Re: Plastic bag charge
"Why should everyone pay for idiots that don't setup their router/firewall properly for their IoT?"
I understand the sentiment, because we're mostly technically minded here.
But seriously, how many ordinary Joes buying anything from a consumer WiFi router to a {enter latest thingternet appliance fad here} knows or cares about the kind of security we're talking about? He is not going to spend any longer on that device than plugging it in and seeing it do something. That's human nature, right there, plus the fact that (guessing here) 75%+ of the population doesn't understand why a dotted-quad IPv4 address looks as it does. You can't blame them, any more than you can blame a modern car owner for not having a clue what "firing order" means.
I think the solution to this has to consist of at least two major initiatives.
One: revisit some fundamental design and functional aspects of the internet. There is a painful, expensive and absolutely necessary process of reinvention needed here, to fix some decisions which in retrospect were naive, not least to do with DNS routing, authority and who controls what. The price of not doing this could be to lose a critical cyberwar before we even know it's started.
Two: impose a readily and automatically updatable, cryptographically sound layer of protection into every single device that may be net-connected. There would be a big technical, political and economic task, and I don't suggest it lightly, but again - can we afford the alternatives?
Maybe it's time for the internet to grow up. Even if that proves painful.