Comment by munchlax
Take a chill pill.
I did, in fact, read the fine article.
If you did so too, you would've read the message from github which says "...disallow usage of camo to disclose sensitive victim user content"
Now why on earth would I take all the effort to come up with a new way of fooling this stupid AI only to give it away on HN? Would you? I don't have a premium account, nor will I ever pay microsoft a single penny. If you actually want something you can try for yourself, go find someone else to do it.
Just to make it clear for you, I was musing on the chord of being able to write out the steps to exploitation in plain english. Since the dawn programming languages, it has been a pie-in-the-sky idea to write a program in natural language. Combine that with computing on the server end of some major SaaS(s) and you can bet people will find clever ways to circumvent safety measures. They had it coming and the whack-a-mole game is on. Case in point TFA.
> If you did so too, you would've read the message from github which says "...disallow usage of camo to disclose sensitive victim user content"
They use "camo" to proxy all image urls, but they in fact did remove the rendering of all inline images in markdown, removing the ability to exfil data using images.
> Now why on earth would I take all the effort to come up with a new way of fooling this stupid AI only to give it away on HN?
You just didn't make it very clear that you discovered some other unknown technique to exfil data. Might I encourage you to report what you found to Github?
https://bounty.github.com/