> Do you test the water from the city every time you drink it?
Not every time, but on a regular basis.
> Days like today show that, yes, the kernel team is doing their job.
...and I am happy to report that my water test results did not raise concerns.
> Yes. You are doing it without their consent. It is unethical.
I disagree that it is unethical just because it lacks consent. Whistleblowing also implies that there is no consent, yet it is considered ethical. Suppose that Facebook leaves private data out in the open, then refuses to allow anyone to test their system for such vulnerabilities. It would be unethical not to ignore their consent in this regard.
> How would you like if it you had a business and random people came by and picked locks, etc, in the "name of security"? That makes zero sense.
I would find it annoying, of course. Computer hackers are annoying. It's not fun to be confronted with flaws.
The thing is, security is not about how I feel. We need to look at things in proportion. If my business was a random shoe store, then perhaps it doesn't matter that my locks aren't that great, perhaps these lockpickers are idiots. If my business houses critical files that absolutely must not be tampered with, then I can not afford to have shitty locks and frankly I should be grateful that someone is testing them, for free.
> Yes, it is morally wrong. In that scenario, you -are- the pickpocket. This is a serious boundary that is being crossed. You are not their parent. You are not their caretaker or guardian...
Can we just agree to disagree on morals?
> This is admission that you know what you're doing is wrong, and the only reason you do it digitally is because it's more difficult to receive consequences for it.
Not at all, those are two entirely separate things. I wouldn't proclaim my atheism in public while visiting Saudi Arabia - not because I think there's anything morally wrong with that, but because I don't want the trouble.
> I strongly urge you to start considering consent of other people before taking actions.
You use "consent" as if it was some magical bane word in every context. In reality, there's always a debate to be had on what should and should not require consent. For example, you just assumed my consent when you quoted my words, yet I have never given it to you.
Доверяй, но проверяй
> Do you test the water from the city every time you drink it?
Not every time, but on a regular basis.
> Days like today show that, yes, the kernel team is doing their job.
...and I am happy to report that my water test results did not raise concerns.
> Yes. You are doing it without their consent. It is unethical.
I disagree that it is unethical just because it lacks consent. Whistleblowing also implies that there is no consent, yet it is considered ethical. Suppose that Facebook leaves private data out in the open, then refuses to allow anyone to test their system for such vulnerabilities. It would be unethical not to ignore their consent in this regard.
> How would you like if it you had a business and random people came by and picked locks, etc, in the "name of security"? That makes zero sense.
I would find it annoying, of course. Computer hackers are annoying. It's not fun to be confronted with flaws.
The thing is, security is not about how I feel. We need to look at things in proportion. If my business was a random shoe store, then perhaps it doesn't matter that my locks aren't that great, perhaps these lockpickers are idiots. If my business houses critical files that absolutely must not be tampered with, then I can not afford to have shitty locks and frankly I should be grateful that someone is testing them, for free.
> Yes, it is morally wrong. In that scenario, you -are- the pickpocket. This is a serious boundary that is being crossed. You are not their parent. You are not their caretaker or guardian...
Can we just agree to disagree on morals?
> This is admission that you know what you're doing is wrong, and the only reason you do it digitally is because it's more difficult to receive consequences for it.
Not at all, those are two entirely separate things. I wouldn't proclaim my atheism in public while visiting Saudi Arabia - not because I think there's anything morally wrong with that, but because I don't want the trouble.
> I strongly urge you to start considering consent of other people before taking actions.
You use "consent" as if it was some magical bane word in every context. In reality, there's always a debate to be had on what should and should not require consent. For example, you just assumed my consent when you quoted my words, yet I have never given it to you.