[arice]

The stance you take is harmful when said organizations are responsible for the stewardship of the data of others, and being "less secure" places the general public at risk. The true impact of a breach is rarely limited to a single organization.

It is even further harmful when the laws are aggressively applied to prevent research into personal property, especially when your personal safety may depend upon it. For example, your car: https://twitter.com/0xcharlie/status/600729130355666944

[obstinate]

> The stance you take is harmful when said organizations are responsible for the stewardship of the data of others

Do you make a habit of visiting banks uninvited to test their vaults?

[arice]

I don't make a habit of storing assets in banks that fail to insure me against a total loss of those assets. That insurance just happens to require extensive third-party verification of security practices that may be publicly audited upon request.

The analogy doesn't hold when applied to the digital services we all depend upon as such assurances are impossible.

[sdrothrock]

> The analogy doesn't hold when applied to the digital services we all depend upon as such assurances are impossible.

Rather than allowing anyone to try to crack a server as long as they claim to be a white hat, I'd much rather require corporations to go through a standard, "extensive third-party verification of security practices that may be publicly audited upon request" and default cracking attempts to "illegal."

I may be misunderstanding something in what you're saying, though -- if I am, could you clarify that for me?

[spacemanmatt]

I think the internet just about has them storing their vaults on the public sidewalks.