Does this cross a line? re:locksport WTF

[nine4t4]

A "respected" youtube person has recently provided a video about descrutive entry. To this point he has had items that 'surfed' the line (i.e. bump key). I know there is a line between informing the lock owners and the non-pickers, but this seems over the line. IF WE ARE A COMMUNITY, of hobbyists or security professionals I don't feel that DE is something that needs to be on youtube. But releasing info on how to destroy a lock's chamber retaining cap seems to me to cross a very thick line. And there is a plug for the company that sells them.

Am I alone in feeling that this is an egregious unethical act? As a community aren't we supposed to educate the non criminals? Let them know that smartkey is a stupid lock? Let them know that hardware store locks are REALLY easy to pick. Don't we have a responsibility to keep certain knowledge out of the wrong hands? Why is Destructive Entry a restricted section of this site and some "balkan" picker spreading info on YT. I'm disgusted

[Eazy123]

A "respected" youtube person has recently provided a video about descrutive entry. To this point he has had items that 'surfed' the line (i.e. bump key). I know there is a line between informing the lock owners and the non-pickers, but this seems over the line. IF WE ARE A COMMUNITY, of hobbyists or security professionals I don't feel that DE is something that needs to be on youtube. But releasing info on how to destroy a lock's chamber retaining cap seems to me to cross a very thick line. And there is a plug for the company that sells them.

Am I alone in feeling that this is an egregious unethical act? As a community aren't we supposed to educate the non criminals? Let them know that smartkey is a stupid lock? Let them know that hardware store locks are REALLY easy to pick. Don't we have a responsibility to keep certain knowledge out of the wrong hands? Why is Destructive Entry a restricted section of this site and some "balkan" picker spreading info on YT. I'm disgusted

If it was uploaded in the last couple of days and is the video I think you're talking about, the person has over 1,000 videos on lockpicking and locks, and the user who told him about it did state that his locksmith used this tool on his lock. Not like the dude said "Hey, here's this tool - if you want to break into someone's house use it!"

I personally found it interesting, and always wondered if there was a tool like that out there, but I certainly didn't get so heated over it. Not a big deal.

Now if it's a totally different video, disregard.

[billdeserthills]

nine4t4 I haven't seen the offending video, but I understand your frustration. Over the years I have stopped doing business with many companies who began selling lockpicking tools and accessories, as I never felt they should be made available for sale to the public. I have also found that in many cases these same tools in the hands of the uninitiated
actually brings me more business than not. As a locksmith I get to see the outcome of allowing someone to monkey around with locks that are in use, and it isn't a pretty sight.

[Shackle Jackal]

It seems to me that with the proliferation of information and videos on the internet regarding DE, lockpicking, or locks in general that the tides are changing. Trying to maintain security through obscurity in the age of information seems like a losing battle.

[Silverado]

I have a pretty good idea of the video you're referring to and I don't see the problem. There are thousands of videos out there of people cutting, drilling, torching, and hammering locks to point out physical weaknesses of the locks. This is demonstration of a tool which could prove very useful and profitable for a locksmith. It saves time and you don't completely destroy the lock as a drill would.

I don't see where any lines have been crossed since it's a tool specifically made to do what was demonstrated. There are plenty of other tools that'll do more damage and do it just as fast, if not faster.

[Jacob Morgan]

It would have been better if the video in question went over which locks do not have that vulnerability. Bought one of the brands mentioned (a deadbolt) a couple of years ago from the local home center and it does not have that vulnerability.

The youTuber in question seems to be more about opening doors than locksport--he has also demonstrated bypassing Adams-Rite latches and such. He is probably closer to someone like Mark Tobias than an ambassador for locksport.

Is it just me, or is it an odd locksmith who would use such a tool to open a Kwikset? This approach requires that the lock be taken apart to reassemble it, and that would take longer than my 10 year old daughter would take to pick open a Kwikset.

[pipboujalay]

It seam, in my opinion only. That the youtube user you are talking about has become less and less about lock sports and more about gaining popularity with free gifts. In the early days i learnt alot from this channel but have become less intrested of late.
I think it would be better if this kind of unskilled NDE wasn't so freely available because it is exactly the kind of method that an undesirable might use to gain entry. A bent nail and a rock would do the same job.
But, in the interest of balance is does hilight poor quality, and easily defeated locks that are available to buy these days. The real blame should be put on the manufacturer for selling poor quality products.

[ratlock]

You have all learned a weakness in these types of locks. You have all been made aware of the tool being sold online that defeats these types of locks.
You and the manufacturer of these locks are now well aware of security flaws/changes that need to be made if using/ selling these locks.

Dont shoot the messenger.

[Squelchtone]

Hey there.

Yep, I've seen the video in question.

I think that when watching YouTube,
You have to weigh the person's moral value with their intention of content.

Personally I believe that this person in question, posts his videos for a mixed group of lock sporters & hobbyists, as well as law enforcement, pen' testers, locksmiths.

So, in my opinion as he may seem close to the perverbial line, he is well inside the realm of right, since his intention is for people to NOT commit B&E's.

[Squelchtone]

Hobbs said in the 1800's

"...Rogues are very keen in their profession, and know already much more than we can teach them respecting their several kinds of roguery. Rogues knew a good deal about lock-picking long before locksmiths discussed it among themselves..."

full quote here: http://www.crypto.com/hobbs.html

granted if I totally agreed with that, then we wouldn't have an Advanced section at all and everyone could discuss anything, but dang, that just doesn't seem socially responsible to me to let people post how to get into houses, cars,safes, and vending machines as freely as some wish they could. It's tricky. I don't want to hoard info behind an imaginary wall or obstacle, but I honestly don't want someone using it for ill gains either.

it's certainly a good topic to discuss further.
Squelchtone

[dhk42]

I enjoy picking locks because I enjoy puzzles and I like having obscure knowledge.

I want to know about bypass techniques and vulnerabilities (and picking too) so that I can make smart informed choices about my security product choices. And also because I like having obscure knowledge.

Do I have Medecos on my house? No. I have Kwikset SmarKey locks that I installed before the commonly known bypasses were commonly known (and before I knew how to rekey a lock). Feel free to make fun of me - I would.

I'll get around to changing them, but they are not the weak point in my antique doors with stained glass panels. When I do change them it will not be for anything with a snap on cap, thanks to "that YouTuber's" video.

And why are we tiptoeing around Bill's identity, anyway? BosnianBill has over 1000 videos and I have watched every single one and learned a great deal from them. Even if I am not an expert. Even if Bill isn't. He has gone over lots of bypass techniques which inform my lock choices all of the time. Every time I go to the gym, in fact. There is a lot of value in just knowing how incredibly crappy the typical lock choices are in America.

If vulnerabilities are pseudo-secret then people continue to buy crappy security while the "Rogues" already know how to bypass it. This has always been true, but is especially true in the age of unlimited access to information.

David

[Shackle Jackal]

I think that if the public was made aware of the vulnerabilities of cheaper locks they wouldn't buy such crappy locks, causing the crappy lock makers the step up their game. The cap popper seems like an easy thing to defend against, but only if you were aware of its existence. Take the Master 175, it has had a know defect that can be exploited quite easily for as long as i can remember. Did master fix it ? hell no, people who are not aware still buy that POS, so it is still sold.

[GWiens2001]

Some actually make an effort. When Kwikset came out with their SmartKey padlock, it was on the market for less than a month when I found a vulnerability. Figuring they would not do anything, and that they would not care even if they knew about it, thought I would light a fire and send up smoke signals to warn consumers. Made a video showing how to very easily overcome the lock.

Another member here (and a really great guy - can't say enough good things about him) posted a link to my video on Kwikset's Facebook page. It seems it had their attention pretty fast. Within hours, the video was down, and the member here who posted the video was contacted by Spectra Brands (the parent company of Kwikset). They wanted to know who made the video. Figuring the contact would be for legal action, he offered to be an intermediary between us.

When I was contacted by the representative from Spectra Brands, they informed me that they had been unaware of the vulnerability, and wanted to know if I had any suggestions to eliminate the vulnerability while their engineers tried to figure it out. There were several options, and they implemented the changes. They sent me (and the other member here, who will only be identified if he chooses to do so himself) each 4 new padlocks with the fix, asking that I test the fix, and if I found it acceptable, to please post an update to the comments in my video.

The fix was indeed a proper one. It was a simple and effective fix. Since the locks were still very early on the market, there was very little market saturation. So not many (unknown quantity) were sold without the update. Spectra Brands was very pleasant to deal with, and it was a positive experience.

The opposite has also been true. Another member here had MMF threaten legal action when he posted a video of picking one of their money bags. They demanded he take down the video. He told them "No". As they had no real legal grounds for a lawsuit, they backed off. So the full gambit can be found. You never know what will happen.

So sometimes, revealing a vulnerability will have a company try to fix the concern, and sometimes they do not.

When Commando Lock Company found our lockpicking sites, the president of the company himself offered to send us some locks to test, and to try opening any way we could. He only asked that we make videos of it, and that if destructive entry was used, we post the videos AND send them the locks so they could improve the product. They did a great job, and got some feedback they never would have gotten otherwise.

Gordon

[Jacob Morgan]

There is a lot of merit to finding weaknesses in locks and informing the manufacturer, and if the manufacturer does not respond, then informing the public. Those sort of findings should not be made public right off the bat on youTube, and it was not--it was a known vulnerability of the design. One of the locksmiths on the forum here has been discouraging the use of these locks for a while now, just saying that they had a vulnerability without going into details. Anyone looking at lockpicking related catalogs has seen the tool and knows the vulnerability--and this is just one of many.

However, most of the public has a bizarre response of "well, if they really want in they'll get in; locks only keep honest people out" and will not respond to warnings about easy to open locks. So it does raise the issue of risking aid to a criminal to point out how to bypass locks when the majority of homeowners will not do anything about it. And what of people who live in rental property where it is against the rules to change out locks, and they are stuck with the locks from the lowest bidder?

Personally, I have been looking at posts here for a over a year now and it seems that once every couple of weeks some new person shows up wanting to know how to open something very specific, usually with a flaky story. Probably up to no good. They make their one post then they are gone. They would not likely have the industriousness to learn how to pick, but given a quick and easy bypass, it seems like they would probably put it to bad use. Granted the information is out there, but that takes some effort. If people too lazy to even search out information on-line come here and want someone to show them, then it might be doing some good to not show them.

A while back an inventor in England lamented the demise of the skilled criminal http://www.timhunkin.com/94_illegal_engineering.htm, somewhat jokingly of course. But one of the conclusions one might make is that, in most cases, there is an inverse correlation between industriousness and criminality these days. People who have to work for information will probably not abuse it.

[Ralph_Goodman]

It seems to me that with the proliferation of information and videos on the internet regarding DE, lockpicking, or locks in general that the tides are changing. Trying to maintain security through obscurity in the age of information seems like a losing battle.

Well said.

The only thing that I would add, is that as soon as there is a company selling a product that exploits a specific type of weakness, the cat is out of the bag.

I have seen many bypass tool reviews, and my thought was that it is no more dangerous than lock picking tutorials. People showing others how to do things that bad people could do if they put in the time, effort, and research (which I think is extremely rare, and impossible to stop if a criminal is that industrious.)

The tools are out there for people to buy. (I am not sure if the product in question is only sold to locksmiths, but that never lasts too long anyway with secondhand marketplaces.)

Someone mentioned that they were disappointed that the video did not talk about locks that did not have the venerability. I have to agree that this would have been the saving grace. That would seem to make up for the exposure. If you are telling people that they are at risk of something, you should also give them a solution.

But I do agree that frustration about the release of information is pointless in a time where anyone can upload anything for the world to see.

There is no longer any control on information. And that comes with good and with bad.

I wish the world were some different way, but I don't have the time or the intelligence to change it.