On the one hand - awesome, free chicken sandwiches!
On the other, well, every little thing has to be thought through and secured these days doesn't it? Can't have a nice little rewards program without some asshole taking advantage of any perceived flaw in your armour...
Some people see it as a form of challenge. Sure, it might be fun to figure it out on your own, but sharing it is a whole different question [0][1].
The challenge, especially for places that aren't really tech-first types, kinda becomes stale (for me) since they inevitably have a flaw somewhere. It's really just me pitting my free time against their threat model [2].
And yeah, ultimately, this is one reason why we can't have nice things.
[0]: I'm not saying publicly releasing flaws is always a bad thing. There's a subtle etiquette (an art-form, even) to using publicity to pressure change.
[1]: There are different levels of publicizing. e.g. sharing (complete) code, social media post about said code, etc.
[2]: This is also not meant as an insult to the OP.
This is hacking and is unethical at best and at worst, extremely illegal. Congratulations, you found out a way to systematically steal other people’s reward points and are helping others do the same. Should this really be on HN?
they're not advocating that you do it (and I think stealing from Chick-fil-A is probably ethical to a lot of people)
edit: for people not aware, the last part was in reference to pride month and Chick-fil-A's "relationship" with the LGBT community. I'm not advocating one way or another, just replying to the above comment.
Because leftists can't sit with the fact that Chick-Fil-A is the fastest growing fast food chain in the US. Rather than simply boycotting, they need to actively harm their business, since the market clearly doesn't agree.
I’d like to hear an explanation as to why stealing from Chik-Fil-A is a moral act. The only one I can think of is that mass-produced chickens suffer horribly, and so anything that hastens the demise of the company is a good thing. But that makes a number of flimsy assumptions.
You seem to be acting as if Chick-fil-A is a person and not a company. Maybe you own your own business or something along those lines? I think that for people who see them as a person in this sense will definitely think it's wrong to use this. However in today's capitalistic society those that see them as just a company have no moral issues exploiting this. They just see it as something to get for free or something they just have to put a few mins work into to get for themselves. Which in my opinion isn't bad or morally wrong if you exploit something and disclose how you did it so that it can be patched. Because unlike a government a company can push a change through in a few weeks/months to patch the exploit.
Would you advocate stealing from a Muslim-run restaurant chain? Because last I checked their views towards LGBT issues aren't any different, if not worse.
I refuse to agree with anyone that thinks its ethical to steal from someone just because they disagree with their beliefs.
That is incredibly dangerous and beyond hypocritical for anyone claiming they are on the "right" side of history.
However assuming they are single use, they are also stealing from Customers who may to may not agree with Chick-fil-a, and likely not actually causing any harm on them (except for customers that cause enough of a stink to still get their free sandwich).
BTW I am saying this as someone that is actually part of the LGBT community.
I hate seeing activity like this because I see it as just further angering the far-right instead of actually focusing on trying to do good.
I generally agree, but I remind you that stealing LGBTQ rights to marry was their intended purpose. Spending thousands and using work force as a political army. Stealing a few sandwiches although petty and wrong.. still doesn’t outweigh the wrong that this company was doing for years.
I prefer stealing food over corporations taking away rights / privileges any day of the week especially in the name of research and education.
What happened to responsible disclosure? I mean, fair enough demonstration of how to do something like this, but at least give the company a chance to fix it before publishing to the world.
We've banned this account for posting unsubstantive comments and breaking the site guidelines. If you don't want to be banned, you're welcome to email hn@ycombinator.com and give us reason to believe that you'll follow the rules in the future.
Maybe I'm missing something, but based on skimming, I wouldn't say that. Keep in mind though that we don't read every thread, or every comment in any thread. There's too much content.
Also, we're looking at account histories, not just isolated comments, when we ban someone.
It's mildly interesting that ethics are flexible depending on the target, but from a technical standpoint this project is not interesting. The code just builds a proxy list, generates a random number, opens a page, and posts the payload. I work with selenium and this isn't solving any interesting problems whatsoever.
Posting it is unethical, and it's disappointing to find on the front page of HN.
Some people will try this exploit to get free stuff. in the 90s it would have been a few dozen at most, now it would be thousands. It ceases to be tongue-in-cheek when it becomes onerous.
I’ve never seen a receipt survey in person so I did a google search. Apparently they used to have authentication built into the redemption process by requiring the original receipt [0]. However, it appears only the generated QR code is required for the new process [1].
41 comments
[ 4.3 ms ] story [ 99.5 ms ] threadWhat you ordered?
Number of items you ordered?
On the other, well, every little thing has to be thought through and secured these days doesn't it? Can't have a nice little rewards program without some asshole taking advantage of any perceived flaw in your armour...
The challenge, especially for places that aren't really tech-first types, kinda becomes stale (for me) since they inevitably have a flaw somewhere. It's really just me pitting my free time against their threat model [2].
And yeah, ultimately, this is one reason why we can't have nice things.
[0]: I'm not saying publicly releasing flaws is always a bad thing. There's a subtle etiquette (an art-form, even) to using publicity to pressure change.
[1]: There are different levels of publicizing. e.g. sharing (complete) code, social media post about said code, etc.
[2]: This is also not meant as an insult to the OP.
edit: for people not aware, the last part was in reference to pride month and Chick-fil-A's "relationship" with the LGBT community. I'm not advocating one way or another, just replying to the above comment.
* Fellowship of Christian Athletes
* Salvation Army
* Paul Anderson Youth Home
Could you explain how these groups are "anti LGBTQ"?
https://news.ycombinator.com/newsguidelines.html
That is incredibly dangerous and beyond hypocritical for anyone claiming they are on the "right" side of history.
However assuming they are single use, they are also stealing from Customers who may to may not agree with Chick-fil-a, and likely not actually causing any harm on them (except for customers that cause enough of a stink to still get their free sandwich).
BTW I am saying this as someone that is actually part of the LGBT community.
I hate seeing activity like this because I see it as just further angering the far-right instead of actually focusing on trying to do good.
I prefer stealing food over corporations taking away rights / privileges any day of the week especially in the name of research and education.
"Please don't use Hacker News for political or ideological battle"
Also, we're looking at account histories, not just isolated comments, when we ban someone.
Posting it is unethical, and it's disappointing to find on the front page of HN.
Different generation I suppose.
Compared to the free phone hack with the cereal whistle that everybody though was so cool...
[0]: https://www.yelp.com/biz_photos/LI3vSjDZGxCTKs785eTkeQ?selec...
[1]:https://i.redd.it/fzxy7rff0g211.jpg
https://github.com/contact/report-abuse?report=baileywj+%28u...