But this is not a problem with the tool, this is a problem with those platforms. Even if this tool is not published, bad actors can still make their own tools.
I think we should rather demand the platforms to enforce better measures against this kind of usage, rather than blaming this tool.
I take an issue with the argument that bad actors can make their own tools. Bad actors can also build their own nuclear weapons, genetically engineer their own deadly diseases but there's certainly value in not making this any easier. If you take the time, money and effort away from bad actors by forcing them to reinvent the wheel, that's a good thing.
Granted, this logic can't be viably applied to most things, but there are projects where you can assume that most of the use-cases will be shady.
Exactly! There’s a totally different bar to entry. Look at North Korea. I don’t think they rank highly as a concern with traditional kinetic warfare, but they have made themselves a major security concern even with scant resources because the bar to entry with cyber warfare is just that much lower.
> Granted, this logic can't be viably applied to most things,…
This specific thing, for example.
> ... but there are projects where you can assume that most of the use-cases will be shady.
An assumption is a poor basis for an argument. Even in the case where the assumption turns out to be correct, I don't buy this line of reasoning, because it would apply generally to security tools. Such reasoning also makes it far easier to attack things even where the assumption is known to be wrong (e.g. bittorrent).
Tools like this are trivial to make and it's trivial to do it manually using Google. I don't see any point in getting angry about the existence of tools like that, as it's beyond anyone's power to stop people from doxxing each other.
I did something similar to this for a hackathon in university. Obviously not as sophisticated as this, but the concept is trivial. If you know enough about the command line to install it, you can build it.
Perfect example was the youtube-dl. Making an app to download videos from YouTube is relatively trivial for most semi-experienced developers but that doesn't mean I want to invest the time doing it, plus the effort of keeping it up to date every time YouTube changes something. So youtube-dl is enabling me and less technical people to download content from YouTube, and it's "going away" for a short time caused an outcry.
So there's a difference between "this is possible" and "this is a tool that makes it really easy"
Depends on what you mean by missile. One worth dozens of millions of USD and produced largely to prop-up a state economy tends to have different ethical considerations versus an adhoc assemblage of propane tanks and plumbing pipes produced to fight over the neighbourhood in which it was made.
You know what would be a great addition to this tool: A transparency panel/dashboard that shows any state organizations or LEO systems that are using it.
List out all the IPs and countries that are state IPs using it.
I was thinking a modification such that the system will report where its run from and if the reported IP is recognized as a government agency, display it - else drop it.
I think we should rather demand the platforms to enforce better measures against this kind of usage, rather than blaming this tool.