“Responsible disclosure” is a concept mostly proposed by companies looking to accommodate their own willful irresponsibility. This is even more true in the case of intentional privacy violations by software vendors. The responsible thing is to immediately put these companies on blast the moment this kind of spying is uncovered.
I do see your point, but I still think a standardised way to at least make sure the vendor is aware of the issue would be needed if we're talking about a formal program. Not necessarily holding off publishing to do so though.
But I don't mean to back the side of vendors unduly here...
