iRex wants to remotely kill your iLiad!

TadW · 08-04-2006, 04:20 AM

Our friend scotty asked iRex for a way to remotely kill your iLiad (I assume to prevent thieves from stealing your precious content). The response was very interesting:

Fully agreed. We have three items in our development plan:

timer support so the iLiad can download content or software updates at preset intervals (ones a day during the night or every "x" minutes)
when the iLiad is reported stolen make it useless the next time it connects (or remove all content when it connects, or both, not sure yet)
protect the iLiad with a pin-code after boot-up

I cannot wait for the first hacker to breach into iDS and disable all iLiads out there. Talking about collateral damage

R2D2 · 08-04-2006, 05:00 AM

Then we would really need ANOTHER meditation thread. ROFL

drogo · 08-04-2006, 11:10 AM

Hmmm. I have to say that this makes me glad that I'm waiting until the final version before purchasing one. I really like the eink display, but I do NOT like the idea that they have the ability to disable my device remotely.

I know, I know, (if you're reading, iRex) it will only be used in the case my unit is stolen. But what if there's a bug somewhere that activates it by accident? Or, as TadW said, someone finds an exploit?

iRex needs to look at how the other heavy-handed DRM "solutions" have worked out. (The Original) Divx, Gemstar's ebooks, Librie, etc. In all this work to block out "un-authorized" access, they're negatively affecting the honest user's experience. You know, the ones that pay them in the first place?

If they really insist on this "feature", I think it should be optional. If someone wants to have it loaded to their iLiad, they should sign up for it online, then connect in, and have it pushed down. But having it go out to everyone automatically.....not a good idea in my book. And unfortunately a deal-breaker.

scotty1024 · 08-04-2006, 11:20 AM

Only a certain class of paranoid would use this feature, others will be too paranoid to use it. :-)

This will be an important feature for government and corporate users. Especially for the VA and certain Fortune 500 corporations that have been embarrassed lately by missing data.

rlauzon · 08-04-2006, 12:52 PM

I agree, it should be optional.

I can see certain people, like government employees for example, who want to keep documents-that-aren't-quite-public on it. And if the unit it "lost" they would like to have the ability to remotely disable it to keep the documents as secret as possible.

I can also see vendors who tie their service to the iLiad (like a news site that lets you buy an iLiad for a discount if you sign up for a 2 year subscription) who would want to be able to remotely disable the unit if you fail to live up to your side of the agreement.

But I can also see definate issues - like a software bug that accidently sends out kill messages to many iLiads - that would make customers very, very, very mad.

Personally, I think that the locking PIN number is the best way to go, with an option to wipe the memory if you can't enter the PIN.

Then, for the subscription services, iRex makes a special build for them with the kill option in it.

deadite66 · 08-04-2006, 12:59 PM

wouldn't large files be on MMC/SD/CF though

Alexander Turcic · 08-04-2006, 01:13 PM

Exactly, what about content stored on external media? Do they want to encrypt the entire flash stick? Otherwise, I don't see a PIN code as a reliable protection against stolen content.

NatCh · 08-04-2006, 01:32 PM

Quote:

Originally Posted by Alexander Turcic

I don't see a PIN code as a reliable protection against stolen content.

Ah but the question isn't will it work, but rather do the folks asking for it think it will work?

In my experience with government, in particular, what they ask for is often far more important to them than whether what they ask for will do what they actually want it to do. (shrug)

kusmi · 08-04-2006, 02:37 PM

But also a delete command sent from iRex will not solve the external-media (CompactFlash, ...) problem. The criminal could still remove the flash-card from the device and has access to the full content - before even iRex has a chance to send a delete command to the device... so for me this "deletion command" makes no sense...

Having a PIN and "encrypted" data on flash is a way, but for me this seems quite an overkill for such a new product like the iLiad (at least for me this encrypting thing is not very high on my roadmap :-)

scotty1024 · 08-04-2006, 04:08 PM

Quote:

Originally Posted by kusmi

But also a delete command sent from iRex will not solve the external-media (CompactFlash, ...) problem. The criminal could still remove the flash-card from the device and has access to the full content

Which is precisely why some corporations are putting super glue into the USB connectors of their PC's. Sensitive corporate data on USB media is a looming issue.

