I think a common factor on why torrents are having a resurgence and illegal streaming services are getting more traction, is subscription fatigue. Subscription fatigue doesn’t only contain itself to streaming services, movies or music, nowadays you’re also expected to subscribe to every app you download. Whether it’s a meditation app, a budgeting app (looking at YNAB that went from a one-time purchase to a really expensive subscription model), the Adobe suite, the MS Office suite, your Peloton bike that you’ve already paid hundreds of dollars for (referencing the earlier article on them establishing a startup fee for buying used bikes), or a podcast app where the money doesn’t even go to the podcasters themselves.

Is there a peak for this? I feel like subscriptions are becoming more of a rule than an exception. Having the ability to directly purchase digital goods seems more like a thing of the past. It’s just so stupid. But apparently people don’t care? They just keep paying for this? Apparently it’s still worth it for companies to establish a subscription model, even if there are no benefits for the customer, just the company. What are your thoughts? What can we do to stop it?

  • tias@discuss.tchncs.de
    link
    fedilink
    English
    arrow-up
    5
    arrow-down
    5
    ·
    3 months ago

    Something like myfitnesspal or a thermomix shouldn’t be a subscription, there is no major updates to how someone tracks their exercise uses a hot blender that justifies it beyond users being locked in.

    I won’t dispute that both of these likely abuse the subscription model for their benefit. But they definitely have a social responsibility (and in many cases a legal responsibility) to keep updating the software in these products and the network infrastructure that go with them. The internet of things is one of the most vulnerable attack vectors we have. It has been exploited many times not just to attack individuals, but to create massive bot nets that can target corporations or even countries. The onus is on the manufacturer to continuously keep that at bay. You know what they say - the “S” in “IOT” stands for security.

    • overload@sopuli.xyz
      link
      fedilink
      English
      arrow-up
      5
      arrow-down
      1
      ·
      3 months ago

      I agree that IOT things need to be secure. Is it really too much to ask that apps/devices are made secure from the ground up?

      To stay on the thermomix, all the subcription is is a connection to their servers to give access to their live step by step recipes. Surely that’s just a secure end-to-end encrypted connection? I’m not a developer but it doesn’t sound like buyers should be expected to pay the manufacturer to maintain beyond buying a thermomix/upgrading to new versions of the hardware when they want to access any new features.

      • tias@discuss.tchncs.de
        link
        fedilink
        English
        arrow-up
        4
        arrow-down
        3
        ·
        edit-2
        3 months ago

        Is it really too much to ask that apps/devices are made secure from the ground up?

        In a way, yes. They can and should definitely be made with security in mind from the ground up. But they will never be totally secure, and a necessary part of what constitutes a “secure product” is to continuously and quickly patch security issues as they become known.

        Surely that’s just a secure end-to-end encrypted connection?

        I would bet it’s still a bit more than that. But even if it’s just a secure end-to-end encrypted connection, here is the list of vulnerabilities fixed in OpenSSL (which is probably what they use for secure encrypted connections). It’s five so far in 2024. Then there’s some OS kernel below that which can have security issues as well. The Thermomix probably also has user authorization components and payment methods, plus various personal information that has to be protected under GDPR.

        • overload@sopuli.xyz
          link
          fedilink
          English
          arrow-up
          5
          arrow-down
          3
          ·
          3 months ago

          Hmmm… okay it sounds like the subscription model does actually make some sense for devices that need to maintain an internet connection/IoT applications. Thanks for taking the time to enlighten me.

    • Venia Silente@lemm.ee
      link
      fedilink
      English
      arrow-up
      3
      ·
      3 months ago

      I won’t dispute that both of these likely abuse the subscription model for their benefit. But they definitely have a social responsibility (and in many cases a legal responsibility) to keep updating the software in these products and the network infrastructure that go with them.

      I mean, it would be zero cost if it was a fucking normal device. Someone had the idea that a juice squeezer or a toaster should be online… for… what, exactly? Remove the online (or even better, remove the software), you completely remove the cost that you want impugn on the user with “subscriptions”.