It’s not Uber problem mainly here, although Uber could have helped you more.

It’s Hackerone, that frustrates you with the rules, not allowing you to send incomplete bugs, just to see if you are on the right path. So you end up crazy frustrated , robbed by your time. The marketing says it’s for everyone and they pay bla bla.., but in reality not so great

In my case, they gave me some bullshit reasons for a complete ban, for which I can prove each point how wrong it is, but it doesn’t matter. Also the company I was testing for was one of my favorite. At some point they inserted the Hackerone triage team that pretended to be [company_X] (now I think they mark it as “Hackerone staff”. And I noticed that N/A comes a lot , comments are aggressive/dismissive (“not SSRF, check that”) and I started to disagree with the triage team. Of course they don’t like that, because they are too sensitive poor people, like you cannot put public everything you wanna say instead of the bug report comment box (which I think is to be preferred instead internet)

So “me loved” (heart :) ) company X, company X wanted to pay me, H1 banned me for criticizing H1 while I was testing the same company X. Meanwhile H1 triage guys reported similar bugs as mine to other independent bug bounty programs that I know.

Hackerone is a joke, don’t waste time with it, it works only for a few and you should try other options (help the independent companies, report bugs even if they don’t pay a lot so they don’t end up in H1). Bugcrowd is has a nicer team in the backend, Synack works for most very well, I haven’t heard any complains, Cobalt pays fixed rates etc.

Anyway H1 usually assumes some bug hunters are shit and they are not worth anything and they just complain. In my case there was a consistent amount of nice bugs and work and they encountered this:

Why would they contact me like this? Don’t they have my details in their system, in the ban list at least?

Some that have bad experience don’t want to lose time writing bad stuff, or look bad themselves. But I think those who have bad experiences in Hackerone should write it, because you only see the ”Yay” tweet and you think everyone is rich on the platform. No! it’s just a hype

Don’t lose time with Hackerone!