"nanny state" is a purposefully skewed statement that pre-presumes that doing something for the common good is always bad. It's a lazy way of not making an argument.
Why is scanning web servers for vulnerabilities bad?
Yeah, scanning for vulnerabilities in a controlled way isn't bad
I suspect those opposing it are the ones that eventually get caught with glaring vulnerabilities and then we have to hear BS like "they care for security and privacy" when they didn't even use password hashes
scanning for and reporting vulnerable web servers does nothing to limit someone's personal choice to operate one. I just hope they make the data public so that I can make the personal choice to block traffic to/from people who make the personal choice to operate insecure devices on the global internet.
What's wrong with asking first and letting the web operator opt in?
The gist of your argument is if I go up and try to pick your pocket but say my intentions are only to help you from real pickpockets, there's nothing but your personal choice to walk on public sidewalk and should just accept it.
the people who would opt in aren't likely to be the problem. The problem with your pickpocket example is that you lose something when someone picks your pocket, but you lose nothing when someone checks to see what ports are open.
In fact, that's something that's already happening all the time anyway. The only difference is that in this case the person checking for your failures to secure your devices will notify you of the problem instead of exploiting your devices like everyone else will (assuming that they haven't already).
This should not only help people secure their devices, but it should also make the internet a better place for everybody.
Who gets to pay for all the extra traffic they send? the time spent by security guys to review the false positive attack logs they generate? the time spent by operators to bring the services back online when the government probing crashes something?
I get it, you don't like the idea of taxes, but fortunately most people are glad for them and the services they provide.
If this service causes a bunch of crashes (somehow) or they end up DoSing someone they should be responsible for the harm that they cause, but since these scans are no different that what criminals are already doing every day I don't imagine it'll be a huge problem unless they really screw something up.
I'd also guess that the costs in both time and money spent on the traffic generated by DDoS attacks, malware infections, and phishing sites are much much greater than the costs for 'security guys' to review logs, safely automate scans, and notify webhosts of problems. This is a sensible measure that should save massive amounts of time and money for people all around the globe and make the internet better for UK citizens in the process.
>Why is scanning web servers for vulnerabilities bad? //
Not the OP.
I think it's fine in general with one big proviso, that they change the law first to make it lawful.
With a different government it would look more benevolent, with the current government growing ever-more fascist--having now found a surreptitious way to ditch the ECHR, for example--it gets somewhat worrying.
Why is asking for permission first bad? The CISA does this very thing, but businesses have to explicitly ask first and consent unlike the UK. That's the difference between a nanny state policy and one that respects choice and the property rights of others.
You clearly have a very skewed idea of what socialism is. Would you consider parks or public schools socialist too as they also contribute to the common good of society.
I suspect those opposing it are the ones that eventually get caught with glaring vulnerabilities and then we have to hear BS like "they care for security and privacy" when they didn't even use password hashes