Comments
-
No, I did not leak any PII, and the information was already made public by Balze so I just archived it. -
I mean it's basically public domain data at this point with how bad Blaze security is.
have you at least contacted blaze privately?
even if it is accessible even when not logged, it doesn't make it legal, an open endpoint (that is not intentional) doesn't let you gather everyone data
Criminal Code, RSC 1985, c C-46 Section 342.1 (1)
communication aside, ah...
Balze's ToS also says this:
You are required to comply with all applicable laws, rules, and regulations in your jurisdiction while using Blaze. Any illegal activities or violations of local laws will result in severe consequences, including but not limited to account suspension or termination.
This implies that only my local laws apply, and not laws in the United States.
If you intentionally bypass protections → problem
If the developer accidentally exposes data → their problem
courts do not criminalise users for a server yelling secrets into the void.
like somewhere in
Criminal Code Act 1995 Part 10.7 from the Australian criminal code
illegal if you access data without authorisation
Illegal if you bypass a technical control or circumvent protections
Section 478.2 – unauthorised modification
Illegal if you change data or impair a system without permission
The law focuses on access that you are explicitly not allowed to have. If a server accidentally exposes something publicly, and you access it like a normal user, it’s not unauthorised
but I'm just saying that it doesn't put a good image on yourself 😭