| ▲ | lyu07282 5 hours ago |
| So it's the criminal that convinced themselves they are the good guys, I didn't expect that one. You are a malware company get a grip. |
|
| ▲ | celsoazevedo 5 hours ago | parent | next [-] |
| Would you prefer that they kept this for themselves instead of disclosing it? I get criticizing their business and what they do wrong, but doesn't seem right to criticizing them for doing the right thing. |
| |
| ▲ | trinsic2 4 hours ago | parent | next [-] | | It means they are suspect. I think its right to be wary of motives if they are involved in the very thing they aim to bring awareness too. Questions arise in my mind as to why they would do something like this in the first place. Its been my experience that the general public doesn't seem to follow patterns and instead focus on which switch is toggled at any given moment for a company's ethical practices. This is the main reason why we are constantly gamed by orgs that have a big picture view of crowd psychology. | | |
| ▲ | celsoazevedo 3 hours ago | parent [-] | | I don't trust them more because of this and maybe they've disclosed it for the wrong reasons, like not allowing a competitor to use it when they don't, but at the end of the day they did disclose a serious issue, and that's good for users. I understand where you're coming from, by the way, but sometimes the worst person you know does the right thing and it's not fair to criticize them for doing it (you could say nothing, don't have to change your opinion about them, etc). We also don't want someone to go "if I'm bad no matter what I do, then might as well make some money with this" and sell the exploit. |
| |
| ▲ | lyu07282 3 hours ago | parent | prev [-] | | What are you even saying? It's like getting upset at somebody who criticizes a criminal because they once helped some grandma across the street. I'm not upset at the criminal because they helped a grandma across the street obviously that's not the fucking point. | | |
| ▲ | celsoazevedo 2 hours ago | parent | next [-] | | I'm not upset, I just don't think we should criticize someone for doing something good. Maybe they're a terrible org, maybe they deserve criticism most of the time, but not in this instance. It's not like you can't point out that they did a good deed, but that they're still in the shitty business of fingerprinting users. Also, if people only get the stick no matter what they do, then eventually some will embrace the dark side and at least make money out of it. And that's not good for you. | | |
| ▲ | lyu07282 an hour ago | parent [-] | | The inverse is also true, letting them whitewash their image by pretending they care about your privacy and seek to protect you will be good for their public relations, but only if we let them. I refuse to be this gullible and run to their defense for no apparent reason. |
| |
| ▲ | Vinnl 2 hours ago | parent | prev [-] | | It's more like criticising a criminal when they are helping some grandma across the street, thereby treating them more harshly than the criminals that don't do that. (Also known as the "Copenhagen Interpretation of Ethics": https://gwern.net/doc/philosophy/ethics/2015-06-24-jai-theco... ) |
|
|
|
| ▲ | somerset 3 hours ago | parent | prev [-] |
| Responsible disclosure and commercial fingerprinting aren't contradictory. |
| |
| ▲ | lyu07282 3 hours ago | parent [-] | | Do you seriously not see the contradiction? I consider all methods that enable fingerprinting, as vulnerabilities that browsers should fix, if we did that it would destroy their business. On top of that a company like that shouldn't be allowed to exist in the first place as a legal entity and it very likely is already operating in a legal grey area in a lot of places. It's the difference between a security company that provides IDS signatures as a service that does responsible disclosure vs. a malware company that offers 0click exploits. Would you praise the NSO group if they did responsible disclosure? Fucking HN sheep | | |
| ▲ | flufluflufluffy 2 hours ago | parent | next [-] | | If you take their claim that they don’t use vulnerabilities in their products as true, then I don’t see a contradiction. If it isn’t true, then obviously there is a contradiction. But your considering of all methods that enable fingerprinting as vulnerabilities is your own opinion. There are definitely measurable signals that are based on a user’s behavior, rather than data exposed by the browser itself. | |
| ▲ | kube-system an hour ago | parent | prev [-] | | It's a little bit disingenuous to call intentional wont-fix features "vulnerabilities". |
|
|
