Hacker News new | past | comments | ask | show | jobs | submit login
Safe from what? (daemonology.net)
154 points by TimWolla on Sept 3, 2015 | hide | past | favorite | 23 comments



I use a similar approach when talking about making something "safe" or "secure". Against what?

My front door is locked. That will probably keep out the neighborhood teenagers who might be wandering around looking to grab a laptop off of someone's table. It wouldn't keep out a burglar with the minimal skill of "kicking down a door". But the obvious adult activity inside of the house serves as a fine deterrent in that case. A group of 3-4 armed criminals might not be kept out by a few unarmed people, but sturdy steel doors with heavy deadbolts, barred windows, an alarm system, and armed residents could be adequate in that case. But that wouldn't keep out a military attack force; I'd need my own army for that. But since there's nothing in my home that would be worth sending an army for, that's an unnecessary level of security.

The point of security measures is to make it more costly for someone to break in than it's worth for them, while simultaneously making it less costly for the consumer to gain that level of security than a successful attack would cost.

What type of threat does an attacker pose? What could they gain access to? What are the potential damages? What's the cost of mitigation? Your chosen strategy should be based on the answers to those questions.


> since there's nothing in my home that would be worth sending an army for

Things get a bit hairy when every municipality has a SWAT team who might or might not know exactly which house contains a drug dealer.

Security on the internet is even hairier. When data that was originally collected for benign purposes can be aggregated and repurposed in all sorts of other ways several years down the line, it becomes difficult to tell whether you're dealing with neighborhood teenagers or an army.


So, are you more likely to be killed by the SWAT team than you are likely to be killed by the drug dealers? If the former then such SWAT teams should be deployed with much more restraint.


Better safe than sorry...

/s


The article was so calmly and with such a good description of risk that it actually felt weird to me. Its just so common to get stories so deeply committed to "If it saves just one child's life..." without considering the costs and risks of some proposed solution.


This reminds me of a sketch by Mitchell and Webb (a pair of British comedy actors). It is a satirical news broadcast, in which Mitchell points out that the fact that there was not a single death from drowning in the local region proves that too much money is being spent on anti-drowning measures.

https://www.youtube.com/watch?v=fqYyxvM85zU


The idea that every life can be saved is fallacious, but it makes for compelling reading which is why media love to push those buttons, especially the lives of children.

Every year an x number of kids die from a very large number of possible causes and unfortunately not all of those are preventable. But we all love children (well, at least most of us do) so that's an easy score for a headline writer.


I like that it was brought back to "risk," but it seems like the argument is using semantics to obfuscate that the thesis is essentially, "So what if someone can access an always-on microphone in your house?"

The headline as I see it now is "Several baby monitors vulnerable to hacking," which is more descriptive than the given "Is your baby monitor safe?" but wouldn't have made as succinct of a headline.* Would the same post have been made if the headline were "Is your baby monitor private"? If it's not private, that'd be news to me, even if all somebody gets to overhear is "Goodnight, Moon" for the 10,000th time.

*I'm not saying "hacking" is a good word either, because that can mean a lot of different things, including "make the thing blow up."


Modern baby monitors include live video feeds -- which are disappointingly often connected to the internet without any authentication required (e.g. http://www.kttc.com/story/28712087/2015/04/03/rochester-fami...). Others have two-way audio and similar nonexistent authentication (http://www.forbes.com/sites/kashmirhill/2014/04/29/baby-moni...).

Presumably the current news interest in baby monitors is whether they're safe (or which models are safe) from people using simple Google or Shodan searches to find these devices and use them to annoy or snoop on you, since that's exactly what's been happening.

Anyway you're imploring the media to do something it doesn't do -- to be more technical and less alarmist -- which is admirable but probably also futile.


"The role of a headline isn't, no matter what tabloids might suggest, to convince people to read an article; the role of a headline is to help readers decide if they want to read the article."

And what a wonderful utopia that would be.


By and large, this does apply to traditional dead-tree newspapers. And it makes sense: When the reader has already bought the newspaper, helpful headlines are better because they contribute to an impression of higher quality leading to repeat purchases.

Just another example that you can get results that sound like "utopia" by enabling the right business model.


The 3 ways advertising is probably the most harmful thing in the western world.

1) Distorting economic choices away from genuine preferences. Would we have such an obesity epidemic without Cola?

2) Distorting economic incentives away from genuine needs, most people working in advertising are actually generating negative work (they work to make others work against their interests and needs). All those producing advertising sustained products are also working perhaps at right angles to consumers genuine needs. Every billboard that is made, every campaign launched, every shill lying signifies in the final sense a theft...

3) Advertising funded businesses, ignoring direct influence via advertising spend (HSBC and the telegraph). The advert based funding model drives a 'buzzfeedization' where information services work for maximum distraction rather than providing information people want fast. Google wants you to be online more, not so you can get more done but so you can see more adverts. Will they tailor their search results so be slightly worse than ideal to keep you there longer? It would make economic sense to do so.

Businesses should be regulated very harshly to force them to compete on price, innovation and service delivery. No capitalist wants to compete in an efficient market, they must be forced.


I don't quite see why that's any less applicable to digital media.


In principle, it is just as applicable. And indeed, the headlines in my newspaper's digital subscription aren't clickbait-y either.

It's just that the structure of digital media tends towards article-at-a-time rather than issue-at-a-time or even subscription consumption. For this reason, the structure is naturally geared toward clickbait-y titles everywhere, while in traditional print media the temptation for "clickbait" is mostly restricted to the title page.


With today's clickbait I would have thought they would have gone with "Baby monitors kill" or "Children attacked by baby monitors".


"Parents install a baby monitor. You won't believe what happens next!"


"Attackers enter house via baby monitor"


"Babies hate him!"


"Anyone can peer through your baby monitor"

See, CBC, just as alarmist and as factual as the author would prefer!

Fact is, the headline is intended to get you to stop and change your focus on this story so the news outlet can sell your eyes to whatever advertiser they promised you to. Let's not be naive.


What does it mean for a baby monitor to be safe?

Of course, if you're building a product or supplying a service, you should be concerned about any attacker and any outcome which your potential customers could plausibly be worried about [...]

The article starts pointing out that the question makes no sense and then gives a sensible interpretation of what it could mean to talk about safety without qualifications. I didn't read the CBC article but it seems at least possible that it talks about all the issues anyone could possibly be concerned about.


I agree that the title of the article in question gives little useful information. I read the article just now, however, because I decided I really wanted to know the answer to "safe from what?" It turns out that the only issue of much real security concern is that an attacker could gain access to your network by attacking a networked attached baby monitor. Beyond that, the article was as vague as the headline on what the actual impact of a compromised baby monitor would be (very little, I suspect).


I can easily think up a still clickbait title that satisfies this: "is your baby monitor safe from strangers' eyes?"

Anyway, the reason they don't give a figure of merit or context is because infinity is a good limit since it will never be reached. You can't beat an ideal, so they can easily circumvent Bettridge's Law by forcing you to affirm their sentiment, although to a useless question.


Adding to the discussion about baby monitor: I recently set up a wireless printer in my house. Now, this printer calls home to HP. So the internal security of my home network is no better than that of HP...




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: