So of course you give your work email as verification to blind. Is there any way to map my blind profile to that address? Say blind got hacked and their DB was dumped. #misc #security #privacy
I think it's been discovered that emails were only kept for accounts that have zero posts. Wasn't there a hack a few years ago? Otherwise, the account is a hash of email + password. This is supposed to be evidenced by the fact that you could create more than one active account on the same email address by using a different password. (I haven't tried this, but it's supposed to work.)
If email ids aren't stored as plain-text, how does blind send the re-verification emails?
I've never seen reverification emails, what's exactly the flow for those? Many people report keeping accounts for years after leaving, so I'm not convinced that these emails aren't simply user error.
How do you think you're able to login with your work email on blind ?
It's claimed to be a hash of email + password. You cannot login with email, and you cannot recover the password, either.
I thought you can only login via username.
You'd be foolish to trust Blind, or any centralized system
Go sell your NFT to a different idiot
You okay?
There are many ways that a blind user can be identified - given enough leverage. - your email admin can potentially brute force every email in the company and gain access to all blind accounts - email admins may selectively forward all blind emails passively and have access to all your accounts already. - your company managed devices may have a network proxy installed, and since you explicitly trust all certificates they may be able to unpack all traffic and snoop - if you’re on VPN same logic may happen but now more efficiently since your company controls the VPN servers - for sensitive enough reason, your company may subpoena blind to reveal your identity. Blind may claim it doesn’t have emails, in which case they’d have to comply with some brute force way to map emails to hashes. - for even more influence at high places blind’s data may already be dumped along with emails-usernames through a mandated back door. All of these are possible - but unless you’re revealing really compromising info or high value company secrets, our random TC rants and manager bashing aren’t worthy of such attention.
What's your level and TC? The email admin attack vectors you propose are simply not possible on Blind, because you cannot recover password or login with just the email. If you forget your password, the account is gone.
Would my level add any credibility to any arguments I’m making? 😄 By account gone are you referring to your previous messages getting deleted? That would make sense as defense in depth, but as I recall it wasn’t the case about 18m ago. When I switched companies. Getting access to your account - either actively or passively is quite possible as email admin.
If blind implemented their algorithm carefully no. Their high level design is secure. In reality? They probably have enough log files with time stamps and such that a hacker could construct a mapping.
Do you have any reference for “their high level design is secure”?
As an external observer you can obviously deduce their high level design is obscure- but can’t tell for sure that it’s secure!
You could also open a g-suite account with your own domain, make your blind acct, then cancel g-suite subscription. Optionally as g-suite admin you could try to hack your own blind account based solely on what you found in email. This is a relatively inexpensive experiment.
I have nothing to worry about leaks because mah blind community takes care of ‘em by flagging my content. Thanks blind fam, u da best!
If blind DB gets leaked lots of people with cushy high TC jobs will be fired and screwed 😂
Why? I don't see anything that is obviously a firable offense (no trade secrets or anything)
It’s legal for a person to share their TC with public identity. It’s not legal to share someone else’s TC with their public identity without their consent. Blind is safe in both aspect
Tech Industry
Yesterday
382
Is it good choice to buy cyber truck now ?
Tech Industry
8h
964
Women, help me understand why this is inspirational
India
Yesterday
1255
Modi is a legend, will be remembered for centuries to come
Cars
Yesterday
964
Do you really feel special in your Tesla?
Tech Industry
1h
1197
What happens when most of your team is Indian?
If Blind got hacked, it will be the biggest( and most hilarious) tech scandal in all of human history
Not really. The only thing we do here is make fun of Earth's Best Employer, and discuss TC and the next steps for Focus/Pivot and FMLA. We're already allowed to do that on internal channels on Amazon Slack, like pay-equity and i-got-pipped-en. So I fail to see the scandal part of it.
Can we get some screenshots of that channel