The tone of the article is unprofessional to say the least. You could remove the argumentative tone, vitriol, and insults and have a more impactful article that reflected well on the author while appropriately warning people against this company. Please, don't choose team troll.
Personally, I find the tone of the article appropriate for the response received. The first email clearly set the tone as cordial and friendly while still being urgent. The response was in a clearly adversarial tone. So the prompter adjusted their tone accordingly.
It wasn't necessary to match tones with the person whom wanted to be uncharitable, but it definitely feels more human to me, which is who the writing is for: humans. I would have been fine with an info dump, but I enjoy turnabout as much as any other fan of fair play.
If you want all the clicks and comments and drama you can get, staying professional is just boring.
Professionalism minimizes the risk of derailing or devaluing your argument by you being rude, inappropriate, etc. and avoids aggravating your counterparty. If - as in this case - the goal is NOT Internet drama but rather an improvement in security - the best way to do that would be to remain professional.
It is a question for the author of the piece which angle they prefer - consider that keeping it cool calm and collected is the slow way to build an audience.. even if the audience it builds is more engaged.
While there's a large audience for Jerry Springer style content, verbal abuse and stooping to the level of someone you're criticizing are not required. I don't read HN for name calling or childish taunting. It is always dispiriting to read, and even more so to read people defending. Humans, as you note, have base instincts, but giving into them and catering to them should be left to X and other sites devoted to pandering.
The author is not acting in a professional role here.
He, in his own time, discovered a pretty serious exposure of information and politely informed them. They decided to not be polite in return. He responded in the same tone as them.
There was never any professional obligation, nor any obligation for the author to inform them of their breach at all, nor was there any obligation to give them time to notify clients before publication. Those are all courtesies.
This man didn't choose team troll, he responded to team troll in kind.
To double down here, the author did the correct thing by using their snarkiness.
If someone who in theory is a professional (the company that left all of this in the open) responds in an unprofessional way from the start - you are done using professional tone. That tool isn't producing results. Stop using that tool.
The goal is not to model perfect manners - it is to bring attention to a breach so it can be remedied. The author understands this and has acted so to achieve this result.
Not a journalist or a reporter, posts aren't meant to be professional. The only reason I even write any of my posts is because companies DO NOT disclose incidents at all, so I have to do it for them.
I thoroughly enjoyed the post and thought your tone was appropriate, entertaining, and kind of kethartic. You didn't call them names, engage in ad hominem, or do anything click-batey. You were understandably irritated at how they talked to you and how they were clearly trying to hide a massive exposure from their users. And then you shredded them with data.
A+ - And thanks for trying to keep folks like this honest!
To be fair that doesn't appear to be an ad hominem because the author lists many facts supporting his assertion none of which was particularly personal. Nor is it name calling as he compared the CEO to a toddler, but did not say that he was a toddler.
I was also ready to chalk this up to "Yet another security researcher needs to learn how to play well with others..." but the moronic and indigent response from "Sean" makes it clear who's wrong here.
Imagine an alternate universe where "Sean" wasn't so aggressively stupid, and instead replied: "Thanks, JayeLTee, we took the database down while we do an audit. We don't think there were any access, and we would rather you not go public about the findings, but it will take us time to check. Please hold off on your publication until [DATE] and we will be in touch."
There. That didn't take much effort! But, no, "Sean" chose belligerence and threats rather than professionalism. I don't know what is wrong with people who just seem to default to "bad attitude" in their communications.
The company did reach out and said something similar, I held my publication for months months waiting for a reply which they said they would send and ended up finding out their were filing breach notifications to multiple states and never said anything back to me.
Concur. Tone comes off as "toxic manboy". Not sure why the author chose that tone. I would not hire them for their security services just yet, no matter how big a genius they are. Maybe once they understand the world is made of people, not rational actors.
I see this kind of take every time someone exposes incompetence. I get it - you'd rather hire a marketing person to use buzzwords than someone like OP. That's your prerogative.
Hardly. There are simply two ways to expose incompetence. You can be nice or you can be a prick. Your choice. Seeing your handle, you may find it interesting to note that my master's degree in CS was completed at the Technion. I am not looking for marketing people or buzzwords. I am looking for people mature enough to handle other people and get the job done. For example, if you tasked a security boy genius with pushing a fix and all they ended up doing was alienating the dev team, then you are scoring an own goal. I want bright AND mature. I am picky that way.
Even in a professional setting, you are not obligated to coddle aggressive stupidity. That's how we end up in a world where nobody says what they mean, everything is just BS on top of BS, and nothing improves. Being direct, being honest, and being accurate are critically important in professional technical work, and while it's not necessary to be antagonistic, it is completely reasonable and socially acceptable to respond in kind to the energy you get. People who are aggressively stupid do not get a pass.
The author is more professional than the sean was, and conveys the correct amount of disgust we should all hold for this company and it's leadership.
The point of the essay was to be disrespectful of the CEO. Slightly less disrespectful than the CEO was, so IMO he still holds onto the high ground of ethics.
Please do choose team troll. The correct response to someone being a shitter, is not always to kill them with kindness. A lot of the time it is, but this time, I'm clearly on the authors side. He tried twice to be kind, was ignored and then insulted. When really he was owed a thank you, not to be disrespected.
The tone doesn't have to be professional. Not everybody owes you professional courtesy, especially when you're giving away personal information on your customers.
