
Safe from what? - TimWolla
http://www.daemonology.net/blog/2015-09-02-safe-from-what.html
======
lotharbot
I use a similar approach when talking about making something "safe" or
"secure". Against what?

My front door is locked. That will probably keep out the neighborhood
teenagers who might be wandering around looking to grab a laptop off of
someone's table. It wouldn't keep out a burglar with the minimal skill of
"kicking down a door". But the obvious adult activity inside of the house
serves as a fine deterrent in that case. A group of 3-4 armed criminals might
not be kept out by a few unarmed people, but sturdy steel doors with heavy
deadbolts, barred windows, an alarm system, and armed residents could be
adequate in that case. But that wouldn't keep out a military attack force; I'd
need my own army for that. But since there's nothing in my home that would be
worth sending an army for, that's an unnecessary level of security.

The point of security measures is to make it more costly for someone to break
in than it's worth for them, while simultaneously making it less costly for
the consumer to gain that level of security than a successful attack would
cost.

What type of threat does an attacker pose? What could they gain access to?
What are the potential damages? What's the cost of mitigation? Your chosen
strategy should be based on the answers to those questions.

~~~
kijin
> _since there 's nothing in my home that would be worth sending an army for_

Things get a bit hairy when every municipality has a SWAT team who might or
might not know exactly which house contains a drug dealer.

Security on the internet is even hairier. When data that was originally
collected for benign purposes can be aggregated and repurposed in all sorts of
other ways several years down the line, it becomes difficult to tell whether
you're dealing with neighborhood teenagers or an army.

~~~
jacquesm
So, are you more likely to be killed by the SWAT team than you are likely to
be killed by the drug dealers? If the former then such SWAT teams should be
deployed with much more restraint.

~~~
Widdershin
Better safe than sorry...

/s

------
te_platt
The article was so calmly and with such a good description of risk that it
actually felt weird to me. Its just so common to get stories so deeply
committed to "If it saves just one child's life..." without considering the
costs and risks of some proposed solution.

~~~
mryan
This reminds me of a sketch by Mitchell and Webb (a pair of British comedy
actors). It is a satirical news broadcast, in which Mitchell points out that
the fact that there was not a single death from drowning in the local region
proves that too much money is being spent on anti-drowning measures.

[https://www.youtube.com/watch?v=fqYyxvM85zU](https://www.youtube.com/watch?v=fqYyxvM85zU)

------
rev_bird
I like that it was brought back to "risk," but it seems like the argument is
using semantics to obfuscate that the thesis is essentially, "So what if
someone can access an always-on microphone in your house?"

The headline as I see it now is "Several baby monitors vulnerable to hacking,"
which is more descriptive than the given "Is your baby monitor safe?" but
wouldn't have made as succinct of a headline.* Would the same post have been
made if the headline were "Is your baby monitor private"? If it's not private,
that'd be news to me, even if all somebody gets to overhear is "Goodnight,
Moon" for the 10,000th time.

*I'm not saying "hacking" is a good word either, because that can mean a lot of different things, including "make the thing blow up."

------
thaumaturgy
Modern baby monitors include live video feeds -- which are disappointingly
often connected to the internet without any authentication required (e.g.
[http://www.kttc.com/story/28712087/2015/04/03/rochester-
fami...](http://www.kttc.com/story/28712087/2015/04/03/rochester-family-finds-
their-nanny-cam-hacked-for-the-world-to-see)). Others have two-way audio and
similar nonexistent authentication
([http://www.forbes.com/sites/kashmirhill/2014/04/29/baby-
moni...](http://www.forbes.com/sites/kashmirhill/2014/04/29/baby-monitor-
hacker-still-terrorizing-babies-and-their-parents/)).

Presumably the current news interest in baby monitors is whether they're safe
(or which models are safe) from people using simple Google or Shodan searches
to find these devices and use them to annoy or snoop on you, since that's
exactly what's been happening.

Anyway you're imploring the media to do something it doesn't do -- to be more
technical and less alarmist -- which is admirable but probably also futile.

------
tempestn
"The role of a headline isn't, no matter what tabloids might suggest, to
convince people to read an article; the role of a headline is to help readers
decide if they want to read the article."

And what a wonderful utopia that would be.

~~~
nhaehnle
By and large, this does apply to traditional dead-tree newspapers. And it
makes sense: When the reader has already bought the newspaper, helpful
headlines are better because they contribute to an impression of higher
quality leading to repeat purchases.

Just another example that you can get results that sound like "utopia" by
enabling the right business model.

~~~
rawTruthHurts
I don't quite see why that's any less applicable to digital media.

~~~
nhaehnle
In principle, it is just as applicable. And indeed, the headlines in my
newspaper's digital subscription aren't clickbait-y either.

It's just that the structure of digital media tends towards article-at-a-time
rather than issue-at-a-time or even subscription consumption. For this reason,
the structure is naturally geared toward clickbait-y titles everywhere, while
in traditional print media the temptation for "clickbait" is mostly restricted
to the title page.

------
brayton
With today's clickbait I would have thought they would have gone with "Baby
monitors kill" or "Children attacked by baby monitors".

~~~
vetler
"Parents install a baby monitor. You won't believe what happens next!"

------
dclowd9901
"Anyone can peer through your baby monitor"

See, CBC, just as alarmist and as factual as the author would prefer!

Fact is, the headline _is_ intended to get you to stop and change your focus
on this story so the news outlet can sell your eyes to whatever advertiser
they promised you to. Let's not be naive.

------
danbruc
_What does it mean for a baby monitor to be safe?_

 _Of course, if you 're building a product or supplying a service, you should
be concerned about any attacker and any outcome which your potential customers
could plausibly be worried about [...]_

The article starts pointing out that the question makes no sense and then
gives a sensible interpretation of what it could mean to talk about safety
without qualifications. I didn't read the CBC article but it seems at least
possible that it talks about all the issues anyone could possibly be concerned
about.

------
goodcanadian
I agree that the title of the article in question gives little useful
information. I read the article just now, however, because I decided I really
wanted to know the answer to "safe from what?" It turns out that the only
issue of much real security concern is that an attacker could gain access to
your network by attacking a networked attached baby monitor. Beyond that, the
article was as vague as the headline on what the actual impact of a
compromised baby monitor would be (very little, I suspect).

------
noobermin
I can easily think up a still clickbait title that satisfies this: "is your
baby monitor safe from strangers' eyes?"

Anyway, the reason they don't give a figure of merit or context is because
infinity is a good limit since it will never be reached. You can't beat an
ideal, so they can easily circumvent Bettridge's Law by forcing you to affirm
their sentiment, although to a useless question.

------
2sk21
Adding to the discussion about baby monitor: I recently set up a wireless
printer in my house. Now, this printer calls home to HP. So the internal
security of my home network is no better than that of HP...

