn't pay to get in since it was optional. | But now that I'm older and I make good money, I donate | extremely well when I go to museums. I know that it's | voluntary and I choose to participate in funding it | because I enjoy the experience. | blitzar wrote: | They pay to have the person paid a couple of mil to say | their name on stream 'thanks bluecat for the sub' | rapind wrote: | I would assume big streamers are running a business too. | At the very least they are paying an accountant and | probably lawyer (for incorporation, taxes). I'm sure some | are also paying designers, editors, marketers, | advertisers, agents, managers, etc. | | On youtube you have streamers merging under the same | umbrella to create branded channels. | | IMO the differences compared to Disney is the scale of | the production and the interactive medium (which is | constrained by scale). Once you reach a certain scale I | don't think you can expect much direct interaction due to | the volume of chat. So really it's just scale. | the_duke wrote: | The difference is that Twitch viewers are already consuming | the content for free. | | Subscribing or donations are completely optional. ( | subscriptions get rid of the adds, but I doubt that's a | main driver) | meheleventyone wrote: | I dunno if you know this but you don't have to pay for | the Marvel movies either. | eurasiantiger wrote: | B..b..but that's... that's _piracy!_ | wizzwizz4 wrote: | Or just watch it on television. (You can even tape it | when it's on television... sshhhhhhh.) | SketchySeaBeast wrote: | Are you using VHS for said taping? I suddenly wonder if | this is one of those anachronistic phrases, or if people | no longer use it and you're revealing your age. | eurasiantiger wrote: | Imagine the people with adhesive tape in hand. | wizzwizz4 wrote: | At least it's less anachronistic than "record". | nso wrote: | Someone has to. | ohmahjong wrote: | You don't have to get bootleg twitch streams to watch | them for free | meheleventyone wrote: | Yes the monetization models are slightly different. You | can still watch both for free though. | freeflight wrote: | I don't think it's funny, I think it's sad because most of it | comes from the emotional exploitation of parasocial | relationships. | | Something we used to scoff at in places like Asia, now even | casual relationships are utterly commoditized and we taught a | whole generation of young humans how that's the most normal | thing in the world. | mftb wrote: | Agreed. I recently started exploring Twitch and in the | first hour of just sitting there watching it, I was | surprised how aggressively, exploitative it was. The fact | that it's young people there exploiting makes it even more | gross. | msie wrote: | Thank you! The hypocrisy is huge. | erk__ wrote: | The revenue in that pastebin have been double counted. The | corrected data is here: https://pastebin.com/LjmaPNam | pixxel wrote: | Whoa. Is gross per year or since account creation?! Either | way these numbers are insane. | erk__ wrote: | These are numbers since August 2019 as far as I am aware | _u wrote: | June 2019 is also included. July 2019 is missing. | pixxel wrote: | Crazy numbers. | uyt wrote: | Insanely high or insanely low? I actually felt kind of | weird that I make more as a software engineer than some of | these legit celebrities (not the very top ones of course, | but still more than many of the ones I follow or have heard | of) | Shacklz wrote: | I hope I didn't misread the numbers but to my | understanding it's just what they get from twitch | directly (ads/subscriptions share), most streamers | probably make significant amounts in donations on top of | that, and probably have secondary revenue streams via | YouTube (stream highlights etc.) | jschenk wrote: | Not to mention sponsors, sponsored streams, etc. | BlargMcLarg wrote: | Keep in mind this is just what they make which Twitch | knows about. Plenty of sponsorships, tournaments and | other income streams exist for a majority of these | people. | | On top of that, besides their eceleb status, most of | these people aren't _that_ professional. Plenty of them | are a combination of variety or casual, often to a degree | the person isn 't even _that_ good in games in general. | | Their production quality also isn't anywhere near amazing | (note it can be both organic and high quality), and other | parties (e.g. Hololive) have shown how easily the space | can be disrupted. For those curious, notice how many top | streamers still lack actual high quality audio (mostly | from their own lack of voice training rather than | equipment), proper schedules and sticking to those | schedules, high quality video when applicable (e.g. bad | light), allow themselves to get devolved in politics, | allow their streams to go majorly off-track in general, | etc. It's not like these guys don't have the means to | drastically improve it. | | And the obvious: we don't have anywhere as much of a | shortage of people willing to play games in an extremely | dedicated manner as doing software development. | meheleventyone wrote: | The other thing for comparison to traditional jobs is the | hours worked. Most streamers I follow work insane hours. | Then the other bits and pieces they have to pay for | themselves. For example taxes employers would otherwise | cover and things like health insurance in the