Security is hard and companies have to make their video surveillance products easy enough for a socker mom to install. Frankly I'm not surprised. Nor do I have a solution. As someone who has to provide tech support to family and friends I realize how hard it is to "just make it work" for those who couldn't care less about the technical details.
Hey moron, brilliant people make spelling mistakes, grammar mistakes, and type-os all the time. Their brains have more important things to do than obsess over minutia that are of secondary importance. Pointing such a trivial mistake in no way negates the point, nor does it make you look impressive.
It makes you look like a petty little snot that is trying to compensate for his own limitations by fixating on some valueless thing that makes an easy target.
Hay more-on, brilyunt peeple mayk speling mustayks, gramer mustayks, un type-ohs awl thu tiem. Thur brayns hav mor impordunt thengs tu du thun ubses oh-ver munoosha thet ar uv sekendarry importuns. Poynteen owt suj uh trivvy-ul mistayk en noe whey nugayts thu poynd, nohr dos ut mayk yu luk empressuv. It makes you look like a petty little snot that is trying to compensate for his own limitations by fixating on some valueless thing that makes an easy target. Grow up.
Computer nerds are not "brilliant". Quite the opposite in fact. Aerospace engineers can be brilliant, but keyboard jockeys? Never. They're mediocre at best.
As someone who has to provide tech support to family and friends I realize how hard it is to "just make it work" for those who couldn't care less about the technical details.
If you're not charging your relatives for tech support, you're doing it wrong. The fastest way to discourage relatives is to quote the hourly rate of your local mechanic ($100 in my area). If your relatives won't pay to have a mechanic fix the car, you can bet that they won't pay to have you fix the computer.
Problem with charging your relatives for support is that they will then start charging you for the same. Need a lift to the airport? Help moving house? Look after your cat for the weekend? Childcare?
Rather than becoming the black sheep of the family, just be more assertive at calling in those favours. Start the conversation with "how is your computer doing?" and end it with "so I need help moving this grand piano I bought..." You can even cash in while doing the tech support. When the call up, say you will come over, and then casually ask if they have any of that meatloaf they served the other day you could grab a slice or two of.
Yet, for wireless routers encryption is enabled by default for most, and a sticker with the password is put on the physical device. Why not the same for a camera? Not a perfect solution, but a hell of a lot better than the current situation.
Generally speaking, implementing correct security is extremely difficult, but a company that puts security as a priority can design systems that are secure by default, and strike a reasonable balance between customer ease of use and effectiveness. It doesn't have to be impossible for a soccer mom to use a device securely.
You can see the difference in two competing chat apps: Threema vs iChat. Threema is a "trust no-one" model, and requires you to actually meet face to face with a person to pre-exchange keys before you can chat with the maximum security protocol. iChat, on the other hand, "just works", relying on Apple to manage the key exchange. You're giving up a small amount of security for the convenience of a seamless experience, and trusting Apple to keep it the channel secure on your behalf.
I think most people would be fine with trusting the company they bought their devices from to actively manage the security aspects so they don't have to think too much about it, but in many cases, it's not that the security is flawed... it's completely non-existent. Anyone complaining about Shodan is simply blaming the messenger. The blame lies squarely on the companies that are selling these products with zero security in mind.
iMessage is aimed more as a replacement for SMS, which worked in the same way - you had to trust your telco and that of the recipient. For casual chat both systems are more than adequate.
Don't get too hung up on the analogy. The point I was trying to make is that there's a security vs convenience tradeoff, but it's certainly not impossible to make reasonably secure products accessible to the masses. These IoT companies aren't even trying.
Security can be implemented fully transparently to the user. This does of course take quite a bit of effort, and it can be costly since you need a few things on your system that take the workload off the user.
Since both mean more cost for the device, this is not an option. Those gadgets are supposed to be cheap, security is not a selling point so to hell with it.
The solution is really simple. Someone other than the end user needs to be responsible for security and get paid for it. If a data breach occurs, the responsible party pays for the damages. How much are you willing to pay to ensure your baby cam doesn't end up on the internet?
I have a solution: until companies carry a legal penalty for being do damned incompetent at security, and they have to give a damn... stop buying this shit.
I know, it's a wacky idea, and people can't survive without something connected to their smart phone.
But on behalf of those of us who have been saying this shit is defective by design for years, what the hell do you expect? This stuff is entirely predictable.
I've simply ran out of the ability to feel any sympathy for this.
Even bluetooth headsets (with very limited range) has better security - you have to pair devices by pressing a button. That approach could work for a soccer mom too.
Entering a password is not hard either - the default password could be the device's serial number which is printed on it. (With an option to change it for those 'home experts.'
Somehow I don't think a soccer mom is impressed with "Install this device, enabling any perv on the net to watch your kids. And if he likes them, he can trace the IP addre
Baloney. Have a unique default password generated for each device, print it on a sticker and paste it to the device. They've been doing that with routers for years already.
Johnny can't encrypt (Score:4, Interesting)
Re: (Score:2, Offtopic)
Security is hard and companies have to make their video surveillance products easy enough for a socker mom to install.
Or for someone who can't spell the most popular sport in the world.
Re: (Score:3, Funny)
He was actually referring to an abusive woman.
Re: (Score:1)
Exactly, and if she gets too uppity you should soccer out.
Re: (Score:-1, Flamebait)
Hey moron, brilliant people make spelling mistakes, grammar mistakes, and type-os all the time. Their brains have more important things to do than obsess over minutia that are of secondary importance. Pointing such a trivial mistake in no way negates the point, nor does it make you look impressive.
It makes you look like a petty little snot that is trying to compensate for his own limitations by fixating on some valueless thing that makes an easy target.
Grow up.
Re: (Score:0)
Hey moron, brilliant people make spelling mistakes, grammar mistakes, and type-os all the time.
Hey people, morons make spelling mistakes, grammar mistakes, and typos all the time. (and yet they still believe they are brilliant programmers) TFTFY
Re: (Score:2)
Do they also make type As, type Bs and type ABs?
Also, minutiae. Minutia is the singular.
Re: Johnny can't encrypt (Score:-1)
Hay more-on, brilyunt peeple mayk speling mustayks, gramer mustayks, un type-ohs awl thu tiem. Thur brayns hav mor impordunt thengs tu du thun ubses oh-ver munoosha thet ar uv sekendarry importuns. Poynteen owt suj uh trivvy-ul mistayk en noe whey nugayts thu poynd, nohr dos ut mayk yu luk empressuv.
It makes you look like a petty little snot that is trying to compensate for his own limitations by fixating on some valueless thing that makes an easy target.
Grow up.
Re: Johnny can't encrypt (Score:0)
Har har, I forgot about misspelling the mean part at the end. But you know what, it kind of works.
Re: Johnny can't encrypt (Score:0)
Computer nerds are not "brilliant". Quite the opposite in fact. Aerospace engineers can be brilliant, but keyboard jockeys? Never. They're mediocre at best.
Re: (Score:0)
a petty little snot that is trying
a petty little snot who is trying
Re: (Score:2)
I'm okay with most typos, but that one rubbed me the wrong way, for some reason.
Re:Johnny can't encrypt (Score:4, Interesting)
As someone who has to provide tech support to family and friends I realize how hard it is to "just make it work" for those who couldn't care less about the technical details.
If you're not charging your relatives for tech support, you're doing it wrong. The fastest way to discourage relatives is to quote the hourly rate of your local mechanic ($100 in my area). If your relatives won't pay to have a mechanic fix the car, you can bet that they won't pay to have you fix the computer.
Re: (Score:0)
i demand any cash i have to pay for parts and that actually runs mine off.
