this post was submitted on 26 Aug 2024
239 points (99.6% liked)
Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ
54443 readers
176 users here now
⚓ Dedicated to the discussion of digital piracy, including ethical problems and legal advancements.
Rules • Full Version
1. Posts must be related to the discussion of digital piracy
2. Don't request invites, trade, sell, or self-promote
3. Don't request or link to specific pirated titles, including DMs
4. Don't submit low-quality posts, be entitled, or harass others
Loot, Pillage, & Plunder
📜 c/Piracy Wiki (Community Edition):
💰 Please help cover server costs.
Ko-fi | Liberapay |
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I agree that IOT things need to be secure. Is it really too much to ask that apps/devices are made secure from the ground up?
To stay on the thermomix, all the subcription is is a connection to their servers to give access to their live step by step recipes. Surely that's just a secure end-to-end encrypted connection? I'm not a developer but it doesn't sound like buyers should be expected to pay the manufacturer to maintain beyond buying a thermomix/upgrading to new versions of the hardware when they want to access any new features.
In a way, yes. They can and should definitely be made with security in mind from the ground up. But they will never be totally secure, and a necessary part of what constitutes a "secure product" is to continuously and quickly patch security issues as they become known.
I would bet it's still a bit more than that. But even if it's just a secure end-to-end encrypted connection, here is the list of vulnerabilities fixed in OpenSSL (which is probably what they use for secure encrypted connections). It's five so far in 2024. Then there's some OS kernel below that which can have security issues as well. The Thermomix probably also has user authorization components and payment methods, plus various personal information that has to be protected under GDPR.
Hmmm.. okay it sounds like the subscription model does actually make some sense for devices that need to maintain an internet connection/IoT applications. Thanks for taking the time to enlighten me.