On Wed, Feb 8, 2017 at 7:22 AM, William Herrin <bill@herrin.us> wrote:
On Wed, Feb 8, 2017 at 10:12 AM, Rich Kulawiec <rsk@gsp.org> wrote:
In a better world, vendors would be far more responsible, professional, and ethical. But we don't live in that world. We live in one where they will happily dump toxic waste on the Internet as fast as they can shovel it -- as long as it's not their problem.
We need to make it their problem.
How?
The devices are trivially compromised (just log in with the default root password). So here's a modest proposal: log in as root and brick the device. This will encourage the consumer to seek a solution. When 100k consumers all discover their devices broke at the same time, they'll file a class-action lawsuit against the manufacturer, or at least never buy from them again. Market forces then solve the problem naturally, both for that manufacturer and for others who don't want the same fate. I realize there are drawbacks (including legal implications) to this method (which is why I'm posting from a personal, not work, account). But I challenge anyone to propose another solution that will work as well. Most other proposals I've heard depend on individual ISPs to take action, or governments to regulate devices and hope that foreign manufacturers care, or .... Damian