Difference between revisions of "Hangout Sniping"
imported>KevinBee |
imported>KevinBee |
||
| Line 26: | Line 26: | ||
* 1stop4gamers (A.K.A 1stop4 gamerslive, A.K.A you been exposed) | * 1stop4gamers (A.K.A 1stop4 gamerslive, A.K.A you been exposed) | ||
* John May/Bulldog | * John May/Bulldog | ||
* [[Jordie Weeds]] (only dumbass flat earthers though) | |||
[[Category:GDC Lexicon]] | [[Category:GDC Lexicon]] | ||
Revision as of 12:51, 2 March 2018
Basic Description
"Sniping" is the colloquial term which the community gave to an exploit ("feature") in Google Hangouts which allows anyone to remove another account from an external hangout chat group, without any kind of permissions check. If the removed user is in a Google Hangout, they will be ejected from that hangout within seconds of being "sniped" and will be prevented from re-joining.
This could hardly be considered an "exploit" since it requires no hacking, technical knowledge, or packet voodoo of any kind to abuse. It seems to be the case that the Hangouts dev team at Google considers the ability to snipe hangouts to be an intentional feature, which they have no interest in fixing. If there's any better proof that Google doesn't give a flying fuck about Hangouts, I can't think of any.
This "feature" was first made available by an update to the Google Hangouts front-end interface on July 14th, 2016. The first person to discover (and abuse) the exploit was Josiah "BroJoSavedByGrace" McClain, who used it to vandalize one of Steve McRae's live hangouts that evening. Upon becoming aware of it, GDC member Kevin Buchik researched the exploit (becoming quite shocked at how simple it was, and how someone at Google actually thought allowing people to remove anyone from any hangout was a good idea), and proceeded to write a detailed bug report for people to submit.
Google's security team responded within days, acknowledged that it was a problem and promised to pass it on to the Hangouts development team. After hearing nothing for over a month, the response came back that the Hangouts dev team allegedly implemented this "feature" on purpose, and had no intention of fixing it.
Since pretty much everyone knows how sniping works at this point, Kevin's vulnerability disclosure writeup on it can be read here. Feel free to follow the instructions and submit it to Google again if you want, but it's highly unlikely that it will do any good.
Short of filing a false DMCA claim, sniping a hangout without permission is generally considered to be one of the most antisocial things one can do in this community, and will get you immediately called out and blocked by numerous people. Though things didn't end up being quite as bad as people first thought, sniping continues to be a problem from time to time.
Known Hangout Snipers
- Josiah/BroJoSavedByGrace
- Darwins Deity
- Rob Beasley
- Brenda Von Ahsen (evidence)
- Outbound Unstoppable/Unblockable
- The Immortal Great Heathen Army I (pornbomber)
- Down Corner
- Timmy Osman
- Anthony Riley (Sleeping Warrior)
- 1stop4gamers (A.K.A 1stop4 gamerslive, A.K.A you been exposed)
- John May/Bulldog
- Jordie Weeds (only dumbass flat earthers though)
