Why would they NOT do this? They are a fucking cyber security company. It should be no surprise to anyone that a company that specializes in endpoint security software would be analyzing this shit non-stop, even for trial versions that users run. That's how their software works!

"Why wouldn't a locksmith make copies of all their customers' keys? They're a fucking locksmith company!"

Having technical capability doesn't create ethical permission.

The distinction between "can" and "should" is fundamental to data governance - a concept that exists precisely because unrestricted access to customer data, even for security purposes, creates massive ethical and legal problems.

Huntress didn't monitor a contracted customer's systems for that customer's benefit. They surveilled a trial user for three months based on a hostname match, then published the results. That's not "how their software works" - that's a choice about how to use the access their software provides.

If you genuinely can't see the difference between contracted security monitoring and opportunistic surveillance of trial users, you shouldn't be commenting on security practices at all, let alone so confidently.