Yes, but it is exactly these kind of policies that let enterprises, corporations or organizations look bad.
This is like getting PR advise from a lawyer when there is trouble coming your way. Sure, the lawyer will tell you to repeat "no comment" or deny any involvement over and over again. That might be the right strategy in a legal sense and work out fine when nobody is watching.
But you are loosing in the court of public opinion when the public perceives your actions as unfair. And denying some kid a few hundred bucks even so he found a legit hack just because he didn't follow some proper corporate policy guideline does definitely reflect negatively on Facebook.
> Yes, but it is exactly these kind of policies that let enterprises, corporations or organizations look bad.
And what do you propose the alternative? A legalised document that outlines every "if this"-"then that", in every language, continent, dialect, etc.? You know how that story goes...
> And denying some kid a few hundred bucks even so he found a legit hack just because he didn't follow some proper corporate policy guideline does definitely reflect negatively on Facebook.
You know what makes Facebook look even more negative? The future precedence set when good-will hackers think it's OK to use a non-test account and drop the exploit on the CEO's page.
I know it's hard for the HN community to do so, but let's try practicing some empathy with both sides before we pick up the pitchfork.
I suppose I didn't articulate that point correctly. Facebook has a policy that basically says "if you find an exploit don't do it to real people, use a test account to reproduce it". So regardless of whether it's the CEO or Jane Doe, it sets a bad precedence that reproducing the exploit in a (real) environment is a very dangerous thing.
This is like getting PR advise from a lawyer when there is trouble coming your way. Sure, the lawyer will tell you to repeat "no comment" or deny any involvement over and over again. That might be the right strategy in a legal sense and work out fine when nobody is watching.
But you are loosing in the court of public opinion when the public perceives your actions as unfair. And denying some kid a few hundred bucks even so he found a legit hack just because he didn't follow some proper corporate policy guideline does definitely reflect negatively on Facebook.