It wouldn't surprise me if corporate iLiad's had an ability to restrict external storage to "install only", no ability to view content from external memory devices to help protect from sloppy security on the part of employees.

A key point I'd like to make is that these people so far don't appear to be stupid. If irex implements a remote kill feature in iDS I don't think we'll see someone rolling out of bed one morning and discovering that their iLiad is staying it was stolen after it connected at 3am to get the daily paper.

They have taken a big step in making these machines available to everyone at this early stage. We all have a unique ability here to help shape the future of this device. I hope that everyone can treat irex with respect and not run around insulting their intelligence.

Otherwise, Sony will just sit there in Tokyo laughing their asses off over this furor and pat each other on the back for not exposing themselves to this kind of treatment.

firekat · 08-04-2006, 09:50 PM

Here's a novel idea - if you deal with "sensitive" material maybe you shouldn't be removing it from your workplace. If you need to get to it while at home or on the road maybe you should connect to your work computer on a secure internet connection.

iLiad Password Access Idea - Good.

iLiad Remote Kill Idea - VERY BAD!

I have enough problems in my life with the U.S. Government - Big Brother constantly in my business and personal life. Why I should let someone else into it, to control something that I bought is beyond me. Your giving too much control to others. This Remote Kill is akin to buying a car and giving the keys to the dealer so they can take it back when it suits them.

Suggestion: People that handle "sensitive data" should be more responsible. Safeguard your sensitive material sufficiently so that others (those that would be affected by the loss and those that have deal with the otherwise draconian tactics invoked to deal with the perpetrator's lack of due dilligence) will not have to suffer the consequences of irresponsibility.

FYI - I got a letter from the VA telling me that my personal information was jeapordized. That makes me very angry that some bonehead did that with my data.

The rest of us should not have to suffer such extreme tactics as "Remote Kill". The whole concept irks me to no end. I wholeheartedly resent the inference that this "Remote Kill" is required functionality. Just say NO to it! Thanks a lot!

Good Luck To Us All!

astfgl · 08-04-2006, 10:58 PM

Quote:

Originally Posted by Alexander Turcic

Exactly, what about content stored on external media? Do they want to encrypt the entire flash stick? Otherwise, I don't see a PIN code as a reliable protection against stolen content.

That's one of my planned peojects - get FUSE and encfs running, so I can keep personal documents on removeable media. A random layout on-screen keyboard is simple, or even tap codes with the pen. ;-)

This may require modification of the file chooser, as a different mount point may be needed, or it may be as simple as replacing the auto-mount script for storage devices with one which detects an encfs partition, prompts for the passphrase and mounts it correctly.

SDK in October... Patience, patience...

Gavrahil · 08-05-2006, 03:56 AM

And let's not forget one thing people: the iDS system is a "pull" system. It doesn't get activated until YOU connect to THEM. And I can't imagine any thief going: "Hmmm, let's see what cool new features iRex has for this lovely new gimmick"
And even if he's so stupid to do that, he'll have all the content he needs by then. So this system wouldn't work anyway.
Drop it, it's as bad an idea as brushing your teeth with peanut-butter jelly.

Snappy! · 08-05-2006, 08:31 AM

Consider that if your book gets stolen or misplaced, the finder can read it all he likes. Disabling the device makes it a deterent to steal the device. But what if the owner misplaces it? Maybe it should display a message with email contact to allow the finder to contact iLiad so that it can be returned to the rightful owner?

Guess it cuts both ways. But I can already imagine disabled iLiads piling up some refuse dum.

ElaHuguet · 08-05-2006, 09:05 AM

At least in Spain, our cell phones can be disabled if we report them stolen... so far, we haven't had a massive case of blocked mobiles due to some mistake.

On the other hand, the point given about "if they don't connect, what's the use?" is a good one, password entry makes it generally safer, and some corporations would probably feel better if they had the ability to kill their stolen iLiads. I don't really mind, I have a copy of whatever's on the iLiad on my PC anyway.

08-04-2006, 04:20 AM	#1
TadW Uebermensch Posts: 2,583 Karma: 1094606 Join Date: Jul 2003 Location: Italy Device: Kindle	iRex wants to remotely kill your iLiad! Our friend scotty asked iRex for a way to remotely kill your iLiad (I assume to prevent thieves from stealing your precious content). The response was very interesting: Fully agreed. We have three items in our development plan: timer support so the iLiad can download content or software updates at preset intervals (ones a day during the night or every "x" minutes) when the iLiad is reported stolen make it useless the next time it connects (or remove all content when it connects, or both, not sure yet) protect the iLiad with a pin-code after boot-up I cannot wait for the first hacker to breach into iDS and disable all iLiads out there. Talking about collateral damage

08-04-2006, 09:50 PM	#11
firekat Groupie Posts: 157 Karma: 314 Join Date: May 2006	Here's a novel idea - if you deal with "sensitive" material maybe you shouldn't be removing it from your workplace. If you need to get to it while at home or on the road maybe you should connect to your work computer on a secure internet connection. iLiad Password Access Idea - Good. iLiad Remote Kill Idea - VERY BAD! I have enough problems in my life with the U.S. Government - Big Brother constantly in my business and personal life. Why I should let someone else into it, to control something that I bought is beyond me. Your giving too much control to others. This Remote Kill is akin to buying a car and giving the keys to the dealer so they can take it back when it suits them. Suggestion: People that handle "sensitive data" should be more responsible. Safeguard your sensitive material sufficiently so that others (those that would be affected by the loss and those that have deal with the otherwise draconian tactics invoked to deal with the perpetrator's lack of due dilligence) will not have to suffer the consequences of irresponsibility. FYI - I got a letter from the VA telling me that my personal information was jeapordized. That makes me very angry that some bonehead did that with my data. The rest of us should not have to suffer such extreme tactics as "Remote Kill". The whole concept irks me to no end. I wholeheartedly resent the inference that this "Remote Kill" is required functionality. Just say NO to it! Thanks a lot! Good Luck To Us All! Last edited by firekat; 08-04-2006 at 09:54 PM.

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Sell iRex iLiad & iRex DR1000S	bcabral	Flea Market	10	05-04-2011 02:28 PM
do the softwares work on iRex Digital Reader as they do on iRex iLiad	HiSoC8Y	iRex	1	07-02-2009 10:03 AM
iLiad How to setup your iLiad so you don't kill /	scotty1024	iRex Developer's Corner	5	12-05-2006 03:05 AM
iLiad Good news: kill your iLiad and revive it yourself - soon!	doctorow	iRex Developer's Corner	0	08-08-2006 04:28 AM
iRex iLiad to launch in May says iRex rep	Alexander Turcic	iRex	4	05-22-2006 10:46 AM

08-04-2006, 05:00 AM	#2
R2D2 Mad Scientist Posts: 294 Karma: 242 Join Date: May 2006 Location: Germany Device: Zaurus, HTCMagician, iLiad	Then we would really need ANOTHER meditation thread. ROFL

08-04-2006, 11:10 AM	#3
drogo Connoisseur Posts: 54 Karma: 321 Join Date: May 2006 Location: Virginia, USA Device: PRS-500	Hmmm. I have to say that this makes me glad that I'm waiting until the final version before purchasing one. I really like the eink display, but I do NOT like the idea that they have the ability to disable my device remotely. I know, I know, (if you're reading, iRex) it will only be used in the case my unit is stolen. But what if there's a bug somewhere that activates it by accident? Or, as TadW said, someone finds an exploit? iRex needs to look at how the other heavy-handed DRM "solutions" have worked out. (The Original) Divx, Gemstar's ebooks, Librie, etc. In all this work to block out "un-authorized" access, they're negatively affecting the honest user's experience. You know, the ones that pay them in the first place? If they really insist on this "feature", I think it should be optional. If someone wants to have it loaded to their iLiad, they should sign up for it online, then connect in, and have it pushed down. But having it go out to everyone automatically.....not a good idea in my book. And unfortunately a deal-breaker.

