#InfoSec (Facebook Bug Bounty): "significant security or privacy risk."
My latest report - Photos Can't Be Hidden From Page Timeline and News Feed
Vulnerability Type: Identification / Deanonymization
FB: Thanks for reporting this issue to us. After reviewing the report, this issue does seem to introduce significant security or privacy risk. [...] As we might introduce changes in the future to fix this issue, we won't be able to reward you under our program.
ME: If the issue introduces "significant security or privacy risk," why am I getting no reward? And if you "might introduce changes in the future to fix this issue," it sounds like you're stealing the info that I provided to improve Facebook.
FB: Sorry that was a typo :) What we were trying to say that the issue does not introduce significant security or privacy risk to pass the minimum bar for our bug bounty program.
For those keeping score at home, my record is still perfect: 0 for 5.
Happy International Workers' Day!