Date: 2016-11-04 03:18 pm (UTC)
From: [personal profile] mikeberk

I'm the executive editor over at The Wirecutter; I responded to your comment over on our site but came over here after another commenter mentioned that you'd had more to say via your own social accounts (and then I figured I'd come read your full argument here).

I think one issue we have at WC when dealing with these kinds of issues is framing them in a way that speaks to readers who aren't always very tech-savvy, so often we are looking, as you mention here, recommending things like "Going with brand names is probably a good proxy for many of these requirements." We tend to take a most people perspective. Grant's argument in that piece is coming from a statistical perspective, rather than one that attempts to encompass all possible situations — and those situations do include real threats to real people.

We don't want to give up on the idea of IoT security in any way, and we do understand that there are cases where this is going to be insufficient, and I do think we caution our readers in that post that there is always a risk, and that any device out there is exploitable.

The case you mention (a threat from someone known to the user) is one we didn't address in particular, and it's a good point. I'd love to see more data about the frequency of this sort of attack if you can link me to some resources.

As I'd mentioned over on our site I'd love to be in touch further as we work on developing a protocol for testing the variety of random IoT objects we're coming across in increasing numbers.

Thanks much, and keep up the good work,

Identity URL: 
Account name:
If you don't have an account you can create one now.
HTML doesn't work in the subject.


If you are unable to use this captcha for any reason, please contact us by email at

Notice: This account is set to log the IP addresses of everyone who comments.
Links will be displayed as unclickable URLs to help prevent spam.


Matthew Garrett

About Matthew

Power management, mobile and firmware developer on Linux. Security developer at Google. Ex-biologist. @mjg59 on Twitter. Content here should not be interpreted as the opinion of my employer.

Expand Cut Tags

No cut tags