Re:Johnny can't encrypt (Score:5, Insightful)
Problem with charging your relatives for support is that they will then start charging you for the same. Need a lift to the airport? Help moving house? Look after your cat for the weekend? Childcare?
Rather than becoming the black sheep of the family, just be more assertive at calling in those favours. Start the conversation with "how is your computer doing?" and end it with "so I need help moving this grand piano I bought..." You can even cash in while doing the tech support. When the call up, say you will come over, and then casually ask if they have any of that meatloaf they served the other day you could grab a slice or two of.
Re: (Score:0)
If you're not charging your relatives for tech support, you're doing it wrong.
Are you really this much of an asshole in real life?
Re: (Score:2)
Are you really this much of an asshole in real life?
Yes. Next question.
Re:Johnny can't encrypt (Score:5, Insightful)
Yet, for wireless routers encryption is enabled by default for most, and a sticker with the password is put on the physical device.
Why not the same for a camera?
Not a perfect solution, but a hell of a lot better than the current situation.
Re: (Score:2)
Password : admin
Phew , now i'm safe.
Re: (Score:2)
Re:Johnny can't encrypt (Score:5, Insightful)
Generally speaking, implementing correct security is extremely difficult, but a company that puts security as a priority can design systems that are secure by default, and strike a reasonable balance between customer ease of use and effectiveness. It doesn't have to be impossible for a soccer mom to use a device securely.
You can see the difference in two competing chat apps: Threema vs iChat. Threema is a "trust no-one" model, and requires you to actually meet face to face with a person to pre-exchange keys before you can chat with the maximum security protocol. iChat, on the other hand, "just works", relying on Apple to manage the key exchange. You're giving up a small amount of security for the convenience of a seamless experience, and trusting Apple to keep it the channel secure on your behalf.
I think most people would be fine with trusting the company they bought their devices from to actively manage the security aspects so they don't have to think too much about it, but in many cases, it's not that the security is flawed... it's completely non-existent. Anyone complaining about Shodan is simply blaming the messenger. The blame lies squarely on the companies that are selling these products with zero security in mind.
Re: (Score:3)
iMessage is aimed more as a replacement for SMS, which worked in the same way - you had to trust your telco and that of the recipient. For casual chat both systems are more than adequate.
Re: (Score:2)
Don't get too hung up on the analogy. The point I was trying to make is that there's a security vs convenience tradeoff, but it's certainly not impossible to make reasonably secure products accessible to the masses. These IoT companies aren't even trying.
Re: (Score:3)
Security can be implemented fully transparently to the user. This does of course take quite a bit of effort, and it can be costly since you need a few things on your system that take the workload off the user.
Since both mean more cost for the device, this is not an option. Those gadgets are supposed to be cheap, security is not a selling point so to hell with it.
Re: (Score:0)
The solution is really simple. Someone other than the end user needs to be responsible for security and get paid for it. If a data breach occurs, the responsible party pays for the damages. How much are you willing to pay to ensure your baby cam doesn't end up on the internet?
Re: (Score:2)
Security is hard and companies have to make their video surveillance products easy enough for a socker mom to install.
Didn't you mean sucking moms instead?
Re: (Score:2)
I have a solution: until companies carry a legal penalty for being do damned incompetent at security, and they have to give a damn ... stop buying this shit.
I know, it's a wacky idea, and people can't survive without something connected to their smart phone.
But on behalf of those of us who have been saying this shit is defective by design for years, what the hell do you expect? This stuff is entirely predictable.
I've simply ran out of the ability to feel any sympathy for this.
Re: (Score:0)
Even bluetooth headsets (with very limited range) has better security - you have to pair devices by pressing a button. That approach could work for a soccer mom too.
Entering a password is not hard either - the default password could be the device's serial number which is printed on it. (With an option to change it for those 'home experts.'
Somehow I don't think a soccer mom is impressed with "Install this device, enabling any perv on the net to watch your kids. And if he likes them, he can trace the IP addre
Re: Johnny can't encrypt (Score:2)