1

Flat Earth Community / Re: Your data is at risk if you use this app

« on: March 11, 2025, 10:46:19 PM »

Oh, it looks like you can also change anyone's password/email by just asking nicely. Yeah, this thing is not good.

2

Flat Earth Community / Re: Your data is at risk if you use this app

« on: March 11, 2025, 09:01:36 PM »

Okay. I've done some (minimal) work reviewing the app (Android version, since that tends to be easier) and the supposed findings. My results, at this stage, are mixed, but I largely agree that the app shouldn't be used.

Some of the supposed vulnerabilities have been fixed according to the original report, and the profiles section is currently down as the developers are seemingly working on fixes. For all the scaremongering about how unwilling the devs are to fix stuff, it seems like they're doing it just fine. I wonder if it might have something to do with how the "globesec" guys approached the subject (I suspect they were not pleasant about it).

Some of the findings are evidently valid - it's true that the application doesn't seem to enforce any meaningful authorisation (the concept of an "account" doesn't really exist here, and the username/password auth seems to be purely for decoration - everything seems to be tied to a device ID, which on Android is just this), and you can fetch those IDs from a bunch of places in the API. While I haven't explored this fully, I'm completely convinced that you would be able to retrieve a fair amount of data that users would consider to be private. "Cheating" the referral system is also very easy, as suggested. Woohoo, free premium.

Other findings seem unverifiable - plaintext passwords I can believe, but I see no indication of it in the app's current state (and digging deeper to find out would be breaking professional and ethical boundaries). That said, the login function is meaningless, so hey ho.

That said, the majority of what "globesec" are saying is complete gobbledygook. It's pretty clear they didn't find the findings themselves, nor do they understand them. The recommendation of HTTP Basic Authentication is complete nonsense, and wouldn't be usable in this context. The Bearer token generation script they came up with is utterly useless, too. You can request a Bearer token by making a single curl request, no need for the elaborate song and dance they've described - and since the app has virtually no authorisation, it doesn't matter what Bearer token you use.

For example, you can fetch a random Bearer with the following POST request:

Code: [Select]

POST /public/api/addtoken HTTP/2
Host: php83.flatsmacker.com
Content-Type: application/x-www-form-urlencoded
Content-Length: 47
Accept-Encoding: gzip, deflate, br
User-Agent: Pete is so Handsome

device_id=pete&device_token=pete&device_type=69
This gives you a Bearer token for a nonsensical device with an ID of "pete". Doesn't matter, we just need a token.

With this token, you can, for example, rename an arbitrary user's account by making a simple request - you just need their e-mail address as the identifier. I won't be showing you how to do that.

The "Moderate" finding around how API details are distributed is also nonsense - it relies on someone successfully intercepting TLS traffic and modifying it - if you can do that, you can just as well intercept and modify communications with the API itself. (Okay, fine, the app uses certificate pinning on its main API and not Firebase, so intercepting Firebase would be easier - but still!). And, again, inexplicable mentions of a Bearer token in the middle of a vuln writeup of something that has nothing to do with authentication or authorisation.

In summary: the app's current state is pretty shambolic. However, the people disclosing these issues have no idea what they're talking about, likely received the information from someone else, and are clearly misusing it to prop themselves up. It's scammers all the way down, and I don't like that.

I leave you with a picture of BigManPete dominating the referral leaderboard for the app. I was hoping to stop at 69 referrals, but counting is hard.

3

Science & Alternative Science / Re: Blue Ghost

« on: March 11, 2025, 11:11:51 AM »

I don't know what to tell you.

What he's telling you is that you made an error when pasting the image in this post, which resulted in your entire message appearing as a malformed URL. You can see this if you go back and edit your post and preview the BBCode - there's a random [url] tag chilling there for no reason.

What you could tell him is "Oh, thanks, didn't notice that. Fixed." (After you've fixed it, or asked someone to help you, of course.)

The phenonemn happens whether someone uses it as evidence or not.

Irrelevant. Please focus on the subject at hand. You can't just move from "they're selectively using this evidence, how intellectually dishonest" to "it doesn't matter if they're using this as evidence". It absolutely does matter, it's the core of your argument. If you lack the intellectual honesty to appreciate that, then I'd suggest caution the next time you make these sort of accusations against people.

Anyone who accepts that the ice caps are melting [...]

Epic. And how much sugar am I allowed to put on my porridge, again?

4

Science & Alternative Science / Re: Blue Ghost

« on: March 09, 2025, 08:59:45 AM »

What the Zetetic considers "overwhelming evidence" is pretty selective.  My point isn't about what they believe or don't believe, its about consistency, also known as having intellecutal honesty.

Ok. Now, read what I said immediately above the part you're responding to.

Part of the overwhelming evidence for global warming is that the gravitational field of the earth shifts as the ice caps are melting.

How have you concluded that the author was referring to this phenomenon as their evidence?

5

Science & Alternative Science / Re: Blue Ghost

« on: March 08, 2025, 10:40:02 AM »

Well, no-one. But I accept the claim.

That's fair, I suppose. I think this might be a cultural difference between you and me. For me, it's genuinely hard to comprehend that you keep coming here and telling others what they should be interested in, or what they should be doing based on your understanding of their interests. It's so far removed from my cognition that even putting this description together took some effort.

Fair point about Zeteticism, but you must have some strategy for coming to beliefs about stuff you can't directly experience.

Sure. I can also cook - I'm far from an expert, but I'm good enough to entertain guests and earn some compliments, maybe even teach some basic knife skills. But I don't post about cooking here, and you don't have an insatiable need to probe my cooking skills.

Mine is to evaluate the evidence. What other option is there?

The problem is that "evaluating the evidence" is extremely vague. You're openly dismissive of people who seem to form their opinions based on YouTube videos, for example, but that absolutely falls under "evaluating evidence". To a more cynical eye, your "evaluation of evidence" is just reading unverifiable claims made by people in positions of power and vibe-checking whether you feel like trusting them.

To be clear - that's FINE. Most people form beliefs without demanding direct proof, and it would be impossible to get by in the world by meticulously investigating every small thing. You probably took my word for it when I said I can cook, unless you chose to fervently question it for comedic value. That's just part of the human condition.

But: why would you go online and try to force others to follow your unevidenced belief? It's the fervour and zealotry I don't understand.

Most FE people seem to just put it all in one big box marked "FAKE" and leave it at that.

Right, you really like saying that, but that's just not what's happening. And, tbh, you know that. It's just easier for you to hand-wave things away, because you're lazy.

It’s the intellectual dishonesty that bothers me.  The Zeteticism seems to be selective.

No fucking shit. I hope you're not claiming to apply the scientific method to every single aspect of your life, at all times, with no exceptions. It would be very funny if you did.

Global warming is a perfect example.

Since it's such a good example, could you recall a few of the statements this society made about climate change, and explain why they led you to this conclusion?

6

Flat Earth Investigations / Re: Does light naturally travel in curved paths?

« on: March 05, 2025, 01:33:39 PM »

OK. I just asked how the bending is accounted for in the experiments.

I would expect that it isn't - those are typically the stuff of more classical FE'ers, and you're asking about EA models.

I mean, cards on the table - I'm pretty certain the Bishop Experiment never happened. I don't believe the results he claims are possible on a flat earth let alone a globe.

I mean, it's a fairly easy one to do if you live near a body of water. I've had decent success looking at the coast of Normandy from Alderney. Now, it was more like 18.5 kilometres rather than 23 miles, so it's an expected drop of "only" 27 metres - but that's still 27 metres of height that my sight line somehow overtook. For someone who really likes accusing others of being lazy, you're really unwilling to do anything.

I'm not clear why you have an issue with that when you seem content with EA

I don't have an issue with refraction as a concept, but that doesn't make your flippant use of it any less an ad-hoc explanation. You take a variable phenomenon, declare without evidence that the variables must have just magically aligned for different conditions every time someone has replicated an experiment, and you consider the matter closed. I'm just not happy with such lazy shallow-mindedness.

7

Science & Alternative Science / Re: Blue Ghost

« on: March 05, 2025, 11:53:37 AM »

It's not a new claim, but it's a new company, a new set of people who have to be "in on it"

I'm sure the people at NASA have changed quite significantly over the last few decades, too. I really struggle to see the novelty.

a new opportunity to inspect the claim.

Inspect away! Who's stopping you?

Remember when Elon Musk was the RE sweetheart?

Not really.

Eh. No surprises there.

Isn't that a claim worth investigating?

Maybe. What do you propose? You just keep saying "inspect" and "investigate", but what specifically do you want us to do (presumably free of charge), and why aren't you doing it yourself if you want it so badly?

I think part of the problem is that you're asking us to veer away from Zeteticism. We're primarily interested in exploring the phenomena around us, and it sounds to me that you expect us to read a news article and emptily debate it. If that's the case, then you chose a forum of people who are explicitly not interested in that form of inquiry - a forum specificially dedicated to another form - and you're expressing frustration that they're not playing ball with you. Cue the usual analogy to someone gatecrashing a footie forum and complaining that no one's talking about trains.

Of couse, I could have misunderstood you. If I have, that's what the questions above are for.

8

Science & Alternative Science / Re: Blue Ghost

« on: March 05, 2025, 10:25:00 AM »

You seem to be running in circles. In the same message, you said "they don't just do what the government tells them to do" and "they are hired for a very express purpose, which is to do what the government tells them to do".

Your main counterpoint seems to be that they're given a task and expected outcome, rather than a step-by-step process to mindlessly execute, but that's not particularly different from any other process of delegation.

You also choose to fight arguments that nobody has made - like "The idea that federal contracts are being handed out willy nilly and nobody really knows what work is being performed". You also go into great detail on the fact that we can find out how NASA subcontractors are chosen... which I don't think anyone questioned, have they?

9

Flat Earth Community / Re: Your data is at risk if you use this app

« on: March 04, 2025, 11:11:44 PM »

You might save some time by starting with a recent very public description of the security shortcomings:

https://www.youtube.com/watch?v=grjDlOIdf5Q&t=152s

Yup, agreed and thank you. Looking past the childish format of the video, it does appear to include some complete uncensored requests, and then some poorly censored ones. That should be enough to work with.

That said, Dave's responses in the cited clips and screenshots are absolute clown behaviour, and the fact that he approached it with such incompetence skews my initial judgement towards trusting MCToon on this one. I still hope to take some time to validate this, but currently it sure looks like he's done an unbelievably shit job here.

This isn't smart to publicize this and how it works. Conspiracy Toonz is engaging in criminal behavior by publishing this and providing proof of concept scripts. Dave Weiss, or possibly anyone who has their data in the app, could press charges.

I'd be more likely to press charges against Dave Weiss for leaving such obvious and easy to exploit vulnerabilities in the app.

This is a nuanced subject. For the vulnerabilities which they disclosed privately, then waited a bunch, and then publicised, they're completely in line with best practise. MCToon's threat of releasing future vulnerabilities publicly without first following through with disclosure, on the other hand, will quickly get him in trouble; and it doesn't matter that Dave was mean to him before.

10

Flat Earth Investigations / Re: Does light naturally travel in curved paths?

« on: March 04, 2025, 11:03:15 PM »

How is that light bending upwards accounted for in the Bishop Experiment

In the Bishop Experiment, light bending upward would make the results more damning for RE than if it travelled in straight lines. For RE to have a chance, light would have to bend downward (which, of course, is the ad-hoc explanation RE'ers provide)

11

Philosophy, Religion & Society / Re: Trump

« on: March 03, 2025, 06:48:07 PM »

why Trump must continue sending hundreds of billions of American tax dollars to Ukraine while Europe continues to give beans

Look, I know inflation has been going crazy in the US, but your beans don't yet cost three hundred billion a pop. Eggs, however...

12

Science & Alternative Science / Re: Blue Ghost

« on: March 03, 2025, 06:34:31 PM »

I don't know about obsession, but I don't really see how them being a sub-contractor is relevant.
It's another company, another set of people who have to be "in on it" if it's all being fake.

Well, that's the thing - it isn't. It's just that America has turned more right-wing over time and it now prefers subcontracting over giving people government jobs. It changes preciously little, other than their tax status and public accountability.

I don't understand the reticence of FE to investigate their claims.

What claims? NASA has claimed to totally go to space for a few decades now. How is NASA claiming it again introducing a new claim?

Remember when Elon Musk was the RE sweetheart? How's that gone? You reckon this one is gonna go any better?

13

Science & Alternative Science / Re: Blue Ghost

« on: March 03, 2025, 04:12:48 PM »

I don't understand the obsession with declaring NASA subcontractors as something other than NASA subcontractors. Does it feel more "correct" when they're "independent"?

14

Flat Earth Community / Re: Your data is at risk if you use this app

« on: March 03, 2025, 03:22:36 PM »

This is quite unusual.

