It's just about making a choice of which spy agency is going to get your data. NSA for western companies, KGB-or-whatever for Russian ones. If you live in the West, it may be worth considering both options.
Do you have some facts or reasonable suspicions about western AV companies collaborating with NSA? What I’ve heard they aren’t collaborating, NSA is researching AV vulnerabilities just like bad guys do.
Besides, Russia considers themselves at the state of “hybrid war” against the whole world. It sounds insane but apparently that’s what their government believes, and that’s what their propaganda broadcasts. That’s why an AV product made by a Russian state controlled company carries some unique risks.
Since mid-December, a high-ranking Kaspersky manager, Ruslan Stoyanov, is in jail for high treason.
Do you know what kind of deal KGB wants from him?
I don’t.
There are rumors that he's in jail for association with "Shaltai Boltai" hacker group, which published emails of D.Medvedev. Same for FSB officer, who supposedly worked with Stoyanov.
I’ve heard other rumors. I’ve heard he’s in jail because he failed to secure their systems from Ukrainian hackers and 1GB of confidential data was leaked: https://en.wikipedia.org/wiki/Surkov_leaks
But just hearing rumors doesn’t mean we know anything.
> “the fact” and “probably” are mutually exclusive.
I don't see how; statements about probability can be factual and we have plenty of evidence that Google, Microsoft, and US telcos do; why should AV vendors be different?
As far as companies usually following the letter of the law... do they? What makes you so sure?
In natural science or in medicine you can estimate that probability (because control groups, multiple experiments, statistical methods, etc). In such context, a statement about probability can indeed be factual.
In general conversation or in legal context they can’t. If you have facts, there’s no “probably” because you know for sure. And if you don’t, it can be you belief, or your personal opinion, but not a fact.
> do they? What makes you so sure?
Over my career, I’ve worked in several US software companies. Lately, I’m working with various US companies as a contractor.
Multiple times a company put a lot of efforts and money to comply with the law: we redesigned our products, moved across states, trained employees to comply with various regulations, and so on. Having friends in the industry with similar observations, I conclude such things happen all the time.
Well, what I’ve seen with my own eyes during 17 years in the industry is much more believable than the BS about evil corporations that (mostly liberal) media wants me to believe.
That’s no evidence. That’s what makes me so sure.
Speaking of which, what makes you so sure plenty of US companies are breaking the law?
And, yes, there are certainly lots of compliance programs out there, but I'd argue those have more to do with avoiding enforcement action than necessarily adhering to the law. I'd guess Wells Fargo (Wachovia at the time) had a compliance department while they were laundering money for drug cartels and yet it still happened.
I find it eminently believable that many or even most US companies would comply with an illegal request from US intelligence agencies.
There are 6 million companies operating in US, employing 115 million people. If the majority of them were breaking the law, you’d knew about that not just from the media but also from some of those 115 million people who happen to be your friends and family.
> I find it eminently believable that many or even most US companies would comply with an illegal request
I don’t find it believable because I don’t see motivation for such compliance.
In an authoritarian state, a government can abruptly take away your business (https://en.wikipedia.org/wiki/Euroset) and optionally throw you in jail for 10 years (https://en.wikipedia.org/wiki/Yukos) if you don’t comply, and you can’t do anything against it. That’s a strong motivation to comply. I don’t see such motivation for western companies.
If your argument is "anecdotal evidence is much better than reported, sourced news" then I have to disagree, regardless of what the TED talk says. The examples are some of the biggest and most prestigious companies in the country and I'm gonna guess most of the low-level schmucks like me and my friends and family aren't in on the huge, illegal operations.
My argument is, you should distinguish two majorities, the majority of media-reported incidents, and the majority of some real-life things.
Those two are very different. If you don’t distinguish between them, you’ll come to absurd conclusions like “the majority of US drivers are drunk”, “vast majority of US citizens voted for Hillary”, or “the majority of US companies are breaking the law”.
> of the biggest and most prestigious companies in the country
The total number of financial crime cases in 2011 was around 10000. Even if we assume each case was against different company (that gives us upper estimate), that’s merely 0.17% of the US companies who were charged with financial crimes in 2011.
As you see, real data is pretty close to my anecdotal evidence.
A state controlled entity in authoritarian country is another story.