27 comments

[ 0.25 ms ] story [ 70.5 ms ] thread
MIT needs to peer review before publication this document is full of grammar errors.
As is your comment, coincidentally. This is just a student’s project paper, not an actual research paper in a journal. I wouldn’t hold it up to that standard.
The paper is very light on details. I'm a little surprised MIT published this actually. It doesn't present anything new, and hinges on vulnerabilities since fixed to say that there are definitely new ones. Snooping on friends by looking at when they are online is interesting, but something known for a while and circumventable by just changing who can see your online status (I think it's people on your contact list by default). If you're expecting a security vulnerability, this isn't the paper to find one in (not that rolling your crypto is a good idea)
6.857 is a class taken by undergraduates, and this is a final project paper, not a published paper.
(comment deleted)
I think it is important to note that this is a final paper for a course at MIT. I would not hold it to the same quality standards as novel, peer-reviewed research.
There are LaTeX errors, jokes... but of course the contents is what counts, and I don't see anything noteworthy there either. It's a good writeup of what is quite well known (if you're into this kinda thing anyway) but it's not research. I wonder whether they passed the course.
It’s a final paper, not a scientific publication nor necessarily original research.
It appears to be an introductory computer and network security course for undergraduates. With that in mind, it seems like they did a good enough job, though I agree that the jokes are distracting.

I was only curious as to why this was submitted to HN.

``Lainon" is a term for a user of Lainchan, a 4chan-alike for programmers. It could be that someone in that community wrote that paper or found it interesting.
(comment deleted)
Everyone is bashing this as if it's a peer-reviewed paper...Note guys: This is just two students' final project for a class, not some security experts' publication
The CLI isn't even an official client. And the open source projects on github are not up to date either. This could've been researched easily.
Even as a final paper for an undergraduate class, this is pretty light on details and doesn't appear to have even undergone basic editing. The "exploit" is only a couple pages of bare discussion that's very similar to the defaultnamehere discussion of Facebook Messenger from over a year ago.

Given the skimpy details and lack of citation of the exploit's inspiration... I'd probably give this a C- at best. I really wish people in CS would ask friends to peer review their writing, because a lot of writing (not all, but a lot) is awful.

> because a lot of writing ... is awful.

Yes. I was expecting to see an Architecture Diagram in the section titled Architecture. Instead, there's a screenshot of the app.

Yeah I honestly expected more, especially from MIT students...
(comment deleted)
I sure hope this is a preprint because I caught three obvious grammar errors in the first 30 seconds of reading.
Professionals anonymously ripping apart a non-anonymous undergraduate paper :clap:
I think nobody would mind criticising the paper with their name and surname. It is an objective fact that the paper contains grammar mistakes, jokes, and no original research - it is hardly defamation or libel to say so.
Guys use the ` character for the beginning double quotes
Why is this even upvoted and discussed?
Because it's from MIT? It's a golden standard when it comes to technology, so I guess everybody was expecting some super-mega-hack and were disappointed to find just a mediocre essay that one could expect to see on some noname, local university.