How do you sell what you did as "it just worked"? Rightaway? You lied to them. You have your coworkers on an unmanaged machine with a foreign OS on the guest WiFi with custom networking. Don't oversell a workaround as a solution.
Simplifying the problem to "Windows" seems unfair, given how many problems you found. All of them still require a long-term solution for regular operation.
Drunk people might accidentally get pregnant and help with the population. Really an obvious move
There are many ways your real IP can leak, even if you are currently using Tor somehow. If I control the DNS infrastructure of a domain, I can create an arbitrary name in that domain. Like artemis.phishinsite.org, nobody in the world will know that this name exists, the DNS service has never seen a query asking for the IP of that name. Now I send you any link including that domain. You click the link and your OS will query that name through it's network stack. If your network stack is not configured to handle DNS anonymously, this query will leak your real IP, or that of your DNS resolver, which might be your ISP.
Going further, don't deliver an A record on that name. Only deliver a AAAA to force the client down an IPv6 path, revealing a potentially local address.
Just some thoughts. Not sure any of this was applicable to the case.
There are many ways to set up something that could lead to information leakage and people are rarely prepared for it.
I feel like most people base their decision on license purely on anecdotes of a handful of cases where the outcome was not how they would have wanted it. Yet, most people will never be in that spot, because they don't have anything that anyone would want to consume.
If I had produced something of value I want to protect, I wouldn't make it open in the first place. Every piece of your code will be used to feed LLMs, regardless of your license.
It is perfectly fine to slap MIT on your JavaScript widget and let some junior in some shop use it to get their project done. Makes people's life easier, and you don't want to sue anyone anyway in case of license violations.
If you're building a kernel module for a TCP reimplementation which dramatically outperforms the current implementation, yeah, probably a different story
That is some next-level Minecraft you are playing over there
As others have already pointed out, you must rotate the key. I don't even put any restrictions on that. Once you have shared a secret in any way, it is no longer a secret. Don't try to avoid work, just because it is an inconvenience. Convenience is the enemy of security.
Rotating your key is not enough though. Verify that it wasn't used. API providers also often provide audit logs to show when credentials were used and from which location. If someone had your key only for a second, they could have used it to generate a new key you don't even know about. Audit!
Chrome is the backdoor and you already installed it
Says the guy who funnels his entire wealth through a foundation to avoid paying any taxes. Just like he told Epstein to do. Love you Bill
https://www.bundespolizei.de/Web/DE/04Aktuelles/01Meldungen/2023/01/230118-acab.html looks like a good fake though
Do it anyway. Having anything behind a TLD that is tied to the political control of a tiny geographic area is insanely careless