This is so frightening. I worked in corporate security, and that was occasionally a leaking ship, but this wouldn’t even fly with our engineers even if we wanted their message history. This is negligence.
On a more meta note, I wonder who even works at companies founded on ideas that are just... bad. On average, I expect good engineers to push back on such business requirements and also have better job mobility so they can leave and work elsewhere. The researcher found the vulnerabilities "in less than 30 minutes" so it seems there's some lack of competence here.
Unfortunately, misguided business requirements like this won't simply disappear and I get that those can be niche offerings that attract juicy contracts.
Casinos, scams (both of these Web3 as well as traditional), game hack developers, ransomware and database hackers. Adtech, which thousands of HNers work in (anyone at Google). Temu, Shein, gacha/lootbox games, dopamine drug dealers (Meta, Bytedance). NSO group, spyware. Policeware, Clearview, surveillance tech. You could name defense as well, but I find that more ambiguous.
I wouldn't be surprised if it at least 25% of HN has worked for such companies for at least 2 years of their career.
The reality is that its a dog eat dog world out there. I know people who worked in adtech. Yeah, they thought it sucked too and was boring stupid work compared to doing something cool. But it paid the bills, and interesting work is hard to land even without having to pivot into it mid career.
People generally need jobs, and some of these jobs aren't so good. Not everyone is talented enough to work at the next hot startup building a frontend to ChatGPT.
Read their install guide and weep at the idea of pushing cracked WhatsApp binaires through MDM https://smarsh.my.salesforce.com/sfc/p/#30000001FgxH/a/Pb000...