Hacker News new | past | comments | ask | show | jobs | submit login

"pre-presumes that doing something for the common good is always bad"

No, it refers to a state that is intrusive into personal choices.

"pre-presumes"?




scanning for and reporting vulnerable web servers does nothing to limit someone's personal choice to operate one. I just hope they make the data public so that I can make the personal choice to block traffic to/from people who make the personal choice to operate insecure devices on the global internet.


What's wrong with asking first and letting the web operator opt in?

The gist of your argument is if I go up and try to pick your pocket but say my intentions are only to help you from real pickpockets, there's nothing but your personal choice to walk on public sidewalk and should just accept it.


I outlined the problem with opt in here: https://news.ycombinator.com/item?id=33470079#33476189

the people who would opt in aren't likely to be the problem. The problem with your pickpocket example is that you lose something when someone picks your pocket, but you lose nothing when someone checks to see what ports are open.

In fact, that's something that's already happening all the time anyway. The only difference is that in this case the person checking for your failures to secure your devices will notify you of the problem instead of exploiting your devices like everyone else will (assuming that they haven't already).

This should not only help people secure their devices, but it should also make the internet a better place for everybody.


Who gets to pay for all the extra traffic they send? the time spent by security guys to review the false positive attack logs they generate? the time spent by operators to bring the services back online when the government probing crashes something?


I get it, you don't like the idea of taxes, but fortunately most people are glad for them and the services they provide.

If this service causes a bunch of crashes (somehow) or they end up DoSing someone they should be responsible for the harm that they cause, but since these scans are no different that what criminals are already doing every day I don't imagine it'll be a huge problem unless they really screw something up.

I'd also guess that the costs in both time and money spent on the traffic generated by DDoS attacks, malware infections, and phishing sites are much much greater than the costs for 'security guys' to review logs, safely automate scans, and notify webhosts of problems. This is a sensible measure that should save massive amounts of time and money for people all around the globe and make the internet better for UK citizens in the process.


It's intrusive. My web server is none of their business.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: