[Chardok]

Okay, but what about potential customers of BoA that have no idea that the bank they want to entrust their money to has a huge known exploit that increases their chances of identity theft? Does the customer not have a right to know what they are signing up for?

[tptacek]

I have bad news for you. I don't know what bank you use, but I know this: your bank has huge exploits that increase your chance for identity theft.

[Chardok]

I'm sure it does. Even if I already was a BoA customer in this theoretical scenario, I would also prefer to be in the know to avoid that specific POS/gas station company until the issue was resolved, instead of wondering why my identity was stolen and dealing with the fallout with my bank unknowingly to blame.

[tptacek]

You'd be in the know about one random thing, but there will be dozens of others, many of them also known to different subsets of people.

I'm not making an argument about the public policy of disclosure. My view is: if you come about the information lawfully, publish whenever you're ready.

[rotrux]

I mean, that's a decent point, but for the sake of my argument: let's pretend we're talking about a nuclear missile silo instead of a bank.

The point is just that collateral damage can happen when people run their mouths about important/sensitive info. Sometimes, not always or even often: just sometimes, that's not cool & should maybe be prevented if possible. Should American citizens all be given access to the launch-codes because we pay taxes?

This is a gray issue. I love the EFF but this article misses important nuance.