Well definitely don't share it with DDOS secrets, news outlets or any other major company that would potentially report on it. That would be very bad press for Cellebrite, and if they connected it to you they could be very annoying - though again, they would need pretty good evidence connecting it to you and things like TOR and proper privacy practices would make that very difficult. So definitely don't do that, or use something like tails to post it to multiple SecureDrop outlets.

This definitely isn't a trap.

Post is here and let folks take a look.

Really REALLY bad idea - this is one of law enforcement's larger pet gadgets and companies, so the GP would not only have a particularly enthusiastic mob coming after them, said mob's pitchforks would have automatic cannon launchers and EMPs and push-button-activated nunchucks and all kinds of other crazy things that aren't legal for standard-issue pitchforks.

So if the database is fingerprintable to the GP specifically in any way, they're very very dead. And the random username doesn't even count here; they probably didn't post from Tor, so their real IP is connected to this post.

I think it's a fair guess that a security researcher like that knows how to post on hn without leaving their home address. It's not particularly difficult.

Well this would also require him to have been properly anonymous when reporting the bugs last year.

Unfortunately HN / Cloudflare / Google still block some Tor users with the privacy invasive software known as ReCAPTCHA. Not sure if they’ve switched to hcaptcha yet.

This is irrelevant to the thread. ReCAPTCHA isn't a privacy invasion at all for this use case.