Facebook has a long-standing policy that rewards hackers with a bounty if they can find a bug in Facebook’s system. Bounties can be as little as $500, but there is no maximum. Facebook makes a judgement call based on the severity of the bug and the cleverness of the hacker.
When a Palestinian hacker named Khalil Shreateh discovered a bug in Facebook that allowed anyone to post to anyone’s wall, he submitted the bug. He made a post to the wall of a friend of Mark Zuckerberg. Facebook replied and said this was not a bug, so Shreateh posted directly to Mark Zuckerberg’s wall. He figured that would get Facebook’s attention. (Facebook later clarified that they didn’t have enough “technical information” to identify it as a bug)
It did get Facebook’s attention.
The problem was that his approach put him at odds with the Facebook Terms of Service. Therefore, Facebook denied Shreateh a bounty despite his finding the bug.
In comes crowdfunding. A GoFundMe campaign has raised over $11,000 on Shreateh’s behalf, and the funds are now being transferred to the hacker as a way to ease the blow of not being rewarded for his efforts.
Thank you so much to everyone who helped make this happen for Khalil. I am leaving this active while I work with gofundme to transfer the funds to Khalil, whom I am now in contact with. I hope this has raised awareness of the importance of independent researchers. I equally hope it has reminded other researchers that while working with technology companies can sometimes be frustrating, we can never forget the greater goal; to help the Internet community at large, just as that community has helped donate over ten thousand dollars to Khalil within a day.
The campaign is currently still accepting funding as the process of transferring funds is finalized.
Have a crowdfunding offering you'd like to share? Submit an offering for consideration using our Submit a Tip form and we may share it on our site!