[SkyBelow]

>I am not naming the company here, even though they would totally deserve it.

I do wonder to what extent the culture itself of how we approach bugs is designed to benefit companies over consumers. That we avoid naming and shaming due to a chilling effect of blow back, that we have disclosure windows, that the legal framework for reporting bugs is so flaky, that we are all accustomed to bad security practices and getting our data hacked, it all feels like it is architected to benefit companies who rarely suffer from hacks (sometimes there is a significant cost, but that rarely outweighs the profits).

It reminds me of identity theft. The entire concept that you lost money because your identity was stolen from you, that the bank (or other company) who feel for the fake victim isn't even a party to the actual crime, pushes the costs onto consumers. Instead of seeing it as the banks being the victim and thus responsible to bear the costs that aren't recoverable from the criminals, is is their customers who are. Thus it reduces the cost to the bank of poor identity management. An entire culture that offloads the costs of the bank's penny pinching onto consumers.

Another such examples is when the early automotive industry pushed for people to view jay walking as the crime, shifting blame onto pedestrians for being in the way of cars.

[misterprime]

Another aspect of this is the taboo of discussing salaries / compensation with your peers and coworkers. Sure, it might be a bit "low class" to be concerned with money like that, but you know what? We're all mostly working class, and it's in our interest to discuss wages.

[Simon_says]

It's in your interest to discuss wages if you're paid median or below wages. Wait till you're paid many multiples of your coworkers and then see how you feel about it. The taboo does nothing for most workers, but does protect people who are highly compensated.

[SkyBelow]

In effect, protecting those who are at the top and need the protection the least.