this post was submitted on 26 Aug 2024
238 points (99.2% liked)
Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ
54500 readers
666 users here now
⚓ Dedicated to the discussion of digital piracy, including ethical problems and legal advancements.
Rules • Full Version
1. Posts must be related to the discussion of digital piracy
2. Don't request invites, trade, sell, or self-promote
3. Don't request or link to specific pirated titles, including DMs
4. Don't submit low-quality posts, be entitled, or harass others
Loot, Pillage, & Plunder
📜 c/Piracy Wiki (Community Edition):
💰 Please help cover server costs.
Ko-fi | Liberapay |
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I won't dispute that both of these likely abuse the subscription model for their benefit. But they definitely have a social responsibility (and in many cases a legal responsibility) to keep updating the software in these products and the network infrastructure that go with them. The internet of things is one of the most vulnerable attack vectors we have. It has been exploited many times not just to attack individuals, but to create massive bot nets that can target corporations or even countries. The onus is on the manufacturer to continuously keep that at bay. You know what they say - the "S" in "IOT" stands for security.
I agree that IOT things need to be secure. Is it really too much to ask that apps/devices are made secure from the ground up?
To stay on the thermomix, all the subcription is is a connection to their servers to give access to their live step by step recipes. Surely that's just a secure end-to-end encrypted connection? I'm not a developer but it doesn't sound like buyers should be expected to pay the manufacturer to maintain beyond buying a thermomix/upgrading to new versions of the hardware when they want to access any new features.
In a way, yes. They can and should definitely be made with security in mind from the ground up. But they will never be totally secure, and a necessary part of what constitutes a "secure product" is to continuously and quickly patch security issues as they become known.
I would bet it's still a bit more than that. But even if it's just a secure end-to-end encrypted connection, here is the list of vulnerabilities fixed in OpenSSL (which is probably what they use for secure encrypted connections). It's five so far in 2024. Then there's some OS kernel below that which can have security issues as well. The Thermomix probably also has user authorization components and payment methods, plus various personal information that has to be protected under GDPR.
Hmmm.. okay it sounds like the subscription model does actually make some sense for devices that need to maintain an internet connection/IoT applications. Thanks for taking the time to enlighten me.
I mean, it would be zero cost if it was a fucking normal device. Someone had the idea that a juice squeezer or a toaster should be online... for... what, exactly? Remove the online (or even better, remove the software), you completely remove the cost that you want impugn on the user with "subscriptions".
No argument there. But apparently there's a market for it.