Hacker News new | past | comments | ask | show | jobs | submit login

I think when you refuse to address a reported security issue related to something you installed (without the users knowledge and without a way for the user to easily remove) as a way to bypass an access control pop-up, and cite that it’s a feature not a bug, until forced by the public/other disclosures to remove it, The intent is malicious.

But even if it weren’t — and we can agree to disagree on the intent — the second the RCE is popped, it becomes a massive security issue and it becomes traditional malware. As I said, I’m convinced Apple would do the same thing if this was something left behind or associated with Java or Flash.

Malicious intent is the only thing that separates malware from a regular security issue. So if we disagree on intent we have to keep disagreeing on whether or not it's malware.

But I will admit that I'm starting to see the question of Zoom's intent a bit differently after thinking about what you have said.

Lying to users about the uninstallation is pretty icky intent. It's weird to make this about the sanctity of user choice and just repeatedly ignore that bit on top of coming up with a throughly inaccurate narrative about the nature of Apple's response.

I didn't ignore that bit. You didn't bring it up in your responses to me.

Instead you defended Apple fixing security issues in third party software (as I understood it without user consent) and you compared any concerns about that with concerns about buses intentionally running over pedestrians.

So apparently our debate took wrong turn and that wasn't entirely my fault although I will take some of the blame.

I agree that Zoom's intent (and even more so their methods) is icky. So perhaps we should have focused on that, because I can understand the reasoning that this makes Apple's actions look far more justified than I initially thought.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact