This was brilliant and disturbing. The legal implications are crazy---even if the owner of the house has agreed to the EULAs of all the devices, their visitors have not. Is their a legal obligation to notify visitors that data about them is being generated, collected, snooped through, and potentially sold?
If people could be made more informed of what their devices are saying (and to whom) perhaps they'd be more reluctant to "smartify" their homes. Transparency would enable more informed decisions.
I'd really really really like to see some AR glasses that would somehow visualize all sorts of invisible things: radio traffic (incl. special indication of weak encryption and non-encrypted communications), ultrasound and infrared tags, location of detectable microphones and cameras - all sorts of things like this, whatever can be detected.
Like, look at the smart TV and be aware that it sends out data (if you're on the same network and can observe the packet headers, maybe also somehow see some details where it talks to). Or see that this store front screams something on an inaudible frequency and worse - that your phone had just replied something as you walked by.
Which is probably not going to happen, not only because it's extremely complicated from the technical side, but because people would freak out over such tech even more than over Google Glass ;)
Hmm, triangulation is what happened to give Strava user's home location away with privacy zones. I also read the other day how multiple mics ("smart speakers" etc) can help locate someone's movement throughout a house. There's also smartphones who have infrared cameras on them like the CAT S60. And there's research where Bluetooth and WiFi can be used to assess if someone's home, and where their WiFi devices are located. Finally, I saw this picture with regards to 5G [1]. None of this is about AR glasses but I still thought it was interesting. Because the AR glasses part -even though AR isn't widespread- builds upon all of the above examples as input data.
An average smartphone contains sensors that can detect any emissions of in wifi and infrared, as well as inaudible audio. While only a portion of what you describe, it's not difficult to imagine an app that could recognize and warn of those things, perhaps even recognize specific devices in the room by their protocols.
It's all extraordinarily creepy because you expect your home to be the safe haven of privacy, but considering how ubiquitous smartphones are and how much of our lives already happens digitally, you could somewhat cynically argue that the privacy loss is comparatively small (because you have very little to begin with nowadays).
But if smart utilities take off, maybe some privacy label for consumers would be nice. Maybe in the future it's a selling point if when device is dumb as opposed to smart and connected. I also somewhat dislike the conclusion of the article that smart homes for everybody are inevitable or necessary. The utility, at least right now, of smart devices seems to be limited, so you don't have even to be a crazy hermit to boycott a smart home.
Not really. Online publishers think that surveillance is free money, so they're always happy to add more. Savvy users block it all. Some day there will be a reckoning.
I think we need to force the reckoning to the forefront, for the sake of the unsavvy. This affects us all, and we need to get out in front of it, before it bulldozes everything.
Yet when I try to tell people why copyleft ala GPLv3 that prevents tivoization is so important I get shouted out of the room.
I should have the ability to root and control the linux on my smarttv. Full stop. This is part of the problem. The same goes with things like phones. This is why both android and ios are NOT the mobile os of the future. They restrict the user from truly owning their device, and I'm fed up with this bullshit.
So remember that next time someone talks about how right Richard Stallman was right and gets downvoted to hell... HN is far too full of businesspeople pretending to be hackers instead of the other way around.
> This is why both android and ios are NOT the mobile os of the future.
I too would like a more open OS for mobiles, but you have to realize that the majority of users doesn't care about this. They are unconcerned about most privacy issues, don't need to ever tinker at a low level with their devices, and they are the ones ultimately deciding on what the future will be. What matters is the UI, and that the various features "just work".
You are in a minority, however vocal, that has little to no say in what the future of mobile OSes should be. My take on it is that whatever will replace android and ios will be even worse on these issues.
Most people don't realize how bad all sorts of things in their life are. (Dietary dangers, sedentary lifestyle, financial irresponsibilities, etc)
That doesn't make them less bad, or less concerning overall.
If you think things in the world should only change because of popular opinion & sales, then things like emancipation, environmental protection, worker protection, consumer protection laws, and other such things would never have happened.
> Most people don't realize how bad all sorts of things in their life are.
I'd say that most people are regularly bombarded by all these issues in the medias. If they still don't realize, then this is because they actively filter them out.
> If you think things in the world should only change because of popular opinion & sales, then things like emancipation, environmental protection, worker protection, consumer protection laws, and other such things would never have happened.
I never claimed that things shouldn't change, only that I very much doubt they will. It's on the opponents to Google/Apple, to convince the majority that there are real issues and that measures should be taken. That's how democracy works, right? And I don't see that happening in the near future. Privacy? We have nothing to hide. Low-level customizability? We only need something that just works. They are the popular answers on these issues that need to be countered.
I don't think it's only up the market competitors to Google/Apple.
The market doesn't necessarily select against negative side effects, like privacy or the environment. Shifts in these need to happen outside the market. Things like legislative protection about rights, environment, and privacy are going to come from minority demands to claim those rights, not from hoping for a majority market pressure against conveniences that sell well.
I wasn't talking about economic competitors, but opponents to Google/Apple in the political area (e.g. EFF), who may lobby for changes. Therefore my note about the democratic process. Minorities may make demands, but whether they pass or not does rest on the majority. Hence the need to sway popular opinion, which I don't see happening.
Most people I talk to have a sense that all of these big companies (and the government) are violating them, but they feel completely helpless and so ignore the issue. It's extremely similar to people in a third world country that know their foods are being adulterated but can't afford imports and still have to shop.
They only have a vague sense, but they don't understand the direct consequences of specific actions.
There's also a belief in the false idea that, "they already have all of my data, so there is nothing I can do about it."
It's arguable that one needs a mobile phone to participate in modern life (and the situation with mobile phones requires fixing as well). It is not arguable that people need to be able to talk to a box that makes them a coffee or turns on a light. I think that most people would not choose the IoT device if they really understood how it works.
The majority of users are not tech aware security engineers. The majority of users (myself included) don't want to spend hours of our lives effectively specializing in android/ios under the hood design, and/or browsing shady blogs and forums looking for ways to root our phones.
Don't underestimate the domain knowledge that you've acquired, and the amount necessary to root a phone, let alone take control of linux embedded in a television. It's about more than just not knowing that we're being spied on. It simply isn't efficient to expect so many people, who have already specialized according to their professions and interests, to also take on this level of domain specific knowledge.
I agree -- people shouldn't have to learn all of that. If the system were designed better, then there would be no need. Right now, it's open season on people who don't understand how things work (and even on many people who do understand how things work). So the system needs fixing.
I'm not sure that might be enough; it can still probably still "phone home" about when it's being used, what devices have been connected to it, etc. See if there's an option to factory reset it.
The problem with "smart" TVs is that infrequently there is no choice but to get those and try to minimize the damage. Despite all their advantages "dumb" TVs are getting less and less popular.
The TV still works if it's not connected to the internet. Just buy a smart TV, never connect it to the internet, and get third party streaming sticks instead.
I wouldn’t be surprised if at some point, the first time you turn on your new TV, you’re prompted with an unskippable “Create your Vizio account” screen or some such nastiness.
Just like rooting/reinstalling your phone, it's important to set it up properly right after you buy it - no excuses of trying out their gimmicky crapware, figuring it out later, etc. This way, you're well within the return window and won't be stuck with defective merchandise.
Vanilla Android does not require any accounts, and Google Play Services allow to skip account setup. However, it could be that some vendors have mandatory account setup in their crapware.
or use a white listing firewall where your data only goes to approved companies. but as you dont or do know how they use the info - its best to desolder any antennas or network interfase.
We need a concentrated effort to move solutions like Ghostery and Ad Block Plus up the chain, from the browser in to the router. And we need to make it user friendly and sexy.
And for what it's worth, I don't like in Ghostery, a plugin I run to try and stem the tide of tracking, how many times it begs me to send usage data and create an account. That's literally the opposite of why I downloaded you, Ghostery.
I rolled with the Badger for a while, but I've moved away from it and toward a more network wide approach. Can't install plugins on my devices, and I don't want thirteen different browsers on my tablet. And my Xbox is stuck with Internet Explo-- I mean Microsoft Edge -- so I need a more comprehensive solution. And this article only points out more reasons why that is becoming necessary.
