For all of you discussing the chatgpt, this was after borderline harassing an intern who quoted ChatGPT as a joke in her DMs. There was no legal advice. There used to be a previous version with receipts and screenshots if I remember correctly, with very, very extensive discussions within Hack Club (to the order of thousands of messages of critical discussion).

Please take what's said here with a grain of salt. This is the same person who attempted to extort Hack Club out of thousands by using an airtable token they previously had (all tokens have since been examined as to whether they are truly necessary).

Wow! Just wow! Just as I think the situation cannot get any worse, the OP reveals even worse things going on. I know the UX of this blog and the lack of capitalization is going to turn many people off! But I urge you to power through and read the whole OP anyway.

Use reader mode, block Javascript or whatever it takes. Give the author a break. They're a teenager. What kind of websites were you making as a teenager? I'm sure one of those dark background websites with MARQUEEs and BLINKs with glaring contrast colors! So give them a break. Behind the annoying UX is an article about serious and appalling privacy and security issues.

Like read this:

> i raised this with chris, who's a full-time staff member (not a teenager), and he insisted that exposing physical addresses and sensitive info was "just a vuln" not a breach. said he's "never heard the term 'data breach' used that way" and... also relied on chatgpt instead of actual legal advice.

Actually this Chris guy has a point. I don't call it breach either. It's PII data exposure but it is a serious exposure. So I don't 100% agree with the OP but the cavalier attitude towards security coming from the staff of a legitimate organization is appalling.

It's just mind boggling that an organization handling PII data has such appalling privacy and security lapses and they still remain arrogantly indignant about it making bold claims about laws they don't understand, why, because ChatGPT told them so? Cherry on top is they are employing teenagers to answer legal questions! Not kidding! Just read the OP! Unbelievable!

My child has been involved in Hack Club for a number of years, and I support their mission. However, HC do seem to be lacking in "adult supervision", and I understand that is kind of their approach: having the kids figure stuff out on their own. However, there are things that kids, due to lack of experience, just can't figure out for themselves. For example, the reliance on ChatGPT and reluctance to use professional SMEs is a very "immature" attitude.

This sort of cavalier attitude is going to get them in trouble; I'm honestly surprised that this hasn't already gotten them into trouble. Hack Club has enough money that they can easily be a worthwhile target if any of their decisions turns out badly.

I'm going to be a bit oblique here because I don't want HC to take this out on my child, but at one of the HC events, the "figure it out for yourselves" lead to our child making decisions and taking actions that could have very easily turned into life threatening. Another situation led to our child being "ditched" in a foreign city and unsure how to get ahold of anyone on the ground to help.

Hack Club is a great idea, and I'm glad it exists, but I do think that the way it is currently organized is going to end badly.

As someone who is part of the Hack Club community, I would urge caution before blindly trusting this account.

- This person has also used their access to attempt to extort the admins and their Airtable data, demanding a bounty payment for access they were previously given. - In her arguments about the program leads earning higher bounties, they had said that they both did bounties for Coinbase and Google, neither of which being non-profits - Many of her arguments are flawed in other ways.

Theo (yes the ffmpeg guy) also commented on it in a livestream, and I would just point to that:

> This feels really in the weeds of something we are not supposed to see externally. It is a lot of writing for what seems like clueless people doing backend

As someone who has co-founded and co-organized a leaderful non-hierarchical community that has lasted 10 years of weekly hacknights (we've literally never missed a week) and many generations of stewards... I've done reflection on the value of messiness/disorder and "aggressively relaxed" constraints. I sometimes tongue-in-cheek describe myself as having some meagre expertise in "operationalising anarchy", which is only half a joke :)

I suspect the things this author is critiquing and the internal resistance to it is DIRECTLY related to the wonderful things this org can do and how it operates.

I'm of the belief that you can't truly love a thing without loving its mother. This applies to orgs as it does all creatures undergoing evolutionary processes. If you do straddle this belief tension, you perhaps love something other than the thing you thought you loved. And this other thing you love will eventually take shape under your care and watch. Which is nice, that "what we put our attention on grows".[1]

So obviously, you are permitted to love a thing and take issue with its incubating process/culture, but I would suggest you're the site of contradiction that has some explaining to do. If you win and change the process of the thing you love, the thing you love is on a new path toward being something else. And maybe that's fine. A new seed will grow in the empty space. People probably need to have a thing to love that looks like the thing you loved. It will be back.

But there's some other healthy dissonance here that the author isn't grasping. I would say this to them: You are the bringer of the end of what you love, not its saviour. It's all good -- these transitions happen, and in a more zen sense, it can come to pass without [my] judgement. But just please understand your role. You're not a hero, you're a death. Maybe a healthy one, but a death all the same. The thing you love perhaps won't survive your care.

To be clear, I have very mixed feelings. I think orgs that work like this need to stay small, only scale horizontally (inspiring/supporting other sister orgs to grow), and resist any central/vertical scaling that brings you under the rules and norms that they are desperately trying to steer clear of, but are now accountable to (according to our shared societal values).

[1]: http://adriennemareebrown.net/2012/08/09/giftingmyattention/

Companies should quickly realize that ChatGPT can go both ways - it can turn a "script-kiddie" into fully fledged hacker if vulnerabilities continue to be this sloppy. I am fairly certain that low-skill hacker sweatshops already heavily rely on LLMs to quickly exploit trivial vulnerabilities like these.

Like it or not but I feel like account logins, PII and payment stuff will have to be handled by central big orgs. Ideally, I would like that to be a competent open-source government service. For now it is big companies like Google that can shove its SSO around in accessible manner to other sites.

I'm usually the type to be annoyed at hn people who nitpick about articles but.. this is unreadable.

I participated in a few hackathons early in my career. I quickly realized that I wasn't benefitting at all from participating in them. In fact, they were a great way to fall behind in the work I actually needed to get done. Those organizing the hackathons on the other hand...

I'm not at all surprised that people are trying to program young teenage minds to think hackathons are a good pathway to advancing one's tech skills / career. Nor am I surprised to hear all of the sketchy behavior surrounding this organization and their leadership. It all fits very nicely together.