US. | | On production quality, I think it's a mistake to think it | matters too much. Live streaming is a different thing to | television. In very much the same way Roblox is different | to AAA games. | | There's also a level outside of the more chaotic | personalities who make a lot of money in spite of | themselves where there is a lot of professionalism going | in to making things seem pretty casual because these | people know their audience. | BlargMcLarg wrote: | The hours worked is all over the place really. Some of | the top streamers don't work anywhere close to 40 hours | or past it. Others grind 10 hours a day for almost every | day of the year (often burning out a few years later). A | lot of the top streamers do a combination of taking | sporadic breaks, streaming only 3-4 hours a session, etc. | | The other problem with looking at hours worked is it's | hard to quantify sporadic interactions on multimedia and | the likes. Arguably the biggest drain, most of these | people are always "online" and have a hard time | unplugging themselves. This is further exasperated by the | momentum loss most streamers perceive when not streaming | for a long while. | | >On production quality, I think it's a mistake to think | it matters too much | | But we don't really know that yet. It's extremely hard to | quantify all these variables and what truly matters. What | we do know is many people in these circles have fallen to | the side since they were unable to keep up with the | modicum of effort newcomers put in despite their lack of | resources and despite the first-mover advantage these | old-timers had. At the same time, we see other parties | break through with new concepts while putting in a ton of | effort to market and PR themselves, and it worked, as | seen with the Hololive example. The top earner is | (apparently) also much more professional than the | majority of the top 10/100/N. | | >Live streaming is a different thing to television | | If anything, this is the biggest problem. If beginners | are expected/advised to put in much more effort and | resources to (increase their odds of) breaking through | compared to before, why is it acceptable for someone | earning a Silicon Valley-equivalent salary while living | in a much lower CoL area to stream in a dank basement or | attic with poor audio quality? This isn't a criticism as | much as a question. Maybe it doesn't matter. But it's | also the question which makes people wonder "should they | be earning as much as they do?" | falcolas wrote: | Eh, not always. Critical Roll, #1 on the chart with $4.8M, | has 24 credited employees, and who knows how much else | backing them up. | | It's an entertainment corporation that just happens to run | on Twitch. | theshrike79 wrote: | This is just one revenue stream, Twitch subs. | | No Twitch donations, Patreon, merch sales etc. | JohnWhigham wrote: | It doesn't include bounty payouts and advertising | payouts? | meheleventyone wrote: | Not really! | | If you arbitrarily take $50k as a living wage then it's | basically the top 2000 streamers who can make a living on | Twitch. Random googling tells me there were approximately 8 | million active streamers in September. Again arbitrarily | assuming that 7 million of those are 'casual' and doing it | for fun that means the percentage of streamers making a | living wage is 0.002%. | | Back of the napkin math but kinda depressing. | | Edit: Someone on Twitter told me that Affiliate status is | pegged around the top 3% of streamers. So taking that as my | new baseline for "trying to make it" since you can actually | get paid out, it raises the percentage to a whopping | 0.008%! | kristofferR wrote: | Worthy read: | | https://www.theverge.com/2018/7/16/17569520/twitch- | streamers... | meheleventyone wrote: | Right I take that sort of thing into account by snipping | off the vast majority of people active streaming. | Basically guessing that only the top million people | streaming are actually aiming to make a living wage. | Miner49er wrote: | The thing with Twitch streaming is that you can do it | from almost anywhere. So, $50k is maybe a bit high for a | living wage. | | Plus, Twitch is probably just one source of income for | many content creators. For many it's not their primary | source, but just a side source. YouTube, Patreon, | OnlyFans, outside sponsors, or even esports may be where | they make most of their money. | meheleventyone wrote: | > The thing with Twitch streaming is that you can do it | from almost anywhere. So, $50k is maybe a bit high for a | living wage. | | The thing is the power law curve is so strong that if we | take the top ten thousand which sets a living wage at | approximately $11.5k which is definitely not a living | wage in a lot of places people stream from then that only | improves things to the top 0.04% (of those trying to make | it). | | > Plus, Twitch is probably just one source of income for | many content creators. For many it's not their primary | source, but just a side source. YouTube, Patreon, | OnlyFans, outside sponsors, or even esports may be where | they make most of their money. | | If you read the original comment the gross amount | supposedly includes 3rd party revenue. | Miner49er wrote: | There's no way it includes all 3rd party revenue. Many | big YouTubers have a Twitch, and occasionally stream on | it, and they maybe make very little on their Twitch but | would be near the top of this list from YouTube revenue. | Dream, for example. | Loughla wrote: | This is a, maybe, long way to get to this, but keep with | me. I have always been fascinated by understanding what | is edible, useful, or "traditionally medicinal" in the | natural world around me. | | I have spent decades of my life learning about how to | use, propagate, and cultivate most plants, animals, | fungi, and minerals (not the propagate part here) in an | area +/- 100 miles from where I live. I've taught a | couple of State University extension classes, and | regularly sell at a farmers market the things I | gather/grow, just for shits and giggles. | | People have asked me for years why I don't do this for a | living. Why don't I do that instead of working a job that | I am neutral to, but that pays the bills. | | Because all of that sounds exhausting. Needing to | maintain a presence on so many platforms, interact with | so many people, and constantly be thinking about my next | _thing_ for all of the various platforms is just | exhausting. | | I don't know how people can do it without burning out. | ta988 wrote: | Don't they have helpers like gamers do? | Loughla wrote: | So then there's even more pressure to perform, at a | higher level even, to pay for the lives of myself at | least one other human entirely. I still don't get it. | lemoncookiechip wrote: | Fixed, thank you. | throwawaylolx wrote: | Is that all revenue, including subscribers, donations, ads, | etc.? The numbers are not that large considering it's data | for almost 2 years and a half. | | edit: I saw it mentioned in that /g/ thread that these | numbers are without the donations. | trinovantes wrote: | It seems the payouts follow the power law. Around 100 | millionaires, around 2k people at $100k, and the 10kth person | at $25k | [deleted] | y4mi wrote: | your pastebin was deleted. too bad | boringg wrote: | This is going to BLOW up the twitch gaming community with all the | infighting now that everyone knows how much everyone else makes. | Wow. | Buttons840 wrote: | Number of subs is often known, and the relative size of | channels is known. Unless someone's going to be surprised that | someone with double the viewers makes double the money, I doubt | there will be any surprises. | 0x500x79 wrote: | There are a few outliers in this data. Some streamers with | smaller viewer bases are making more because of exclusivity | deals, so I imagine there will be a little bit of drama. | lrae wrote: | Examples? And what makes you think that one-off payments | for exclusivity are in that data? Because they're not. | laken wrote: | Different contracts between Twitch partners have | different levels of ad density, as well as differing | amounts of cuts of subs/bits taken by Twitch. It's pretty | negligible though, and could have been kinda estimated | previously. For example, Hasanabi is claimed to have one | of the lowest ad density requirements on twitch (1 60 | second ad per 1 hour of broadcast, plus 3 minute ad at | end of broadcast) which does line up with him making less | than multiple streamers with less subs than him (and with | probable higher ad densities required by contract). | lrae wrote: | Yeah, this has nothing per se to do with exclusivity | though. (As in, XX months exclusivity to Twitch. For | those who don't know, every common partnered streamer | already is exclusively bound to Twitch for livestreaming | content. If he wants to stream somewhere else, he loses | his partnership. (And yes, there are exceptions, old | contracts, ...)) | | And "premium contracts" to keep talent were offered | pretty much since day 1, just looked quite different back | then. (Mainly just differentiated in sub share. For the | last 2-3 years they also include better ad payouts (and a | minimum of ad time), boni for minimum amount of hours | streamed, etc.)) | | And... every streamer who only cares a bit about his | business already knows, at least for the most part, what | kind of contract other streamers are on. | | So don't think there will be any (real) drama - but I | also didn't see or hear of any extreme unexpected | outliers. | saurik wrote: | I was under the impression that Twitch streamers were able to | be directly tipped by viewers (as opposed to being paid by | the view or something by some centralized payment | distribution point) and so while there would of course be a | correlation on viewers to income, the variance is going to be | high... some people are going to be much better at monetizing | their user base than others, and I would at least expect the | streamer's charm, business model, and audience targeting to | swamp a mere 2x difference in viewers. | boringg wrote: | I think a lot of the general public / viewer base is not | aware of how much money streamers are really making. And I | would guess other streamers have a sense but not total | amounts. We will see... | xboxnolifes wrote: | Highly doubtful. Anyone who was already making money from | twitch knows how the payment system works and can guess how | much someone else makes based on views/subs. Anyone not on the | inside already had access to website that gave close enough | estimates. | canada_dry wrote: | > Vapor - an unreleased competitor to Steam | | Until Steam has a couple major screw ups, potential competitors | better