Not sure why this ~is~ was downvoted. IMHO that's a quite realistic scenario on how IDs of private videos might "leak".

It isn't a very noteworthy scenario, because it requires the person who _has_ been given access to a private video/ID to share it with someone who shouldn't have access. In that already-rare scenario, the person with access can simply download or record the video anyway, thereby leaking it (with audio and high-resolution to boot). And that's with everything working as intended.

Chained with another exploit to actually be able to discover someone's private video IDs, it would have been worth a much higher bounty.

It is very common for people to discover private video IDs in product pages by combing through the HTML for announcement pages, product listings inadvertently put up early by retailers (and some retailer, somewhere, will always screw it up) etc.

I honestly can't think of a week that goes by without the discovery of a private video ID in the videogame space tbh for some unannounced title or feature.

Maybe people disagree with the last statement of it being worth the bounty (as many including myself think it’s worth way more)

Oh, I would certainly not disagree with that, I meant worth at least the bounty.

Yeah, I know.

I think HN is getting brigaded pretty badly for anyone who's said that Parler's security was garbage, so maybe that?