Supposedly, the free market should correct this when consumers stop buying the flawed product. Companies will recognize that poor security is not profitable and make improvements.
In reality, consumers aren't (and can't) be educated enough to avoid products with these types of flaws. So, it's up to government to regulate but consumers (citizens) still need to care enough to ask the government to regulate with fines and recalls.
EU citizens seem to have that type of government but US citizens would still rather protect corporate bad actors than protect themselves.
If we see any kind of legislative pressure, my bet is it'll be from the EU well before the US.
Here's an underappreciated thing that makes free market's "customers will recognize Bad Aspect X and buy something else" not work. It's not a conspiracy, but it seems like something the market is naturally optimizing towards.
Choice has a cost, and we're all completely DDoSed by issues in our lives.
So yes, the router turns out to redirect NXDOMAIN to a page full of ads. Also, my back aches, I'm burned out at my job, my spouse has a bad mood today, I should've bought flowers in the morning but I forgot (maybe if I leave work 20 minutes early I'll manage to get them on the way back?), I've just discovered my bank is severely overcharging me for my account relative to the competition, the city council has just passed a bullshit increase in garbage collection rates, also the asshole who owns the apartment above has put it on AirBnB and we can't get a good night's sleep now, and .... and yes, my router is redirecting NXDOMAIN to a page full of ads.
There's this belief that people are too whiny these days. I start to feel it's opposite: we're too saturated with bullshit to have time to be whiny enough - enough to turn it into meaningful purchasing choices.
Is this not what the likes of Consumer Reports is for? You pay them money, they tell you what to buy and then you don't have to evaluate everything yourself.
Naturally people don't want to pay for it, but it costs money to provide it, so what do you want?
The best thing the government could do is provide the same service for free.
> Is this not what the likes of Consumer Reports is for?
It's a stop-gap solution, yes. Unfortunately, AFAIK there's nothing like this in my country, at least not trustworthy. For general electronics, I trust WireCutter and have never been anything but completely happy by just buying one of their top recommendations in a given category.
The question is, is the complexity of our lives all necessary, or is most of it incidental? And regardless, the point is: existence of this complexity makes the market mechanisms of ranking of products and services quite weak.
> The question is, is the complexity of our lives all necessary, or is most of it incidental?
So this is a separate question entirely. And it's not a bad question -- why is there so little true scarcity of necessities but so much scarcity of time? There is actually quite a lot of artificial scarcity keeping everybody running on a treadmill. Like, how many hours are you working just to pay for the increase in housing costs caused by restrictive zoning rules? How many hours are you working just to pay off student loans from artificially inflated college tuition costs?
It's quite important that we address these things but it's kind of a different problem domain than consumer router security.
> And regardless, the point is: existence of this complexity makes the market mechanisms of ranking of products and services quite weak.
I would think it would be the opposite. If people have lots of free time and resources to read specifications and understand the inner workings of what they're buying then you don't need to pay someone to do it for you because you can do it yourself. It's when everybody is busy that someone trustworthy can make money by selling or identifying products of a given minimum quality, because people find their time more scarce than money and are willing to pay somebody so they don't have to do it themselves.
But in that case you would tend to have more dissatisfaction and buyer's remorse, because general purpose recommendations and minimum quality standards don't yield as good a result as you making an informed choice yourself. "One size fits all" is never really as good as choosing the right size for you. But government regulations can't fix that any better than consumer product ratings because they have the same problem -- a minimum standard still doesn't help you choose between a zillion different products that all meet the minimum standard, even though some of them are significantly better in your specific circumstances. The best product for some people may even be one which is below the so-called minimum standards, because they have atypical requirements.
Which I guess brings us back to your original point. Maybe we should do something about everybody being completely swamped for time.
> The best thing the government could do is provide the same service for free.
Check to see if your local library offers Consumer Reports access! Mine does, and since the library is part of the municipal government, I suppose you could say that your statement has already come true (at least for some people).
> Supposedly, the free market should correct this when consumers stop buying the flawed product.
Any free market purist will tell you that all transactions must be both mutually consenting and informed. If these conditions are not met, it is the governments job to step in.
It's very rare that both parties engaged in any transaction are equally informed. But often the government is even less informed so they are utterly useless in terms of intervention.
The best the government can do and should do is reduce power imbalances and market monopolies which give rise to information asymetry. Reducing wealth inequality should be the government's priority.
Money can buy trust. People are too focused on presentation instead of substance. People these days are incapable of seeing substance where it exists and they are easy to fool into seeing it where there is none.
"Equally informed" isn't actually required. All you need is to be informed enough to make a reasonable decision. If you know one of the products is less secure but $10 cheaper, you know essentially what you need to know even if the manufacturers have a ton of information about specific algorithms used and electrical impedance that you don't know or understand but that don't change the high level conclusions anyway.
It's only when the customer doesn't even have the information that the product which is $10 cheaper is also less secure that you run into a problem.
Now name any transaction more complicated "I agree to pay you $3 for this bunch of asparagus" where the buying side has as much information as the selling side.
It seems to me the government should be involved in almost every transaction.
Real quick after this becomes normal, somebody is making an extra few cents by buying 10 bunches of asparagus from a farmer, redividing them and selling 11 bunches to customers.
What gets done about that? Weights and Measures. I agree to pay you $3 for a spigglywig of asparagus.
Then I worry your spigglywig is deliberately under-size. The market town gets an officer to check you're selling asparagus in correct spigglywigs, and next thing you know you've got a multi-billion dollar metrology (the science of measuring things) research lab and they're defining the fundamental constants of nature so as to be right certain exactly how much a spigglywig is every time.
So yes, "free market" is at best a model that can only be approximated and at worst it's a filthy lie.
> It seems to me the government should be involved in almost every transaction.
Yuck. I'm not a hard free-market-only libertarian (I believe in single payer healthcare for example) but economic transactions between two private parties should never have government involvement. Hell, I dislike the banks and credit card companies having involvement, we tolerate them because we have no choice.
Actually you are, because your pronoun "we" includes all the people whose conception of libertarianism is a massive straw man, but claim to be libertarians themselves. Which is now most self-described "libertarians", and a large swath of the Republican party. Now days it's just a meaningless euphemism people use when they don't want to admit they voted Republican.
And the few libertarians who actually know what it means are usually quite cruel and heartless, fighting tooth and nail against universal heath care even today, because their ideological principles outweigh their empathy and humanity.
But as a result of your ideological evangelism, you own all the self-described "libertarians" who your philosophy appeals to simply because they want to hurt and punish poor people, but don't understand what it "really means".
Sorry if this annoying inconvenient health crisis has knocked the blocks out from under your religious philosophy (and that the invisible hand of the market saw it necessary to bitch slap Rand Paul into quarantine after he downplayed the severity Coronavirus, got it himself, tested positive, and continued to selfishly spread it while awaiting the predictably positive results), but we NEED government intervention and universal health care right now to save people's lives, so please spare us the "no true Scotsman" lecture.
You are proving my point for me. You read the word "Libertarian" and immediately start rambling about Republicans and how cruel I am for my "religious philosophy".
> Sorry if this annoying inconvenient health crisis has knocked the blocks out from under your religious philosophy, but we NEED government intervention right now to save people's lives
This is a strawman, and there's no reason for you to be so offensive. I absolutely agree that government action is proper and necessary to protect the population, especially right now. "Provide for the general defense" is one of the government's jobs.
I think you should take a minute to examine your assumptions about what libertarianism is instead of reacting emotionally whenever you hear the word.
I think you should save your breath for defending libertarianism from the mindless hoards of people who actually claim to be libertarian themselves, but don't know what it means. Because I know very well what it means, and don't claim to be one myself.
I've done nothing anywhere near as offensive and self-centered as what Rand Paul has done, first parroting Trump by downplaying the risk of Coronavirus, then knowingly spreading the highly contagious disease after he was exposed to it, by following Trump's idiotic advice to go about your normal daily life, instead of following sound medical advice to quarantine until he got his test results, which were positive. On top of his medical training and long career of opposing universal health care.
He's a physician: he should have known (and does know) better than to do that, and that makes his policies and behavior perfectly aligned with the stereotype of the heartless libertarian who doesn't care about anyone but himself. He can't fall back to Trump's ignorant "I'm not a doctor, but take this pill from a company I've invested in" defense.
We needed universal healthcare BEFORE the pandemic struck. Why have you and your ideological colleagues fought tooth and nail against it for so long, to the point of lying about and sabotaging Obamacare? Are you finally changing your tune, when it's way too late?
So what was your position on universal health care before, and what is it now, and does that align with the "true libertarian" philosophy, or are you "no true Scotsman" yourself? I'd love to hear your defense of Rand Paul's actions. Is he a true libertarian like you? And how about Eric S Raymond: do you think he knows what he's talking about?
Your focus on universal healthcare is understandable, but misguided.
America has more doctors and more hospital beds per capita than Europe does. This is one of the reasons that Europe has seen more coronavirus cases and more deaths per capita than America - their healthcare system is starved for resources.
I am in no way claiming that the American healthcare system is perfect, but I don't see universal healthcare as a panacea, because we are seeing in real time that it is not.
As far as what my stance on healthcare is: I think healthcare is a unique market where there is rarely the ability for you as the patient to make an informed decision about your medical care. In other words, a free market approach is not entirely feasible. I think a system similar to our school system would be ideal: publicly operated hospitals available for little to no charge, with the freedom to start a private hospital that has to compete with the public ones. This would mean high quality care at reasonable prices all around.
This has always been my stance. I've met libertarians who agree and disagree with me, but I can defend my stance using libertarian "first principles". So I think it's fair to call it "true libertarian" philosophy.
A libertarian is not a republican, and a libertarian is not an anarchist. A libertarian simply believes that individual rights should be protected. That should not be such a controversial statement.
> America has more doctors and more hospital beds per capita than Europe does. This is one of the reasons that Europe has seen more coronavirus cases and more deaths per capita than America - their healthcare system is starved for resources.
More telling is how reluctant he is to defend Rand Paul's indefensible and stereotypically libertarian antics, how not once has he mentioned his name, and how he pretends he didn't read anything about him I wrote.
I think the implication is that, to quote Eric Weinstein from that Kayfabe article, "economic theory ... currently uses as it's central construct a market model based on assumptions of perfect information."
Does he say that? Because it's very wrong -- economics of imperfect information has been a dominant theme of microeconomics for the last 50 years. They gave Akerlof, Stiglitz, and Spence the Nobel back in 2001. They gave a second Nobel in 2007 for mechanism design, which is on when and how you can design institutions so that imperfect information doesn't wreck everything.
Fundamentally there are only two ways in which the activities of a large number of people can be co-ordinated: by central direction, which is the technique of the army and of the totalitarian state and involves some people telling other people what to do; or by voluntary co-operation, whch is the technique of the market place and of arrangements involving voluntary exchange. The possibility of voluntary co-operation in its turn rests fundamentally on the proposition that both parties to an exchange can benefit from it. If it is voluntary and reasonably well informed, the exchange will not take place unless both parties do benefit from it.[1]
You will see a similar disclaimer in any bit of free-market libertarian thought, because you can't have voluntary exchange without informed consent.
If transactions without informed consent are taking place, it is easy to argue that someone's property rights are being violated. Any libertarian since John Locke will tell you that protecting your rights is the first and foremost job of government[2].
>Any free market purist will tell you that all transactions must be both mutually consenting and informed. If these conditions are not met, it is the governments job to step in.
I don't think such a person exists outside of some libertarian fantasies.
In practice, the right side of the political spectrum is about preserving the free market insofar as it protects incumbent wealth.
> Supposedly, the free market should correct this when consumers stop buying the flawed product.
Surely this is only true if the consumer _values_ security? Even assuming every (potential) consumer is educated enough to recognise security flaws, that doesn't necessarily mean the typical consumer will value security enough to purchase an alternative product they deem inferior in some other aspect
Arguably many consumers, even if they _could_ evaluate a product's security before purchase, wouldn't _care_ because they don't understand how it affects them. And often, the effects (DDoS nets, etc) are against someone else anyway.
I'm not sure if "tragedy of the commons" is the right term for this, but I feel it's in the ballpark. Insecure devices create a form of pollution on the internet, let's say. And perhaps we should think of them like other polluters.
Obviously pollution controls have a cost, just like security, but we all understand that it's in everyone's interest to have air we can breathe, and ultimately lowers health care cost. Likewise, it could be argued that it's in everyone's interest (and perhaps a national security priority, as well) to have devices that don't allow themselves to be taken over by arbitrary attackers.
I think these are the regulatory models we should be considering.
> In reality, consumers aren't (and can't) be educated enough to avoid products with these types of flaws. So, it's up to government to regulate
Why is the proposed answer to information problems always bans and fines? Is the government, or anyone else in the market, lacking in the capacity to instead provide people with better information?