have tons of capital to keep throwing at their platform- | in-waiting! _Amazon does have the $$$, but they also have hungry | shareholders that won 't wait like they used to_. Gamers by-in- | large quite like the platform Gabe has built. | vkk8 wrote: | I guess they could tie it to Amazon Prime (like they did with | Prime video) and just let Prime cutomers download any game on | the platform without paying extra. | WorldMaker wrote: | Prime Gaming has been giving "free games" to people for | years. They already have a huge "back catalog" for some users | in the weird bare bones "Twitch Launcher". Expanding that | into a full store wouldn't be the hardest play for them; if | anything the surprise is that they've been so slow to do | that. | beckman466 wrote: | Palantir next? | gverrilla wrote: | I don't understand it: these companies have enormous funding, an | army of employees, and they can't provide the service reliably | (both regarding consistency and safety). What all these coders do | all day? I'm asking as an uninformed party of course. But it | looks to me like these are companies that build bridges, and | their bridges are collapsing all the time. | lopis wrote: | What do you mean? You think all coders are security engineers? | All code has dependencies, often dozens of them. You might just | need a single vulnerability in a trusted third party library to | allow this to happen. These are humans creating these products. | I would say that SPECIALLY because of the size of these | products, vulnerabilities are inevitable. | ryandrake wrote: | > What do you mean? You think all coders are security | engineers? | | Now, imagine using that argument when a bridge falls down. | "What do you mean? You think all the bridge builders were | safety engineers? Bridge components rely on different | dependencies, often dozens at the same time. You just need | one point of failure and boom, it collapses. These are humans | creating these bridges. I would say that SPECIALLY because of | the size of these bridges, collapses are inevitable." | andrewzah wrote: | Comparing bridges to a streaming service is nonsensical, | frankly. | | People die when bridges collapse. People get mildly | inconvenienced if twitch is slow or down. | | Accordingly bridge construction takes security & safety | much more seriously throughout the project. And it's orders | of magnitude more expensive to build and check bridges for | safety issues, etc. | eddieroger wrote: | Uninformed point of view - I'd be curious the split of that | army of employees, since the money isn't in keeping the lights | on, it's in sales and feature development. Stability is rarely | the forethought unless it's there from day one. It probably | takes a lot of money and human hours to keep the streamers | engaged, and far less to watch Grafana dashboards. | mFixman wrote: | A company cannot out-engineer bad management nor out-manage bad | leadership. | | A lot of people who worked in giant tech companies can tell you | stories of talent being wasted on tight deadlines for | unnecessary projects. | dekerta wrote: | Your analogy would be more accurate if the bridges were | constantly being blown up by terrorists. Designing perfectly | secure online systems is very hard (if not impossible). | Software is very complex, and people are trying to break in | constantly. It only takes one person to get lucky or find a | vulnerability | fellellor wrote: | Because so much of programming is written at a high level, most | coders don't know what the hell they are doing. Maybe the level | of abstraction achieved makes it impossible to know. | | Edit: One of the reasons is that because there are a very few | people (probably) who do the low level stuff, there aren't | enough eyes on the code and a lot of vulnerabilities left in | production. | | Software companies are maybe incentivised to hire a lot of | programmers who can start delivering on day 1. This wouldn't be | possible without the convenience afforded by high level | languages. | terramex wrote: | _> Some Twitter users have started making their way through the | 125GB of information that has leaked, with one claiming that the | torrent also includes encrypted passwords, and recommending that | users change their passwords to be safe._ | | Twitch just asked me to change password for the first time, so it | sounds credible. | thinkingemote wrote: | Its possible, if theres a full database dump that direct | messages could also be leaked, which could be incredibly | damaging. I'd guess that these would be in another storage | medium however. | | One wonders. Why are encrypted passwords stored in an external | code repository? | Le_Dook wrote: | I'll be curious as well once this makes it's way to | haveibeenpwned. Requested for it to be deleted and forgotten | few years back, wont be the first time an account of mine has | been "deleted" to then miraculously be hacked or caught up in | a leak | swarnie wrote: | Kind of worrying considering my twitch is linked to my Amazon | account, and all my banking credentials are linked to Amazon. | Workaccount2 wrote: | If it's any comfort, for some reason twitch uses Xsolla as | it's payment processor. That is, you cannot pay for premium | twitch with your amazon account. | jrootabega wrote: | Agreed. Hopefully you will be correcting that. | rawling wrote: | That's only a very narrow link though, isn't it? Just lets | you claim Prime benefits, doesn't give access to Amazon | purchasing or payment details or anything? | lethalbas wrote: | does any1 have the link to the leaked password hashes? askin for | a friend | 1121redblackgo wrote: | Are you seriously asking for pw hashes. | [deleted] | rawling wrote: | According to the /g/ link at the top of the thread, they're not | in this "part 1" torrent. | ToddWBurgess wrote: | You really have to feel bad for the IT staff at Twitch who I | expect are going to have a bad day today. | hkai wrote: | Is this the first major porn site to be hacked? | y4mi wrote: | Twitch is not porn. It's maybe a gateway to onlyfans, but you | cannot have sexual content on twitch. | | Even YouTube allows more nudity then twitch. | | So yes, there are girls wearing bikinis and underwear on | camera, but that's as far as it goes. | bogwog wrote: | It's called "softcore porn". | | > Even YouTube allows more nudity then twitch. | | Nudity alone is not pornographic. | hnick wrote: | I saw them doing microphone licking lately. Apparently that's | popular. | vadfa wrote: | That depends on your definition of sexual. If you have | someone in underwear with the sole purpose of arousing people | of the opposite sex, that is pretty sexual to me. | slightwinder wrote: | Porn and sexual are not the same. There is a line, and so | far Twitch stays on the safe side of it. | bettysdiagnose wrote: | The claim the commenter you replied to was referring to | was: | | > you cannot have sexual content on twitch | | Which is obviously completely, completely false. | pixxel wrote: | They are not the same. Defined age-restricted pornography | is arguably better than highly sexualised content aimed | at children and their pocket money. | onedr0p wrote: | It's sarcasm my dude. Twitch is notorious for giving female | streamers a pass when it comes to nudity or inappropriate | behavior, all the while banning male members for accidentally | clicking on a NSFW link and it being shown on steam for | seconds. | Semaphor wrote: | A channel I mod got a 1-day suspension because you could | see the crack of a drunk guy mooning them (despite | instantly stopping the stream and deleting the VOD before | starting again). A few weeks before, two girls flashed | them. That obviously did not warrant a ban. | vscodered wrote: | >there are girls wearing bikinis and underwear on camera | | Is it really hot in their rooms or are they sex workers? | nickysielicki wrote: | The microphone ear licking channels are definitely more | sexual than many "NSFW" subreddits. | | What actually defines porn? It's hard to say, but you know it | when you see it. Spend 5 minutes watching any of the ear | lickers on the front page of twitch and make your mind up for | yourself. I find it hard to come to the conclusion that it's | not porn. | fc373745 wrote: | >the leak was intended to "foster more disruption and competition | in the online video streaming space" because "their community is | a disgusting toxic cesspool". | | the irony in that it was leaked to 4chan | zalequin wrote: | The irony is that this post itself is ironically toxic. Kekw. | h_anna_h wrote: | Not really, I would go as far as to argue that it is less toxic | than reddit, twitter, and even HN. | wizzwizz4 wrote: | Parts of it, yes. But the famous parts are _horrible_ ; I | don't remember the last time HN ran an international | cyberbullying campaign. | QuinnyPig wrote: | I thought it was called "YC Demo Day." | wizzwizz4 wrote: | There's a difference between vicious mockery of a company | and its founders on a single website, and having randos | holding knives knocking on people's windows. | h_anna_h wrote: | > and having randos holding knives knocking on people's | windows | | Are you referring to some specific event? | wizzwizz4 wrote: | An amalgamation of multiple events. (I was lying when I | implied I remembered the last time 4chan did this kind of | thing; it happens so often.) | | The one I was thinking of, I misremembered: it was | actually an (alleged) stabbing. https://www.theregister.c | om/2021/07/07/tenacity_maintainer_q... | alphabetting wrote: | maybe on streamers with less than 50 viewers. every twitch | stream i've seen the chat is easily 100x more toxic than any | HN thread. ridiculous comparison | h_anna_h wrote: | Huh? I am not talking about twitch. If anything this just | shows that you disagree with | https://news.ycombinator.com/item?id=28771025 which is the | post that I am replying to. | wokwokwok wrote: | Mmm... well, if you're received what you consider to be toxic | interactions on twitter, reddit and even here, but not on | 4chan, have you considered that the common factor is perhaps | not that all of these platforms are toxic... | | ...but that your views are considered problematic by quite a | lot of people? | | Perhaps that could be some cause for self reflection before | you universally declare the entire platform here hostile and | toxic. | h_anna_h wrote: | People on 4chan will call you slurs and insults but it is | never personal, part of it is due to the anonymous nature. | People here will be personally vicious and hostile. | | > ...but that your views are considered problematic by | quite a lot of people? | | You do not know what my views are. It's as if you are | trying to prove me right honestly. (btw, I am not posting | on reddit nor on twitter, nor 4chan for that matter) | | Plus the same could be said for the toxic interactions that | you had on there. | | > Perhaps that could be some cause for self reflection | before you universally declare the entire platform here | hostile and toxic. | | Again, same thing for you. "Perhaps that could be some | cause for self reflection before you universally declare | the entire platform there hostile and toxic." | matheusmoreira wrote: | > your views are considered problematic by quite a lot of | people | | What I consider problematic is the fact these people will | organize massive efforts on Twitter to ruin other people's | lives because they posted wrongthink. They make the 4chan | raids I've seen look amateurish. | qersist3nce wrote: | Indeed. There is some downright grotesque "malice" in | Twitter cancel-culture efforts. It's really strange they | are not self-aware and call 4chan (~last bastion of free | speech) _toxic_. | | Yeah, 4chan is toxic and savage, but at least they are | honest and _humane_ in a candid kind of way. | | The cyber-bullying's of 4chan is trash though... | matheusmoreira wrote: | Yeah. 4chan is supposed to represent people's unfiltered | thoughts, what people really think when freed from social | consequences. This produces a wider spectrum than what | most people are used to seeing, both good and bad. | | While 4chan posters occasionally get organized and manage | to operate outside their borders, these incredibly | malicious activities just aren't something I associate | with them. They're the specialty of groups like kiwi | farms who are responsible for the suicide of at least one | video game console emulator developer. I was shocked when | people told me about byuu's suicide here on HN. | throwrqX wrote: | This is patently ridiculous. The biggest boards on 4chan, | particularly /pol/ have widespread support for the genocide | of Jews, black people, Muslims and women. Well maybe not all | women, a more common view is instead that they should be | enslaved to men. This kind of correction should give an idea | of what kind of ideas are popular there. | h_anna_h wrote: | 4chan is not only /pol/. The culture between boards is | vastly different. Although I do not disagree, /pol/ | specifically _is_ toxic. | | And it's not as if reddit does not have its own share of | similar forums. | throwrqX wrote: | Of course 4chan is not just /pol/ but it is the biggest | board, and together with /b/ contribute to plenty of | hateful content as I mentioned. The culture between | boards is different but /pol/ refugees in particular have | been spreading to other boards for several years now and | it's very annoying because even if a small group of them | decide to visit a board regularly then they can ruin the | culture because of relative sizes between the boards. | Reddit and Twitter have their own problems, particularly | with echo chambers but the biggest subreddit on reddit | isn't spewing anywhere near the same kind of shit as the | biggest board on 4chan does. | nodejs_rulez_1 wrote: | It would be good to have a streaming service where simps could | be called out as such. | Loughla wrote: | Real question - why does it matter to you? If that's how | people want to spend their time and money, and it makes them | feel good, even if they look foolish, what does it matter to | you? | | I'm really bad at woodworking, but I do it a lot, and I've | spent a crap load of money on it. Does that matter at all to | anyone else in the world? | andrewzah wrote: | Our societies do regulate how people can spend their time | and money in certain regards. I don't think that's | necessarily wrong. Smoking is banned, some countries have | labeling for unhealthy products, and so on. Things can end | up affecting other people in the long run, so I don't think | it's unreasonable to contemplate addressing stuff like | this. | | I think the main issues overall are encouraging parasocial | relationships, and also the problem of selling sex to kids. | I'm no prude but I think it raises some ethical questions | when you have gaming content and sexual content in the same | spot. If I had kids, that would matter to me. | nodejs_rulez_1 wrote: | Woodworking will leave you with skills, experience and a | wider physical social circle at best or re-sellable tools | and a story to tell at worst. | | Simping is more like an alcohol consumption - damaging and | the first step is acknowledging a problem exists, often | through an intervention. | throwawayswede wrote: | I have a theory that the more people use words like "toxic" or | "cesspool" the more likely they are the ones causing and | creating it. | d3nj4l wrote: | It's almost certainly tongue in cheek. | squarefoot wrote: | https://en.wikipedia.org/wiki/Psychological_projection | incahoots wrote: | They're using it "ironically" which at this point is coming | off as genuine | incahoots wrote: | Based. Lot of streamers gonna feel some blowback on this. Not | that it should matter but supposedly there's a bunch that lie to | their chat about the income they generate. | 1121redblackgo wrote: | Are we sure that we are comfortable sharing the actual leak on | this website? If we are, fine, but that is a choice we are | making. | fexelein wrote: | Why not? | 1121redblackgo wrote: | It's illegally obtained information, sensitive