back to article Security? We haven't heard of it, says hacker magnet VTech

Insecure kiddie-IoT-tat merchant VTech has decided its insecurity is its users' fault. As noted by developer-blogger Troy Hunt, VTech has updated its terms and conditions after its brain-dead security practices led to the leaking of its customers' personal information. In particular, Hunt notes, there's this: YOU ACKNOWLEDGE …

FAIL

Bart would say...

The computer made me do it.

Can we get a public chalkboard and have VTech write some lines on there? The number infinity looks like a nice number of lines they'd have to write. Oh, invite the other IoT companies too. We should not miss out on the intelligence of the chalkboard of collective fail.

3
0
Childcatcher

Imagine how people would react if a toy maker included on its packaging a notice like this:

YOU ACKNOWLEDGE AND AGREE THAT THIS TOY HAS NOT BEEN SAFETY TESTED AND MAY CAUSE ELECTROCUTION DURING NORMAL USE.

There are very strict safety standards that apply to all toys marketed at children. A toy company that sells a toy that presents danger of electrocution would find itself on the wrong end of the law in very short order. A toy company that openly states that its products may potentially expose children to attack or exploitation and washes its hands of any responsibility must be subject to the same laws.

Now as much as anyone here, I detest the "think of the children" excuse since it has been misused to endorse (or enforce) dubious political schemes so many times, but there are rare occasions when it does have merit. Dealing with egregiously greedy, corrupt and criminally negligent companies like this is one of those times.

52
0
Silver badge

@Steven Roper - First an upvote. I would add that all customers have a reasonable claim against any vendor to treat what ever personal information they may have as the "most valuable thing in the world." Or least to make a very serious effort to protect it. I am not thrilled about breaches such as at Target but Target seemed to vaguely grasp the concept they have privileged, personal customer information. Target's execution, there somethings best left unsaid.

I am not sure what information is being stored but I would not be surprised if the home country does not have some commercial and privacy law, however weak, that demands some minimal data protection efforts. It sounds like someone may get an all expense paid, multi-year stay at the Big House when the dust has settled.

2
0
Silver badge

"I detest the "think of the children" excuse since it has been misused to endorse (or enforce) dubious political schemes so many times, but there are rare occasions when it does have merit."

The children are actually a small part of it.

It's Mom and/or Pop that buy the toys, and their credit data is exposed, plus the whole family's privacy being violated by a company whose attitude is, "Yeah? So what? Sucks to be you, we're good, we already have your money loser!"

The only thing that's going to affect them is people wising up and avoiding the VTech brand like the tainted trash it is.

4
0
Silver badge

"A toy company that openly states that its products may potentially expose children to attack or exploitation and washes its hands of any responsibility must be subject to the same laws."

It might even be an excuse for HM Customs to seize all V-TEC goods on arrival since they present a clear risk unless and until the T&Cs are updated to reflect the law. It's not as if the T&Cs could stand up to a legal challenge. Maybe it's time for the CPS to fund a small department to play whack-a-mole with T&C's of various companies, a sample from various types of industries/products being sold to consumers. Being pro-active instead of reactive would probably be cheaper for the country as whole in the long run instead lots of small challenges from the few who can afford it then being settled out of court to avoid an unfavourable ruling.

3
0
Anonymous Coward

Great, blame the user... blame the children...!

Child safety / privacy? Nah lets go get lawyered up!

Where does this toy tat sell its products?

Can people spank them on Amazon or somewhere..

4
0
Silver badge
Childcatcher

Re: Great, blame the user... blame the children...!

Can people spank them on Amazon...[?]

Sure! Here's a listing of their products. I recommend using the review section from the Haribo Gummi Candy Gold-Bears product page as a guide for writing your own.

2
0
Anonymous Coward

I do appreciate that disclosure after a breach can help retain or even regain confidence. Whether it is after a bank-robbery, a data-breach: owning up to having made mistakes is not necessarily bad.

However, this CEO needs his head examined. Simply changing your T&Cs to make your customers sign that only an idiot would entrust the company with their money will invariably come out as "I am not responsible for what happens to your money when you pay me" which will lead to a resounding "WE ARE NOT RESPONSIBLE FOR YOUR POOR SECURITY.....YOU ARE".

Mocking customers killed Ratner's too.

4
0
Silver badge

"Mocking customers killed Ratner's too."

He did it a bit more openly than small print.

IANAL but I don't think this would protect them under UK consumer protection legislation. Less familiar with the rest of Europe but I doubt it would protect them there. US? Maybe someone there knows; is there consumer protection legislation to over-rule contract terms?

3
0
Silver badge

IANAL(BIPOOTI) and I think it is extremely unlikely that there is any country on earth which allows contractual terms to overrule its national legislation. Certainly in the UK it is absolutely the case that it really doesn't matter what companies put in their contracts, if it contradicts the law, it's dead in the water. Restocking fee? No. Must be returned in original packaging? No. etc.

7
0

Re: However, this CEO needs his head examined.

And whatever legal eagle gave him a stamp of approval.

I expect if VTech gets challenged in court, the judge will declare them invalid as fast as the ink on the page dries.

1
0

re: allows contractual terms to overrule its national legislation.

In the US it can get a bit murky, but that depends entirely on both parties negotiating the terms of the contract. 'Take it or leave it' style "contracts require that a "reasonable person" would agree to the terms if openly negotiated. I don't think this one passes that test. Then again, we are talking about lawyers, so the "reasonable person" standard seems to be a bit of an oxymoron.

1
0
Gimp

Terms of Surrender

By reading this comment (hereafter referred to as "$%@&!") you agree happily and with unremitting glee to the Following Terms and Conditions:

1. You, (hereafter referred to as "Sucker") are just SO screwed there aren't even words for it. I KNOW you didn't read this and clicked on the button below like the Pavlovian Turd Pile we have conditioned you to be.

2. Sucker agrees to pay my Mortgage in full every Month on time. You agree to pay for my new Yacht and Bugatti; My Kid's Dental Procedures; Wife's Bust Enhancement and Monthly Maintenance for my, ahem, Mistress.

3. Sucker agrees to these terms with no Limitations or Exclusions whatsoever regardless of Local, State or National Laws. Any disagreements will be resolved solely through the use of Arbitration in the Remote, Inaccessible, Third-World Conflict Zone of our Choice. Otherwise, we reserve the Right to "Interrogate" you Incessantly with a Rubber Hose or our Software, whichever is Worse.

4. These Terms and Conditions imply NO fitness for any given use and BOY will you find out what that means with the "Installation Program".

5. Any other questions or concerns pertaining to the software or the Terms and Conditions are just wrongheaded and delusional. Please consult a Therapist of your choice before bothering us; we're busy people and don't have time for slackheads like you. Sucker.

19
0
Thumb Up

Re: Terms of Surrender

My Lord: I rarely even chuckle at much of what passes for humor on the Web. Your post, however, made me laugh when I first read it, and I still laugh when I re-read it for the umpteenth time. Well done, sir!

2
0
Gold badge
Thumb Up

Re: Terms of Surrender

Best post of this month, and it's only the 9th..

Beautiful, just beautiful.

0
0
Silver badge

Re: Terms of Surrender

Now I fear that this will actually show up in some EULA... First as a joke, and then someone will actually try to enforce it.

0
0
Silver badge
Devil

Re: Terms of Surrender

Does Oracle know that you've posted their Terms and Conditions without attribution?

2
0
WTF?

Uh ?

'Unfair contract conditions' - nuff said.

Chris Cosgrove

1
0
Silver badge

Re: Uh ?

Not even that.

They have now publicly stated that they do not intend to comply with the Criminal Law.

Dear ICO, please "educate" them.

When you're done, EU Information Commission, please also "educate" them.

5
0
Silver badge
Alert

Who manages their legal team?

The mafia?

Don't call the complaint line!

0
0
Silver badge
Devil

Re: Who manages their legal team?

D & D Piranha Bros., Esq

2
0
Silver badge

Re: Who manages their legal team?

In the US they are represented by Dewey, Chethum, and Howe. Their UK legal team is managed by Sue, Grabbitt, and Runne.

