Comment by brookst

Have you worked in software? This is a complex, multi-application system with IPC. Most of the people implementing it probably had no idea what the partner applications were, let alone the business intent.

Nobody sits down with a mid-level developer and says “we need your native app to receive webrtc connections that will be used to send app-layer telemetry that circumvents privacy protections”. The requirement is just to receive events and log them. And odds are there were all sorts of harmless events as well.

At the level where people had a holistic view of the system and intent, sure, throw them in jail. I’d guess that’s about 1% of the people who designed, implemented, tested, documented this code.