Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> It's not clear to me that OP has consulted a lawyer about this

"I of course still needed to have a lawyer review the terms, even if they were DJI’s final offer. In the days following no less than 4 lawyers told me in various ways that the agreement was not only extremely risky, but was likely crafted in bad faith to silence anyone that signed it." Page 17




Ah, yes, missed that. My point about the agreement stands though. The email on page 11 appears to state that they owe him $30,000, if he just provides some demographic info. They then send him a contract weeks later, and use the phrase "formalizing the terms ... [of] the reward payment" in order to try to make it look like this is all part of the process. But this the start of a new negotiation.

Edit: I'm getting downvotes on my comment above, and maybe it's because I missed the part where he said he consulted a lawyer, but I have a suspicion that it's because I suggested the threat of a lawsuit. I know we live (in the US) in a overly litigious society, but my point is that the company is (perhaps through disorganization or communication problems) trying to alter the terms of an existing agreement. This is what contract and tort law is for. Sometimes the threat of getting the courts involved can cause the other side to see more clearly what is going on.


Wherein they completely reneg on paying out the $30000 as previously promised.

Leaving the researcher with a pile of security research that is ostensibly worth at least $30000 to somebody, no contractual obligations to anybody, and a possible "unclean hands" defense to any action DJI may subsequently bring against him.

If I were employed by any intelligence TLA or drone/UAV manufacturer, I'd already be at their door with warm smile and a briefcase full of cash.


Meh. The only entity this is worth USD 30k to is DJI, really. The issues found were an exposure of personal information on their servers, not s backdoor into the drone firmware or anything exciting like that, it seems. So no TLA employees with briefcases of money ;( I guess criminals looking for identity theft targets might have found it useful, too?


If you have access into their AWS, it's possible that you could either download the source yourself to find a backdoor (it was unclear if he had that access) or if none exists, upload one yourself.


TBH, that makes me think that it's even less likely that the OP hired a lawyer.

After all, no-one rushes out to hire four separate lawyers to examine a contract. And if you paid for one lawyer to fully investigate the situation, why would you then seek out three other lawyers afterwards? If you decided that the lawyer you hired was crap and their opinion worthless, you might hire another one. But their opinion was the same as the first lawyer, so by this point you'd be insane to hire any more lawyers.

So it's much more likely that he informally asked some friends and contacts. While these people may well have been lawyers, they probably were just offering a quick, rough opinion on the matter. If a lawyer was actually hired, they would spend some time fully understanding the situation, and the next step to take would then be acting on their advice, not seeking out further legal advice to muddy the waters.


So what if he asked friends/associates who are lawyers for a quick feedback, or even paid the lawyers for limited amount of time? When a lawyer gives you a quick assessment and it's "This is very risky," how likely is it a more thorough review of the contract will be more positive?

Considering DJI's position at that point was "this is a final offer" how useful would it be to shell out a considerable amount of money for a more thorough review?




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: