Hacker News new | past | comments | ask | show | jobs | submit login

I could accomplish the same thing by robbing a bank - doesn’t make it the right thing to do.



Doesn't make free work for a for trillion dollar corporation something noble to do.

By that logic, a grocery store giving away everything for free is the right thing to do. Doesn't lead to anything sustainable though.


What suggests that any of this is "free work for a trillion dollar corporation"? Apple hasn't acknowledged that this person discovered this bug yet. They've only acknowledged that it existed and that they were going to patch it in the future. Crediting someone for a bug bounty isn't as easy as you all are making it out to be.


Robbing a bank is immoral, selling information about how a piece of software works, in my humble opinion, is not. Or if it is, then it's not even close to the level of "wrong" that is robbing a bank.


And what if that information gets weaponized against journalists in an authoritarian regime?


You know what gets weaponised?

Actual weapons our government sold to Saudi and other's.


Also the software to subvert security on mobile devices, build firewalls on a national level, and inspect every internet packet for disloyal statements. All that is packaged and sold to our authoritarian allies with the full approval of the government the majority of people support.

Selling a zero day would probably fall under a weapons clause.


One of these things doesn't negate or excuse the other; both can happen at the same time. You're engaging in "whataboutism".


If you sell a knife, and it's used for a stabbing, are you culpable? Thousands of people buy knives every day, and most of them don't stab anyone. So unless there was good reason to suspect something, we would say no.

Most zerodays are probably not bought by china to spy on dissidents, they are more like knives. On the contrary, when we sell bombs to Saudis we can be 95% sure they will be used in Yemen.


Zero-days, unlike knives, are not dual-use instruments. The only people buying those zero-days are incorporating them into surveillance and monitoring systems. Literally, how else could an exploit be monetized? Stealing crypto-wallets?


What exactly do you do with a zero day that isn't "use it against someone"?


Important information about "whataboutism":

https://theoutline.com/post/8610/united-states-russia-whatab...


Unless it's a mafia's bank.


You're also either a victim or an oppressor. No wrong can be done by anyone in the former group, and no good by the latter. Such ideas of victimization do nothing but justify the use of power and engender intergroup conflict.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: