I certainly agree that startups over-promise in the beginning, but they need to be very explicit and very clear as far as human safety is concerned. I work (up until the end of the day today) for a medical startup. We speak highly of our own product, but we make it unambiguously, blatantly clear that our product is NOT an emergency feedback system. If we lie and say we're a system like that, people could get killed. In this case, the publishers lied critically about the source of the parts and the system that was running on top. While perhaps not as immediately and spectacularly fatal as a medical device malfunction, if journalists or revolutionaries are using the product and there's a backdoor, there will be lives lost. They were NOT clear that the hardware they were using was actually a Chinese manufactured product from a Chinese design company. When it comes to surveillance, the Chinese government doesn't have a great reputation. There's plenty of reason to believe the device may have a hardware backdoor, as has happened before. Second, the software installed on the device is itself highly insecure. The original Reddit post pointed out that the device had a web-exposed remote administration panel open with the default username and password.The only thing worse than no security is the illusion of security. This product, as sold, provided just that -- a minimal but ultimately illusory security.
rlvesco7|11 years ago