[EMIRELADERO]

Question: why would someone believe that responsibly disclosing vulnerabilities that only affect local devices and mostly enable the owner of a device to gain root access to it is the best thing to do, instead of just publishing them outright? I understand responsible disclosure for server vulns that could cause harm to third party's plattforms or devices, but it seems unnecessary for this case.

[bigiain]

The article says in its intro

“ but with the release of the PS5 and the introduction of PlayStation's bug bounty program, I was motivated to attempt some kind of exploit chain that would work on the PS5.”

Money is a perfectly reasonable reason to jump through the “responsible disclosure“ hoops. If you want to do work like this for purely altruistic reasons, go ahead, I’ll cheer you all the way. If someone else does it for money or reputation instead, I’ll still read their fascinating write up of it.

[EMIRELADERO]

I had missed the bug bounty part! That's on me :)

Money is definitely a valid motivator.

[landr0id]

There's some professionalism involved with not just dropping 0day against someone's consumer product when it enables piracy or bypasses security functions, especially when you're employed in industry. PlayStation also accepted these through their bounty program, so there's a monetary incentive as well.

[mixedCase]

Chilling effects, I would guess: https://en.wikipedia.org/wiki/Sony_Computer_Entertainment_Am...

[VWWHFSfQ]

There are so many ways for people to cheat in online games when they can manipulate the local state of their gameplay. I've personally completely stopped playing CoD online because cheating is so ridiculously out of control.

I just want to play the game like a normal person. But it's no fun anymore.

[Cloudef]

Play fps games that have dedicated (community run) servers. Cheating is social problem, not technical. Centralized servers / matchmaking can never combat it.

[jonny_eh]

Cheating hurts innocent online gamers. Piracy hurts game developers/publishers. If you want a device you can hack, buy a PC (or a Steam Deck).

[EMIRELADERO]

Is it really true that piracy hurts game developers? All I've seen is evidence for the contrary[1]

As for your end statement, I believe having root access, or just the same level of control over the individual device as the manufacturer does after the sale, is a matter of consumer rights/protections ripe for legislation, not about "features".

[1] https://arstechnica.com/gaming/2017/09/eu-study-finds-piracy...

[jonny_eh]

> 45-percent error margin that makes the results less than statistically significant

Did you even read the link?

[thrdbndndn]

I totally get that piracy may not necessarily hurt dev in term of income. But I feel a few other things always seem to be left out in the discussion about this topic.

1) it is totally unfair for the honest buyers if other people can get it for free in an "illegal" way.

2) The IP holders may simply don't want people to get there work for free, irrespective of the fact "they are not going to buy it anyway!". I've seen lots of indie artists express such opinion.

Ultimately, I don't think that's something bystanders have a say. You (general you, not "you" you) can't force your "rational analysis on economy of privacy" on the IP holders. Large game companies obviously almost only care about the profit, so you may assume they think that way. But that can't be applied to everyone.

[EMIRELADERO]

> 1) it is totally unfair for the honest buyers if other people can get it for free in an "illegal" way.

I have never, ever seen anyone make that argument. How would that even work? "I paid fof this Smart TV. Then I heard about a massive shoplifting operation that took place on the store I bought it from. Damn! Why did I have to pay when those thiefs got many for free!". Doesn't hold up.

> 2) The IP holders may simply don't want people to get there work for free, irrespective of the fact "they are not going to buy it anyway!". I've seen lots of indie artists express such opinion.

What would the motivation for not wanting them to get it for free be, then? Unless you don't want people to get your works in the first place. If you do, I don't see how piracy might make you angry without the "concern over potentially lost sales" element.

[thrdbndndn]

>I have never, ever seen anyone make that argument

Well, now you see one, I am making it.

Your analogy with tangible goods doesn't work. Shoplifting, or stealing, could be a felony and is heavily frown upon morally. The risk of getting caught up is much higher, and the consequence is more serious.

I won't be angry about "thieves getting them for free" despite I paid for the TV, because I knew they will end up in jails eventually, if not already.

Piracy, while theoretically illegal, is almost never punished. It realistically has no risk. So there are a lot more people doing that than shoplifting. And yes, I feel salty when I paid full price for X game while someone is getting it free.

>What would the motivation for not wanting them to get it for free be, then? Unless you don't want people to get your works in the first place.

I only want my paid customers to get it, whoever doesn't pay doesn't deserve to get it. Pretty simple. I don't find it's hard to understand. Go ask any artist live with Patreon money how they feel about it.

[EMIRELADERO]

> Your analogy with tangible goods doesn't work. Shoplifting, or stealing, could be a felony and is heavily frown upon morally. The risk of getting caught up is much higher, and the consequence is more serious.

> I won't be angry about "thieves getting them for free" despite I paid for the TV, because I knew they will end up in jails eventually, if not already.

So whether you get angry about it or not depends solely on the thieves getting punished, not on the act itself? Seems like a very narrow way to view it.

> And yes, I feel salty when I paid full price for X game while someone is getting it free.

Why? That has no effect on how you enjoy the game. Why would you get salty about that, considering it doesn't affect you in any way? Especially since you said yourself earlier that piracy doesn't "necessarily hurt dev in term of income", so you wouldn't even worry about the dev(s) not making any more games because of piracy.

What's the damage for you then?

[pdntspa]

We need to get past this idea that IP holders have any say over their work once it is in the hands of the public. Information wants to be free!

[numpad0]

From the Berne Convention, Article 6bis, Moral Rights:

> (1) Independently of the author's economic rights, and even after the transfer of the said rights, the author shall have the right to claim authorship of the work and to object to any distortion, mutilation or other modification of, or other derogatory action in relation to, the said work, which would be prejudicial to his honor or reputation.

Ref: https://wipolex.wipo.int/en/text/283698

[google234123]

You did pay for when you bought the smart TV. Some percentage of the price is there to deal with insurance for shoplifting or return or warranty fraud.

If you live in a society that tolerates more fraud or crime you will pay more.

[numpad0]

This feel familiar to me, I think this is the thinking used mainly by music and video DRM implementers. An arcane one, in the sense that it is not consistent with modern liberal capitalism, that it argues the society as a whole and equalities/fairnesses within absolutely prioritizes over economical profits.

[bakugo]

>Cheating hurts innocent online gamers.

Vast majority of people hack their consoles to pirate or run homebrew, not cheat. Consoles are usually only hackable on non-current firmwares anyway which means no online play.

>Piracy hurts game developers/publishers.

This has been disproven countless times.

[wildzzz]

I don't believe that in the slightest. Sure, you do have to usually run some homebrew code to be able to play ripped copies of retail games but how big is the homebrew game and app market (other than XBMC for Xbox) that people would opt for that and not pirated games? Being able to compile code for a game console is usually (excluding XDK for the old Xbox) much more difficult than obtaining ripped retail games. Every modded console I ever saw in-person had a hardrive or stack of discs of pirated games. Games are pretty expensive and are a luxury in many parts of the world so there's a massive motive behind being able to run region-free pirated games on consoles. This argument is like saying that most people with torrent clients only download Linux ISOs and creative Commons licensed content. If the ability to pirate content is there, most people are going to do it.

[bitwize]

If you want a device you can hack, don't play games on it. Within a few years, Pluton will give us airtight anticheat.

[Cloudef]

You mean pluton is going to give us a smartphone kind of locked ecosystem disguised as a PC.

https://secret.club/2021/06/28/windows11-tpms.html

[sudosysgen]

Untrue. An HDMI capture card, image recognition, and a USB HID device means easy aimbot. Anti-cheat is an impossible task.

[ekianjo]

You are in for a big surprise if you think you can airtight anticheat. Never going to happen.

[google234123]

You can get pretty close though: see esea or Riot's Valorant