i think its fair. all you will get is the email somebody used to sign in to facebook, and if you tried to do this at mass im sure you would trigger some automated system.
if you really want to target somebody particular there you can get the email address of that person. i have my gmail account from 2004, and at this point, it is resold million times.
all it takes is somebody that i communicated with to do something stupid like allow some app to scan the contact book and my email is in the wild.
I had the same thought. Seems like the value of such an exploit could be a lot more than $5k to the right people in the open market.
The macro effect is that when someone with lower moral/ethical standards discovers such an exploit it's more likely the find will end up being sold for more money and ultimately used maliciously in the wild.
The more $fb pays the greater the incentive will be for shady people to responsibly report it to $fb.
Relying on good samaritans doesn't seem like a sustainable or particularly responsible solution to taking care of those trusting the Facebook platform to not leak their private information.
Seems like the value of such an exploit could be a lot more than $5k to the right people in the open market.
Probably not. What would the buyer do with it? It's probably very hard to mass scrape FB (rate limiting would kick in), and there are other ways of getting a specific email address.
