Heartbleed made me pick up a thought I have had for some time now.
I own a few elderly Android devices. And by old i mean 2-3 years old which I know is eons in consumer electronics.
One big problem with the consumer device industry is that the makers quickly turn to newer products that can generate revenue for them. Maintaining old devices makes no money thus leaving these elderly devices to their own fate. In this perspective Microsoft is a “model student” giving 10 years plus support on Windows XP.
The end result with this is that there are no security updates on these devices, be it my smart phone or DSL router for example. Leaving me exposed to all kinds of Internet hostility. Kernel exploits, SSL bugs you name it. Can it even be considered safe to use these devices on the Internet?
Further more there is very little I can do about this. The only way to keep the device somewhat safe is to reinstall it with something like CyanogenMod or OpenWRT which of course is something I could do. But how about, say for example my elderly parents, or other “normal” users? The odds for them even realizing the problem is slim.
Maybe, just as we in Sweden have legislated how long a manufacturer should provide guarantees on their products, there should be a mandatory security update responsibility, say for at least three years.
Even better would of course be to only use a completely open source ecosystem with an easy way to change providers of the software running on my systems.
I say that it’s time to take the smart devices of today and let their owners take (back) control. And by this I of course don’t mean that everyone should do upgrades and alterations onto their devices. My point is that there should be a more open ecosystem with more alternatives.
The sole answer to a streamlined user experience is not increased lock down and stupidification.