Slashdot Mirror
Privacy Worries For 'Smart' Smoke Alarms
Advocatus Diaboli sends this excerpt from an article about the data collection capabilities of the Nest Protect 'smart' smoke alarms, and how they could become a privacy concern:
Consider that each Protect is packed full of sensors, some of which are capable of much more than they're doing right now: From heat and light sensors to motion sensors and ultrasonic wave sensors. This simple little device could scrape an incredible amount of data about your life if Nest asked it to: From when you get home, to when you go to bed, to your daily routine, to when you cook dinner. Now imagine how a device like that would interlock with another that you keep on your wrist, like the forthcoming Android Wear. Together, they would create a seamless mesh of connectivity where every detail of what you do and where you go is recorded into a living, breathing algorithm based on your life.
Neither Nest nor Google has stated any intention to turn Nest's hardware into more than it is right now. Protect is an alarm, the Thermostat is a thermostat. But as Google ramps up its vision to connect every aspect of our world, from Android Wear to its acquisition of a company that specializes in high-res, near-instantaneous satellite imagery of Earth, it's easier than ever to see why it would cough up billions for a company that has installed hundreds of thousands of Wi-Fi connected devices in the homes of Google users."
Neither Nest nor Google has stated any intention to turn Nest's hardware into more than it is right now. Protect is an alarm, the Thermostat is a thermostat. But as Google ramps up its vision to connect every aspect of our world, from Android Wear to its acquisition of a company that specializes in high-res, near-instantaneous satellite imagery of Earth, it's easier than ever to see why it would cough up billions for a company that has installed hundreds of thousands of Wi-Fi connected devices in the homes of Google users."
It's just not stupid enough to come right out and say it though. Having all of this information will make AT BEST their ads more effective because they can advertise food when you are hungary and sleeping pills when you are restless....at worst their data will be used against you in cases being built against you.
There is no reason this device needs to store or transmit ANY of the data it uses to smoke detect.
Well, I can't see your genitals and I don't want to.
If you don't want to be tracked, you need to dump your cell phone immediately. It collections location information and has both audio and video recording (in two directions) capabilities. Worrying about a "smart" thermostat, smoke detector, or watch is silly. We're way past that.
Wow.
Error 001
Security Scan and Virus Detection do not work with your operating system.
This is why proper privacy and property rights must properly legally extend to data hosted in cloud services.
The private companies that offer cloud-based services are not what worry me. There are a lot of sound economic reasons (see: the devops movement) for why this kind of product architecture (where a physical product, coupled with always-on connectivity and a remote cloud-hosted service) makes a whole lot of sense. There are a lot of market incentives for these companies to clearly delineate what they will and will not use the data (and sensors) for. Moreover, there can be a large degree of diversity between the various single-function cloud services one uses (even if Nest was recently acquired by Google). People care about their privacy, but they also balance it against the utility these kinds of products offer. I have a Nest Protect, and I'm comfortable trusting it a lot more than a regular standalone. Thus, they *consent* to the introduction of such technology into their lives, with the entirely reasonable expectation of benefit.
Another great example is the Tesla Model S, which is so dependent on cloud-services that it comes with a bundled 3G modem and data plan.
However, governments see the concentrated user data in data-centers on their soil as entirely too delicious to ignore. Not only does the immediately visible claim of increased security ("we could have caught the terrorists!") tend to outweigh the more general argument for individual property and privacy rights in the political sphere, but institutional incentives on the part of powerful government agencies and their contractors to grow their mandate mean that they'll heavily lobby for such intrusions.
I think most of us geeks grew up terrified of the very idea of the Orwellian Telescreen. However, it's not the technology that's evil (many of us have plenty of devices with a camera integrated with a display), but the threat of its use without consent.
I am so pissed off about the way the home automation market is developing. Every single one of these products tries its hardest to make sure it is fully connected to the internet when what it really ought to be doing is the opposite - trying to minimize internet dependence. It is a goatscx sized security hole, not just in terms of being co-opted by a third party but also as this article points out - spying on you by the very company you bought the devices from.
Some of stuff coming out is freakin awesome with the potential to do things like have the lights "follow" you around the house so you never have to turn them on or off, same with HVAC and the locks on the doors. But dammit, I just can't feel safe buying them because I have absolutely no fucking control over them also stalking me in my own home. Plus there is the near certain chance that at least some of them will just stop working if the manufacturer goes bankrupt or just loses interest in maintaining the cloud infrastructure that the devices depend on. Its like an unacknowledged DRM for the basic infrastructure of your house.
as nest gathers that your jerk off every day at that time
Clothing is an important social signal. It serves to indicate class and social groupings.
