Comment by woodruffw
2 years ago
The point is that it's incorrect to think of the US (or any other country's) IC as a force of nature, blasting out 0days to random civilians just for kicks. These things are expensive, very expensive, and are carefully orchestrated. They don't look anything like the average civilian's security breach, which is somewhere between "accidentally leaked their own password" and "TSA asks you to unlock your phone."
Neither is it correct to believe the myth of careful orchestration with only rational institutional goals and deep care about other people's money (though again, develop/use are different "these things")