Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

You can implement the features you want for your rental home without the downsides we hate by merely doing end-to-end encrypted communication--and likely even peer-to-peer direct communication (and, if not, using a neutral third party to coordinate rather than the manufacturer)--from your computer to the device in question and requiring manual approval of firmware updates, which should not involve any kind of vendor signature requirement.

The default assumption that the company selling the product should have complete control over the software running on the device at all times, that they should have complete control over usage and access of the device, and that they even should have complete visibility to all of the data collected by the device, is so ridiculous as to be downright egregious: it requires someone who has almost nothing but contempt for users--even if they want to claim they somehow are helping them "for their own good"--to even contemplate such an architecture.



Would I be correct in concluding then that your suggested "end-to-end encrypted communication--and likely even peer-to-peer direct communication ... to the device in question" is simply not possible without individual case-based custom engineering?


> The default assumption ... to even contemplate such an architecture.

At the risk of being further down-voted, I couldn't agree with you more about this last paragraph. Alas my systems integration skills are not up to speed with implementing "end-to-end encrypted communication--and likely even peer-to-peer direct communication ... to the device in question", but I am thrilled to know that can be done. Are you able to cite any such systems/products where that is possible?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: