Israel is not an ethnicity. They still have 25% Arab Israelis- a leftover from the days when the founders were still building a secular European style country.
They treat them as second class ofcourse. And it is essentially a manageable minority- they are politically sidelined in the Knesset.
HackerOne is an awful company with a terrible product. Not the first time I’ve heard of their triage process or software getting in the way of actual bug bounty.
My only experience with them was when I found a pretty serious security bug and noticed the company in question had a bounty with them. Opened an account on H1, reported the bug, got "not a serious issue", promptly closed the H1 account. If the company is incompetent or relying on an incompetent 3rd party bug bounty service provider, I won't deal with them. I don't need this in my life.
The company did fix the issue a few months later, so there's that.
They all are. Bugcrowd once told me that, "yes, it's not a security issue or even a bug, but we recommend providing small (100€) rewards for non-bugs to keep researchers engaged!"
Everything is bad sounds like a defeatist stance.
Fact is they are better than triaging everything yourself and also better than outright ignoring all vuln reports.
It’s an imperfect system I agree - but it’s the best we have
Almost all "residential" proxies are run without the knowledge of the user used as the proxy. Either it's slipped in the ToS/install of other legitimate product or straight up malware. A popular method, iirc, was bundling with free VPNs.
Last I looked into the discussion, the consensus was there was no particularly reputable residential proxy service.
Edit: I probably should explain the distinction for residential proxies. Basically, if you run a site that isn't B2B, you'll find basically no organic traffic comes from data centers/server farms. So traffic from IP blocks like owned by Microsoft (Azure), Amazon (AWS), Google (GCP), etc are all highly likely to be bot traffic and throttled or outright blocked by default. If you're running a scraper or a bot, you want to get your traffic to appear to come from residential IP blocks (owned by residential ISPs).
