Please read your security history, specifically the history of Zardoz; then write a one-page essay on the ethics of withholding critical information (and hence agency) from at-risk minorities in order to protect a less-at-risk majority. I have more essay assignments after that.
-
-
Replying to @halvarflake @j_opdenakker
Does it necessarily follow that withholding for a period disproportionately affects at-risk minorities?
1 reply 0 retweets 0 likes -
Replying to @unixist @j_opdenakker
By definition, withholding affects at-risk folks most. The at-risk minority here are people targeted by committed attackers: Dissidents, political activists etc.
3 replies 2 retweets 8 likes -
Replying to @halvarflake @j_opdenakker
I understand irresponsible disclosure, or premature disclosure, to be a heads up to the people who can protect themselves, and an invitation to equal opportunity ownage, both of those at-risk & otherwise.
2 replies 0 retweets 0 likes -
Nobody argues for irresponsibility, that would be ridiculous. The problem is people disagree on the most responsible action.
1 reply 0 retweets 10 likes -
The point is not whether something is irresponsible. It's to discern whether disclosure of a nature considered irresponsible by some (earlier disclosure) necessarily mitigates damage to at-risk minorities disproportionally to others.
2 replies 0 retweets 0 likes -
Every form of disclosure is considered irresponsible by some, that's meaningless. In general, using the phrase "responsible" or "irresponsible" is a sign of bad faith in these discussions, so I don't want to respond to your other points, sorry
1 reply 1 retweet 8 likes -
I personally err on the side of full/early. But it shouldn't be verboten to ask for data. It can't be merely taken for granted that "at-risk" people are disproportionally affected by delays.
1 reply 0 retweets 0 likes -
It's certainly not verboten, just a contentious topic that requires a few ground rules to discuss civilly. The unfortunate answer is that we have imperfect vision of what our adversaries are doing, so we have to extrapolate based on what we know.
1 reply 0 retweets 3 likes
If we had a perfect oracle that could tell us which vulnerabilities the bad guys had, then clearly not publishing the ones they dont have is the way to go, but that's not the world we live in.
-
-
I contend purely with the grounds on which decisions are made. The world is so no black-and-white. I don't find compelling "at-risk" or "minority" on the face of it. E.g. what's costlier? first-world country's power grid vuln; or minority activist privacy vuln. Need more data.
2 replies 0 retweets 0 likes -
Could you clarify your example, do you mean you would keep quiet about a vuln that is being used to attack minority activists, because you think publishing it might increase risk to the power grid?
0 replies 0 retweets 2 likes
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.