Nearby Live

Covered Domains

Vulnerabilities on any of our domains are covered under this program. Specifically:

• *.nearby.social
• *.wnmlive.com

Responsible Disclosure

Give our security team a reasonable amount of time to respond to, and correct, the reported vulnerability before making any information public.

User Data

Please make a good faith effort to not violate anyone else's privacy during your testing. We explicitly request that the following user information not be accessed during testing:

User messages User photos Private group posts Logging in as users/impersonating users

Scope Exclusions

The following conditions are out of scope for the security bug program:

• Physical attacks against Nearby Live's offices and/or data centers.
• Social engineering of our users, employees, or contractors.
• Issues related to networking protocols or industry standards not controlled by Nearby Live.
• Any vulnerability obtained through the compromise of a user or employee account, if you need to test a vulnerability create a free account, don’t take someone else’s.
• Any vulnerability found through the use of any mass scanning tool, botnet, compromised site, end-clients or any other means of large automated exploitation or use of a tool that generates a significant volume of traffic.

Thanks

We believe in giving credit where credit is due. If your work helps us improve the security of our service, we'll gladly recognize your discovery on our website and elsewhere.

We currently offer a modest bounty for genuine vulnerabilities reported.