Cybersecurity dilemma
The deeper you look into large organizations, the harder it becomes to find completely clean hands.
> A cybersecurity company may secure hospitals while simultaneously selling services to black listed contractors.
> A cloud provider may host ONG while also providing infrastructure to governments engaged in controversial military operations.
> A software vendor may contribute to privacy tools while complying with surveillance requests in certain jurisdictions.
Deep dive, and you'll almost always end up finding a contract, a partnership, an investment, a connection to a government or the military that, in one way or another, contributes to the degradation of something else, including human life.
But responsibility does not disappear simply because a system is large, because orders come from above, or because someone has grown accustomed to a situation. If a person understands what is happening and continues to contribute to it, then they share some degree of responsibility for the outcome.
The question is not “Did I personally write a dangerous software?” but “Am I helping to sustain the institution that does so?” If the answer is yes, then there is liability, even if the contribution is indirect.
These days, many ethical disputes do not center on the existence of harm itself, but on whether individuals are willing to acknowledge their role in it and decide to put an end to it, regardless of the sacrifices involved.
@UnpackReports
The deeper you look into large organizations, the harder it becomes to find completely clean hands.
> A cybersecurity company may secure hospitals while simultaneously selling services to black listed contractors.
> A cloud provider may host ONG while also providing infrastructure to governments engaged in controversial military operations.
> A software vendor may contribute to privacy tools while complying with surveillance requests in certain jurisdictions.
Deep dive, and you'll almost always end up finding a contract, a partnership, an investment, a connection to a government or the military that, in one way or another, contributes to the degradation of something else, including human life.
But responsibility does not disappear simply because a system is large, because orders come from above, or because someone has grown accustomed to a situation. If a person understands what is happening and continues to contribute to it, then they share some degree of responsibility for the outcome.
The question is not “Did I personally write a dangerous software?” but “Am I helping to sustain the institution that does so?” If the answer is yes, then there is liability, even if the contribution is indirect.
These days, many ethical disputes do not center on the existence of harm itself, but on whether individuals are willing to acknowledge their role in it and decide to put an end to it, regardless of the sacrifices involved.
@UnpackReports
Microsoft vs. Rufus
In 2021, Microsoft introduced strict Windows 11 requirements, including TPM 2.0, Secure Boot, supported CPUs, and later a stronger push toward Microsoft account sign-ins during installation.
Rufus, a free and open-source tool, responded by adding options that remove many of these checks when creating Windows 11 installation media.
When Microsoft said a device was "not compatible," many users understood that to mean Windows 11 could not run on their hardware. In reality, it meant the device did not meet Microsoft's supported baseline.
Their justification was security. Features such as TPM 2.0, Secure Boot, BitLocker, Credential Guard, and virtualization-based protections are "intended" to provide a stronger security baseline across all Windows 11 devices.
Rufus did not make old hardware compatible with Windows 11. It simply bypassed the installer checks that enforce Microsoft's requirements. The widespread success on unsupported hardware demonstrated that many of the restrictions were policy decisions enforced by the installer rather than technical limitations of the operating system itself.
TPM 2.0 is a key example. Combined with technologies such as BitLocker, Platform Configuration Register (PCR) measurements, remote attestation, and Microsoft's broader security ecosystem, TPM enables a device to cryptographically prove aspects of its identity and configuration.
If BitLocker detects significant changes to a system's boot environment, such as firmware updates, altered boot settings, or changes to storage configuration, it may require a 48-digit recovery key. For users who store that key in a Microsoft account, recovery becomes tied to their Microsoft's identity – now tied to a chip as long it exists.
The controversy deepened in 2026 when Rufus developers reported that Microsoft's servers had begun disrupting downloads of Windows Insider ISOs through Fido, a script included with Rufus that retrieves Windows images directly from Microsoft's servers. Some users even reported temporary IP blocks.
@UnpackReports
In 2021, Microsoft introduced strict Windows 11 requirements, including TPM 2.0, Secure Boot, supported CPUs, and later a stronger push toward Microsoft account sign-ins during installation.
Rufus, a free and open-source tool, responded by adding options that remove many of these checks when creating Windows 11 installation media.
When Microsoft said a device was "not compatible," many users understood that to mean Windows 11 could not run on their hardware. In reality, it meant the device did not meet Microsoft's supported baseline.
Their justification was security. Features such as TPM 2.0, Secure Boot, BitLocker, Credential Guard, and virtualization-based protections are "intended" to provide a stronger security baseline across all Windows 11 devices.
Rufus did not make old hardware compatible with Windows 11. It simply bypassed the installer checks that enforce Microsoft's requirements. The widespread success on unsupported hardware demonstrated that many of the restrictions were policy decisions enforced by the installer rather than technical limitations of the operating system itself.
TPM 2.0 is a key example. Combined with technologies such as BitLocker, Platform Configuration Register (PCR) measurements, remote attestation, and Microsoft's broader security ecosystem, TPM enables a device to cryptographically prove aspects of its identity and configuration.
If BitLocker detects significant changes to a system's boot environment, such as firmware updates, altered boot settings, or changes to storage configuration, it may require a 48-digit recovery key. For users who store that key in a Microsoft account, recovery becomes tied to their Microsoft's identity – now tied to a chip as long it exists.
The controversy deepened in 2026 when Rufus developers reported that Microsoft's servers had begun disrupting downloads of Windows Insider ISOs through Fido, a script included with Rufus that retrieves Windows images directly from Microsoft's servers. Some users even reported temporary IP blocks.
@UnpackReports
Your legacy won’t be your laws. It will be the graves you stepped over to keep your donors happy.