Comment by dlenski

> Why can't I pay to express my consumer preferences? Why must I deliberately buy broken stuff and fix it myself?

I guess it comes down to "market failure."

Many people would probably say that they care about security/privacy/maintainability of their electronic devices, but in practice they buy based on cost and features, and they remain oblivious to security/privacy/maintainability unless and until there's a major problem.

This is probably rational behavior for most consumers:

There's no real way for them to evaluate claims about security/privacy/maintainability of their devices. Basically every Internet-connected device advertises an enormous list of security-flavored bullet points. "Supports IEEE 802.11g/n/ac/ax, including Wi-Fi Easy Connect for secure passwordless connections", "Secure Boot to ensure only authorized firmware runs on the device", "Hardware cryptographic acceleration", "24/7 monitoring by our dedicated security incident team", yadda yadda.

But those claims don't in any way cover the massive attack surface of a cloud-connected device where the server and client sides have been co-developed with a bunch of rushed and dangerous assumptions about how neither the client to the server will ever talk to any misconfigured or adversarial peer. Finding those kinds of security vulnerabilities is basically my stock in trade.

<elmo_on_fire.gif>