7 comments

  • RetroTechie 12 hours ago ago

    Article spends many words on [training during product development] and few words on [security issues with devices sold to consumers]. Risks are the exact opposite.

    'Guinea pigs' in this case were company employees, who at least gave permission to be recorded. And aware of that.

    Consumers often don't give such permission (or are tricked into that), may not be aware of a device's capabilities, and post-sale firmware security is often weak to non-existent. That is the bigger risk.

    I don't understand why so many devices 'need' 24/7 internet connectivity. In this example: do the training. Product works? Ship to consumers with connectivity disabled. Updated firmware available? Plug in USB stick a few times a year. Or have consumer push a "connect" service button, device downloads new firmware & disconnects. Why provide a 24/7 playground for hackers/bots etc?

    Yeah I know companies selling these things have many reasons. But security-wise it makes no sense.

    • motbus3 4 hours ago ago

      Well. Tricked is one word. They sell you a device with a wibbly-wobbly Terms of Service that will stop you from using the thing you bought if you don't agree with whatever is in there. And that does not even count the fact that they INTENTIONALLY make it long and unreadable for most users and try to put it on the most inconvenient place and time so you accept it to keep life going.

    • N19PEDL2 5 hours ago ago

      Not saying this is the case of Roomba, but often devices need 24/7 Internet connectivity so that their manufacturers can sell traffic through their owner’s network.

      Source: https://news.ycombinator.com/item?id=48174465

  • fn-mote 12 hours ago ago

    (2022)

    I can only imagine what it’s like now.

  • ChrisArchitect 11 hours ago ago

    (2022) OP

    Some discussion then: https://news.ycombinator.com/item?id=34057699

  • 11 hours ago ago
    [deleted]