84 comments

[ 3.2 ms ] story [ 138 ms ] thread
>device sends statistical information (aggregate) to the company

Is there any device/service that does that ? In my (limited) experience working on consumer product, the device sends detailed info that is then aggregated.

I don't know of any, but you might hope that some devices would change from the "sends detailed info" category to "sends aggregate info" as a result of having to declare which they do.
That was exactly the goal, to coerce companies to select the lesser offensive category if their internal needs can be satisfied that way so they will end up moving more product than a party that takes whatever it can get.
Many applications (Firefox for example) send aggregated usage data if you enable telemetry, like how many times you used feature X in the last week. I guess they aggregate it to avoid too much bandwidth usage.
At the point when Google has heard your conversations, knows your demographics, likes and dislikes, and can control your actions and thoughts through search and news feed manipulation you cease to be an autonamous person and become nothing but a neuron for Google.
that may explain why so many developers insist on doing things the way Google does things
That's what google like to think they are capable of, but the 2016 election says otherwise.
Why do you think Google didn't know the outcome?
If Google could, or thought they could, predict the outcome of elections better than the current batch of analysts there would be no reason to keep it to themselves.
They would have every reason, not the least of which is a fear of further regulation of their operations.
That's not even implied. I said Google/fans seem to way overestimate their influence.
Let me quote you: "That's what google like to think they are capable of, but the 2016 election says otherwise."

You said exactly that Google thought they were capable of predicting the 2016 election, and they predicted HRC (and by implication that is what they wanted) but the result proved that they were wrong.

Are you saying Google and it's fans (who?) think they have influence on elections, but they are wrong because of the 2016 results? And implicitly that they tried to skew the results against the GOP?

I just want to point out you guys are talking about 2016 Google, not 2020, 2024, etc.
As much as I dislike using "standards" to solve problems -- I think if there was something like the following it would do well:

1) create a standard that does all of the normal things you would want an IOT device to do

2) turn it into a microservice that runs on standard platforms like AWS/GCP/Azure

3) User buys the hardware, and then essentially pays monthly for the services to the cloud services (potentially thru some kind of wrapper service that makes it easier for them to interact with)

So in the future, you would be able to have something like a vanilla version of what Nest cameras, wemo switches, and random leak sensors and whatever all provide, but you are both the producer and consumer of the data with a cloud service in the middle. Yes, of course the cloud people could spy on you. But its different when you don't have to sign some agreement when you "login" to setup your nest sensor that says you agree to them selling your data.

This is how it should work, and it is exactly NOT how it will ever work, because it turns the manufacturers into commodity providers with very low profit margins. Whereas if they keep the software and the hardware integrated and inseparable they can charge higher margins, and eventually integrate these items in their ecosystem (à la Apple and Google), in which both the user and the company benefit from collective synergy/network effects.
It already does work that way. There are countless zwave and zigbee products out there from companies who don't want data centers. And there are lots others that are Alexa compatible.
Yes.

All the companies that are heavily pushing cloud based IoT stuff are doing it because they think they can make more money via lock in and spying on people than traditional home automation suppliers.

Sounds a lot like the OS/drivers thing :)

You buy a webcam/printer which has a driver, but use it with apps made by others.

So I guess we need to invent "cloud drivers".

whoa interesting idea... so you have your online IOT "OS" / "dashboard" thing that runs on a cloud provider and you install a driver for your new hardware that you just bought at the store.. and "buh dunk" your new hardware shows up and you see your face showing up on the webcam stream.. cool!
That sounds like home assistant icm with esphome. I flash all iot devices I buy with a firmware I trust (or at least is under my control) which is surprisingly easy to do with esphome. I pass a yaml file and a USBtty device to a docker and out comes a new firmware flashed to any of the hundreds of esp32 or esp8266 based iot devices. I have power metering wifi sockets and home brewed breadboards with sensors and 16A/240V power switches all flashed with a firmware the manufacturer has nothing to do with.
> all flashed with a firmware the manufacturer has nothing to do with

I’m as DIY as you can get, and That does not sound like something I want controlling my power socket while I’m not home

Personally, I'm worried about plugging DIY hardware to mains. Software though, I don't expect a typical IoT vendor to write anything but total garbage that's more oriented on spying than on working. I'd happily replace it with OS firmware.
> I'm worried about plugging DIY hardware to mains

Are you saying that those of us designing and maintaining our own devices should be legally prohibited from doing so because it is a public safety hazard, and only corporate designed devices should be considered to be safe and pluggable?

How did you go from "I'm worried" to "should be legally prohibited"?
Your comment is a straw man argument and as such is disingenuous.
No, I only said I won't do it, because I don't trust my soldering skills. But you made me think now and yes, I probably wouldn't be comfortable with someone like me living in the flat below mine, and leaving their DIY electronics plugged to mains.

You'll note that such limits already exist for products on the market - what keeps your neighbor from burning the whole block down is a complex web of legal requirements and means of recourse that force equipment producers to don't cut corners and don't do too shitty designs. They absolutely would if they could, because it would be cheaper, but the law prevents them from doing so. Which is why your neighbor can safely buy a product in a random western shop and keep it plugged to mains - whereas products imported straight from China will happily burst into flames at random occasions, because there is no legal protection that would make these sellers accountable.

Adafruit IO has a very customer-friendly model where you own your data and the client libraries are open source. https://io.adafruit.com/ Not all of the server features are open source, but there is an API-compatible version here that should let you self-host if you want. https://github.com/adafruit/adafruit-io-node
Yes, Adafruit sets a proper example here. They do everything just right.
Those types of devices exist... they are just not very popular because not many people can or want to run those cloud services.
In my personal opinion, which I am fully aware that IoT entrepreneur types will be threatened by, it is absolute madness to upload sensitive personal data such as is collected by IoT devices to servers that you do not personally control completely yourself and which is end to end encrypted if it is not on-site.
You are not the only one. Firewalls cut down on some leakage, but most are inherently not able to function without their cloud master. Sadly the easiest was to secure these devices is with a hammer.
Why does there even need to be a cloud service? Why does my lightbulb need a cloud service? My thermostat? My security camera? If these so-called smart devices really need some service running another computer (rather than the computer on the device itself), why can’t it be my own computer on my LAN, behind my “no uploading” firewall rules?

I had a dropcam for a while. Infuriating device. It records video, uploads it to its cloud service, then when I want to watch the video, the player downloads it back from that service through my same internet connection! what kind of bonehead decided that was a good use of my bandwidth? Why can’t I just connect locally directly to the device and stream video from it? It’s as if someone said “well we have lots of cloud engineers here, so we obviously need to write a cloud service!” without regard to whether it was needed. Or more cynically, they said “We could make it stream video locally but then we couldn’t offer a monthly cloud service for sweet recurring revenue.”

I don’t think anything in our society stops from creating an organisation which could be responsible for creating open standards of running all of these cloud services ourselves.

Apart from nextcloud, self-hosted social networks and sandstorm - what else is there that solves similar problems?

So the question is why does it not exist yet?

Think of it this way - Megacorps once upon a time realized they had a lot of lavatories not really being used. So they decided to start renting them out. That became a profitable business. Thanks to how Corporate Robots are programmed, the moment a profitable business is spotted, the next move is to Scale up.

They got a bit carried away thanks to Moores law making lavatory building cheap, especially if you buy a million at a time and so now we have town sized constructs of just lavatories. And all those lavatories need infinite quantities of piss and shit to justify their existence. Conduct hackathons. Fund incubators. Hire the best and brightest and it's possible to get populations to ramp up piss and shit generation. It then takes armies of sales and marketing drones zigzagging the planet day and night incentivizing orgs and people to ditch their own loos.

The stagnating transport industry (Big Telco) woke up when they noticed people taking shuttles to Mega Loo Plaza and started competing with each other to upgrade their own transport infra all over the world. A confluence of all these factory take us right back to where we started. A lavatory excess. But don't worry the Corporate Robot class is on the case. The goal is to get people to piss and shit 24x7 to utilize that excess (you will notice people who produce a lot piss and shit are encouraged). And things seem to be going well.

And ofcourse you can use your own loo at home. They are very cheap these days.

(comment deleted)
Interesting.. would be cool if 99% of the data was not uploaded but while you are on the go you could optionally have it send you a list of hot spots in the video stream that you could select from.. then that would send to you potentially without a cloud in the middle.. local home servers are great if they are basically bulletproof... I always have the issue that my home server for some reason randomly reboots or Comcast blocks a port or the persistent vpn suddenly disconnects and won’t reconnect.. I’ve just not been able to figure out a bulletproof method so that when I’m away from home I can rely upon it working..
Lightbulbs need a cloud service if you reliably and easily want to be able to control them while you’re not connected to your home network.
Manufacturers like to boast about true but trivial things like "no sugar added". Maybe someone could pick up the idea of "privacy safe" logo to put on packaging of toasters, microwave ovens and (a subset of) TV sets.
(comment deleted)
This is true, but also makes me think of the slightly-misleading ones. I've got a jar of malt rice syrup which is 80% sugar, with a large "no sugar added" label. I wonder how the proposed labels could be abused.
But that’s actually useful information. I don’t think I know anyone who assumes that “no sugar added” means no sugar. I would consider apple sauce and apple sauce with white sugar to be very different even if you cooked them so they had the same total sugar content.
I had very high hopes for Silk Labs (founded by former Mozilla CTO Andreas Gal) to produce a device to compete with Google Home and Alexa in a privacy conscious way. Their claim to fame, I believe, was running all ML magic on device instead of shipping audio off to the cloud. They were snatched up by Apple a while back.
The author conflates phoning home with recording. The reason that guests should be informed of the devices is not because they are phoning home but because they are recording. Even if the recording never leaves the building, guests should be informed that they are being recorded.
I have an amazon fire integrated tv that is constantly attempting internet access at times I’m not even using the device. How do I know amazon is not uploading snapshots from my HDMI inputs? I would like clear phone home labels describing what it’s doing so I CAN leave internet always connected
This is a separate problem from informing guests that they are being recorded, which is what this article claims to be about.
I think you got confused a bit, likely because my writing still needs improvement. The recording/uploading is what got me thinking about all this, the rest of the article is an expansion on that.

So yes, even if the recording never leaves the building guests should be informed that they are being recorded. But those are recordings that the user is presumably at least aware of.

Hence the 'device contains a microphone or camera' category.

Great idea, IMO, but how do you get traction? It's a political/social issue in the end.
As engineers the way could be like this:

- Write down the rules precisely.

- Get input from as many consumer rights organizations as possible.

- Submit the final rule set as a RFC or standard.

- Create a certification process with logo.

- Start lobbying for this certification become mandatory whenever there is a big cybersecurity scandal.

I live in fear of OTA bricking of devices.

Automatic updates have huge pros, but also huge cons that are not being properly addressed by most vendors.

IMO the biggest difference in software now vs 1995 is the ability to incrementally upgrade pieces of it w/ limited user interaction (this is true for consumers and for programmers who are using a library / docker base layer).

Automatic updates are probably responsible for a non-trivial portion of our economic growth. It's worth creating better tools to make them safe & transparent.

> Automatic updates are probably responsible for a non-trivial portion of our economic growth. It's worth creating better tools to make them safe & transparent.

How can they be, if by definition they don't involve paying extra for them, so they have no impact on economic growth metrics themselves?

As for proper addressing, I'd love if either an industry custom or a legal requirement would exist that would make vendors unbundle security updates from feature updates. There were plenty of situations in my life where I purposefully disabled automatic updates of software precisely so that it doesn't accrue bloat or the modern art projects that pass as UIs these days.

Perhaps awinter-py thinks automatic updates have prevented economic losses that would otherwise have happened.
Automatic updates increase the value of software by:

1. allowing companies to charge monthly for 'always fresh' software / services

2. adding free baseline features to OSes and open libraries, and fixing bugs. These improvements are bundled into paid products or used directly to increase productivity or standard of living.

This is an important issue.

I record all my guests in my home. But using my own system. I don't upload it anywhere insecurely or share it with any outsiders because that would be crazy.

Smart folks understand about these various platforms and know to not discuss sensitive issues anywhere within a quarter mile of technology, or with anyone carrying a phone or other device. It's just common sense.

You may want to check the law, there is a good chance that you are in violation of it, many places are 'two party consent'.
No I am not. My system, in my own private home, is entirely legal.
No laws I’m aware of in the US carve out any exceptions for private homes. Even if you’re in a one-party consent state, if you leave the room and no one else in the room has consented you could be looking at a felony.
It's just as I said.

Based on your claim, baby monitors are illegal. Maybe a class action suit against baby monitor companies is a good idea!

So far your only defenses seem to be that it’s in your home, which isn’t a valid defense ; and “I said so.”

Baby monitors don’t record and have indicators that they are active. And it’s still possible to use them in such a way that you run foul of the law.

> Baby monitors don’t record and have indicators that they are active.

Many of them do record nowadays, incidentally to providing internet accessibility.

I can't find a single device marketed as a baby monitor that records audio.

Even if there were such a device, wouldn't that just bring us back to the point of the article? The existence of such a device wouldn't make the device suddenly legal to use without getting consent from the people being recorded.

You're in here in post after post accusing me of being a criminal committing serious crimes.

I'm telling you I've committed no crime.

You say I have. You then say I have no proof I am not a criminal.

That's not how it works in this country. I'm presumed innocent. You want to prove I am a criminal, bring it on Griswald. Bring it on. Call the FBI. Call the state officials. Try to get me arrested for the crimes you insist I have committed. Make a big public case of it, as public as possible. Since slander and libel are also problematic aren't they.

> You're in here in post after post accusing me of being a criminal committing serious crimes.

I made two posts suggesting you might be in violation of the law for your own consideration. I made a third post to someone else about a tangent.

> I'm telling you I've committed no crime.

Yes.

> You say I have.

