I would argue the point was the opposite. It began with a request for authorization.

I don't see how this is any different than walking into a building and telling the concierge you're a maintenance worker.

Because the IoT devices are invited, EULA and all. You aren't invited just because you walked in.

Most people I know never invited network scanning. They were surprised by a Trojan holding their new TV hostage though (if they even noticed.)

The illegal part there isn't requesting access it's lying about being a maintenance worker to gain access.

Consent is tricky. Many people are not aware of what they are giving authorization to. That would make it uninformed consent. Add dark patterns in and I think it is easy to say that some people are not only unaware of what they are authorizing, but purposefully being misled.

Let's be real, most people are tech illiterate. If someone can't read a contract and there is no one there to explain it to them, then they are not engaging in informed consent.

Of course we have to ask if this is ethical or not. But let's not boil the conversation down to "we asked, so it is right." One side is arguing that the person didn't give informed consent and the other side is arguing that consent was given simply because a button was pressed.

It's honestly an ethical discussion of if this is right or not.

> It began with a request for authorization.

Yes, by asking someone who doesn't have permission to give that authorization to do so.

What access controls are being bypassed?