If you want the government to do something, why not have them go out and evaluate the products that exist in the market? Then if they find vulnerabilities, they can report them to the manufacturers before they're discovered by attackers, and they can rate the vendors on their security practices and publish the information so that customers do have the information on which vendors make better products.
How is this not vastly superior to the thing where they destroy all small vendors with onerous regulations and then everything costs fifty times as much because the only vendors big enough to comply with the regulations are Oracle and IBM?
how do I deal with this as a consumer when... I go buy a router from target... bring it home. 4 months later there's a security upgrade which also changes the DNS resolution behavior to give me ads.
What's my recourse as a consumer in this case? return to target? return to dlink or whoever manufactured it?
>In reality, consumers aren't (and can't) be educated enough
this is a gravely serious statement. in America youre talking about a fundamental shift in the relationship between the governed and the government. many states would violently oppose the idea that the government knows whats best for you and should create laws for you backed by lethal force.
>US citizens would still rather protect corporate bad actors than protect themselves.
you missed the point. its not about protecting corporations, its about allowing personal freedom, even if that freedom includes suboptimal results. moreover, it is abjectly false that the government can simply do whats best for everyone.
> this is a gravely serious statement. in America youre talking about a fundamental shift in the relationship between the governed and the government.
Uh, consumer protection laws have existed in the US for over a century. The FTC was founded in 1914. The mindset that laws should protect people from things that they don't understand is not an abrupt or fundamental shift. If not for the government, would you know how to find out if an apartment was built and wired in a safe way? Or do you rely on government permits and inspectors for that confidence?
the ftc was founded as an anti-monopoly arm of the government, and is not the same thing as saying "consumers aren't smart enough to know whats good for them"
IMO as a libertarian, trust-busting is one of the fundamental responsibilities of the government because consumers and small businesses usually cannot overturn a monopoly.
> because consumers and small businesses usually cannot overturn a monopoly
But they can somehow fight the abuse and manipulation companies can expertly unleash on them? How is the uninformed consumer better prepared to combat this than a monopoly? Millions of individual consumers speaking with millions of voices have absolutely no chance against a companies with a single voice and a single goal. Companies hold far more cards than a regular consumer ever will. How much time can you dedicate towards protecting yourself and not being abused? Because a company can dedicate a lot of time into finding better ways to abuse or manipulate you.
It's a misguided belief that the Government intervening is intrinsically bad, or that any decision taken at individual level is intrinsically good simply because it proves "freedom". And this stems from lack of education and the unwillingness to accept that most individuals are woefully unprepared to fight back a never ending assault. But you can easily see the "converts" angrily shouting at the Government whenever they get trampled by yet another company. One of the more clear examples is when people who got scammed out of they cryptocurrencies went from "boo regulation" to "why didn't the government do anything" without missing a beat.
Yeah, that’s the cookie-cutter generic answer to any consumer protection.
Does anyone actually belief it’s workable to require every single consumer to be informed about the most minor details of a router’s DHCP configuration in order to stop such shenanigans? And how does this fantasy work when the router is provided by your cable company? There must be thousands of issues of that magnitude you would need to research when deciding among the two options for internet most people have. Although I guess it’s easier once you notice both provides use the same routers and you don’t have a choice after all.
Do you also favor the government leaving food safety to the individual consumer? If yes, do you routinely research the full supply chain of all ingredients that go into your cheeseburger, to be sure nobody is using lead as a convenient sweetener? Do you check every restaurant’s kitchen for hygiene?
>this is a gravely serious statement. in America youre talking about a fundamental shift in the relationship between the governed and the government. many states would violently oppose the idea that the government knows whats best for you and should create laws for you backed by lethal force.
You sure about that? The FDA, USDA, CPSC, FCC, FAA etc all exist already.
So, would you be ok with corporations selling things that are slightly radioactive? The average consumer isn't going to understand the implications and risks of such products. What makes a smoke detector safe vs. glowing paint that killed a lot of people painting watch hands/marks with it?
> many states would violently oppose the idea that the government knows whats best for you and should create laws for you backed by lethal force.
Isn’t that exactly what a police force is? Doesn’t that exist in every part of the US and act to uphold laws designed to protect the people who live there?
But it's useful! If your search domain is `internal.company.com` and you've got a Jira instance at `jira.internal.company.com` then all you've got to do is navigate to `jira` and it works.
It's also quite possible to turn off walking up the search domain: it's just a checkbox.
None of which makes it a good idea, and the best thing to do is actually to just _not set_ the search domain.
