Security: Difference between revisions - Consumer_Action

Line 1:

Security is an engineering principal whereby the risk of an unauthorized malicious agent gaining control of a product, its information, or its environment is minimized. Security of programs and physical products is critical to consumer protection.

'''Security''' is an engineering principal whereby the risk of an unauthorized malicious agent gaining control of a product, its information, or its environment is minimized. Security of programs and physical products is critical to consumer protection.

==Security vulnerabilities==

Line 12:

Security is both a blessing and a curse towards control over the things consumers own. Being forced to login to a laptop to use it is a sensible decision, being forced to connect your treadmill to the internet and gain authorization just to run on it (as seen [[Peloton Removes Just Run Feature|here]]) is not. Companies may use security as an excuse to reduce consumer control and so it is important to identify these misuses. If a company takes away consumer rights using security as an excuse the emperor may not have any clothes to begin with.

=== Poor security principals harm the consumer ===

===Poor security principals harm the consumer===

A large number of security incidents are caused because the producer of a product has a general misunderstanding of what security is and how to produce secure products. In addition a misunderstanding of the purpose of security can induce companies to take actions capable of harming consumer rights.

==== [[Security Through Obscurity|Security through obscurity]] ====

====[[Security Through Obscurity|Security through obscurity]]====

Obscuring, or hiding, a product's information increases the time a person or organization would need to take to fully understand how a product works. While this will delay the discovery of security vulnerabilities it can never stop them, in addition obscuring product information prevents maintenance of products by the consumer, violating their [[Right to Repair|right to repair]].

==== Security through authorization ====

====Security through authorization====

Authorization is the process of confirming that a user is who they say they are. Authorization processes are extremely important to the functioning of the internet but risk becoming a security vulnerability and threat to consumer rights if used improperly. Authorization features can be used by companies to lock out features when the user's subscription expires, in this case the purpose of authorization is lost because the user need not confirm who they are, just that they have a valid subscription. These sorts of lock-outs are significant in that the product's physical features still work but the company is intentionally preventing the user from accessing them because their internet-based subscription has ended.

@@ Line 1: / Line 1: @@
-Security is an engineering principal whereby the risk of an unauthorized malicious agent gaining control of a product, its information, or its environment is minimized. Security of programs and physical products is critical to consumer protection.
+'''Security''' is an engineering principal whereby the risk of an unauthorized malicious agent gaining control of a product, its information, or its environment is minimized. Security of programs and physical products is critical to consumer protection.
 ==Security vulnerabilities==
@@ Line 12: / Line 12: @@
 Security is both a blessing and a curse towards control over the things consumers own. Being forced to login to a laptop to use it is a sensible decision, being forced to connect your treadmill to the internet and gain authorization just to run on it (as seen [[Peloton Removes Just Run Feature|here]]) is not. Companies may use security as an excuse to reduce consumer control and so it is important to identify these misuses. If a company takes away consumer rights using security as an excuse the emperor may not have any clothes to begin with.
-=== Poor security principals harm the consumer ===
+===Poor security principals harm the consumer===
 A large number of security incidents are caused because the producer of a product has a general misunderstanding of what security is and how to produce secure products. In addition a misunderstanding of the purpose of security can induce companies to take actions capable of harming consumer rights.
-==== [[Security Through Obscurity|Security through obscurity]] ====
+====[[Security Through Obscurity|Security through obscurity]]====
 Obscuring, or hiding, a product's information increases the time a person or organization would need to take to fully understand how a product works. While this will delay the discovery of security vulnerabilities it can never stop them, in addition obscuring product information prevents maintenance of products by the consumer, violating their [[Right to Repair|right to repair]].
-==== Security through authorization ====
+====Security through authorization====
 Authorization is the process of confirming that a user is who they say they are. Authorization processes are extremely important to the functioning of the internet but risk becoming a security vulnerability and threat to consumer rights if used improperly. Authorization features can be used by companies to lock out features when the user's subscription expires, in this case the purpose of authorization is lost because the user need not confirm who they are, just that they have a valid subscription. These sorts of lock-outs are significant in that the product's physical features still work but the company is intentionally preventing the user from accessing them because their internet-based subscription has ended.