Not really. The UK government has never supported the use of JavaScript in its web services and has heavily invested in design systems which use html and css with accessibility at their core.
Just because the rest of the industry has been high on JS doesn’t mean everyone has.
> This is not the bug of the year. Ok, the id is not the encrypted. So encrypt it and next. Nothing to see
The privacy implications of leaking user identifying information are massive. Not something that should be dismissed so quickly as “nothing to see”.
Maybe not interesting for you, but many of us care about holding companies accountable for bad practices. If you don’t, this will become more common as it’s effectively being tolerated.
There is no evidence that they tried to hide that. The company was created in 2020 and one of their API is not encrypted, that kind of things has probably happened to most of companies created less than a year ago
> that kind of things has probably happened to most of companies created less than a year ago
No company gets a free pass on the implications of sacrificing privacy or security. Even if “less than a year old”.
This is serious:
“Any observer of internet traffic could easily match IDs on shared chatrooms to see who is talking to whom. For mainland Chinese users, this is troubling”
Perhaps bringing it down a notch could help you connect with others’ perspectives as well.