This is a public service announcement: by saying "IT is crap because users still buy it" you are effectively blaming the victim.
There is a huge information and resources asymmetry between large companies creating software and hardware, and regular person who just wants their Internet-connected device to, you know, not do harm. Companies effectively made a business model out of that asymmetry.
We need education and regulation to make IT not crap.
@rysiek I don't really understand why there's next to no liability for this sort of thing. Intuitively it seems like that should be the default, no regulation required. If you collect my data and leak it, you need to pay me for that. Even if you just counted the hours of people's time needed to put freezes on their credit, that's a HUGE amount of money. The fact that we're not seeing that seems to be a fundamental failing of the government to provide table stakes protections.
@freakazoid @rysiek While I agree with you in principle, I have to tell you, the amount of money involved that you might get won't even cover your lawyers bills. Determining damages isn't easy or simple. On top of that, "leaking" is a word for an act. Getting hacked because security is crap...that's not deliberate.
@gedvondur @rysiek Yeah, the American Rule sucks. But that's what class actions are for, at least in the US. And yeah, the reason that getting hacked because you did a shitty job with security isn't considered an action (i.e. negligence) is because we have no standards around what constitutes sufficient security. Which I guess does mean regulation.
@freakazoid @rysiek I would say that it's a non-starter to say that getting hacked=negligence because that operates on the theory that there is such a thing as perfect security. We need a standard that shows "best practices" and " reasonable measures" and suddenly we are in a quagmire. I'm pretty sure this problem can't be regulated out of existence. We need regulations on what they collect and if then can sell it without express consent first.
@rysiek @gedvondur The analogy I think of is this: if I borrow your stereo and I leave it on my front lawn and it's stolen, I have to replace it. If it's in my house with the door locked and someone steals it, I don't. There's no specific law that says that, as far as I know. And whether or not I had your permission to have the stereo is irrelevant to whether I have to replace it in the lawn case. If I didn't have your permission, I'd have criminal liability on top of it.