You would probably have a better chance of escalating any issue with a mail to anyone that isn't customer support. If you're a security researcher, imagine customer support as this big human firewall to communicating with this corporation, meant to be extremely strict so the communication with the rest of the cooperation won't be flooded with all the things customers want.

If you're not understanding this properly and wasting time trying to contact someone through customer support, that's on you. Which company doesn't even matter.

> If you're not understanding this properly and wasting time trying to contact someone through customer support, that's on you. Which company doesn't even matter.

There really are plenty of companies where this would have worked fine; I'm reasonably confident contacting support@ for something like this at all places I've ever worked would have been escalated. Maybe with some back-and-forth for 1 or 2 messages, but not outright refusal.

One reason why I always try to have a good relationship with the support staff (including talking to them at company parties and the like) is so they're not afraid to "bother" me if they're not sure about something. Of course support shouldn't be bothering me with basic inane stuff, but as an organisation you can certainly foster different kind of cultures and attitudes.

That said, your chances of this working are usually proportional to the size of the organisation: the larger the organisation, the less chance you have. Still, LastPass isn't that large, and the support person does seem rather obtuse. I suspect that Soatok's style of communication didn't help with that, as it may have caused the bozo bit to flip for the support person. This in turn seemed to have caused Soatok's bozo bit to flip for the support person as well.

However, at the end of the day, it's primarily the company's responsibility they're contactable in a reasonable manner, and it's not "on you" if they're not. Having to e-stalk and contact random people who happen to work for LastPass is not reasonable.

I think it's more likely that they didn't know how to escalate it than I flipped the bozo bit.

I eschewed like 4 email exchanges that weren't that interesting that was me trying different ways to explain the problem and the specific action I needed them to take. They're very boring and tedious to read, because nothing moved forward at all.

If something I said did flip a bozo bit, it was either in the first contact (which I don't have a record of) or something I'm totally oblivious to, so I appreciate you calling that possibility out.

Right; I'm just going on what I'm reading in your post, which I assumed was the full thread.

Obviously I don't know what this "Melvin" person thinks or feels, but a number of things in your emails would elicit a "fuck you"-response for me. Even though your frustration might be understandable – I really hate dealing with this kind of stuff too – that's rarely helpful.

I don't know if you've ever done support work, but typically you need to deal with a lot of genuine assholes and unreasonable people, and people tend to contact support when something isn't working, so they're already more frustrated (i.e. angry) than average. So it's not surprising that in support people tend to get a bit more defensive than normal, and jump to conclusions faster. "Oh, another asshole".

And you need to answer n tickets every day, and response times are often monitored as well. You don't have time to carefully reflect and think about things for 10 minutes over a coffee. If someone on HN replies and my immediate feeling is "fuck you" I typically let it be, and maybe reply a few hours later, or the next day, or not at all. You don't really have this option in support.

There's also the art of "white lies" here. Instead of going on in detail on why Bugcrowd doesn't work just say there are technical issue with Bugcrowd or something like that. No need to explain they erroneously closed your report because "they shat the bed".

I'll translate your messages so you'll understand how you sound to customer support:

"I reported a security valley to LastPass’s bug boopy bopy.

Please ask your security team to look at the linked bug boopy bopy ticket. The teetee team shat the bed."

"Allow me to explain carefully.

I followed the steps in your security page, yes. I reported the issues I found to bowy.

However, bowy employees take it upon themselves to teetee issues on behalf of their customers.

In this case, the bowy employees shat the proverbial bed and incorrectly dismissed an issue I reported. Because the issue was closed as Not Applicable (erroneously), it’s unlikely that your security team will notice it without escalating some awareness of this teetee error to them.

So please pass that onto your security team so they’re aware to look in the Rejected tab."

"This is the order of operations so far:

I identified a coopy seesee-channny in the LastPass software. I reported the issue to bowy with a detailed analysis and a patch for making the funky conta tammy like it was intended to be. Several days after I reported it, a bowy employee stupidly went “no FOL expee? not applicable” and closed it erroneously. I’ve contacted toto support with one goal in mind: To ensure your security team actually sees the report in spite of bowy closing it. I don’t care about whether or not your team overrides their decision. I just have an ethical obligation to disclose security issues.

If this isn’t resolved by 5:00 PM Eastern today, I’m going to say “Fuck it” and go Full Disclosure.

Escalate. Tell me when you’ve escalated.

I don’t need your help beyond that."

"Thank you for escalating.

I don’t understand your question. I reevee egengi your software to study how it works, found a valley, and then reported it."

That's how you sound. All he could notice is that you have something with shitting in beds twice, and that you "Fuck it". I bet from confusion he asked his manager what to do and the manager replied that you are a phishing email, and he didn't even understand that.

If you do end up needing to talk to people who wouldn't understand you, explain nicely what are your credentials, don't shit in beds, and ask nicely to get direct contact with someone responsible who can understand you. Not broken telephone. Don't speak to people in gibberish to them.

And honestly, shitting in beds is an uncommon saying and universally gross. Keep that shit to yourself.

You're trying to communicate professionally, not be that barking dog shitting in beds. It's not the world's fault they can't take that seriously. It is your choice. Your words. Your image and communication isn't there to serve your internal identity, it's there so that people will respect you and take you seriously.

I couldn't care less how you present yourself, but I assumed you're at least not oblivious to how you sound and look to everyone. I don't mean to insult, just to put a mirror. And to remind you this is your choice.