I’m pretty sure GP is saying if you already had an account and you delete it, it’s trivially easy for someone to register with your old handle and impersonate you
Of course people can always impersonate you but the goal here is to prevent them from impersonating you with a social handle people knew you had.
If I recall correctly, the handle you deleted stays inactive and is unavailable to new registrants. This is present on Google at least, I assume it's the same elsewhere.
The concept of a handle goes beyond a username. If someone can construct a profile that looks like someone's profile on another site and contains approximately the words in the username, like _username or imusername instead of username, they might be able to impersonate it. In that case it would be good to have an active profile on that platform to counteract it.
That's an interesting point that I had not considered. In that case, your handle itself is the unique identifier. That said, if I recall correctly some sites do not recycle handles, but this is still an interesting point nonetheless.
If you are completely fine with WPEngine's commercial practices, trademark violations in their marketing materials ( like it or not ) and moral OK for them not picking up part of the bill of what they consume ( talking about infra resources, not even talking about code ), then.. why the f** are you so bothered by an unhinged rant from some guy? It's GPL after all.. Don't you see the irony? or you just want to see it because Matt is kind of an unlikable dbag? Is that the level of depth we are at when cheerleading for this stuff?
How are you allowed to tell me if that's an honest question or not? Do I have some hidden WP Engine shill comments in my history or something? Can you read my mind?
I don't have a strong opinion on WP Engine's behavior, because I'm not convinced by Matt's arguments. I do have an opinion on Matt's behavior though. I think it's unhinged.
Feel free to respond but I'm done with this conversation, given how unpleasant I feel it's going to be given the incredibly uncharitable tone in your response. I recommend taking a walk or something.
I'm in the same boat as GP. Was invited early, loved the Arc UX far more than any other browser. I've recommended it to many people.
As many other comments have pointed out, this vulnerability is such a rookie mistake that I don't think I can trust them again after this without understanding what factors in their security/engineering culture led to it. Patching this one issue isn't enough.
Paying a non-trivial portion of your engineers high salaries will kill any startup without unlimited money, regardless of what other guardrails you have in place.
This is the weirdest sentiment out of the entire article. "Only hire A-players" and "monitor them". I know exactly 0 A-hire engineers who would tolerate being monitored. Why wouldn't they leave to go to one of the many companies that would love to have them and where they won't have someone breathing down their neck?
Perhaps it's a take on how bad the job market is right now, but I still disagree. There are far fewer job prospects out there but way more than 0.
Lots of comments here saying "it's just marketing". I agree to some extent, but Datadog is easily the worst offender I've ever seen.
I work on a small engineering team and more than half the team got calls to their personal numbers and emails from Datadog. They are relentless. It's a huge turn-off, and I hope companies like this get named-and-shamed more often.
Of course people can always impersonate you but the goal here is to prevent them from impersonating you with a social handle people knew you had.