Even if everyone had a minaturised terahertz-wave scanner implanted in their eye, clothing would still be worn for that purpose. Besides, it provides protection from sun overexposure and low temperature. It's also very handy for obscuring the physical signs of sexual arousal, which would otherwise lead to some serious social awkwardness. Especially for teenage males, who tend to have it going up and down like a yo-yo while hormones run riot.
Most us hate this stuff, but it's the way everything is heading. Much like social networking, it's going to become increasingly difficult to live a "normal" life while abstaining.
So with "just don't use them" off the table, how do we at least make this more secure. My first thought would be to approach it the same way we approach it when wanting to connect two computers we can't trust and provide a limited subset of functionality. Things like well defined IDLs that define a precise message set, and gateways that are trusted which verify that only conformant data passes. In other words, let the nest have a billion sensors, but the only message your infrastructure will allow it to send out is: houseOnFire=.
Obviously completely impractical for even a geek audience. So I'm at a loss.. any other brilliant ideas?
As the pro-pantopticon people like to say, society just needs to learn to not make a big deal over that sort of stuff and then everything will be peachy-keen.
"Don't be evil."
I don't know why anyone would even consider having such products inside their house.
Clothing doesn't just provide obscurity.
It provides warm, and soaks up sweat. Imagine wearing the same shirt for say.. a month. That's probably what will happen to your couch, and it's a lot harder to throw the sofa into the washing machine every day.
This cartoon is rapidly becoming reality. What? Could you speak closer to the lampshade, please?
No, not the homes of Google users, the homes of everyone so that Google knows what everyone is doing be they Google, Apple, Microsoft "users"
What I want next is a White list based email server that is secure and can be run easily at home so that:
a) I can kill off my gmail/hotmail/etc accounts - I can simply use my own secure server
b) White listed so that there is zero spam
c) Secure (from hackers) and uses encrypted transfer protocols (government snooping)
The less companies "know" about you the better
listen, Life is NOT a movie, a hacker cant reconfigure the temperature sensor into a "FLIR heat sensor" to give them ANY information other than how hot it is on the ceiling in the hallway where you mounted it. That Passive IR sensor cant be magically turned into an HD IR camera, it's a single specific function sensor that can detect if smoke has entered the chamber, you cant turn it into a spy camera. Then you have a CO sensor that is specifically designed for it's task, again cant be reconfigured as a direction Co2 and other gas sensors to detect if you have been smoking crack in the bathroom again.
the ONLY data that someone can glean from this is local mounted temperature, alarm state and CO2 levels. Nothing else. even if you left for a 4 week vacation in your Paris apartment you cant even hope to get data if the house is unoccupied unless you set the thermostat to very low and it was the dead of winter.
https://www.sparkfun.com/news/... 6 seconds on google turned this up. It even has links to the sensors data sheets.
https://www.ifixit.com/Teardow... for the ifixit teardown
Please, if you write an article, Know something about the subject, spend DAYS researching it before you publish the information. This is why "bloggers" have zero respect and are mostly ridiculed.
Do not look at laser with remaining good eye.
I thought I'd seen that somewhere. Here's a source: http://marketingland.com/googl... I won't be installing one of those nifty little gadgets anytime soon. It isn't enough that the cost of a Nest Protect is exorbitant, they need to make still more money by selling ads to display on it? Evil, or just a corporation doing what it does?
There are quite a lot of sensors, and processing power in a Nest gadget. It includes a motion sensor, and that data could be extracted to a database, giving us an absolute plethora of sensors spread across homes (ok, mainly rich homes, and certainly a lot in California).
Such a wealth of data would surely be brilliant for earthquake monitoring.
"Cats like plain crisps"
This company gave you the best search engine. Then they made android. You guys like that stuff. Lot's of haters. Google is one of the good guys. (I start on Monday!)
I wonder what the first presidential election will be like when candidates are from the facebook generation. Companies like google, facebook, maybe snapchat will have dirt on all the candidates. Google alone will have every search the candidates ever did. Viable candidates will be only those people who are uncommonly boring, or influential enough to squelch the dirt, or trade it for favors. Imagine the power google wields... in part because they gave away their operation system, which doubles as an information vacuum.
