Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I think ISP's are going to start shutting off the internet accounts of people with compromised devices.


Not until there's a profit motive for them to do so.

What're ISPs more likely to do: Boot off a regular monthly paying customer because they're a "bad network citizen"? Or just charge them for any excess bandwidth they consume each month?

I suspect if some of the big CDNs start blocking ip address ranges that're sending large volumes of forged-source ip packets, ISPs will respond to customer complaints of "I can't load $website because Akamai/Cloudflare/PornHubCDN have blocked you!" (Not that this would have helped the Mirai L7 DDoS agains Krebs...)

It's hard to work out how to fix this, without somehow ending up on the slippery slope of "All ISPs need to to deep packet inspection and traffic analysis of every user's network use, to be able to block suspected-compromised customer devices". (And remember, as soon as we _require_ ISPs to record/store/analyse that, it's going ot get sold on to whoever else thinks they can extract value from it - advertisers, marketers, credit reporting agencies, insurance companies - I;m sure if you put your "evil monetization ideas" hat on you can think of a _big_ list of businesses you'd try to sell access to that data stream to...)


What if that's 10% or more of their customer base? I doubt they are willing to lose the revenue.


ISPs could at least give customers warnings that they have been compromised. Not everybody will heed those warnings of course...


That's still the only thing that I can imagine connecting the harm done by the IoT, to the owners of IoT devices.


It's not clear that customers should be held responsible. Maybe UL should look into this.


At some point surely the people who are not willing to pay for security, cannot be bothered with security, yet will buy IoT crap have to take some responsibility? After all, they are the market which is being catered to.


At least in the US that's not how any other product category works. People have offloaded all safety and security concerns to the government or the market so that it's just assumed that any mass-produced product is safe enough and customers don't need to worry about it.


A lot of places try to manage that by holding retailers responsible - making it a fine-able offence to sell, for example, RF emitting gear that breaks local regulations. This _kinda_ works where most of the retailers are concerned about their reputation and are in the local jurisdiction, but breaks down _fast_ when thinks like AliExpress are taken into account.

(And it even occasionally fails spectacularly in cases where it _ought_ to have worked OK - people offloading lithium battery charging safety to large locally represented brands like Samsung instead of self-importing Xaiomi or Doogee "brand" phones directly from China...)




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: