No idea what's happening here, but the First Rule Of Major Bug Bounty Programs is that everybody involved on the vendor side is actively incentivized to pay out. In many cases, there are people whose internal metrics depend on payouts. Payouts are causes for celebration in these programs. Microsoft is almost certainly[†] not trying to save money by screwing over bounty claimants.
This might not be true of small companies (and is a reason why small companies shouldn't run bug bounty programs), but it is definitely true of FAANG/MAG7-scale companies.
This doesn't mean these bounty programs err on the side of paying out, or that they won't routinely make decisions that will piss you off. It does however work against claims that they're withholding payouts vindictively.
[†] Only hedging because it's been a minute since I've talked to anyone at Microsoft.
To corroborate, working in bug bounty triage, I never saw any evidence of reluctance to pay out.† The worst company-side behavior I observed was asking researchers to "please stay away from X" in their proof-of-concepts and then making higher payouts to researchers who ignored that instruction (because, after all, the demonstrated risk was higher!).
On the other side of things, I saw one major program pay out at an inappropriately high tier, over and over again, because a long time ago the researcher had successfully argued that his garden-variety XSS exploit could be used to generate an effect that was listed at a higher payout rate, and then he made sure that whenever he found an XSS, he included a proof-of-concept generating that same effect. Other researchers reporting XSS got the listed XSS rate.
† Actually, I can think of one time. Someone achieved the holy grail and installed a webshell on a company server, which under current guidelines would have been worth more than $10k. However, they didn't uninstall the webshell. They just filed their report and left it up. This enraged the head of the program, who commented specifically that he didn't want to pay out a bounty because of it. I don't recall whether a bounty was ultimately paid or not.
It all started because the bureaucracy refused to even consider Bluehammer when they couldn't cajole the reporter into providing video footage.
And then to double down and ban accounts because you'd rather not fix the bureaucracy is
really just a bad look. I'm not quite sure why MS is getting the benefit of the doubt from you.
They're not. These programs make decisions I wouldn't make all the time (though for reasons more complicated than message board discussions capture). I'm making a much narrower claim than you think I am.
Not to mention all the startups being founded right now. Sure, github's still the default, and maybe you can still monetize stars or something, but it's also a clown show from an availability, feature roadmap and company policy perspective.
Is it really fiscally responsible to tie your company's future to that?
I wonder if anyone tracks metrics for this stuff. Percentage of stuff with a repo there is probably still high, but what's happening with stuff like github actions, and are devs directly pushing to github, or are they just mirroring an internal / other provider's git repo to it?
Ever considered these aren't the full set of exploits the researcher discovered? Or that he can find more since he found these? If I found a bunch, I'd certainly withhold a few as insurance.
What's the backstory on this researcher? They seem to have a personal vendetta against Microsoft and thus releasing zero days that he found with the help of AI?
Seems like the gold rush period is over for bounty hunters and its more about who has access to hardware/token capital.
The researcher's own statements note that the zero days were not found with AI.
And honestly I think that's the part that Microsoft is most upset about, because every internal partner conversation I've had has been about needing to buy Security Copilot because all the advanced attacks are coming from AI, and just suggesting vulnerabilities existed before AI seems to make salespeople uncomfortable continuing the conversation.
> They seem to have a personal vendetta against Microsoft
Probably because they were forced to use MS-DOS when so many better options were killed off by Microsoft's monopolistic and anti-consumer underhanded business tactics...
I always found it weird to ship a BASIC interpreter that didn't have specialised commands (unless you count POKE) to access the graphics and sound capabilities of a computer like the C64. Some computers of the same era had vastly superior BASICs (such as Sinclair BASIC).
It sounds like they're pissed because they produced a large number of high-value exploits, sent them to MS, were treated like crap, and then MS refused to honor their own published bounties:
> But to save money, Microsoft fired the skilled people, leaving flowchart followers. I wouldn't be surprised if Microsoft closed the case after the reporter refused to submit a video of the exploit, since that's apparently an MSRC requirement now."
If I spent years learning your system, then gift wrapped zero-days that are devastating at multiple levels of your stack for you, and the response was flow chart tech support with a "buy a webcam" cherry on top, I'd be pretty pissed too. The bounties for these (which apparently work, since they're under active exploitation) add up to mid six figures, and, apparently, there's a pile of additional ones in the wings.
Bug bounties are already exploitative (they pay 10x higher wages to people that write the bugs than the people that find them, and finding them is generally much harder).
Breaking trust by refusing to pay up when the issues are filed through official channels is unprofessional and sleazy.
If this researcher actually had a vendetta, I'd expect them to just sell the remaining zero-days to the highest bidder.
Which, if any of the exploits require anything that isn't on-screen (USB or other HID, key combination), requires a reboot, or anything done before Windows has fully booted, means one must have an external camera
Doesn't sound like it for these exploits specifically (except Yellow Key), but I could be wrong, and again: that's just for these exploits specifically
> If this researcher actually had a vendetta, I'd expect them to just sell the remaining zero-days to the highest bidder.
How do we know they didn't? It's called zero-day because Microsoft wasn't aware of the exploits until today. It doesn't mean that no other parties have known about them.
More loosely, the fact that they deem this to be an appropriate action when it comes to their own interests would seem to condemn them if they refuse to take it when it comes to others’ interests, particularly those with whom it has a relationship of trust in any capacity.
This often seems to be the case for the most expert researchers, all a bit quirky. Anyone remember SandboxEscaper? I think they are deceased now but they were dropping Windows 0 days left and right. That person was quite a character. It's hard to describe it without potentially incurring the wrath of someone here but those who know, know.
I don't think you should insert any number of insults into summaries of what other people said. It serves no purpose other than degrading the quality of discussion. If someone posted this comment:
> Satya Nadella says as much as 30% of Microsoft code is written by AI. More like Microslop, haha!
we'd all recognize that the last sentence is pointless name-calling (and thus violates the HN guidelines). But by interleaving the insult, it's easy to trick oneself into thinking that it's meaningful commentary. The quality of HN as a discussion forum requires holding ourselves to a higher standard than that.
> I think you're going down a bad route when you start inserting gratuitous insults into your summaries of what other people said.
I'm certain that the multi-trillion dollar company with a history of antisocial and anti-consumer behavior will survive some petty insults.
Though, if people who control purchasing (and/or regulatory) power tend to link increasing use of LLMs and layoffs because "AI means we don't need all those programmers and managers" to substantial and ongoing reductions in quality of the company's software and services, the discussions customers have with MSFT salesfolk may cause the company to "change course", as it were. Intermittent grassroots petty insults are one way to keep folks reminded of the stuff that CEOs and salesfolks would rather you forget.
If they're using the "write lots of mediocore code faster" approach to AI and not the "write better code more slowly" approach, this is a security nightmare.
Is there any public word from Microsoft about what is going on here? Why would both Microsoft and Gitlab ban the user? I thought both platforms allowed hosting exploits and security research as long as everything is clearly marked up-front, I'm guessing some rules were broken?
Usually, when intentional backdoors like that get found and fixed, the 'someone else' stays silent. Otherwise, they provide proof that they've been planting backdoors, and that's much worse than having a hole plugged.
To get an idea of how this stuff usually works, start with the Simple Sabotage field manual:
If a government agency wanted to sweep this under the rug, don’t you think they’d just pay the bounties for the guy instead of giving him more ammunition for his crusade?
I think it’s more likely that the guy is just being as abusive to these services as the quotes in the article where he’s talking about crushing their bones
I know quite a few extremely skilled people who aren't employed in a technical field. Usually it's some combination of not working well with others, lack of formal credentials and the means to acquire them, or a criminal record. Government work also means you have to be morally okay with what the government does (or willfully ignorant), able to pass a background check, and be willing to go through the security clearance process.
"People with skills" just don't care for corporate or government bullshit. You may know them as "not being employed in a technical field", but it's just because you got filtered out.
It doesnt really matter. Banning someone GitHub account change literally nothing and its another proof Microsoft is not to be trusted as steward of open source platform.
Is this sarcasm? Or are you saying that the onus of providing proof is not on the those making the claim, but instead that the onus of proof is on those who did not make the claim?
Are there any copies of what he supposedly posted? I have a hard time believing someone posted groundbreaking exploits to two separate Git websites and not a single person cloned them.
I also think it’s funny that people are alleging .gov conspiracies that end in a publicly hosted “blocked user” page instead of just 404-ing or something.
Forks are still alive on github, so it seems unlikely microsoft did this to suppress the code. Unless they are wildly incompetent, which I don't want to outright reject as a possibility.
Unfortunately I don't think there is any way to see a list of all the forks now that the main repo is dead, but you can search the phrase "A huge thanks to MORSE, MSTIC and Microsoft GHOST for making this public disclosure possible" to find more copies.
User also got themselves banned from Gitlab, an unrelated company. Their quotes in the article are threatening violence and destruction toward Microsoft.
I don’t know what’s going on, but given that they’re getting banned from multiple unrelated organizations and threatening to “crush their bones” and such, I suspect this is probably just a regular old case of someone being abusive and unhinged, getting banned because of it, and then claiming conspiracy.
What, exactly, did this person post to GitHub and/or Gitlab that got them banned? We should all know by now that any exploits posted to GitHub are cloned and forked everywhere immediately. Why are these articles so vague about what was posted?
Also, these conspiracy theories that the NSA or other .gov is forcing this are quite ridiculous, as it would be infinitely easier for them to just hand the guy a pile of money than to Streisand effect it with a visibly unhinged guy talking about dead man’s switches and crushing bones.
Before we go down the road of analyzing someone's reaction, we should first analyze what they're reacting to: How much money did microsoft bilk this person out of? What is a reasonable reaction to someone taking that much money out of your paycheck?
Lol, they ban a security researcher from Github for embarassing them, but massgrave's Microsoft Activation Scripts isn't just still on Github but verified?
Microsoft hasn’t particuarly cared about consumers pirating Windows for more than a decade. I’m pretty sure they make close to 0 money off Windows licensing to consumers.
> Although about 3 million computers get sold every year in China, people don't pay for the software. Someday they will, though," Gates told an audience at the University of Washington. "And as long as they're going to steal it, we want them to steal ours. They'll get sort of addicted, and then we'll somehow figure out how to collect sometime in the next decade.
Microsoft's attitude has always been if someone is going to pirate an OS, they'd rather that be Windows than a competitor's platform.
No idea what's happening here, but the First Rule Of Major Bug Bounty Programs is that everybody involved on the vendor side is actively incentivized to pay out. In many cases, there are people whose internal metrics depend on payouts. Payouts are causes for celebration in these programs. Microsoft is almost certainly[†] not trying to save money by screwing over bounty claimants.
This might not be true of small companies (and is a reason why small companies shouldn't run bug bounty programs), but it is definitely true of FAANG/MAG7-scale companies.
This doesn't mean these bounty programs err on the side of paying out, or that they won't routinely make decisions that will piss you off. It does however work against claims that they're withholding payouts vindictively.
[†] Only hedging because it's been a minute since I've talked to anyone at Microsoft.
To corroborate, working in bug bounty triage, I never saw any evidence of reluctance to pay out.† The worst company-side behavior I observed was asking researchers to "please stay away from X" in their proof-of-concepts and then making higher payouts to researchers who ignored that instruction (because, after all, the demonstrated risk was higher!).
On the other side of things, I saw one major program pay out at an inappropriately high tier, over and over again, because a long time ago the researcher had successfully argued that his garden-variety XSS exploit could be used to generate an effect that was listed at a higher payout rate, and then he made sure that whenever he found an XSS, he included a proof-of-concept generating that same effect. Other researchers reporting XSS got the listed XSS rate.
† Actually, I can think of one time. Someone achieved the holy grail and installed a webshell on a company server, which under current guidelines would have been worth more than $10k. However, they didn't uninstall the webshell. They just filed their report and left it up. This enraged the head of the program, who commented specifically that he didn't want to pay out a bounty because of it. I don't recall whether a bounty was ultimately paid or not.
It all started because the bureaucracy refused to even consider Bluehammer when they couldn't cajole the reporter into providing video footage.
And then to double down and ban accounts because you'd rather not fix the bureaucracy is really just a bad look. I'm not quite sure why MS is getting the benefit of the doubt from you.
They're not. These programs make decisions I wouldn't make all the time (though for reasons more complicated than message board discussions capture). I'm making a much narrower claim than you think I am.
I can’t help but feel Microsoft will regret this.
Guy finds zero days and gets no compensation. Instead gets banned.
Guy sells zero days elsewhere.
Not to mention all the other people who find 0-days. Reputation matters a lot.
Yep, and its a really small world out there.
If researchers stop believing MS will treat them fairly it's bad news for the entire security industry.
Not to mention all the startups being founded right now. Sure, github's still the default, and maybe you can still monetize stars or something, but it's also a clown show from an availability, feature roadmap and company policy perspective.
Is it really fiscally responsible to tie your company's future to that?
I wonder if anyone tracks metrics for this stuff. Percentage of stuff with a repo there is probably still high, but what's happening with stuff like github actions, and are devs directly pushing to github, or are they just mirroring an internal / other provider's git repo to it?
But the story is supposedly about him posting the zero-day exploits, not selling them. It’s in the title.
He also got banned from Gitlab, which isn’t related to Microsoft at all.
Ever considered these aren't the full set of exploits the researcher discovered? Or that he can find more since he found these? If I found a bunch, I'd certainly withhold a few as insurance.
He's claimed that he has more as well. He seems to have a personal vendetta against Microsoft going by his blog, said nothing will be released in June but will in July: https://deadeclipse666.blogspot.com/2026/05/july-14th.html
What's the backstory on this researcher? They seem to have a personal vendetta against Microsoft and thus releasing zero days that he found with the help of AI?
Seems like the gold rush period is over for bounty hunters and its more about who has access to hardware/token capital.
The researcher's own statements note that the zero days were not found with AI.
And honestly I think that's the part that Microsoft is most upset about, because every internal partner conversation I've had has been about needing to buy Security Copilot because all the advanced attacks are coming from AI, and just suggesting vulnerabilities existed before AI seems to make salespeople uncomfortable continuing the conversation.
> They seem to have a personal vendetta against Microsoft
Probably because they were forced to use MS-DOS when so many better options were killed off by Microsoft's monopolistic and anti-consumer underhanded business tactics...
I might be projecting.
I was forced to use ms basic on my c64. Never forgive, never forget.
I always found it weird to ship a BASIC interpreter that didn't have specialised commands (unless you count POKE) to access the graphics and sound capabilities of a computer like the C64. Some computers of the same era had vastly superior BASICs (such as Sinclair BASIC).
What were the "so many better options" during that period? Have we found the only remaining CP/M fan?
a bit later, but not much: OS/2
It sounds like they're pissed because they produced a large number of high-value exploits, sent them to MS, were treated like crap, and then MS refused to honor their own published bounties:
> But to save money, Microsoft fired the skilled people, leaving flowchart followers. I wouldn't be surprised if Microsoft closed the case after the reporter refused to submit a video of the exploit, since that's apparently an MSRC requirement now."
If I spent years learning your system, then gift wrapped zero-days that are devastating at multiple levels of your stack for you, and the response was flow chart tech support with a "buy a webcam" cherry on top, I'd be pretty pissed too. The bounties for these (which apparently work, since they're under active exploitation) add up to mid six figures, and, apparently, there's a pile of additional ones in the wings.
Bug bounties are already exploitative (they pay 10x higher wages to people that write the bugs than the people that find them, and finding them is generally much harder).
Breaking trust by refusing to pay up when the issues are filed through official channels is unprofessional and sleazy.
If this researcher actually had a vendetta, I'd expect them to just sell the remaining zero-days to the highest bidder.
> If this researcher actually had a vendetta, I'd expect them to just sell the remaining zero-days to the highest bidder.
selling to the highest bidder doesn’t generate headlines though.
> and the response was flow chart tech support with a "buy a webcam" cherry on top
I feel safe in saying that they don't want a video of you at your keyboard typing stuff. An exploit video is a recording of your screen, not of you.
Which, if any of the exploits require anything that isn't on-screen (USB or other HID, key combination), requires a reboot, or anything done before Windows has fully booted, means one must have an external camera
Doesn't sound like it for these exploits specifically (except Yellow Key), but I could be wrong, and again: that's just for these exploits specifically
> If this researcher actually had a vendetta, I'd expect them to just sell the remaining zero-days to the highest bidder.
How do we know they didn't? It's called zero-day because Microsoft wasn't aware of the exploits until today. It doesn't mean that no other parties have known about them.
We're witnessing the industrialization of intelligence.
Has Microsoft just created an editorial responsibility for itself to remove zero days from GitHub?
If my software winds up with a zero day on GitHub, will Microsoft nuke that account, too?
Why would taking this action have any implication for responsibility to take future actions against other accounts?
Legally? I don’t know.
More loosely, the fact that they deem this to be an appropriate action when it comes to their own interests would seem to condemn them if they refuse to take it when it comes to others’ interests, particularly those with whom it has a relationship of trust in any capacity.
Outside of legally, I’m not aware of any framework where “creates an editorial responsibly” makes sense.
Even beyond that… most business relationships wouldn’t involve an expectation that Microsoft does things for other entities that it does for itself.
Researcher seems a bit unhinged.
That may go with the task of looking for low-level security holes.
