You can choose between a rich murderous dictator and an arrogant IT company that does not give you a proper credit. Either way you are screwed as a security researcher :(

Uh, if your consideration is purely what happens to you, sure. If you have any thought in your mind about what will happen to other people due to your work, then it's nowhere near the same.

Trillion dollar companies are people under the US constitution and they don't seem to care about that so why should everyday citizens?

Because if everyday citizens care the policies will change.

If that was the solution to surveillance capitalism, Apple wouldn't be the biggest company in the world.

There is a really simple solution to this. Just not put your time in analyzing software from Apple. There is other software you could analyze. Just go to a walk or count your toes. Everything makes more sense then searching security bugs in Apple software when you care about moral.

People worried about the morality aspect could sell the exploit, donate the money and report the issue to the manufacturer anyways.

I don't think Zerodium payouts are lump sum... I believe they are staggered in order to mitigate against this stuff.

So far as I know, essentially all grey market vulnerability sales are tranched, which is an important consideration when comparing bounty payouts to the grey market.

What makes you think the seller’s donation is going to counterbalance the harm of his now-weaponized exploit?

The report to the manufacturer with the remark that there is a existing weaponized exploit will lead to a much faster fix. And why you are so sure that there was no weaponized exploit out there before?

So you are okay with submitting the exploit on a silver platter to people who murder dissidents because “you can’t be so sure that there wasn’t an existing weaponized exploit”?

They sell them to the IC.