[jchw]

> And so, as someone who had been sitting in the core of this community--where everyone is wearing a grey hat, the vendors are the "bad guys", and "responsible disclosure" is being complicit in a dystopia--and dealing with these ethical challenges for a decade, my personal opinion is "please never ever drop a zero day on the world without it being a closed source obfuscated binary" unless you want to drop the barrier to entry so low that you have creepy software engineers quickly using the exploit against their ex-spouse as opposed to "merely" advanced attackers using the vulnerability for corporate or government espionage.

Obviously you have a better understanding of the iOS jailbreak scene than I ever will, but I still have to say I disagree with this ethical viewpoint. Personally, I'd rather run an open source exploit chain than obfuscated binaries from parties I do not know that are difficult to be sure are safe. Thankfully in the case of unc0ver that is not an issue anymore, but in the past it has been an issue for longer time periods. OTOH, if there is really a moral dilemma in releasing 0days as open source specifically because of the small time abusers and not nation state adversaries, I don't understand how this moral quandary doesn't mean you can never ethically release an iBoot/more generally any bootrom exploit, for example.

I'm genuinely curious how many abusive people are motivated enough to come up with a creepy use for a tethered jailbreak. I know it's possible, but short of rolling your own stalkerware, it really doesn't seem too straightforward?