zlacker

[return to "Steam "Offline" status leaks exact login timestamps (Valve: Won't Fix)"]
1. anonym+96[view] [source] 2026-01-20 23:25:15
>>xmrcat+(OP)
The first thing I have to point out is that this entire article is clearly LLM-generated from start to finish.

The second thing I have to point out is that bug bounty programs are inundated with garbage from people who don't know anything about programming and just blindly trust whatever the LLM says. We even have the 'author' reproducing this blind reinforcement in the article: "Tested Jan 2026. Confirmed working."

The third thing I have to point out is that the response from Valve is not actually shown. We, the reader, are treated to an LLM-generated paraphrasal of something they may or may not have actually said.

Is it possible this issue is real and that Valve responded the way they did? Perhaps, but the article alone leaves me extremely skeptical based on past experiences with LLM-generated bug bounty reports.

◧◩
2. xmrcat+89[view] [source] 2026-01-20 23:43:03
>>anonym+96
here you go https://i.ibb.co/39GRMySs/png.png
◧◩◪
3. gpm+n9[view] [source] 2026-01-20 23:45:11
>>xmrcat+89
Do I misunderstand that to be HackerOne staff - not Valve staff - marking it as "not a security vulnerability" - not "won't fix"?
◧◩◪◨
4. gruez+ob[view] [source] 2026-01-20 23:59:44
>>gpm+n9
You're right, but in this case I think some narrative liberty was justified, especially since Valve basically delegated triaging bug reports to HackerOne, but this relationship might not be immediately obvious to some readers. Suppose a nightclub contracts its bouncers from some security security firm. You get kicked out by the contract security guard. I think most people would think it's fair to characterize this situation as "the nightclub kicked me out" on a review or whatever.
[go to top]