I am also not quite ready to concede that a Chrome/Blink base is the only way a browser can be successful. I'm sure the day is coming, and I'm not sure that we can ever go back when it does.
It seems the issue lies in tech companies preempting privacy legislation with proposals that are largely toothless. While the EFF sought to add amendments that would make the bill more robust, ACLU WA sought to quash it all together which makes me wonder what the reasoning was for not attempting to amend the bill.
What a bizarre situation. I'm wondering what the motivation would be to just apologize and dump decryption keys.
>Kaspersky Lab's Sergey Golovanov told BleepingComputer that he was able to confirm that the keys are valid and was able to use them to decrypt a test machine.
While I don't work on a red team, it does seem to me that an organization should vet software used by their red teams via the same processes that they use to make risk determinations regarding any other software run on organization systems.
Is it a trend to just "let red teams go to town" without their strict compliance to existing security processes? Are software titles to be used usually included in a statement of work or when negotiating the scope of an engagement?
I don't necessarily disagree, but can one do anything that puts them past a point where society should afford them a chance at redemption? Does an individual always deserve to be given a second chance?
>people's lives can be ruined, or at least set back years or decades by controversy that stems from private information getting into the wrong hands
Private information "getting into the wrong hands" often seems to be an issue of misplaced confidence in the confidentiality of that information. In an era where "surveillance is democratized," how we think about the existence of "private information" might radically change. In your example, the words, actions, and ideas that would have generated controversy might not have ever been spoken or acted upon in the first place, or there would be such an apparent abundance that the "controversy" wouldn't hold ground. More of a fringe position here, but maybe certain ideas and actions wouldn't even be conceived of in a post-privacy world, as the result of the loss of an expectation that those ideas or actions could be kept confidential.
It certainly feels like the cat's out of the bag when it comes to mass surveillance. Facial recognition, for example, isn't going away, and there doesn't seem to be enough political / institutional momentum to counter the value that is provided to organizations by the data that one might view as an invasion of privacy. There doesn't seem to be a meaningful debate about maintaining personal privacy, so maybe the discussion should be who has access to these tools, systems, and institutions moving forward.
When I read your comment, I realized I intuitively view open access to surveillance systems like this as more desirable than limited access, and I don't know how to articulate that feeling.
I'd consider myself privacy-conscious, however it is clear that this sort of open access further limits my "privacy." I wonder if privacy advocacy is more about aversion to certain power imbalances rather than privacy as an end itself for many folks.
This article is a follow up, as Kaspersky has developed a tool to allow ease of decryption.
Previous article of the team closing up shop: https://www.bleepingcomputer.com/news/security/shade-ransomw...