[lqdc13]

In this article and the nyt one they are actually saying US is doing it and it's not even a secret. Here is a quote:

"The N.S.A. bans its analysts from using Kaspersky antivirus at the agency, in large part because the agency has exploited antivirus software for its own foreign hacking operations and knows the same technique is used by its adversaries."

[darawk]

That is not the same thing. The fact that they've exploited AV does not mean that they coerced an AV company into installing 0day for them. Those are very very different things.

[lqdc13]

Ok, four questions:

1. Is hacking into a foreign AV company by a state an OK thing to do?

2. How do we know the anonymous source is being truthful?

3. If yes to the first two, are we certain that it wasn't exploited but was coerced?

4. If all of these things are true and they were coerced, what is the practical difference for the party being monitored?

[rtpg]

The difference is that in theory, you can make secure software in the US that hides information from the gov't. For example the secure enclave on newer iPhones. Of course, if you don't make secure software, they will get exploited by security services.

In China it is not even theoretically possible because the gov't mandates backdoors and can easily shut down your company if you don't comply. You have way less recourse on rule of law.

[darawk]

You are absolutely right that we don't know any of these things for sure. My point is not that we know them for sure. Simply that, as written, the article does not claim the US to have done something morally equivalent to Russia. And to my knowledge, there is no evidence that the US has done something like that, either.