But my stack is ugly and kludgy and not fit for regular human consumption. We need a comprehensive community effort to make it sexy and easy.
Pi-hole is absolutely the way to go. Not only for the ad-blocking, but for checking to see where your devices 'phone home' to (and optionally blocking that, too).
I've got it running in a Linux container on a Turris Omnia and it blocks over 90% of requests, with nothing to install on the devices.
Once again, one of the biggest underlying problems is "why" - or more technically, what is the use case behind <technology>? This was always a problem back when it was merely "home automation" but as we started this "IoT" craze things only got worse.
I laugh at the ancedote in the article about voice control just behind frustrating and resorting to using the physical buttons.
No one has ever explained why I'd want to remotely control my lights. Or why I would remotely turn on my coffee maker, after I have to physically touch it to prepare it before-hand anyway.
Some amount of this tech is useful when it goes unnoticed and solves real problems. For example, my outside lights turn on dimly at sunset and turn off at midnight, unless there's motion or my garage door is open, then they go to 100%. If no inside lights are already on, the front hall and a couple other lights turn on as it gets dark. This means we never come home to a dark house, but also if we're already home, we aren't having lights automatically changing on us.
I can control many things from my phone, but it's pointless. There's a button in the entrance to the kitchen that turns on several lights (that otherwise require using switches in four separate locations), another that makes them all dim, and another for off. If we leave them on, they turn off automatically by 3am.
So much of these IoT products do not solve useful problems, do not blend seamlessly into your life, and do not even work well in the first place.
these smart homes bring up ethical dilemas. I worked for a company and someone got a home automation kit. It monitored comings and goings. They looked at the logs and realized the dog walker one day did a really short walk.
How do you broach this? Do you bother for an otherwise responsible walker.
I worked for a power monitoring company that put a box in your house, monitored power use for each circuit breaker. The CEO noticed that his house cleaners turned on lights in all the rooms and turned them off as they finished cleaning them.
You can learn a lot from watching a homes power, especialy if its split up circuit by circuit.
When obama said we need a more 21st century efficient power grid, i thought that sounds great. i thought that meant better equipment and lines that doesnt waste as much electricity, nope. it meant 'smart meters' that can tell all sorts of things about us. they didnt want to save electricity, they wanted our data.
The city wanted to install one of those smart meters in my home, i refused. but I was told that unless i have them installed, they would shut off my electricity. Being that they were in a position of power over me, I complied.
I seem to recall a paper about using the noise in the electrical system of a home to determine what appliances were plugged in and turned on at any point in time.
Sidhant Gupta, Matthew S. Reynolds, and Shwetak N. Patel. 2010. ElectriSense: single-point sensing using EMI for electrical event detection and classification in the home. In Proceedings of the 12th ACM international conference on Ubiquitous computing (UbiComp '10). ACM, New York, NY, USA, 139-148. DOI: https://doi.org/10.1145/1864349.1864375
That said: I used to work for a smart meter manufacturer and (AFAIK) we didn't do anything like that. Granular readings were the most important part. Our meters could report in 15 minute buckets, which was useful for tiered billing. Most of the push back against these meters were because they use radios to report readings back and there was concern about radiation. There were people who were building faraday cages around the meters.
> How do you broach this? Do you bother for an otherwise responsible walker.
I believe that it is fundamentally not possible to roll back the degree of surveillance in our global society in an effective way. Our technology is already converging to a near-total degree of surveillance all on its own. The end limit will be Vinge's "locator dust" or perhaps something even more ubiquitous and ephemeral.
I believe the true horror of technological omniscience is that it'll force us for once to live according to our own rules. For the first time in history we'll have to do without hypocrisy and privilege. We're going to learn what explicit rules we can actually live by, finding, in effect, the real shape of human society.
That's not accountability to the people at risk. Trust me, you do not want to have to go to the courts for damages, especially if they were completely nonmonetary...
Where is the code/setup configuration for "iotea"?
Ever since "IoT" started gaining momentum as a marketing buzzword I have been thinking this type of router could be an interesting product for non-nerd users.
Idea: The one device that only the user controls. User veto over all traffic to and from "smart" devices. In theory.
I recall seeing a comment from a Googler on HN once that basically admitted the users only hope for privacy is to control a router.
Not a laptop, phone, browser, smart thermostat, smart speaker, etc.
A router.
Boring.
But not insignificant.
Something as inexpensive and accessible as an RPi was good enough for this user.
I'd rather live with the Amish or with John Plant than potentially be arrested by my own house or car. The house would merely lock me in but the car would no doubt drive me to the police station also.
I'd also rather get up to switch the lights on. Moving about periodically is healthy, right?
> Roomba requires your attention: Your Roomba is stuck.
Why?! When I bought a Roomba a decade ago, it was a decent vacuum that picked up dirt, could not connect to the internet, and never nagged me. Why would I want it to be worse?
As annoying as the "smart homes are annoying" posts are becoming, I really enjoyed the format and the depth of this article. And I didn't know one could buy internet-connected vibrators. That's... odd. I also don't know why these folks were surprised their devices were constantly communicating to their home servers.
My stance on the smart home and privacy phenomenon is optimistic. I think apple will eventually have a fully integrated smart home ecosystem similar to their standard ecosystem now, which will make the process easier in general. Perhaps we can one day have a single device to control every other device, or a few devices which perform multiple functions (such as a bundled music player, television, light controller, air monitor etc) and that such a device or devices will be bundled such that the meta data will contain only information that the device is being used but not which function is employed. Surveillance is unstoppable at this point, and this means that everyone has the ability to watch everyone else, and I think this is a good thing. We already have a good sense when those in our social group are lying, or hiding things, or even when they need help. If governments and citizens alike understand what each party is up to, we can have a fully accountable society, and of course eventually we must negotiate the relevant social rules that keeps this accountability relevant and practical. This is something I believe we have to work with. We have to take responsibility and understand what is going on, and to also take the power into our own hands and create balance. We can figure this out, and I don't believe that necessarily involves destroying the structure of how our governments and corporations do business. It's simply more efficient to restructure, not to totally resist but also not to be completely complacent. and that's all I have to say.
> My stance on the smart home and privacy phenomenon is optimistic... Surveillance is unstoppable at this point, ...
This seems like a clear contradiction, unless your username is unironic. I'm basically pessimistic: surveillance is stoppable, but we probably won't, because we get free cat pictures, and Google has figured out that lobbying is the best thing it can do with its cash hoard. However, thanks to lazy idiots like Equifax, some people are slowly realizing that the surveillance economy may cost more than they want to pay. There are a few crumbs of hope for a positive outcome.
The way I like to phrase it is that the future has two main "attractors": Star Trek and North Korea. If ubiquitous surveillance is unstoppable (and I reluctantly conclude that it is) then the primary differential is whether and how much the folks in power have privacy from the rest of us.
It's worth pointing out that, done right, in return for your privacy you get an end to war and crime. That's a hellofa trade-off.
As a daydream years ago, I thought up a thing: public surveillance kiosks (like the ones I understand they are trying out in New York) that have cameras and large screens. They work by randomly exchanging (nowadays I can just call them) "vines", video snippets, and displaying them. So each kiosk is displaying vines from the others around the zone (city, world, whatever) and there's a very simple UI: tap to rewind, click a button to escalate. Anyone who sees anything weird on a kiosk can easily review it and call attention to it (like 911 but lower intensity.)
This would achieve a monitoring function without any special privileges and with limited privacy impact. It would have to be part of some larger system, but it hopefully gives the general "drift"?
It's also explicitly untrue. Very few people have regular access to my house; even fewer have access to the "private" domestic areas of my house. Losing this perception of privacyand safety can/does/will have real psychological impacts. It's also the cornerstone of psychological attacks - zersetzung - to lose control over your private life.
If people could be made more informed of what their devices are saying (and to whom) perhaps they'd be more reluctant to "smartify" their homes. Transparency would enable more informed decisions.