Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

This is what is referred to as "security through obscurity." If companies are going to publish/sell closed source software to the general public, and make any claims regarding it's security, that should provide more than enough consent to probe it.


I think the difference is in what's yours and what's theirs. If it's yours, I agree. If it's theirs, I disagree.

The idea of absolute ownership is being eroded. You purchase a device but that device may use information you do not own. If you are manipulating the device to allow it to give you information you did not purchase and the contract you agreed to with the purchase was that you would not do this, then that is threatening. If what you learn by probing it allows you to breach the security of other people using the same service, then that is threatening.

If you are concerned about the device, I don't understand why we can't live in a world where you are able to vocalize that and give the device provider a chance for feedback before probing it for weaknesses.

If there is a security concern that you want to shine a light on, why is it that we need to address that concern in the dark? It is giving too much unnecessary overlap with people looking to exploit those security issues when we might not need to


> If what you learn by probing it allows you to breach the security of other people using the same service, then that is threatening

What is threatening is that the company that sells baby monitors and keeps video recordings of your family members being naked has zero accountability for their security and almost no chance of being caught if they misuse it.


That does suck and we should do something about that. Accountability could be part of the legal framework.

Trying to gain access to those video recordings by exploiting the device is still threatening too.


A device that is installed in my home but which I do not own is an increased liability on me.


Tampering with a device increases your liability compared to not tampering with it.

Don't install it in your home if you don't trust it. Don't buy things with terms and conditions where you dont own the device if you want to own the device. This is a different problem


I have things installed in my home that I don't own. Electric, gas and water meters. The common factor with all of those is that their liability also remains on their respective utility provider companies.

You do not get to retain ownership and transfer liability. It's that simple. If you insist that you own the device, then YOU are fully liable for it.


I agree liability should be part of the discussion. If we create a legal framework around the subject and clearly identify what's allowed or not allowed by independent researchers and what the ownership model actually is, then this part of the discussion becomes easier and more easily applied to past precedents




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: