Couldn’t the same analogy be used if I left my front door unlocked? The door would happily say: “yes, you may enter” to anyone trying the handle.
I think the real question here is: did the website provide enough information for the user to have been assumed to understand that what they were accessing wasn’t meant to be public (e.g. did the door look like a door to a private property)? And did the user cease to access the data once they understood it (e.g. did they close the door and leave)?
That analogy would be more accurate if you also operated a cafe out of your living room, with a big "open" sign on the front door, and someone accidentally used your personal bathroom because you failed to stick a "private" sign on it. In that case, it would be unreasonable to sue someone for trespass.
In Estonia they allow you to vote multiple times and only the latest vote counts. They even allow you to then go and vote in the booth which renders your e-vote invalid. I don’t know the internals of how they store the votes but I can’t think of a way to do this without the side effect of knowing who voted for whom.
If you do this with two systems, the e-vote could be encrypted to the second system, but submitted to the first system. During voting hours, the first system would collect the votes and apply the latest value wins rules. Then, once voting is complete, it sends the votes (without envelope information) to the second system to tally. In order to know who voted for whom, you need collusion between the systems.
This is true for the username but it's possible to make your email address private on GitHub in which case the message that your email is taken can still be considered an information leak.
You can check if an e-mail is associated with a GitHub account easily. You forge a commit with this email as author email, push it to a foo/bar repo, then look at https://github.com/foo/bar/commits/master .
The message is still not wrong if you think of "or" as the boolean or, not as the boolean xor. The system knows the username is wrong but it doesn't know anything about the password.
Op here. This is a side project I've been working on for the last couple of months. I still have a huge roadmap of planned features ahead of me, but I feel the app is now polished enough to be presentable. I'm releasing the beta version, hoping some of you will find it useful. Please let me know what you think. Thanks!
This, I think, is the most important feature off the app, and should be the first paragraph of the value proposition.
Waking up to a random new song every morning is not very appealing (many alarm clock apps can do that) but knowing that the song is manually selected, picked to be suitable for waking up, and knowing that every other user of the app will wake up to the same song on that day, makes it infinitely more interesting.
