so are you saying that I shouldn't be testing a product I purchased or a product that someone mandated I have in my house? I shouldn't have to notify anyone, I own it and I should be able to do with it whatever I please. In addition if I do find an exploit I am not obligated to notify the company nor should I be. A good faith company should be doing their due diligence and not releasing unprotected/poorly protected devices as is common today.
You don't own the inside of it. That's the core part of all this. Businesses decided to sell items with special conditions where you can own possession of the item as a whole but not the ability to dismantle it.
That's just a contract with terms. If you are in the position being addressed by my points, then you have already agreed to those terms.
your problem is with the ownership model, or something else. I am saying, since this model is already in existence and accepted by the public, we need to create some safeguards.
We cannot bypass the fact that you do not own the thing you are testing. So if you want to test something you do not own, then yes I think involving the entity that does own it is reasonable