Nope. I said you might be in violation and I gave reasons. Your responses since then have actually lead me to believe you have no idea whether your system is legal. If you did, I think you'd be able to articulate why your system is legal.

I don't have anything at stake here. If you're in violation, you're the one risking felony charges, not me. If you think it's legal, great. If you don't think it's legal, then get in compliance or don't.

> That's not how it works in this country. I'm presumed innocent. You want to prove I am a criminal, bring it on Griswald. Bring it on. Call the FBI. Call the state officials. Try to get me arrested for the crimes you insist I have committed. Make a big public case of it, as public as possible. Since slander and libel are also problematic aren't they.

I don't know how to help you. This response makes no sense at all.

I think that is an incredibly bad idea, but do you remind them they are being recorded? Have prominent signs to that effect? Are there cameras in the bedrooms?
So, anyone tried Radbot? I really like their approach: "There’s no need for an app or another online password. Do you really want to see more of your radiator? "
subset of device will stop working if the company goes out of business includes device will be rendered useless if company is acquired ... shortly after Google and Nest acquired Dropcam the service became so shitty that I could no longer use it, it would be nice if annual subscriptions included requirements that certain performance thresholds must be met.
Ah good one, totally missed that. I will update the post. Thank you.
> if a device could* function without such a backend it should be able to function without such a backend*

How would the device receive security updates? Or is the hope/expectation that the device would have no security vulnerabilities? (That seems hopelessly naive.)

If it is disconnected it does not require security updates. It only requires security updates when it is online (or is allowed to go online).

Keep in mind that having a remote update process is a security risk in and of itself. So some people might want to opt out from such updates and firewall the device off entirely, if its functionality does not require a live internet connection this should be possible.

> If it is disconnected it does not require security updates. It only requires security updates when it is online (or is allowed to go online).

What about security bugs in a device's offline functionality? For example, imagine a keypad door lock. It can be configured online to add and remove unlock codes and to set schedules for automatic locking/unlocking, and then goes offline for normal operation.

Suppose someone discovers that certain invalid input sequences will unlock it regardless of what codes are set. I'd say that's a security bug that requires a security update, even though what it is fixing is functionality that does not require or use an internet connection.

Whatever mechanism was used to upload the firmware in the first place could be exposed. Having a doorlock that can be configured online is asking for it. That's the kind of thing that will lead to headlines in regular news publications.
I'd like to see pretty much everything that uses electronics inlcude, unless its form factor is such that it is not practical, a USB-C port. I'd like to see this USB-C port used for two things. It's OK if it does more than these two things.

I'm not just talking about IoT devices. I want this for my washing machine, my electric toothbrush, my vacuum cleaner...everything.

1. If you insert a formatted thumb drive that contains a directory with some magic, standardized name (e.g., "DEVICE_INFO"), the device creates a directory under that named after the device, and in that directory writes out a PDF of its manual, install guide, warranty info, and/or whatever other documentation comes with the device. It also writes a text file containing model number, serial number, manufacture date, version information, and stuff like that.

2. If you insert a formatted thumb drive that contains a directory with another magic, standardized name (e.g., "FIRMWARE_UPDATES"), which contains a sub-directory names after the device, the device looks in there for a firmware update file, and if it finds one that is applicable it applies it.

This is a great list. I would add six more:

* Requires a computer with <OS list> to function

* Requires that software be installed from <list of app stores>

* Device data format is documented

* Deivce software can be replaced with independently developed software, but might require NDA or other agreement with the company

* Device software can be replaced independent of the company, but might might require NDA or other agreement with a third party (chip maker, etc.)

* Hardware is fully documented

Wow, that's a great addition, I will update the post. Never even thought about these. Ok done. I merged two of your points and added yet another one.
I think a couple of these stretch the credulity of being criteria of a “safe” device, compared to your original list.

The hardware/software must be fully documented reads as “must be open source”. There needs to be some incentive for quality vendors to get in the game, and most (all?) of them want to take some measures to ensure no one steals their design.

Open means auditable which should be safer, and also will help to keep the device running if the service on the other side disappears.

After all there are trade-offs here, for instance one device might be open source on the device but talking to a service vs a closed source device using an open protocol.

My own main gripe with the idea is that people in general just don't seem to care at all, it's just a few hardcore tech people that see where this is all headed.

The most important thing is still missing:

* Device will receive security updates until <date>.

It always astounds me that the Android security update debacle has not made this a mandatory statement that all devices must contain. Of course this needs to be backed up with a consumer law to allow returns of all devices for a full refund which have a vulnerability which is unpatched 90 days after disclosure.

How about: Escrow: device software (firmware, operating system, application and back end source code and binaries) are kept in escrow, and will be released as public domain should the company cease to provide the service for more than 3 months, or fail to release security patches for any remote compromise in less than 6 months.