In the last category the most prominent is circumventing local internet restrictions.
You didn't really ask about the following, but I think it's interesting: at least that's what our customers tell us their use is. As we haven't (yet) launched hosted service, and currently don't track usage analytics, we don't actually know for certain if these uses are legit, but they seems so.
That's paying customers. I estimate around 250% more people are using it "black", so either ripped off the source code before we went open source (there were a few hacks that seemed like they might have been breaches that could have accessed source code), or just using it unlicensed right now. I'm not sure what those folks use it for either. We get hundreds of git clones every day~~we probably should be tracking that, but we don't have a good idea how to do it without borking the privacy expectations people have!
We've had reach outs from places that we can't easily do business with as well (like Iran).
I don't understand the cloak-and-dagger interest (besides the fact that we may be the only source-available product out there (although there's Neko, and other similar things with different targets, so shrug)), maybe it's just corporate espionage, rather than hacking to use. It seems more likely that an orthogonal technology (using chrome headless, rather than RDP, DOM mirroring, or some custom browser engine), like we do, would be more attractive to a competitor than to a customer, as if you really need a similar solution and don't care about the finer points, you can just set up RDP pretty easily.
That's one of the things that convinced me to go open-source, because it limits the asymmetric advantage that anyone who hacked us for source code may have had. But I also figured we were halfway there with a limited-feature product, so may as well go all in.
It's too early to say if it's the right choice or not! :)
