Jump to content
Main menu
Main menu
move to sidebar
hide
Navigation
Main page
Categories
Random page
Top Contributors
Recent changes
Contribute
Create a page
How to help
Wiki policy
Adapt videos to articles
Articles in need of work
Help
Frequently asked questions
Join the discord!
Help about MediaWiki
Consumer_Action_Taskforce
Search
Search
Appearance
Create account
Log in
Personal tools
Create account
Log in
Pages for logged out editors
learn more
Contributions
Talk
Editing
Security
(section)
Page
Discussion
English
Read
Edit
Edit source
View history
Tools
Tools
move to sidebar
hide
Actions
Read
Edit
Edit source
View history
Purge cache
General
What links here
Related changes
Special pages
Page information
Cargo data
Appearance
move to sidebar
hide
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
====Security through authorization==== Authorization is the process of confirming that a user is who they say they are. Authorization processes are extremely important to the functioning of the internet but risk becoming a security vulnerability and threat to consumer rights if used improperly. Authorization features can be used by companies to lock out features when the user's subscription expires, in this case the purpose of authorization is lost because the user need not confirm who they are, just that they have a valid subscription. These sorts of lock-outs are significant in that the product's physical features still work but the company is intentionally preventing the user from accessing them because their internet-based subscription has ended. Authorization for the sake of company product control harms the consumer's [[right to own]] their purchase and also can introduce new attack vectors for malicious actors. Attack vectors may be introduced within the product itself: malicious actors can't remotely hack a fridge without an internet connection but they might be able to hack a smart fridge that has the user login via the internet. Attack vectors may be introduced on the user's information as the company now needs to store authorization information (password hashes, usernames, emails, god forbid in clear text) and may do so insecurely opening themselves to attack.
Summary:
Please note that all contributions to Consumer_Action_Taskforce are considered to be released under the Creative Commons Attribution-ShareAlike 4.0 International (see
Consumer Action Taskforce:Copyrights
for details). If you do not want your writing to be edited mercilessly and redistributed at will, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource.
Do not submit copyrighted work without permission!
To protect the wiki against automated edit spam, we kindly ask you to solve the following hCaptcha:
Cancel
Editing help
(opens in new window)