The "smart" appliances, of which this smoke alarm is just the latest incarnation, just feed into privacy violations like this: https://www.aclu.org/ordering-pizza
> listen, Life is NOT a movie, a hacker cant reconfigure the temperature sensor into a "FLIR heat sensor" ... That Passive IR sensor cant be magically turned into an HD IR camera,
Funny, the article didn't even hint about that sort of thing. Did you even read it? Or do you just prefer to do your mental masturbation in public?
Please, if you write a post, Know something about the subject, at least RTFA before you hit submit. This is why "slashdottirs" have zero respect and are mostly ridiculed.
Protect is an alarm, the Thermostat is a thermostat.
This is actually not true/accurate, they are tied in together.
For example, if the nest protect detects a fire, the nest thermostat will shut off the heater.
I believe the nest protect is also used as an occupancy sensor for the auto-away function of the nest thermostat.
Google wants to test traffic by alerting that you have smoke in the your kitchen and then seeing how fast you drive to get home because you just don't trust that Nest protect to work properly to call the fire department.
Bloggers my shilling friend are highly respected by their audiences. You're talking about NEST in 2014. We're talking about NEST in 201X
when this little motherfucker will have
chemical sensors for illegal substances (smoking crack in the bathroom, cooking meth in the kitchen)
microphone for ratting you and your friends out
motion sensors
high definition camera
tamper circuit (so you can't open it and snuff out the chemical sensor or plug up the mike or camera)
and if it can't connect to google for a day or two .. someone comes knocking on your door and wants to know
"What's wrong?" (THX1138 quote for those who have seen the movie)
Truely a hacker's dream. At the risk of sounding like some old fogey, I'd like to say that I have no use for a smoke alarm that connects to the internet. None. It's not a feature I could ever use in any way at all. I fail to see any use in it. Some have pointed out that the risks here are being overblown, but I would like to to a cost/benefit analysis.
Costs:
More expensive
Slight (minimal) security risk
More points of failure
Benefits:
None
How is this shit even a thing? Who does this help? Why do people pay for this stuff?
Coming soon, the rapist app that finds hot women near you who are alone at home right now. The data is available.
Knock on the door.
So, Mister..... Steve, is it? Steve. We, understand, you've been having a rough week. You've burnt the toast now three days in a row, and that's not like normal people. So tell me, Steve? Is there anything, a load on your mind perhaps, that you'd like to share and unburden yourself and return a life of making proper toast?
No?
Well then, Steven, you'd be wise to stop burning the, uh, toast. We wouldn't want you to get burned. Would not do at all.
Sig for hire.
also... think about the excitement of christmas morning, with the anticipation of all those wrapped presents versus the disappointment of christmas afternoon when you've found out what you've actually got
sag
It's a sad moment of realization that I actually like getting cloths for Christmas now. Mainly because I suck at picking stuff out myself and hate shopping for cloths in general.
Having a job, a fiance, hell owning a house (or well a gradually increasing piece of one) doesn't make you an adult. When someone gifts you a tonne of socks (sister works at a Marks Work Warehouse and gets some ridiculous employee discounts) and you think "awesome, I really needed these", I think that's the moment one realizes they are an adult.
A smart person will eventually figure out that everything with the word "smart" in the title, smart phones, smart watches, smart power meters, and now smart thermostats and smart smoke alarms are all spying on them. Don't worry, as soon as enough people figure this out the manufacturers will just remove the word "smart" from the devices name. Problem solved.
Smart devices are cool, the data they collect going to advertising companies and the NSA isn't.
It is obvious the paradigm should be changed. People love facebook, so why can't we make a distributed facebook where each member has a little roku type device sitting in their home on their network that stores all of their data? Each person that member connects with gets a key that is associated with contact so that you can form secure networks of friends and share data. Then as the owner of your data you can opt into sharing a limited set of that data with advertisers but only if they pay you to mine your data. That would be a positive paradigm shift.
I wouldn't mind having smart devices in my home, I just don't want them communicating to the public internet. They can communicate with a server in my home and I can control what the software on this server does. Smart devices don't have to all connect to the public internet, and we don't have to allow every smart device manufacturer to mine our data. Eventually there will be open source automation software for servers and open source software for the smart devices so we can control what they do (like tomato or ddwrt for home wifi routers).