[rectang]

Only under the most carelessly superficial analysis.

Is there any limit to the vast, systemic negligence and enabled criminality which can be excused away into nothingness because the circumstances under which they were made public were problematic?

This isn't a criminal prosecution of the company who was irresponsible with user data. If the people who exposed the negligence screwed up, that doesn't mean we have to act as though that the negligence ever happened.

Demonizing the messenger while remaining silent about the message is a choice.

[batch12]

Mostly agree. It is unfortunate that the methods used by the messenger add distractions to the situation.

The point I am trying to make is the ends don't absolve the hacker from consequences. Ransomware operators often blame their victims for poor security and frame their actions as security-as-a-service.

[rectang]

> The point I am trying to make is the ends don't absolve the hacker from consequences.

I agree on this point. I see it as analogous to holding your allies to a standard that your adversaries are unwilling to uphold.

In this case I categorize both black hats and toxic data hoarding companies (including their techie apologist employees) as "adversaries" (though I don't assert you agree with my assessment).

> Ransomware operators often blame their victims for poor security and frame their actions as security-as-a-service.

Despicable victim blaming by the very party doing the victimizing.

I understand why advertising a VPN service can be seen as analogous, even if the scale of profiteering is not comparable.

The argument against toxic data hoarding is easier to make when untainted by exploitative profit motive.