information, | about thousands of individuals and their personal businesses. | I don't think its appropriate, and I would hate to be on that | list right now. | corobo wrote: | Isn't this the exact argument search engines have been | fighting for years in relation to piracy? The data hasn't | been provided, a link to the data has been provided | 1121redblackgo wrote: | Sure. Morally what do you think is the right thing to do? | willmorrison wrote: | That's up to the person posting it and there shouldn't be | a rule deciding either way for them. | theknocker wrote: | Cover up the leak and pretend it never happened, | obviously. Let's make it hard for twitch users to even | find out what was leaked about them. That will help. | corobo wrote: | Morally I wont be using any of the data. The data however | is out whether you roadblock access to it or not. | | The chances of you stopping someone who's nefarious | enough to use the data but so non-technical that they | can't find a magnet link is so low it wasn't worth me | typing this sentence about it | sillysaurusx wrote: | Hi ya'll, I have a question. | | My wife and I can't wrap our brains around the fact that _payment | info_ was leaked alongside _source code_. | | Any theories how this happened? | | Former pentester btw. I saw a lot of interesting things during my | time, but I can't recall seeing a payment database next to a | source code repo. | | Did their s3 bucket get popped or something? | | Even if their github enterprise got popped, that doesn't explain | that streamer payouts down to the dollar were leaked. "Oh yeah, I | commit all my stripe data into github. It's for compliance /s" | | EDIT: If you want to see how much everyone's making: | https://www.reddit.com/r/LivestreamFail/comments/q2gooi/twit... | beckler wrote: | My guess is it was an disgruntled employee who took a copy of | all this data. | mkr-hn wrote: | Theorypothesis: the pre-Amazon acquisition company had very | informal access controls, and Amazon is known for limiting | how much change it imposes on acquisitions, so didn't know | about this or didn't change to a more corporatey way of | controlling access. | dgemm wrote: | IIRC twitch was always very resistant to Amazon processes | like COEs, so I wouldn't be surprised if they pushed back | on stricter access controls too. | ryanlol wrote: | > but I can't recall seeing a payment database next to a source | code repo. | | I suspect you just haven't looked at what the BI team has been | up to. This seems like exactly the kind of stuff BI folks | always leave on git. | ssklash wrote: | Also a pentester. My guess is they just had really broad access | to Twitch's systems, not that card data and source code were | together. Given the amount and range of data, wide-ranging | access to their infrastructure is the only thing that makes | sense to me here. | garyfirestorm wrote: | Are you guys (other commenter) are professional pentesters? | How do you become one? Do you freelance or work full time | 8-5? | ganoushoreilly wrote: | There are a ton of companies hiring pentesters. Most | testers fall into the profession after having worked in | other network or IT related professions. A few are free | lance, most work for a company or in my case start their | own and expand out services. It's not really any different | than any other tech job at the end of the day, it just | seems glamorous. Don't become a pentester if you're not | ready to write extensive reports.. it's probably 75% of the | job. | | With that, there are tons of specific disciplines you can | focus on for pentesting. I'd figure out what excites you | and then go for it. Web app is diff than physical | exploitation of security systems etc. but some of them | cross over. | | Another option. Work for the government, join a red team or | apply. They'll train you and you'll leave with a new | perspective and possibly knowledge you can't get elsewhere. | anonymouse008 wrote: | [potentially off topic] | | > if you're not ready to write extensive reports.. it's | probably 75% of the job | | Do you happen to have a system for building these out? As | a techie, I imagine you've tried something like text- | expander or similar... but I see a lot of people | unsatisfied that they end up building their own tools. | ganoushoreilly wrote: | Yes, We have a few tools that fill in based on scan data, | with typical points of data, but a lot of what we're | doing requires it's presented in a few different | perspectives. Generally we provide a couple reports, the | Highly Technical (with notes, logs of actions, etc. This | can be hundreds of pages, but it's meant to be a | reference for the engineering teams fixing what we found. | We also sometimes provide full screen captures of the | "ops". Second we provide a paired down version of that | report with issues and recommendations, usually for the | person that's hired us. It includes what we recommend for | them to be successful. Finally we provide an Executive | report that is designed to be presented by the second | report recipient. Usually we've addressed the high level | issues, helped with internal requests if possible (IE | IT/Security wanted a budget for new firewall, we help | boost that with our report as part of future planning | etc.) and ultimately this report is designed to give | whomever hired us the ability to be the rockstar (we're | just the tool). | | So all in, there are different tools needed for each | report. Fortunately the way we capture the data and notes | through out the "op" makes it much easier for the team to | put together each part. | | There's ways we could automate more, we've even messed | with AI writing some of the suggestions and actions based | on input. So far though, we still need the humans in the | loop. | | Honestly the first few reports are hardest, after that | you find a process and it becomes much easier. | mzfr wrote: | Depends actually, if you just want to do pentesting then | probably do some certifications like OSCP, CompTIA, etc. | Once you get those its quite easy to land a interview for | pentesting. | | Initially job may not pay good but you can build your | network and then probably start doing contract works. Most | of the pentesters I know make more from freelance/contract | work then their jobs. Because mostly those | contract/freelance work pays on hourly bases. The initial | hour rates usually are somewhere between 40-50 USD but they | can go to 120-150 with just after few jobs. | | P.S - I might have made it sound a very simple or easy | profession but its not :) | ganoushoreilly wrote: | I would add that the more experience and time you have on | the job those contract rates go up exponentially. I would | also recommend if you're free lancing that you still do | it under an LLC and purchase a liability policy. Too many | risks. | | For example. In 2012 average consulting hourly rate I | charged $350. Stayed booked. 2016 $550. Stayed booked. In | 2018 I had a couple really large clients that paid | $1500+hr | | There's gold in the hills, the trick is to figure out how | to sell the pans, water, plots of land, and | transportation to them. If you can work in complementary | services or referrals for all the above, you just made | yourself even more valuable. | ganoushoreilly wrote: | Curiously the torrent is labeled part 1 so my guess is there | was a wide breach and this was just some of the data they | wanted to put together. | | There are devops tools, soc tools, and a ton of random things | here, I guess we'll have to sit and wait to see if more | follows. | slightwinder wrote: | There are several ways why this could have happened. | | 1) The payment-data were just artifacts left on some file- | server or from a process, which was accessible from dev-space. | | 2) No real systems were accessed and everything, it's all from | a bad backup-server or poorly managed worker-pool. | | 3) Multiple Persons got hacked. | | 4) Exit-Scam of one or more Workers who just had broad enough | access for some reason. | | 5) Twitch's security is just that bad. | | Some notable thing is, the payment-data are quite limited, | there are no real private data it seems, and the git-history | seems also be missing. It's not sure whether this is on purpose | and whether more data will follow. But this overall hints so | far that this at least was not a full deep hack. | oauea wrote: | some of the leaked code has embedded credentials in it | bobmaxup wrote: | Yeah, it looks like there are a lot of hard-coded | credentials, and one of those is to a twitch_reports | database, which might be where these financial reports came | from. | [deleted] | MarkSweep wrote: | Maybe they backed-up both to the same place and their backups | got hacked? | [deleted] | iuri1 wrote: | Either database dumps are in commit history (very common) or | credentials like a password for a database is (even more | common). | | A third reason would be finding a security flaw in the source | code and exploiting it. | Seanambers wrote: | Amouranth made $92,949 licking a microphone - LOL. What a | world. | semi-extrinsic wrote: | https://xkcd.com/305/ | tgsovlerkhgsel wrote: | Rule 35, quoted either as "if there is no porn of it, it | will be made" or "if there is no porn of it, you are | required to make it". | colinmhayes wrote: | In a month. Plus donations. Plus youtube. Plus only fans. | Plus I'm sure she sells merch. | raxxorrax wrote: | I guess if you have access to a build server that you might spy | out some access credentials to other venues. Not impossible at | least or perhaps some sort of service account was compromised | that had access to both. Doesn't mean there was an immediate | proximity of these system, although that might also be | possible. | notsureaboutpg wrote: | The source code details how to access the payment data, | probably, for dashboards, etc. | [deleted] | Seattle3503 wrote: | This seems like it getting downmodded. It has over 850 points | right now and isn't on the front page. | pid-1 wrote: | Managed git services suck at providing security that scales | beyond a few devs. Most orgs that use GitHub are exposed to the | risk of having their source code leaked by current or past | employees. | | I'm hoping this leak will have serious financial consequences and | bring awareness to that. | madeofpalk wrote: | How do you stop that? To write the code you need to have access | to it. | | Really it just comes down to trust, and not having anything | actually sensitive in the code, no? | tiepoul wrote: | I'm curious about the contents of the zip files. I do feel that | something is interesting about its contents. ___________________________________________________________________ (page generated 2021-10-06 23:00 UTC)