Last week, I wrote about how Joshua Aaron's ICEBlock app, which allows people to anonymously report ICE sightings within a 5-mile radius, is – unfortunately, and despite apparent good intentions – activism theater. This was based on Joshua's talk at HOPE where he made it clear that he isn't taking the advice
Honestly, apart from the report being potentially wrong, the researcher seems pretty entitled as well. Like good intentions and all that, but he’s given him a week to fix the issue, usual practice in responsible disclosure are 90 days. We’re not talking about a company here, it’s some single random dude providing the app.
This really sounds like some personal issue written down for public drama, while making himself ridiculous for not knowing his own shit properly.
Security researchers feel entitled to use any kind of practice that does not comply with the security best practice homonculus to barge into the affairs of others, anyone found in default MUST remedy the situation of discontinue operations immediately, the security researcher has graced the community with his works and now that a flaw has been found it MUST be remedied and the security researcher is to be rewarded and adulated for his diligence and high moral standing !