undefined | Better HN

0 pointssteamer252y ago0 comments

I'm not saying owners should be completely barred from modifying their systems but there are security implications to bypassing their centralized / cloud-based authentication.

It'd be possible for a knows-enough-to-be-dangerous customer to modify their system in such a way that they unwittingly allow unauthenticated local access. From my point of view, Chamberlain/MyQ should be totally indemnified in such scenarios but I'm not sure how murky the legalities would be in terms of getting judges/juries to accept "caveat emptor".

EDIT: Maybe there's a way to ensure customers have signed an indemnification agreement before unlocking local API access? I guess there'd also need to be a way to ensure/promote a factory reset if/when ownership/rentalship changes.

0 comments

jacquesm2y ago

You've got that backwards. Giving a third party control over your garage door is the 'security implication' you want to avoid.

steamer25OP2y ago

It happens all the time, no tech required, any time someone is foreclosed on.

I agree it's wiser to avoid such situations but a lot of people end up delegating this kind of responsibility. If enough of them end up burning their own fingers, that could go badly for a provider. Even if frivolous lawsuits weren't a thing, a spate of ignorant but angry social media posts could be very damaging.

Again, I'm not saying I necessarily have a solution or that hardware owners should have hurdles placed in their way. I'm just pointing out that in some ways the provider may be damned in one way if they do and damned in another way if they don't.

I suppose the IoT sub-sector will end up in similar proportions to other, older tech: Some vendors, analogous to e.g., Red Hat or Linode, will specialize in catering to enthusiasts / power-users and have fairly noncommittal / at-your-own-risk / no-warranty license agreements. However, if the past is any indication, most people will end up doing a lot of business in walled-garden analogs of Apple or Facebook.

hunter2_2y ago

Deadbolt companies aren't liable for customers leaving their products unlocked, right? Is this so different?

steamer25OP2y ago

That makes sense to me but I'm not sure your average judge/juror would see it so simply--especially given that in most cases it'd be a lot easier to tell if/when a deadbolt has been modified.

j / k navigate · click thread line to collapse

0 pointssteamer252y ago0 comments

I'm not saying owners should be completely barred from modifying their systems but there are security implications to bypassing their centralized / cloud-based authentication.

0 comments

jacquesm2y ago

You've got that backwards. Giving a third party control over your garage door is the 'security implication' you want to avoid.

steamer25OP2y ago

It happens all the time, no tech required, any time someone is foreclosed on.

hunter2_2y ago

Deadbolt companies aren't liable for customers leaving their products unlocked, right? Is this so different?

steamer25OP2y ago

That makes sense to me but I'm not sure your average judge/juror would see it so simply--especially given that in most cases it'd be a lot easier to tell if/when a deadbolt has been modified.

j / k navigate · click thread line to collapse