Slashdot Mirror
Privacy Worries For 'Smart' Smoke Alarms
Advocatus Diaboli sends this excerpt from an article about the data collection capabilities of the Nest Protect 'smart' smoke alarms, and how they could become a privacy concern:
Consider that each Protect is packed full of sensors, some of which are capable of much more than they're doing right now: From heat and light sensors to motion sensors and ultrasonic wave sensors. This simple little device could scrape an incredible amount of data about your life if Nest asked it to: From when you get home, to when you go to bed, to your daily routine, to when you cook dinner. Now imagine how a device like that would interlock with another that you keep on your wrist, like the forthcoming Android Wear. Together, they would create a seamless mesh of connectivity where every detail of what you do and where you go is recorded into a living, breathing algorithm based on your life.
Neither Nest nor Google has stated any intention to turn Nest's hardware into more than it is right now. Protect is an alarm, the Thermostat is a thermostat. But as Google ramps up its vision to connect every aspect of our world, from Android Wear to its acquisition of a company that specializes in high-res, near-instantaneous satellite imagery of Earth, it's easier than ever to see why it would cough up billions for a company that has installed hundreds of thousands of Wi-Fi connected devices in the homes of Google users."
Neither Nest nor Google has stated any intention to turn Nest's hardware into more than it is right now. Protect is an alarm, the Thermostat is a thermostat. But as Google ramps up its vision to connect every aspect of our world, from Android Wear to its acquisition of a company that specializes in high-res, near-instantaneous satellite imagery of Earth, it's easier than ever to see why it would cough up billions for a company that has installed hundreds of thousands of Wi-Fi connected devices in the homes of Google users."
It's just not stupid enough to come right out and say it though. Having all of this information will make AT BEST their ads more effective because they can advertise food when you are hungary and sleeping pills when you are restless....at worst their data will be used against you in cases being built against you.
There is no reason this device needs to store or transmit ANY of the data it uses to smoke detect.
Well, I can't see your genitals and I don't want to.
Wow.
Error 001
Security Scan and Virus Detection do not work with your operating system.
This is why proper privacy and property rights must properly legally extend to data hosted in cloud services.
The private companies that offer cloud-based services are not what worry me. There are a lot of sound economic reasons (see: the devops movement) for why this kind of product architecture (where a physical product, coupled with always-on connectivity and a remote cloud-hosted service) makes a whole lot of sense. There are a lot of market incentives for these companies to clearly delineate what they will and will not use the data (and sensors) for. Moreover, there can be a large degree of diversity between the various single-function cloud services one uses (even if Nest was recently acquired by Google). People care about their privacy, but they also balance it against the utility these kinds of products offer. I have a Nest Protect, and I'm comfortable trusting it a lot more than a regular standalone. Thus, they *consent* to the introduction of such technology into their lives, with the entirely reasonable expectation of benefit.
Another great example is the Tesla Model S, which is so dependent on cloud-services that it comes with a bundled 3G modem and data plan.
However, governments see the concentrated user data in data-centers on their soil as entirely too delicious to ignore. Not only does the immediately visible claim of increased security ("we could have caught the terrorists!") tend to outweigh the more general argument for individual property and privacy rights in the political sphere, but institutional incentives on the part of powerful government agencies and their contractors to grow their mandate mean that they'll heavily lobby for such intrusions.
I think most of us geeks grew up terrified of the very idea of the Orwellian Telescreen. However, it's not the technology that's evil (many of us have plenty of devices with a camera integrated with a display), but the threat of its use without consent.
I am so pissed off about the way the home automation market is developing. Every single one of these products tries its hardest to make sure it is fully connected to the internet when what it really ought to be doing is the opposite - trying to minimize internet dependence. It is a goatscx sized security hole, not just in terms of being co-opted by a third party but also as this article points out - spying on you by the very company you bought the devices from.
Some of stuff coming out is freakin awesome with the potential to do things like have the lights "follow" you around the house so you never have to turn them on or off, same with HVAC and the locks on the doors. But dammit, I just can't feel safe buying them because I have absolutely no fucking control over them also stalking me in my own home. Plus there is the near certain chance that at least some of them will just stop working if the manufacturer goes bankrupt or just loses interest in maintaining the cloud infrastructure that the devices depend on. Its like an unacknowledged DRM for the basic infrastructure of your house.
Clothing is an important social signal. It serves to indicate class and social groupings.
Even if everyone had a minaturised terahertz-wave scanner implanted in their eye, clothing would still be worn for that purpose. Besides, it provides protection from sun overexposure and low temperature. It's also very handy for obscuring the physical signs of sexual arousal, which would otherwise lead to some serious social awkwardness. Especially for teenage males, who tend to have it going up and down like a yo-yo while hormones run riot.
Most us hate this stuff, but it's the way everything is heading. Much like social networking, it's going to become increasingly difficult to live a "normal" life while abstaining.
So with "just don't use them" off the table, how do we at least make this more secure. My first thought would be to approach it the same way we approach it when wanting to connect two computers we can't trust and provide a limited subset of functionality. Things like well defined IDLs that define a precise message set, and gateways that are trusted which verify that only conformant data passes. In other words, let the nest have a billion sensors, but the only message your infrastructure will allow it to send out is: houseOnFire=.
Obviously completely impractical for even a geek audience. So I'm at a loss.. any other brilliant ideas?
Bull. Privacy is not an either-or-proposition.
It is a spectrum and every new data-stalker device we accept in our lives pushes us further into the black.
"Don't be evil."
What, you don't turn your phone off and put it inside a metal box from time to time?
Seriously, what is wrong with you?
I don't know why anyone would even consider having such products inside their house.
Clothing doesn't just provide obscurity.
It provides warm, and soaks up sweat. Imagine wearing the same shirt for say.. a month. That's probably what will happen to your couch, and it's a lot harder to throw the sofa into the washing machine every day.
Your average smart phone knows where it is, the exact position in 3D space, what devices are nearby, whether it is being held versus on a table or in a pocket, whether you are laying down, sitting, walking, jogging, running, biking or driving, whether you are indoors or outdoors, what the temperature is, what the atmospheric pressure is, what the relative humidity is, UV levels, air quality levels, the tone of your voice to determine whether you are happy, sad, angry, ..., and in many cases what your heart rate is when using it by looking at your face.
And more sensors are being added with each revision to make them better able to be everything for you.
There are even sensors out now that will build live 3D models of whatever the phone sees, letting it know what is in it's surroundings.
Your phone already knows the things that your thermostat *can* know, except it does a better job because in our hyper-connected, instant gratification culture it has become the 8th deadly sin to be anywhere without your cell phone for 5 minutes.
While it is good to be considerate about what could happen should all of these existing systems that we already have in our homes and are adding daily get linked together into one gigantic monitoring system, it is an exercise in futility considering that we knowingly don't care because next year we can play Kinectimals on our phone and have our ePet interact with the world by jumping up on the couch or hiding behind the counter.
Thirty four characters live here.
This cartoon is rapidly becoming reality. What? Could you speak closer to the lampshade, please?
> it is an exercise in futility considering that we knowingly don't care
No, "we" only don't care because of ignorance. The average smart phone user has never thought through the implications of all the sensor data on their phones. The average smart phone user doesn't pay any attention to that stuff in exactly the same way that the average driver does not pay attention to stuff like oil pressure and ignition timing, most don't even think about RPMs despite it being right their on the dash. Same thing with phone users. Hell, the average smart phone user doesn't even know that turning their phone "off" doesn't really turn it off, all this stuff is 10x more arcane than that.
So loudly complaining about this stuff, including writing articles about it, is in fact the exact opposite of an exercise in futility - awareness is the first step towards change.
listen, Life is NOT a movie, a hacker cant reconfigure the temperature sensor into a "FLIR heat sensor" to give them ANY information other than how hot it is on the ceiling in the hallway where you mounted it. That Passive IR sensor cant be magically turned into an HD IR camera, it's a single specific function sensor that can detect if smoke has entered the chamber, you cant turn it into a spy camera. Then you have a CO sensor that is specifically designed for it's task, again cant be reconfigured as a direction Co2 and other gas sensors to detect if you have been smoking crack in the bathroom again.
the ONLY data that someone can glean from this is local mounted temperature, alarm state and CO2 levels. Nothing else. even if you left for a 4 week vacation in your Paris apartment you cant even hope to get data if the house is unoccupied unless you set the thermostat to very low and it was the dead of winter.
https://www.sparkfun.com/news/... 6 seconds on google turned this up. It even has links to the sensors data sheets.
https://www.ifixit.com/Teardow... for the ifixit teardown
Please, if you write an article, Know something about the subject, spend DAYS researching it before you publish the information. This is why "bloggers" have zero respect and are mostly ridiculed.
Do not look at laser with remaining good eye.
I thought I'd seen that somewhere. Here's a source: http://marketingland.com/googl... I won't be installing one of those nifty little gadgets anytime soon. It isn't enough that the cost of a Nest Protect is exorbitant, they need to make still more money by selling ads to display on it? Evil, or just a corporation doing what it does?
There are quite a lot of sensors, and processing power in a Nest gadget. It includes a motion sensor, and that data could be extracted to a database, giving us an absolute plethora of sensors spread across homes (ok, mainly rich homes, and certainly a lot in California).
Such a wealth of data would surely be brilliant for earthquake monitoring.
"Cats like plain crisps"
Dave from the NSA here, can you please move the change from the pocket with your cellphone to the other pocket? It's getting hard to hear what you are saying when you walk.
Also please go stand over next to that tall brunette to your left, her cellphone sucks and we cant get a good recording of her discussion about what her boyfriend did to her last night.
Thanks!
Do not look at laser with remaining good eye.
This company gave you the best search engine. Then they made android. You guys like that stuff. Lot's of haters. Google is one of the good guys. (I start on Monday!)
I wonder what the first presidential election will be like when candidates are from the facebook generation. Companies like google, facebook, maybe snapchat will have dirt on all the candidates. Google alone will have every search the candidates ever did. Viable candidates will be only those people who are uncommonly boring, or influential enough to squelch the dirt, or trade it for favors. Imagine the power google wields... in part because they gave away their operation system, which doubles as an information vacuum.
OSx server is a ~$20 upgrade to OSx, which offers ever-decreasing (yeah, simplicity?) UI based tools to run your own mail, web, chat, calendar &etc server. You'll need a static ip and a dyndns.com backup MX account. Setup secure services. Enjoy your privacy.
"You have liberated me from thought."
Protect is an alarm, the Thermostat is a thermostat.
This is actually not true/accurate, they are tied in together.
For example, if the nest protect detects a fire, the nest thermostat will shut off the heater.
I believe the nest protect is also used as an occupancy sensor for the auto-away function of the nest thermostat.
Coming soon, the rapist app that finds hot women near you who are alone at home right now. The data is available.
Knock on the door.
So, Mister..... Steve, is it? Steve. We, understand, you've been having a rough week. You've burnt the toast now three days in a row, and that's not like normal people. So tell me, Steve? Is there anything, a load on your mind perhaps, that you'd like to share and unburden yourself and return a life of making proper toast?
No?
Well then, Steven, you'd be wise to stop burning the, uh, toast. We wouldn't want you to get burned. Would not do at all.
Sig for hire.
also... think about the excitement of christmas morning, with the anticipation of all those wrapped presents versus the disappointment of christmas afternoon when you've found out what you've actually got
sag
It's a sad moment of realization that I actually like getting cloths for Christmas now. Mainly because I suck at picking stuff out myself and hate shopping for cloths in general.
Having a job, a fiance, hell owning a house (or well a gradually increasing piece of one) doesn't make you an adult. When someone gifts you a tonne of socks (sister works at a Marks Work Warehouse and gets some ridiculous employee discounts) and you think "awesome, I really needed these", I think that's the moment one realizes they are an adult.
Smart devices are cool, the data they collect going to advertising companies and the NSA isn't.
It is obvious the paradigm should be changed. People love facebook, so why can't we make a distributed facebook where each member has a little roku type device sitting in their home on their network that stores all of their data? Each person that member connects with gets a key that is associated with contact so that you can form secure networks of friends and share data. Then as the owner of your data you can opt into sharing a limited set of that data with advertisers but only if they pay you to mine your data. That would be a positive paradigm shift.
I wouldn't mind having smart devices in my home, I just don't want them communicating to the public internet. They can communicate with a server in my home and I can control what the software on this server does. Smart devices don't have to all connect to the public internet, and we don't have to allow every smart device manufacturer to mine our data. Eventually there will be open source automation software for servers and open source software for the smart devices so we can control what they do (like tomato or ddwrt for home wifi routers).