A Bad Privacy Bug ⇥ blog.pinboard.in

Maciej Ceglowski, creator of Pinboard, acknowledges and explains (in microscopic detail) a privacy bug that bit the site a couple of days ago:

The heart of the problem was that it turned out to be possible to ask the Pinboard database to “give me only bookmarks where the privacy flag is set to zero'” and still get back results where the privacy flag was on. This is like accidentally baking something by putting it in your freezer. Unexpected.

Click through for the full SQL-based cause, effect, and solution.