[Buttons840]

Are you saying they're aware of all these vulnerabilities? Why don't they fix them? Can one of the wealthiest companies in the nation not fix vulnerabilities they're already aware of? What is the limiting factor here? Competence?

My conspiracy theory is that my idea will never be implemented because it would expose the "job creator" class to an objective measure of their competence, and they would not fare well. Headlines like "97% of US organizations are incapable of building secure systems" would not be fun.

[photon12]

You can read lots of comments in these threads about the cost/benefit analysis of mitigating the vulnerabilities. And whenever that cost/benefit calculation gets very complex, the default is to not get too worked up about fixing the status quo because "it's complicated."

[Buttons840]

Yeah, the cost would be corporate profits, and the benefit would be privacy for average people. Given those tradeoffs, I'm not surprised that those benefiting from corporate profits say "it's complicated", and then choose the course that results in more profits for them (while harming the general public and national security). I'm not surprised, but not happy about it either. But this is turning into more of a political rant so I'll end here.