The sad truth about the Yandex bug bounty program

I have always been happy and even proud that our country has such an IT giant as Yandex. But, unfortunately, Yandex is turning into a soviet store, where being rude and shortchanging a client is not even the norm, it’s life!

Recently, there have been minor incidents with various of its services. But I somehow understood that couriers, delivery, sellers at the market are all a human factor, it’s difficult to keep track of them, so I gave up.

And then it hurt, because the employees themselves…

Bug Hunting Program

I’ll tell you about the “Bug Hunt” program, or rather, that you shouldn’t hope that you’ll be welcome there and welcomed with open arms.

Background

I bought Alisa Light for my son.

I set it up so that the station would recognize him and me by voice. Everything was great until a couple more stations appeared in the family. Then I decided to combine all the stations into a family subscription, and my voice had to be removed from the first station, because the tuned voice is considered a separate pseudo-user.

Problem

For some reason, my son’s station did not forget my voice. She still recognized me, and since my voice was no longer tied to the station, she believed that I was not subscribed, and so she said: “Subscribe, man, otherwise I’ll turn on the music!” But she listened to her son quite well and played any records.

Attempt to solve the problem

It was obvious to me that this was not normal behavior. Well, because I pay money for a subscription, but I can’t use it. And if it's not normal, then it's a bug. And the bug needs to be fixed. After some googling, I found information that Yandex has a bug bounty program, just like self-respecting companies. And you can get a reward for the bugs you find!

“Nichoshi!” – I thought and sent a detailed description of how to reproduce this bug to the support service.

My expectations:

  • Bug accepted

  • Hired

  • Successfully reproduced

  • Repaired

  • They told me thank you

  • Maybe they even paid a reward

Reality

I've been corresponding with support for almost two months now. At first everything looked fine, the task was accepted for work, and it remained in work for about a month. Then they asked me for a video of how it was played, and so that the video would show the current time (apparently to find the logs). Well, then I received a letter with the following content:

“The video shows that the speaker does not recognize you, so it cannot play any music for you, but only offers something specific. This is expected behavior from Station Light, because you removed your account from the family subscription, and did not remove your voice.”

WAT???

WAT???

What are you doing there, Alice developers? Those. you spent a month figuring it out yourself, then you asked for a video, and then you write that I deleted my account from the subscription? I clearly outlined all the steps. I had to delete the customized voice in one of the merged accounts. No accounts are left without subscriptions!

And then there were replies in the spirit: “Yes, this is not a bug,” “Yes, you just need to do a hard reset,” “What kind of bug-bounty program is this? Go for a walk, boy!”

Disappointment

If you open the description page of the “Bug Hunting” program, you can find a point that exactly describes what I encountered. After all, I could not communicate with Alice, although I had a subscription.

Fad:

Bypassing the subscription model
Some of our devices are sold using a subscription model, which involves regular payments for using the device. If there are no payments, restrictions are imposed on the devices.
For example, It will no longer be possible to watch films on Kinopoisk or communicate with Alice by voice. We are interested in any ways to circumvent these restrictions.

This story doesn't have a happy ending, although they fixed the column. I don’t know who and how, maybe the hard reset helped the fourth time, maybe they tweaked something on their part. Or maybe both.

There was a very unpleasant aftertaste in my soul.
It would seem that such a huge company, an IT giant, the best (which I already doubt) in Russia! And the user’s attitude towards their loved ones is like a piece of shit.

I'm ashamed of you, Yandex, I'm ashamed!

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *