Why do you feel you have to defend yourself against accusations like this? Have they been leveled at you?

They have, and they've been leveled at you, by the article itself, which made blanket statements about all men.

This woman thinks I'm asshole with no self-control for no other reason than because I have a penis. And she thinks I'm the one who's sexist?!

Not once have I ever felt the need to "defend myself against accusations like this." Why? Because it's pretty easy to avoid being a condescending sexist asshole...

Indeed. I have a suspicion that the opposite is also true: that the women who complain about these things are themselves the female equivalents of the condescending sexist assholes they're complaining about.

But if you dare to express the fact that it isn't true, then you get accused of "denying reality" and being part of the problem in that sense. It's a no-win scenario.

If other people are attacking you, should you lay down all your weapons and hope they do the same?

Are people attacking Exodus via TOR? If not, then what ethical justification does it have for involving itself as the NSA's mercenary?

I'm all for self-defense; it's aiding aggression that I find unethical.

Hacking without responsible disclosure is always unethical, and what others choose to do is irrelevant.

I think this is an incredibly bold statement. I think it's a bit hard to judge the ethics of exploiting a computer "in a vacuum", the context certainly matters. Let's take a hypothetical situation: if a computer was used as the trigger for a bomb which was going to go off and kill 100 people, would it not be ethical to hack in to the computer and disable it? [we can assume it also has all the fancy triggering mechanisms in place.. capacitive sensing in case someone gets too close, tilt/shock sensors in case something tries to move it, etc]

Clearly, I'm failing to understand -- what is there about your hypothetical situation that precludes responsible disclosure?

Also, responsible disclosure is sort of tautologically ethical because it does consider context (that's what the "responsible" part means). If you're not sure what kind of disclosure is responsible, then the only ethical option would be to forgo the hacking.

The other thing is you have to consider that "cyber weapons" mean governments can gain intelligence or affect systems without hurting people. Stuxnet is an interesting example. How many lives would have been lost if instead someone bombed the Iranian nuclear facility, or killed off Iranian scientists (yes, I know this still happens anyway, sadly)? Stuxnet was a virus that infected the public's computers as well. Based on our discussion so far I would expect you to say something like "well sure, maybe it's better than bombing, but having neither would be even better". That's a totally understandable stance, but again, that isn't the world we live in. I think it's a step in the right direction to at least try to minimize deaths.

Being forced to choose the lesser of two evils doesn't mean you should become the active accomplice of that evil.

Besides, on a more practical note, you're also failing to consider the rest of the collateral damage. By supporting Exodus's position, you're saying that hypothetically saving the lives of the Iranian scientists is worth hypothetically risking the lives of TOR users worldwide.

And if we don't already have the gene sequence in hand, well, that's a problem in itself.

What do you think the odds are that you could download the smallpox genome off The Pirate Bay or some TOR site?

So you seem to be saying hacking is never ethical.

Hacking with responsible disclosure is ethical. The fact that it may not be possible to do so profitably is irrelevant.

Hacking without responsible disclosure is always unethical, and what others choose to do is irrelevant. The fact that somebody else is acting unethically is not an excuse for you to act unethically too!

So no, I guess what I'm saying is that if Exodus weren't selling bugs to the government, we would be worse off, not better.

No. We're exactly equally bad off in either case. An attacker is an attacker. I have no confidence whatsoever that giving the NSA the exploits helps the American public, but even if I did the act of doing so would still be unethical!

Didn't your parents ever ask you rhetorical questions like "if your friends all jumped off a bridge, does that mean you should do it too?" or tell you "the ends do not justify the means" when you were a kid?

The arguments I'm used to hearing go something like "but it's obviously unethical, they should just responsibly report and disclose vulnerabilities they find". But this is a total crap argument. The options Exodus has aren't "sell to governments" or "responsibly disclose for little to no fee". The options are "sell to governments" or "go out of business". So maybe someone will say "fine, they should go out of business, then we will all obviously be safer!".

But, well, it's not really clear that's the case. If Exodus (or Vupen, or whomever) quit, it's not like suddenly the government would stop looking for exploits. And if the US government did, it's not like China or Russia would. And if they did, it's not like criminal organizations would stop. You aren't going to stop vulnerabilities from happening or being sold. Game theoretically, it seems like the right choice is to keep the US government snatching up what vulnerabilities it can to keep in its back pocket for espionage. Not doing so would be a huge blow to US intelligence agencies, when every other major government out there is working on the same capabilities.

So what you're saying is that what Exodus is doing is unethical, but criminals would do the same thing anyway, so we might as well ignore Exodus' unethical behavior because they're on "our side?"

Fuck that, and fuck you!

Us schmoes with our mortgages are under iron clad obligations to pay down to the last penny.

On the contrary: this is why debtor's prisons were abolished in favor of bankruptcy laws. The elites realized that it's more efficient to keep the schmoes working instead of locking them up when they (inevitably!) default.

In the case of TOR, the site already knows you're accessing from a TOR exit node. At that point, making your browser indistinguishable from every other instance of the TOR Browser is probably good enough.

Plus, you can install Ubuntu on your Chromebook and have the [best|worst] of both worlds!

There are those who say you need to use RequestPolicy and Ghostery and AdBlock and NoScript (and some other stuff, like a cookie blocker) to catch everything....

It's not artificial because of the details of the technical implementation, it's artificial because it's a scarcity that would not be expensive or difficult to resolve.

Yes, and it's artificial because Verizon made a deliberate choice not to resolve it (rather than it being unresolved only due to ignorance).

The US and the Netherlands are special cases.

I was under the impression that "the Ukraine" was a similar special case, in a way having nothing to do with whether it was a part of the USSR or an independent country.

Yep. The main selling point of "natural" gemstones these days is that the lab-made ones are "too perfect!"

You forgot about the other 545 people we also need to impeach. (One vice president, 9 supreme court justices, 100 senators, and 435 representatives.)

Since when was Obama a progressive? Sure, he campaigned as one, but his actions upon taking office revealed that to be a blatant lie.