Medium Member Friend Links bug

Full disclosure of the report

Sometimes, I check the platforms I use to see if they work correctly. In the case of Medium, not only does the new Friend of Medium Links not work correctly, but also Support, as we can conclude from the lack of any response to the below report.

I found a bug in the new Friend links generated by third parties with purchased Friend of Medium subscriptions. Medium counts them the same way as Friend links generated by the author.

The distinction between these two types of links is well described here:

About Friend Links

I reported this to Medium, and since there has been no response for 90 days, I am disclosing the report to the public.

Prepare two accounts using two different email addresses, devices and locations.Use one account as a Writer with an active Partner Program and the other as a Reader.As a Writer, create a story behind a paywall and go to the Post Stats Page for that story.Using a Reader account, upgrade the account to a Friend of Medium subscription.After upgrading the Reader account, go to any Writer article behind the paywall and use Share -> Friend Link.Now, visit this link using a third device without a Medium Account (not logged in).Observe the information at the top of the article: “You’re reading for free via XYZ_READER Friend Link. Become a member to access the best of Medium”Using the Writer account, refresh the Post Stats Page for that story and observe the “Shared by you (the author) or a publication editor” counter is set to 1 and “Shared by a member with a Friend membership” is still 0.

For the Proof Of Concept, I used my Medium Author account — Karol Mazurek — Medium, as a WRITER and another XYZ— Medium account as a READER according to the above STEPS TO REPRODUCE.

First, using my macOS, I visited my Stats for AppSec Tales XXIV | Deserialization page to check Views from the Friend Links counter: