[tutts]

"How do we know that FSLabs don’t use this, just because they say so?"

How do you know the main executable doesn't do the same thing? How is trusting them not to run this .exe different from trusting them not to secretly implement this functionality in the actual program?

[yjftsjthsd-h]

Well yeah. The appropriate reaction here is to assume that the company is shipping malware in the product regardless of what particular format.

[tutts]

Sure, but what of significance has changed? Every time you run a program, you're trusting the developer not to do nefarious things like reading your Chrome credentials, because the only assurance you have is the developer's word about what the program does. As far as I can tell, that hasn't changed at all. I'm not saying this is okay - there are reasons why this is a bad thing to do, I just don't see how no longer being able to trust the developer not to be malicious is one of them.

[yjftsjthsd-h]

There is a difference between "developer could hypothetically do bad stuff" and "developer has been caught doing bad stuff"

[coldacid]

Once they ship malware in any one form, anything else from a developer is eternally suspect. Even if they don't do something like this in their apps' main executables _now_ doesn't mean they won't in the future.

Once a company pulls shit like this, they are dead to me, and they should be dead to everyone else as well.