All of them are selling exploits or surveillance malware
Is that legal? It's being an accomplice of the wrongdoing, those companies shouldn't be allowed to avoid responsibilities.
Spyware vendor Cytrox sold zero-day exploits to government-backed snoops who used them to deploy the firm's Predator spyware in at least three campaigns in 2021, according to Google's Threat Analysis Group (TAG). The Predator campaigns relied on four vulnerabilities in Chrome (CVE-2021-37973, CVE-2021-37976, CVE-2021-38000 and …
Is it legal? I think the answer is "that really depends". Are Cytrox doing anything illegal by packaging and selling the exploit? That depends on the jurisdiction, but chances are it isn't illegal in North Macedonia where they are based. Are the users of this software doing something illegal? Definitely if they do it in the EU, UK, or North America, but most of the customers appeared to be governments who are probably doing it to their own citizens in their own countries.
Is it ethical? No.
> Are the users of this software doing something illegal? Definitely if they do it in the EU, UK, or North America
Not in Spain, where even the ombudsman (Defensor del pueblo) says that the Pegasus spying affair against Catalan politic and social leaders is completely legal according to secret court papers he could see but which can't be made public. Although not helping that the said ombudsman is the former runner for the Madrid regional office and, after losing for the Nth time, was appointed on its current position by the PM and party colleague
As long as this software remains useful for those in power, it will be legal. The problem is this will always be useful to them.
Oh crud, how do I reanchor this post under Paul's answer where I was supposed to reply?