1
0
Silver badge

Easy answer

Are you a parent? Then spread the word about how much the company cares about you and your children...

3
0
Silver badge

I've never understood why parents buy this crap

When my 18 month old daughter started messing with mummy and daddy's PCs, I just gave her an old (working) machine to play with; loaded various suitable flash based games suitable for 1-2 y/os and let her loose.

(When I say "old", the machine came loaded with Win98).

It was cheaper, better built and more flexible than anything in the VTech range.

6
0
Silver badge

Re: I've never understood why parents buy this crap

Probably more secure as well...

3
0
Gold badge

Re: I've never understood why parents buy this crap

When my 18 month old daughter started messing with mummy and daddy's PCs, I just gave her an old (working) machine to play with; loaded various suitable flash based games suitable for 1-2 y/os and let her loose.

When you have to pour milk out of the keyboard for the 11th time you'll know, it's better to let a completely useless battery-eating toy die than having to worry about electrical safety of a mains connected device.

However, you do have a point in that it is probably cheaper now. The variables have changed over time - in the days those toys would have been of interest to my kids, "real" computers still had CRT monitors and even 4" black and white LCD screens were just a novelty (I'd say "Luxury" but I don't want to kickstart another "3 Yorkshire men" sketch :) ).

Since then, the price distance between "rubbish you can just bin later" and "old stuff that still works" has shrunk. Given their security issues, I'd say they have even managed to close the gap, probably to the benefit of a whole generation..

0
0
Joke

Re: I've never understood why parents buy this crap

3 Yorkshiremen? Luxury! When we were growing up we had to deal with Four Yorkshiremen!

5
0

In a previous article about security vulnerabilities, I argued that imposing criminal charges for producing an insecure service or product was counterproductive, but there should be serious consequences for flagrant negligence, especially in how the company responds to the issue.

This is one example of where somebody at 'c' level needs to be facing the beak.

1
0
Silver badge

"YOU ACKNOWLEDGE AND AGREE THAT ANY INFORMATION YOU SEND OR RECEIVE DURING YOUR USE OF THE SITE MAY NOT BE SECURE AND MAY BE INTERCEPTED OR LATER ACQUIRED BY UNAUTHORIZED PARTIES"

I suggest making them put that crap on the outside of the packaging, in a large typeface.

1
0
Silver badge
Devil

Correction

"YOU ACKNOWLEDGE AND AGREE THAT ANY INFORMATION YOU SEND OR RECEIVE DURING YOUR USE OF THE SITE MAY NOT BE IS NOT SECURE AND MAY BE WILL BE INTERCEPTED OR AND NOT THAT MUCH LATER ACQUIRED AND PUT TO USE BY UNAUTHORIZED PARTIES"

1
0

Re: Correction

Forgot the last line

...AND WE DON'T GIVE A SHIT. IT'S NOT OUR PERSONAL DATA, SO WHY SHOULD WE?

2
0
Silver badge

Glad I didn't buy any V-Tech stuff for Christmas and I'm not likely to in the future.

0
0

It's good enough for the Queensland Government!

I received a similar reply from the Queensland Government - after sending a completed birth registration form (huge amount of personal information about parents and newborn child) in clear text via email via an obvious logic flaw in their web app, rather than fixing the issue, they instead said I "impliedly consented" because I had provided my email address, and just to be sure, they told me they were updating the terms of use to specifically include a statement that you agree that security of email communications are your problem.

2
0
Bronze badge
Mushroom

I love the unfair terms in consumer contracts regulations 1999

which basically enforces the EU Unfair Consumer Contract Terms Directive 93/13/EEC

provides that an unfair term "shall not be binding upon the consumer".

every country should get one

3
0
Silver badge

late to the party here but seems to me that vtech are just stating the obvious. I wouldn't give their various bits of crap house room, but the fact is that using the internet for anything leaves you vulnerable to some degree. latest example I can think of is the proposal to spaff bank details via a common api. vtech have been underhand with the ts and cs (which is hardly new) and it looks as though they aren't even trying, but functionally the end result is pretty much the same. for example consider Google voice search vs. Amazon echo vs. vtech piece of plastic crap. not much in it IMO.

0
1

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2018