[threeseed]

You seem to have a very flippant attitude on this.

Backdoors in Android and iOS costs lives. There are many governments who today kidnap, torture and kill citizens and even non-citizens based on compromised phones e.g. Jamal Khashoggi.

And to have companies like Correlium enabling and profiting from this is utterly reprehensible. They aren't altruistic or making the world safer or being selective in who they sell their technology. They are simply the modern day equivalent of a shady arms dealer.

[_bxg1]

I wouldn't lump Correlium in with the companies that hoarde and sell actual vulnerabilities. Tools that allow people to find them go both ways: they can equally be used to exploit and to harden a system. It's unclear which direction Correlium favored, if either, but there's at least the potential that it could be used for good.

What Apple needs to do, IMO, is release their own version of this for free and set up a well-funded bug bounty program (lord knows they have the cash). When you have to buy the tool from a third-party, it seems like wealthy bad actors will be more likely to do so than people with good intents.

[lolc]

I'm not in the mood to go around preaching about the scum that is zeroday factories. Or the questionable ethics of selling opaque phones. I'm just happy the conflict has reached the court system which may shine a light on these practices. What would victims of state persecution gain from me not being happy about this? Why bring them into the discussion?

[kick]

Security by obscurity is no security at all, because any repressive government will already be shining a flashlight at it to try and find anything they can. Making it faster for security researchers to find vulnerabilities means that there are less people vulnerable.

[threeseed]

I am not advocating against this sort of technology at all.

I am against it being a product sold exclusively and secretly to enterprises and governments. The sort of entities who are not informing Apple and Google about vulnerabilities but instead using them for unethical and criminal means.

[zepto]

That depends on who the researchers are working for.