Or being forced into homelessness by Microsoft
Takes a certain kind of crazy to pay your bills with bug bounties.
sanity isn't his job
This often seems to be the case for the most expert researchers, all a bit quirky. Anyone remember SandboxEscaper? I think they are deceased now but they were dropping Windows 0 days left and right. That person was quite a character. It's hard to describe it without potentially incurring the wrath of someone here but those who know, know.
SandboxEscaper is still alive, but yeah, Eclipse's prolific vuln dropping reminds me of her.
Passed away? What evidence do you have around that statement?
This the same person? https://www.patreon.com/SandboxEscaper
ahh, the "what was she wearing" comment.
ahh, the false analogy comment.
Also recently:
Satya Nadella says as much as 30% of Microslop code is written by AI:
https://www.cnbc.com/2025/04/29/satya-nadella-says-as-much-a...
“Recently” this was a year ago - it’s probably more like 95% now
I think you're going down a bad route when you start inserting gratuitous insults into your summaries of what other people said.
I disagree with policing someone elses language like this in the first place, but it's only one insult and it's just "Microslop".
I don't think you should insert any number of insults into summaries of what other people said. It serves no purpose other than degrading the quality of discussion. If someone posted this comment:
> Satya Nadella says as much as 30% of Microsoft code is written by AI. More like Microslop, haha!
we'd all recognize that the last sentence is pointless name-calling (and thus violates the HN guidelines). But by interleaving the insult, it's easy to trick oneself into thinking that it's meaningful commentary. The quality of HN as a discussion forum requires holding ourselves to a higher standard than that.
It isn't name calling its a fact. Their software was and now increasingly F grade quality. Microslop.
> I think you're going down a bad route when you start inserting gratuitous insults into your summaries of what other people said.
I'm certain that the multi-trillion dollar company with a history of antisocial and anti-consumer behavior will survive some petty insults.
Though, if people who control purchasing (and/or regulatory) power tend to link increasing use of LLMs and layoffs because "AI means we don't need all those programmers and managers" to substantial and ongoing reductions in quality of the company's software and services, the discussions customers have with MSFT salesfolk may cause the company to "change course", as it were. Intermittent grassroots petty insults are one way to keep folks reminded of the stuff that CEOs and salesfolks would rather you forget.
If they're using the "write lots of mediocore code faster" approach to AI and not the "write better code more slowly" approach, this is a security nightmare.
Is there any public word from Microsoft about what is going on here? Why would both Microsoft and Gitlab ban the user? I thought both platforms allowed hosting exploits and security research as long as everything is clearly marked up-front, I'm guessing some rules were broken?
Well if it’s a full disk encryption exploit that still requires hardware access I imagine it would have been made for a 3-letter govt org or something
The fde encryption exploit is only for volumes that auto decrypt anyway. So it's a know (accepted) that the model doesn't really try to avoid.
You guys need to stop reaching for conspiracy
Which is all of them that don't require a pin (rare).
The flaw was rumored to have been an intentional backdoor placed at the behest of a dot gov. The ban may also have been at someone else's order.
Usually, when intentional backdoors like that get found and fixed, the 'someone else' stays silent. Otherwise, they provide proof that they've been planting backdoors, and that's much worse than having a hole plugged.
To get an idea of how this stuff usually works, start with the Simple Sabotage field manual:
https://ia601309.us.archive.org/14/items/Simplesabotage/Simp...
If a government agency wanted to sweep this under the rug, don’t you think they’d just pay the bounties for the guy instead of giving him more ammunition for his crusade?
I think it’s more likely that the guy is just being as abusive to these services as the quotes in the article where he’s talking about crushing their bones
Shoot the messenger. That’ll fix it.
Very important info: https://www.theregister.com/security/2026/05/28/microsoft-0-...
In the linked Microsoft blog post, they say :
> The details of these vulnerabilities were not shared with Microsoft prior to release, and the disclosures put our customers at unnecessary risk.
So are they lying ? Why would Nightmare-Eclipse not report them if they are not ?
It's a very weird situation
Surely, the public string of exploits means he can find gainful employment from any of the various spooks?
I know quite a few extremely skilled people who aren't employed in a technical field. Usually it's some combination of not working well with others, lack of formal credentials and the means to acquire them, or a criminal record. Government work also means you have to be morally okay with what the government does (or willfully ignorant), able to pass a background check, and be willing to go through the security clearance process.
People with skills/means don't want to live in the cheap city/suburb where they have offices. Work from home obviously isn't a thing.
