It's a mistaken position to believe sharing "how to" information somehow mints cybercriminals; however, this is the position YouTube has repeatedly and is increasingly taking with striking innocent content creators sharing information about how security vulnerabilities work and how to test for them.
This type of content is widely available on mainstream online blog sites, in published books, and through established, expensive training outfits like the SANS Institute. YouTube has really missed the mark thinking there are real risks they are mitigating by culling it out from their platform.
This is an editorial decision by YouTube on what they want to groom YouTube's community to be, not a content decision based on sound public policy or realistic threat models.
HPKP is what the article you posted to is referring to, and probably will go away completely.
However, profiling the public key of the site a mobile app connects to and erroring out if it is compromised to prevent MitM attacks is called 'certificate pinning' for mobile apps but is not related to the HPKP pinning of browsers. A reference for certificate pinning: https://blog.netspi.com/certificate-pinning-in-a-mobile-appl...
The most important element, in my opinion, is one that single questions alone cannot discern: Is this person a workplace psychopath?
I'm not kidding, and this is a real issue. A lot of people who can be great entrepreneurs can also have detrimental effects on your culture, the trust of your clients, and your long-term sustainability. Drive, initiative, passion, aptitude - these are qualities present in great founders and appear to be present in workplace psychopaths.
Get to know this person, and get a strong sense of their values - not from what they say and want you to believe, but from taking in the context of their accounts of what has worked out, and what is not, in their personal and professional life. For people they speak dismissively or negatively of, find them and get their side of the story. You cannot do too much due diligence here - this is critical, especially if you start to become widely successful. Then you're locked in with your partner in the co-pilot seat, and you won't have the desire to bolt or ability to change your decision without significant if not disastrous consequences to your business.
Your values must align, and you must trust this person with your life. Your startup will be your life for the next 7-10 years, by your planning.
For the US - Depends on if you're exercising and holding or exercising and selling. If you didn't get the opportunity, or forgot, to take an 83(b) election as a founder, then you've been paying income taxes as your shares vest. If you were keen on taking that 83(b) election, your tax liability is negligible on liquidation and you pay nothing until that point for usual ISO arrangements.
Cross-compatibility makes a lot of sense of they perceive a lot of future risk to their value proposition that one technology or product will sell another one. If they don't believe Windows Server will be a compelling enough technology to push adoption of .NET, then why risk the decade of development on it by tying it around the neck of IIS? I see it as an admission that the various product offerings need to float on their own merits, not just because 'its the option that runs on Windows'. There's enough alternatives now to make that kind of assumption a relic of the '90s and 00's.
I'd expect an organization who pays for the service should have access to their data in it. If you fear the change, you really fear the people who are or will someday become a service administrator. If you fear that, perhaps you should consider if you're really happy where you are. I'd suspect you either have trust issues with your corporate or IT management, or you work at a place that moves too slow for IT to have anything better to do than troll through private chats.
In many cases, IT can already do a lot of other things like span your port, read your e-mail, shadow your terminal, capture all printer output, etc. But in practice, this kind of permission is usually used when someone is stuck and an employee unreachable or out on vacation, or an employee is terminated and you need some critical piece of information they might have in their chat history.
I think this would be a much more interesting project if it was to put a great interface on top of the Freenet protocol. Encryption and anonymization on P2P is very hard, and building on Freenet as a basis for the plumbing would speed the time to a deliverable and build on existing technologies rather than reinvent the wheel.
This type of content is widely available on mainstream online blog sites, in published books, and through established, expensive training outfits like the SANS Institute. YouTube has really missed the mark thinking there are real risks they are mitigating by culling it out from their platform.
This is an editorial decision by YouTube on what they want to groom YouTube's community to be, not a content decision based on sound public policy or realistic threat models.