48 comments

[ 4.7 ms ] story [ 92.1 ms ] thread
Excerpt: "it also vastly expands the universe of things that could go wrong, particularly when it comes to privacy".

Very funny, from an article sitting in a web page filled with tracker scripts and whatnot.

Indeed. I got 9 Ghostery blocks there.
"Just because I know how to write PHP doesn't mean I understand these vulnerabilities at all."

Ouch.

You need to know a lot more than PHP to make your toaster talk to your dishwasher. And I'm pretty certain it's not the Maytag Man who's going to make it happen.

The concern over securing mesh networks is real, but the argument in the article is terrible.

I don't know... a lot of terrible wifi router software is written in PHP, and it's not clear that you can expect something different from your microwave.
Honest question: under what circumstances would it be beneficial for my dishwasher to be "smart" at all, let alone be connected to the Internet?

If that isn't a demonstrative example, what specific devices _would_ be useful to have Internet connectivity, and in what specific ways?

Send you a text when it is done or out of rinse aid. The text would actually go to your sibling so they can do their new chore.
A smart dishwasher could be programmed to run at the point in the day when your solar hot water heater reaches a certain temperature, or when electricity prices reach a certain level.
"Hey Steve, normally, it's not your turn to do the dishes, but I see that John is out of town this week. Better get on that!"
"hey Steve, we see you've eaten Hamburger Helper and Kraft Macaroni and Cheese three times this week. Would you like to learn more about dating services in your area?"
There are a bunch of specific devices that I would really like to connect to the internet:

Irrigation system: I shouldn't need to punch buttons on a controller box outside in the rain.

Anything with a clock, e.g. microwave, thermostat: It should get the right time itself.

Pool heater: I should be able to control it from the house and check the temperature.

Barbecue: It should let me know if it was left on (like happened yesterday).

Freezer: It should let me know if the door is ajar, before everything thaws.

Alarm system: monitoring and control.

Stereo: should be able to control from my phone.

Washing machine: notification if I left wet clothes in it, or if it goes off balance and stops.

These are mostly available now, but not in an easy-to-use way. Home automation seems to be like the home computer industry in the 1970s: you have to really want to do it, you need to be a bit of a hacker, it costs a fair bit, and what you end up with is pretty primitive. I think there's a huge market for someone to solve home automation. What I want is when I buy an irrigation controller from Home Depot (for example), it "just works" as part of a home system.

Edit: A couple people asked why connect to the internet? I should be able to do these things remotely, e.g. from the office or my phone.

a_c_s mentions that the time tinkering could outweigh the benefit. That's kind of what I'm getting at with my 1970s home computer analogy - you could do e.g. word processing back then, but it wasn't worth the difficulty for most people. Now non-technical people can buy a computer at Best Buy and easily do word processing. Likewise, home automation needs to become something that is built in to products and "just works" by default, rather than something for hackers.

"It should let me know if it was left on"

That is my #1 use case for me - I would love to have some view of our home to tell me that I haven't left anything on when we go away for a few days.

I once left the burner on for a few hours, it was so scary when I realized it.
I left an oven on overnight once. Not really dangerous, but felt really stupid.

Though to be fair there wasn't any visual notification of its state - the light is only on when it's preheating.

I eventually found a solution to being neurotic about turning things off - when we go away I go round and take pictures on my phone of all the things I would worry about.

The interesting thing is that I never need to look at the pictures - the mere fact they exist is enough to keep my happy....

[My family do indeed think I am crazy]

Most of those are reasons to be connected to a home network, not "The Internet."
With the exception of perhaps your security system (which is already possible), why would any of these need Internet connectivity?

I can see them being WiFi-enabled and able to talk to each other and some type of centralized control system in the home, but why would that need to connect to the Internet?

IP is a universally supported networking protocol. The alternatives seem to be industry-specific or worse.
Thanks for enumerating this.

However, for me, the amount of time 'saved' for tasks like this seems like it could easily be outweighed by having to spend even a minimal amount of time tinkering/debugging the setup of these devices.

Given that my phone sometimes forgets which wifi network to use, I can only imagine having to reconfigure my microwave, washing machine, stove/oven, dishwasher, stereo, etc. occasionally. If each device forgets the wifi network infrequently, like once every six months, that means 12 times a year I have to configure wifi one of my six smart devices. This amount of reconfiguration is more time/frustration/effort than would be saved by the kinds of notifications listed.

I agree, but ideally they'd be wired in. Perhaps new homes at one point will have Ethernet ports behind your stove, microwave, etc.

It's interesting that you chose 6 months, because that's how often you have to change the time. :D

Funny how the actual API we want on 90% of these devices is actually all pretty similar:

Read/write the on/off mode, and get text notifications with severity (Info/Warning/Emergency). This is not some nightmarishly complicated interface. I'm sure we can all visualize what a good cellphone app would look like.

It seems like the big hurdle with home automation is the lack of a standard server for all the client devices to connect to. The challenge will be getting these disparate appliance companies to sit down and agree to anything... that won't happen until a big player gets enough of them onboard to make it a "must-have" feature.

Remote temperature monitoring (and control). Current devices at least feel expensive, and they are generally some combination of arcane and crappy. I guess Nest is figuring this space out.

At a low enough price point, being able to turn off lights and stuff like that is great, especially if there isn't much setting up involved.

Lots of other things benefit from some sort of connectivity, being able to do data collection and monitoring over a network enables a much more passive approach (which I expect means more people will take advantage of the opportunity...).

Remote diagnostics. The technician should already more or less know what is wrong with your machine before leaving the depot, which means s/he will already have the right parts / tools to get it fixed.
Dish-washer is actually one of the devices I'd most like to be internet connected. Unlike a washing machine, the dishwasher is a cleaning implement that's I always keep loaded and ready to go. Detergent in the dispenser, full of stuff to wash. So being able to activate it remotely is handy. Also, getting a message to my phone when it completes would be handy. Same with washers/dryers - notification that the cycle is over and user intervention is required would be handy.

Remote status information on my oven and smoke-detectors and furnace and water-heater and water-detectors, while expensive, would also be fantastic peace-of-mind for the worrywarts among us - at any moment you know if your house is flooded or burning or whatever.

"...under what circumstances would it be beneficial for my dishwasher to be "smart" at all..."

An alternative that I haven't seen mentioned, but is supported, for some appliances: Your electrical or water supply utility could tell your dishwasher to delay its cycle in order for the utility overall to better balance its load.

If security cameras teach us something, is that they are riddled with security bugs, never updated, and with hardcoded backdoors/admin passwords. The internet of things have high chances to make that problem worse, as it will give remote action more than just monitoring.

And that without even taking into account our friends at the NSA and similar, that will require remote access to anything popular.

I disagree that the wifi is a terrible single-point-of-failure. The chief concern in privacy security is not a criminal on the street or a member of your local police department - it's a vast swarm of overseas hackers or massive advertising conglomerates.

For that case? Keeping the data in your home is fine. Doubleclick and Tribalfusion aren't going to be wardriving your neighborhood.

Honestly, I'm waiting for somebody to make the one-stop zero-configuration grandma-friendly home server device. Something that gives you a DropBox-like file-server with optional internet-cloud mirroring, has a media bay with one-button backup functionality so you can easily get a detached hard-copy, runs a Print server and DNLA, its own Gmail-like webmail/imap system. If you make it a wifi router, it can also run its own domain and whatnot. The problem, of course, is half the ISPs provide a wifi router that isn't grandma-friendly to configure.

Have all your home devices talk to that thing and not the Internet.

I like that idea a lot. I would throw money at it.
Part of it is just imagining a device where you put in one name and a wifi/family password and suddenly this name gets you

1) SSID (say PxtlFamily)

2) Local domain-name for accessing your intranet (http://PxtlFamily) with your imitations of gmail, drive, picasaweb, and the admin panel, with a built-in loginless "family" account for shared stuff. Access to the same files via an FTP server and DropBox-like application.

3) Dynamic Dns public domain name provided by the vendor (http://PxtlFamily.Dyn.Org) for anything you want to show to the wider internet (which is nothing by default).

4) Email domain (user@PxtlFamily.Dyn.Org)

5) samba file-server name (\\PxtlFamily) to access to the same shared folder above.

Boom, you give it a name and a wifi password and you get all that. Use the wifi password as an access password for wired ethernet connections. You're relying on your wifi to provide security, but that's the most you can realistically expect from home users anyways.

Then you can let users create their own accounts for all the private stuff. Just let them make their own accounts since they're already semi-trusted since they've got the Family password.

Obviously you would want to offer the users more granularity in configurations as they want - support for encryption, rights controls, etc. But this is the bare-minimum "I buy it and I give it a name and a wifi password". You give users a massive motherlode of functionality and it's more secure than just about everything on the internet because it's not on the internet.

Just stick a cheap cellphone touchscreen on the darned thing for admin actions until the user gets around to setting up an admin account.

The amount of software you'd have to write to create such a thing would be a beast though.

But then the fridge maker wouldn't have "anonymised usage statistics" (to sell) so where's the incentive for them to make a smart fridge?
Charing you $10 more for a fridge that saves you $5 on your power bill every year. Differentiating is really hard for white goods manufacturers, so they tend to end up with commodity levels of profit on what they sell.
The router is a single point of failure if it's what's hooked up to your modem, especially now that routers frequently come with questionable built in services to make your shares and such available remotely and often have very questionable decisions made when it comes to their web interfaces and even basic things like password storage.

Now that may be different than 'wifi,' but color me surprised if in the average home with wifi it's not emanating from a questionably configured router running questionable firmware with a direct connection to the Internet.

Saying the router is a single failure point is a backwards way of saying, let these "things" talk to the internet in other ways too!

If the router is properly configured (i.e. the way the owner wants it), it can be a single point of control - and that's the best case.

The real threat, mentioning which would have justified the title, is that people may not be able to opt out of all the "things" reporting to outside parties.

I got to 'Ten years ago, the word "smartphone" didn't exist' and stopped. I know it's just a topic-establishing observation, but it's terribly incorrect.[0] If the writer couldn't be bothered to check that basic claim, I can only assume it's a fluff piece.

[0] http://www.zdnet.com/microsoft-launches-smartphone-assault-3...

Linked article is just over 11 years old. Is the author's rounding of 11 years down to 10 that offensive?
Actually, yes.

It wouldn't mind if the term originated 11 years ago and the author stated it was coined 10 years ago. But the author claimed it was less than 10 years old, and the term was around for many years before 2002--I just found that article as a quick example for younger readers who might think the term "smartphone" developed as a generic word for "iPhone-like device"--it may seem crazy, but some people actually think this, and the article's opening supports that narrative.

Inaccurate, unthoughtful statements like this lead us to forget history, and they especially do a disservice to articles contemplating developments in the near future. I think it's relevant to the article that "smartphone" was a part of tech and business life and news before it became a household term--these products see a lot of development and a niche user base before, suddenly, everyone has them. That nascent period, during which products' dangers can be considered and hopefully diminished, is essential.

How hard would it have been to pop over to Wikipedia and read that Ericsson used the term smartphone in 1997?
The scariest part about the internet of things is that we're apparently doing it without discernable purpose that delivers benefit to the consumer.

In the 90's, our refrigerators were going to tell us that we're out of milk. Now our refrigerators are going to be linked to some smart grid that will let utilities shape our electricity demand. (Presumably via punitive costs)

As a consumer, I say screw the internet of things. I don't want my fridge letting Heinz know when I'm out of ketchup so they can push ads to me, and I don't want my dishwasher usage habits or thermostat settings available to government agencies for "any legal purpose" or my utility company demanding that I stop making ice during peak electric demand periods.

> Now our refrigerators are going to be linked to some smart grid that will let utilities shape our electricity demand.

