Closed LilithWittmann closed 3 years ago
T-vK
commented
3 years ago I highly agree. This is absolutely ridiculous. You're essentially begging the reverse engineerers to sell their exploits to the bad guys, instead of disclosing them. Stop pretending you care about security. Set up a bug bounty program and make the code open source!
LilithWittmann
commented
3 years ago Fixed in the current version of the terms of service. (But that creates a bunch of new issues)
philipp-berger
commented
3 years ago We removed the part about reverse-engineering. Please note, that this does still explicitly forbid attacks against server infrastructures or similar.
Unfortunately, an information channel for changes for example mail does not exist by design in the current version.
Since this change does not introduce any new obligations on the part of end users, both the existing agreement and the previous version can be referenced.
FrankGrimm
commented
3 years ago Proposal for future changes: ToS change notification of some sort when opening the app / web app if it changed since it was last accepted on the device in question.
MarcusWolschon
commented
3 years ago If this has been fixed, why is the issue still open?
reneme
commented
3 years ago TOS were changed accordingly. Closing.
As your TOS currently states
it is basically illegal to do any kind of serious security research except reading your br0ken security documentation.
So if I do any responsible disclosure stuff for your system the next thing I probably would have to expect from you is a letter from your lawyer.
As I hope this is not what you venture-funded 🤡 actually want, just remove this part from your TOS.