Re: Make secure the default state
Installation processes should establish a non-default password unique to the owner.
So, your grandma is supposed to create unique, complex passwords for her fridge, washer, dryer, toaster, and each individual light bulb? Good luck with those tech support calls. "(sigh) No, grandma, we've been over this. The password for your night light is qZm~7*#dHwU_a. Don't use 0%3Y7_bX-lJr5^, that's for the meat thermometer."
Features that impact privacy should be clearly presented so the owner can make an informed decision whether to use the feature. [...] Features that involve significant safety or privacy risk should be properly isolated from Internet access.
Those features do not exist to benefit the device owner. They exist to collect data which will be monetized by the manufacturer. As long as that's the IOT business model, the only time "informed consent" will occur is the purchase decision.