08-04-2006, 11:20 AM	#4
scotty1024 Banned Posts: 1,300 Karma: 1479 Join Date: Jul 2006 Location: Peoples Republic of Washington Device: Reader / iPhone / Librie / Kindle	Only a certain class of paranoid would use this feature, others will be too paranoid to use it. :-) This will be an important feature for government and corporate users. Especially for the VA and certain Fortune 500 corporations that have been embarrassed lately by missing data.

08-04-2006, 12:52 PM	#5
rlauzon Wizard Posts: 1,018 Karma: 67827 Join Date: Jan 2005 Device: PocketBook Era	I agree, it should be optional. I can see certain people, like government employees for example, who want to keep documents-that-aren't-quite-public on it. And if the unit it "lost" they would like to have the ability to remotely disable it to keep the documents as secret as possible. I can also see vendors who tie their service to the iLiad (like a news site that lets you buy an iLiad for a discount if you sign up for a 2 year subscription) who would want to be able to remotely disable the unit if you fail to live up to your side of the agreement. But I can also see definate issues - like a software bug that accidently sends out kill messages to many iLiads - that would make customers very, very, very mad. Personally, I think that the locking PIN number is the best way to go, with an option to wipe the memory if you can't enter the PIN. Then, for the subscription services, iRex makes a special build for them with the kill option in it.

08-04-2006, 12:59 PM	#6
deadite66 Groupie Posts: 197 Karma: 16 Join Date: Apr 2006 Device: irex iliad, uk Kindle gen3	wouldn't large files be on MMC/SD/CF though

08-04-2006, 01:13 PM	#7
Alexander Turcic Fully Converged Posts: 18,163 Karma: 14021202 Join Date: Oct 2002 Location: Switzerland Device: Too many to count here.	Exactly, what about content stored on external media? Do they want to encrypt the entire flash stick? Otherwise, I don't see a PIN code as a reliable protection against stolen content.

08-04-2006, 02:37 PM	#9
kusmi Connoisseur Posts: 73 Karma: 16 Join Date: Jul 2006 Location: Zurich, Switzerland	But also a delete command sent from iRex will not solve the external-media (CompactFlash, ...) problem. The criminal could still remove the flash-card from the device and has access to the full content - before even iRex has a chance to send a delete command to the device... so for me this "deletion command" makes no sense... Having a PIN and "encrypted" data on flash is a way, but for me this seems quite an overkill for such a new product like the iLiad (at least for me this encrypting thing is not very high on my roadmap :-)

08-05-2006, 03:56 AM	#13
Gavrahil Member Posts: 22 Karma: 10 Join Date: May 2006 Device: Sony Librié	And let's not forget one thing people: the iDS system is a "pull" system. It doesn't get activated until YOU connect to THEM. And I can't imagine any thief going: "Hmmm, let's see what cool new features iRex has for this lovely new gimmick" And even if he's so stupid to do that, he'll have all the content he needs by then. So this system wouldn't work anyway. Drop it, it's as bad an idea as brushing your teeth with peanut-butter jelly.

08-05-2006, 08:31 AM	#14
Snappy! Addict Posts: 260 Karma: 4256 Join Date: Feb 2006 Device: SHARP Zaurus C1000	Consider that if your book gets stolen or misplaced, the finder can read it all he likes. Disabling the device makes it a deterent to steal the device. But what if the owner misplaces it? Maybe it should display a message with email contact to allow the finder to contact iLiad so that it can be returned to the rightful owner? Guess it cuts both ways. But I can already imagine disabled iLiads piling up some refuse dum.

08-05-2006, 09:05 AM	#15
ElaHuguet iLiad freak Posts: 339 Karma: 243 Join Date: Apr 2006 Location: Mallorca, Spain Device: iRex iLiad	At least in Spain, our cell phones can be disabled if we report them stolen... so far, we haven't had a massive case of blocked mobiles due to some mistake. On the other hand, the point given about "if they don't connect, what's the use?" is a good one, password entry makes it generally safer, and some corporations would probably feel better if they had the ability to kill their stolen iLiads. I don't really mind, I have a copy of whatever's on the iLiad on my PC anyway.

Advert

Advert