I have no problem with publicising issues with the app if they exist, and it doesn't matter if MCToon is involved. I don't like that he's used us to peddle scams before, and it certainly makes me wary of him, but hey - if there's evidence behind his claims, that's fine. But... where is the evidence for any of this? The level of detail provided in the comment you've screenshot here is 100% allegations, 0% proof. That's not how you do responsible disclosure.

I probably have the right skillset to sit down and look for evidence myself, so I will. The main problem will be finding the time.

15

Philosophy, Religion & Society / Re: Is the UK okay?

« on: February 24, 2025, 03:06:44 PM »

I wanted to ask the people of the UK their thoughts concerning Keir Starmer and free speech.

Merging threads at A80's request

16

Flat Earth Investigations / Re: Solar Eclipse of Aug 12, 2026

« on: February 22, 2025, 09:21:11 PM »

In fairness, WTF_Seriously already included the 2027 eclipse in his examples. The actual problem is with the step he describes as "put[ting] the North Pole in a realistic position" - what he actually means is "keep spinning around until the line looks straight when you squint". And, even then, this requires him to be selective with his eclipses.

Now, crucially, none of this is at odds with RET. WTF_Seriously just has a very poor understanding of RET, as one would expect.

17

Flat Earth Investigations / Re: Solar Eclipse of Aug 12, 2026

« on: February 19, 2025, 05:14:15 PM »

At least you're consistent, Pete.  I've got nothing to add.

Understood. In that case, please heed my advice. If you have nothing to say, say nothing. I am asking politely one last time.

18

Flat Earth Investigations / Re: Solar Eclipse of Aug 12, 2026

« on: February 19, 2025, 08:26:27 AM »

A flat projection of the globe is the typical way to show the entirety of the earth in one view even though it's greatly distorted

Right, right, we already went over your ability to spot the blindingly obvious; but why does that projection not map, even in the slightest, to what you assert? After all, you did describe it as nonsense, and highlighted an obvious discrepancy.

And no, it's not "flat map bad" - you're an adult who seemingly went through at least compulsory education in a western country. You can do a little bit of basic geometry in your head and project it back onto a sphere.

So, we're back to square 1: why does NASA peddle nonsense which you can easily disprove? Why is WTF_Seriously a better authority on what does and doesn't represent RET than NASA? Is this Orange Man ruining everything again?

WTF So stoOOOpid.  It's your MO.  You won't debate the content of my post because you can't so you resort to deflect and degrade the poster.

I do do that with stupid people, and you've shown yourself to be quite out there on that spectrum (remember "calling unknowns unknowns"? That one took you a solid couple years to parse). But part of your problem is that you have yet to articulate your position. You just keep stating that a flat map is a projection, but you're missing the part where everybody already knows that and is accounting for it.

And no, the point I'm trying to defend is not that the eclipse map is nonsense

Then why did you say it? Why would you so loudly proclaim something you don't believe? Are you trying to make yourself even less credible than you already are?

19

Flat Earth Investigations / Re: Solar Eclipse of Aug 12, 2026

« on: February 18, 2025, 08:34:02 PM »

Surprisingly poor effort from you, Pete.  You're better than this.

If you have nothing to say, please consider saying nothing. Let's not go down that path, all right?

I dunno, why would NASA lie?

I dunno. Why would they? Why would they post maps identical to the one you described as non-representative nonsense? Have you considered telling them that they're misrepresenting RE, and that they should instead selectively glance at timeanddate.com? Considering how trivial it is, as you clearly demonstrated, they'll probably be quite embarassed!

Though... there is an alternative here... hrmmm... Nay, surely that's not it!

https://science.nasa.gov/eclipses/geometry/#:~:text=A%20solar%20eclipse%20occurs%20when,see%20the%20Sun%20completely%20blocked.

Respectfully, you couldn't missed the point any harder if you tried. Hopefully the above helps, but, just in case: the position you're currently trying to defend is not that the Earth is round; it's that the eclipse map presented here is nonsense that doesn't represent RE accurately.

It's really no big surprise that RE sources say the Earth is round, and you shouldn't feel too proud for noticing that.

20

Flat Earth Investigations / Re: Solar Eclipse of Aug 12, 2026

« on: February 18, 2025, 09:24:43 AM »

I dunno, man, why would NASA lie about it when WTF_Seriously can crack the code by looking at timeanddate.com for 5 minutes?

https://svs.gsfc.nasa.gov/5236/

Then again, actually looking at timeanddate.com also yields funny results...