Security: Difference between revisions

(One intermediate revision by one other user not shown)

Line 10:

==How security relates to consumer rights==

Security is both a blessing and a curse towards control over the things consumers own. Being forced to login to a laptop to use it is a sensible decision, being forced to connect your treadmill to the internet and gain authorization just to run on it (as seen [[Peloton Removes Just Run Feature|here]]) is not. Companies may use security as an excuse to reduce consumer control and so it is important to identify these misuses. If a company takes away consumer rights using security as an excuse consider that "the emperor may not have any clothes" and their security is not as strong as they portray it.

Security is both a blessing and a curse towards control over the things consumers own. Being forced to login to a laptop to use it is a sensible decision, being forced to connect your treadmill to the internet and gain authorization just to run on it (as seen [[Peloton Removes Just Run Feature|here]]) is not. Companies may use security as an excuse to reduce consumer control and so it is important to identify these misuses. If a company takes away consumer rights using security as an excuse consider that "the emperor may not have any clothes" and their security is not as strong as they portray it. {{Citation needed|reason=needs verifiability}}

===Poor security principals harm the consumer===

Line 16:

====Security through obscurity====

[[Security through obscurity|Obscuring]], or hiding, a product's information increases the time a person or organization would need to take to fully understand how a product works. While this will delay the discovery of security vulnerabilities it can never stop them, in addition obscuring product information prevents maintenance of products by the consumer, violating their [[Right to Repair|right to repair]].

[[Security through obscurity|Obscuring]], or hiding, a product's information increases the time a person or organization would need to take to fully understand how a product works. While this will delay the discovery of security vulnerabilities{{Citation needed|reason=needs verifiability}} it can never stop them{{Citation needed|reason=Who?}}, in addition obscuring product information prevents maintenance of products by the consumer, violating their [[Right to Repair|right to repair]]. {{Citation needed|reason=needs verifiability}}

====Security through authorization====

Line 26:

#Avoid using physical and software products that needlessly require connection to the internet. Your fridge does not need to be "smart". Choosing to use a smart appliance opens the door for companies to take away your rights as well as open you to security vulnerabilities.

#Avoid using physical products that require a proprietary app to use. While the product itself may not connect directly to the internet, your internet device now serves as a bridge to it. This opens the door for companies to take away your rights via the app. In addition the app itself may have security vulnerabilities of its own.

#Avoid using physical products that require a proprietary app to use. While the product itself may not connect directly to the internet, your internet device now serves as a bridge to it. This opens the door for companies to take away your rights via the app. In addition, the app itself may have security vulnerabilities of its own.

#Avoid using physical products that need a subscription to use, a normal treadmill won't brick itself if the company goes out of business, or decides to [[Peloton Removes Just Run Feature|eliminate a subscription free feature]] in the name of safety or security.

#Avoid using physical products that need a subscription to use. For example, a normal treadmill won't brick itself if the company goes out of business, or decides to [[Peloton Removes Just Run Feature|eliminate a subscription free feature]] in the name of safety or security.

#Avoid using closed-source products if equivalent open-source products exist. Open source products are not necessarily more secure, but they are far less likely to violate a consumer's rights simply because the consumer has the ability to change the product as they wish.

@@ Line 10: / Line 10: @@
 ==How security relates to consumer rights==
-Security is both a blessing and a curse towards control over the things consumers own. Being forced to login to a laptop to use it is a sensible decision, being forced to connect your treadmill to the internet and gain authorization just to run on it (as seen [[Peloton Removes Just Run Feature|here]]) is not. Companies may use security as an excuse to reduce consumer control and so it is important to identify these misuses. If a company takes away consumer rights using security as an excuse consider that "the emperor may not have any clothes" and their security is not as strong as they portray it.
+Security is both a blessing and a curse towards control over the things consumers own. Being forced to login to a laptop to use it is a sensible decision, being forced to connect your treadmill to the internet and gain authorization just to run on it (as seen [[Peloton Removes Just Run Feature|here]]) is not. Companies may use security as an excuse to reduce consumer control and so it is important to identify these misuses. If a company takes away consumer rights using security as an excuse consider that "the emperor may not have any clothes" and their security is not as strong as they portray it. {{Citation needed|reason=needs verifiability}}
 ===Poor security principals harm the consumer===
@@ Line 16: / Line 16: @@
 ====Security through obscurity====
-[[Security through obscurity|Obscuring]], or hiding, a product's information increases the time a person or organization would need to take to fully understand how a product works. While this will delay the discovery of security vulnerabilities it can never stop them, in addition obscuring product information prevents maintenance of products by the consumer, violating their [[Right to Repair|right to repair]].
+[[Security through obscurity|Obscuring]], or hiding, a product's information increases the time a person or organization would need to take to fully understand how a product works. While this will delay the discovery of security vulnerabilities{{Citation needed|reason=needs verifiability}} it can never stop them{{Citation needed|reason=Who?}}, in addition obscuring product information prevents maintenance of products by the consumer, violating their [[Right to Repair|right to repair]]. {{Citation needed|reason=needs verifiability}}
 ====Security through authorization====
@@ Line 26: / Line 26: @@
 #Avoid using physical and software products that needlessly require connection to the internet. Your fridge does not need to be "smart". Choosing to use a smart appliance opens the door for companies to take away your rights as well as open you to security vulnerabilities.
-#Avoid using physical products that require a proprietary app to use. While the product itself may not connect directly to the internet, your internet device now serves as a bridge to it. This opens the door for companies to take away your rights via the app. In addition the app itself may have security vulnerabilities of its own.
+#Avoid using physical products that require a proprietary app to use. While the product itself may not connect directly to the internet, your internet device now serves as a bridge to it. This opens the door for companies to take away your rights via the app. In addition, the app itself may have security vulnerabilities of its own.
-#Avoid using physical products that need a subscription to use, a normal treadmill won't brick itself if the company goes out of business, or decides to [[Peloton Removes Just Run Feature|eliminate a subscription free feature]] in the name of safety or security.
+#Avoid using physical products that need a subscription to use. For example, a normal treadmill won't brick itself if the company goes out of business, or decides to [[Peloton Removes Just Run Feature|eliminate a subscription free feature]] in the name of safety or security.
 #Avoid using closed-source products if equivalent open-source products exist. Open source products are not necessarily more secure, but they are far less likely to violate a consumer's rights simply because the consumer has the ability to change the product as they wish.