It's 2025. The ISP gateway I got comes with more default security than these cameras. The barrier to entry on security is lower than it ever has been in history. Whoever let this past the QC phase is an idiot.
It's all a matter of perspective. I'm sure to some executive somewhere, the person/s who approved all of this is seen as heroes, as they shaved of 0.7% or whatever from the costs of the development, and therefore made shareholders more money.
Until there are laws in place that makes people actually responsible for creating these situations, it'll continue, as for a company, profits goes above all.
It probably makes close to no difference in development or production, but it does significantly cut down on the number of tech support calls from people who can't figure out how to set the password, or immediately forget the password they set. If it has no password then you can just plug it in an have it work. Sure it's totally insecure, but its also trivial to install.
Generating a password that is unique to the device and print it with a sticky label on the underside of the device isn't exactly rocket-science, and ISPs somehow figured this out at least two decades ago, which was the first time I came across that myself. Surely whoever developed this IP-camera has an engineering department who've also seen something like this in the wild before?
Yep, but if you do that you need to staff a help line with people who can say "turn the box over and look at the sticker, no the sticker with the numbers on it, it's white with black letters and says PASSWORD in a big font, no the password isn't literally PASSWORD, it's the line below that with the strange letters, yes, to type that one you need to hold the shift key and press 3..."
Remember that ISPs often have people who come to your home to hook stuff up.
Yes, which costs money, which is exactly my original point. It's not because "Oh I'm so hassled because customers are dumb", it's "No, hiring people to do support would cost us money, which we don't want".
> Remember that ISPs often have people who come to your home to hook stuff up.
I can't recall a single time a technician wasn't required to come to my flat/house to install a new router. I'm based in Spain, maybe it's different elsewhere, but I think it's pretty much a requirement, you can't setup the WAN endpoint or ISP router yourself.
Last time I moved I opted for the "self install" kit, which was fine because I'm technical and the previous owners already had the service so there was nothing that needed to be done except hooking up the pre-configured modem. Saved me $200 in truck roll fees.
Interesting stuff, I've asked if I could do the installation myself every single time I've moved to a new place, and never has the ISP (three different ones) said yes. There isn't any installation fee place(probably by law?) so that isn't an issue here, just a hassle to coordinate having to meet between 12:00 and 18:00 or some super wide range of time for them to come and install it.
In the US for the past 5+ years Xfinity/Comcast, Charter, and whatever CenturyLink is called these days have all heavily pushed the "self-install kit" option vs traditional tech install each time I've moved.
Worked 4/5 times (all with cable), only time it failed was because I had apparently subscribed to a DSL plan from CenturyLink without realizing and they needed to wire up the extra lines upstream for the "modern" version of DSL to work in my apartment. After insisting multiple times that the self-install kit was 100% plug-n-play at my new address despite my intense skepticism since I really needed reliable internet from Day 1 during COVID remote work.
I was seriously missing Comcast/cable by the time that 1 yr contract was up, the devil you know and all...
So you're trying to justify this type of rampant negligence in tech? Do you think justifying such malfeasance makes up for fact we literally have surveillance networks that bad actors can tap to do really awful things?
Anyone that cares about their perspective has missed the point.
I don't think the person you're replying to is justifying it, but saying there's no laws to prevent the abuse.
Personally I think tech CEOs should be put in stocks in the town square on the regular but they're protected from any form of repercussions besides extreme cases of fraud. Even then, they're only held accountable when the money people have their money effected, not when normal people are bulldozed by the abuse.
If I was 10 years younger, I might agree that they aren't justifying it, but I have enough experience with passive speech to just not let it pass anymore.
Regarding remedy, we really need laws on this stuff yesterday. The problem is that we have to gut first amendment freedoms for some of this stuff, which wont go anywhere because there will always be too much overreach with today's representatives.
You should probably read the comment you're replying to before replying
> Until there are laws in place that makes people actually responsible for creating these situations, it'll continue, as for a company, profits goes above all.
They obviously meant that we ought to be holding these people responsible.
> You should probably read the comment you're replying to before replying
Congrats you spotted the thing we agreed on between comments. If you fail to see the agreement through parity of the part that was echoed, idk what to tell you. Education system is failing everyone in it these days.
> If I was 10 years younger, I might agree that they aren't justifying it
You maybe need to read your own comments then? Idk man, they clearly aren't justifying anything, they're being critical and you're just spouting off about the education system
> So you're trying to justify this type of rampant negligence in tech?
Don't know how you reached that conclusion, I obviously isn't trying to justify anything. But maybe something I said was unclear? What exactly gave you the idea I'm trying to justify anything of this?
Nothing against you personally, just so you know. But I have to point out that anyone caring about the reason for the short coming of flock on stuff like this are just crafting soft reasons they can use to justify things later. Being up front here I care not for their reason because the entire business model is frankly disgusting and an affront to a functioning society. This is the type of tech that evolves into social credit scores and precog crime units, stoping crime before it happens.
At the end of the day your rationalization only affords comfort to those that have a vested interest in this stuff being successful and it needs to be clear to those people driving this that they’re not doing something popular or even good.
Why stick your neck out, swim upstream to do a good job that will not be recognised as such?
Fix the corporate incentives and engineers will be able to do the right thing without suffering. Not everyone gets the luxury of a secure career doing morally ok things.
Counterpoint: whoever let this past the QC phase got paid very generously, and everyone involved is ignoring the laws that already exist to combat this, because law enforcement, too, gets paid generously. And the laws that forbid that aren't getting enforced because the police doesn't police the police, and dad has made it perfectly clear that flagrantly ignoring the law is fine if you're in power.
What makes you think QA/QC is paid handsomely? It's a bloody cost center mate, and you can't measure "damage prevented" consistently, or at least in a way most high-risk tolerating exec types won't immediately undermine.