"People with skills" just don't care for corporate or government bullshit. You may know them as "not being employed in a technical field", but it's just because you got filtered out.
The optics don't look good for Microsoft, but we don't know their side of the story.
It doesnt really matter. Banning someone GitHub account change literally nothing and its another proof Microsoft is not to be trusted as steward of open source platform.
Worse, cant be trusted to have secure products.
> forcing them to pack up and move shop to GitLab instead.
https://gitlab.com/nightmare-eclipse
Blocked user @nightmare-eclipse
Looks like they’re banned on GitLab as as well?
I suspect MS threatened them with a SmartScreen blackhole for the domain, I'm not surprised they pulled it.
I don’t like the idea Microsoft can bully other websites into blocking content they don’t like.
Do we have any evidence they did that other than the comment you replied to speculating?
Yes they definitely did that. Find evidence to the contrary.
Is this sarcasm? Or are you saying that the onus of providing proof is not on the those making the claim, but instead that the onus of proof is on those who did not make the claim?
Are there any copies of what he supposedly posted? I have a hard time believing someone posted groundbreaking exploits to two separate Git websites and not a single person cloned them.
I also think it’s funny that people are alleging .gov conspiracies that end in a publicly hosted “blocked user” page instead of just 404-ing or something.
Forks are still alive on github, so it seems unlikely microsoft did this to suppress the code. Unless they are wildly incompetent, which I don't want to outright reject as a possibility.
https://github.com/xiaoji235/bitlocker-bypass-tool-for-winre
Unfortunately I don't think there is any way to see a list of all the forks now that the main repo is dead, but you can search the phrase "A huge thanks to MORSE, MSTIC and Microsoft GHOST for making this public disclosure possible" to find more copies.
User also got themselves banned from Gitlab, an unrelated company. Their quotes in the article are threatening violence and destruction toward Microsoft.
I don’t know what’s going on, but given that they’re getting banned from multiple unrelated organizations and threatening to “crush their bones” and such, I suspect this is probably just a regular old case of someone being abusive and unhinged, getting banned because of it, and then claiming conspiracy.
What, exactly, did this person post to GitHub and/or Gitlab that got them banned? We should all know by now that any exploits posted to GitHub are cloned and forked everywhere immediately. Why are these articles so vague about what was posted?
Also, these conspiracy theories that the NSA or other .gov is forcing this are quite ridiculous, as it would be infinitely easier for them to just hand the guy a pile of money than to Streisand effect it with a visibly unhinged guy talking about dead man’s switches and crushing bones.
Before we go down the road of analyzing someone's reaction, we should first analyze what they're reacting to: How much money did microsoft bilk this person out of? What is a reasonable reaction to someone taking that much money out of your paycheck?
Amidst abysmal uptime, Ghostty leaving and now this, GitHub is accelerating their own downfall.
Looks like Microslop will have a happy Bastille day. Getting popcorn.
Related:
Microsoft's stance on zero day exploits is a dumpster fire of their own making
https://news.ycombinator.com/item?id=48313038
A perfect storm of GitHub's own self-destruction and downfall all done by themselves.
Microsoft is playing with fire against a researcher that has a track record of finding 0 days out of thin air. Quite a dumb thing to do.
This researcher should instead pivot to crypto smart contract bounties instead. A much larger payout there instead of compaines like Microsoft.
The NSA isn't even subtle anymore jeez.
Lol, they ban a security researcher from Github for embarassing them, but massgrave's Microsoft Activation Scripts isn't just still on Github but verified?
Make it make sense, Microsoft.
Microsoft hasn’t particuarly cared about consumers pirating Windows for more than a decade. I’m pretty sure they make close to 0 money off Windows licensing to consumers.
A quote from Billy G comes to mind
> Although about 3 million computers get sold every year in China, people don't pay for the software. Someday they will, though," Gates told an audience at the University of Washington. "And as long as they're going to steal it, we want them to steal ours. They'll get sort of addicted, and then we'll somehow figure out how to collect sometime in the next decade.
Microsoft's attitude has always been if someone is going to pirate an OS, they'd rather that be Windows than a competitor's platform.
Pirating windows keeps you in the ecosystem so they can sell ads/games/365/cloud etc.
This is such a bad idea and what the point anyway? Once 0-day is out its out.
Almost like trying to censor leakef HDCP key.
Basic conflict of interest stuff
MS owns GH. It's tonedeaf and criminal