This is already happening[1] in Ontario: homes are encouraged to have smart meters manage your central air/central heating. You may adjust the internal temperature to your liking, however there is no guarantee that it will truthfully report the temperature.

I've personally experienced such deception where I would adjust the settings and the internal temperature would move to the new target without any air-con/heating being activated. It's quite frustrating because then I would further fiddle with the temperature, and then it would be too hot/too cold.

[1] http://www.energy.gov.on.ca/en/smart-meters-and-tou-prices/

I don't want my fridge letting Heinz know when I'm out of ketchup so they can push ads to me either. But I'd like my fridge to tell Amazon so that new ketchup arrives when I need it. + obligatory mentions of security, privacy, etc..
>my utility company demanding that I stop making ice during peak electric demand periods.

I think this statement communicates a fundamental misunderstanding of the energy use management implemented by the SmartMeters, or an attempt to villify a fairly clever project that has the potential to save tons of electricity.

For one, the SmartMeter system is entirely voluntary, and can be taken out at any time. For another, at least where I live, it applies only to A/C, and only will shut off one time, for one hour, once every week during peak usage.

Please do not present promising technology like this as some kind of Orwellian spectre of tyranny. It's really not.

>For one, the SmartMeter system is entirely voluntary, and can be taken out at any time.

Lol, this is often how compelled compliance works, you begin with voluntary adoption.

This is promising tech but not believing any and all data will be saved and used for every conceivable purpose including oppression is an obvious feat of delusion -- have you had your head in the sand this year?

It may sound unfair to a practitioner in the energy space. I have friends who are energy engineers who are very passionate about things like peak load demand and the potential to have a positive impact, especially from an environmental standpoint. My post would probably be a little offensive to them.

The problem is, while I trust the engineers, I don't trust the policy makers. When a large industrial customer or a big data center negotiates a curtailment program, they have lots of leverage to achieve a mutually beneficial arrangement. As a consumer, I have no leverage -- at best, I may live in a state with a public utility regulator actually thinking about the public interest.

These types of technologies need strong privacy and consumer protections codified in law to be trustworthy. I don't see that happening, and until it does, I consider it harmful.

>As a consumer, I say screw the internet of things.

I think this is attitude is throwing the baby out with the bathwater and just assuming the worst. The usefulness of knowing when something in my refrigerator is outgassing something harmful, remotely accessing how much flour I have left so when I am at the store I don't overbuy, or dialing in my energy usage are all very smart and efficient uses of the technology that make my life better and more cost effective.

As with everything the key to adoption is getting the user interface correct. The companies who are working on these things just haven't gotten that part right. I think it will take an industry approach to make these things work; a naiive example would be a milk carton that by default talks to the refrigerator about spoilage and quantity levels.

The engineers mostly understand these Things, but they do not have the same priorities as consumers, nor do they care about privacy, security, safety (apart from compliance with regulations). A good example is the recent trouble with LG smart TVs "phoning home" and LG telling consumers basically to suck it up since they accepted the ToS.

Regulations cannot fix this or prevent abuse / privacy intrusions any more than the law can prevent illegal NSA wiretapping. Consumers will never be informed enough (they mostly don't care, or do not have access to a thorough analysis of these devices' behavior), so we're basically doomed.

I predict "Your Home IoT Firewall for Dummies" is going to sell big.
IOT engineer here. As much as it hurts, I have to agree with the spirit of this article: we, as the industry, are simply not prepared.

Your average embedded engineer does not care much about security. When you launch a hardware product, the things you care about are stability, EMC compliance, extending battery life, getting the production chain right, packaging, cost optimization and squeezing every damn bug that causes random faults (remember, this is embedded, and pretty much any exception is equivalent to an instant device reboot). Security rarely gets mentioned simply because there are dozens of more pressing issues - the most important being getting that damn thing to work. This approach has worked fine for decades simply because there was no practical way of attacking a device - until now.

Firmware has always been riddled with vulnerabilities. It's just the Internet connectivity that suddenly made them exposed.