Smart Lights, Speakers, Thermostats, Cameras and Other IoT Devices Are Being Increasingly Used as a Means For Harassment, Monitoring, and Revenge

Smart home devices are supposed to bring convenience to people's lives, but increasingly, their unintended consequences are surfacing, and are being exploited to harass others, an investigation by The New York Times has found. [Editor's note: the link maybe paywalled; syndicated source.] From the report: In more than 30 interviews with The New York Times, domestic abuse victims, their lawyers, shelter workers and emergency responders described how the technology was becoming an alarming new tool. Abusers -- using apps on their smartphones, which are connected to the internet-enabled devices -- would remotely control everyday objects in the home, sometimes to watch and listen, other times to scare or show power. Even after a partner had left the home, the devices often stayed and continued to be used to intimidate and confuse.

For victims and emergency responders, the experiences were often aggravated by a lack of knowledge about how smart technology works, how much power the other person had over the devices, how to legally deal with the behavior and how to make it stop. "People have started to raise their hands in trainings and ask what to do about this," Erica Olsen, director of the Safety Net Project at the National Network to End Domestic Violence, said of sessions she holds about technology and abuse. She said she was wary of discussing the misuse of emerging technologies because "we don't want to introduce the idea to the world, but now that it's become so prevalent, the cat's out of the bag."

IoC

[dehachel12]

Internet of Crap. They usually are some cheap things released onto the market without serious security protection(who didn't see THAT coming ?). I'll never use them.

Re: IoC

[NicknameUnavailable]

Bet you're starting to understand now why the Illuminati allows computer science to move forward but put the breaks on all physics developments attainable without a multi billion dollar particle accelerator.

Re:IoC

[The+Fat+Bastard]

Except for LED lights (dumb variety). Brighter and more energy efficient than CF light bulbs.

Re: IoC

[Joce640k]

"Brakes", the word you're trying to use is "brakes".

https://en.wikipedia.org/wiki/...

https://en.wikipedia.org/wiki/...

Re:IoC

Just what we need; a better lit creimer...

Re:IoC

[dehachel12]

> LED lights (dumb variety)
so, not a Internet of Crap thing ...

Re:IoC

[Fly+Swatter]

In hindsight, CF bulbs were necessary, but really a joke of a product. Only in todays world would a buyer tolerate ten times the pruchase price, slow starting, flickering, wrong color, gets dimmer with age, can't be dimmed, needs to be recycled because of mercury, doesn't last as long as claimed, and can't be used in half of the (fully enclosed) fixtures. But hey you saved on electricity!

LED bulbs learned from all that, even the EnergyStar rating requires much longer warranties because the early CF lifespans were laughable.

Off topic, but speaking of EnergyStar, modern dehumidifiers are like the old CF bulbs in that they do not last. As they inevitably fail in 1-2 years, the failure mode causes them to burn constant electricity until the owner realizes it isn't doing anything. How can something like this ever get an EnergyStar rating? I'm on my sixth one in 7 years - yea and look it up all the brands are like this.

Re:IoC

[b0s0z0ku]

Re: dehumidifiers -- mode of failure is probably accumulation of scale and dust on the evaporator/condenser fins. Washing with a mild acid (vinegar) then hosing the thing off would probably restore the lose efficiency. Also, the filters need to be cleaned or replaced from time to time.

Re:IoC

[50000BTU_barbecue]

modern dehumidifiers are like the old CF bulbs in that they do not last.

I was just at my parent's place and the Electrohome dehumidifier from the 1970s is still in the basement, chugging away.

It may not be as energy efficient to operate, but considering it was built once almost 4 decades ago and no one needs to buy a new one, I think overall it's ahead of the game.

It is built so sturdily I can easily sit on it, and the cooling coils are so thick and stiff I can't move them easily.

Contrast this to the modern one I have in my house, the housing appears to be made from old pie plates and the cooling coil is so flimsy it shakes back and forth just from wiggling the unit.

Re:IoC

[50000BTU_barbecue]

Scale? On a dehumidifier? What kind of air do you breathe? Are you a Horta?

Re:IoC

[sjwest]

You and i might not use them but our friends at shodan.io will scan for them regardless.

Re:IoC

[b0s0z0ku]

Scale isn't always from hard water -- I'm aware that condensation is basically pure H2O. It can be from the metal of the fins itself corroding. Fluffy white aluminium oxide deposits conduct heat poorly.

Re:IoC

[inking]

Great for you. This “I will never connect my appliances to the internet” hand-waving reminds me a lot of refusal to use anything but dumb phones in early 2010s and anything but phones wired to a wall in early 2000s.

Re: IoC

Illuminati is an old word that at one time could refer to a group of wealthy power brokers who were going to rule the world, but are now mostly dead of old age. There is, however; a freudian slip in the use of that word by more recent groups, and of another one in the same vein: prism.

It's because physics research has seen more dollars than any other type of research over the past 35 years, mostly in the realm of photonics, entangled photons, general quantum entanglement, quantum memory, and quantum communications (at least a $100B). Traditional computer technology has declining value in terms of exploit, spying, and population control. Now it's all about the photons, and those are 1000x more effective.

Re:IoC

[Solandri]

The problem isn't the item or their network capability. These things would be fine if you were only able to access and control them over your LAN. The problem is some idiot thought it would be cool to be able to access them over the Internet. As a result the devices connect to some server on the Internet (no doubt allowing the manufacturer to collect marketing info), waiting for your smartphone app to contact the server and connect to the devices remotely.

The way they should work is they should never connect to the Internet, and should limit their network activity to your LAN. If you want to control them from outside your home, you should set up a VPN server on your router (many of them come with one built-in now), and use the VPN client on your phone to access your LAN from the Internet, giving you access to those devices.

Unfortunately, this is beyond the technical capabilities of the vast majority of users, and they don't want to learn how to do it, so we end up with these IoT devices which access the Internet directly. Same reason everyone sells their soul and shares their news and photos on Facebook, instead of setting up their own personal website/blog.

Re:IoC

_,--=#[The Post CRIMER doesn't want you to read!!!]#=--,_ 1)Why-are-people-upset-with-him? 2)What-can-I-do 3)What-are-his-names 4)Who-is-FatCashewsLovesMe 5)How-to-defeat-his-hustles 6)Why-are-there-dashes 7)Pastebin-Copy

1)Why-are-people-upset-with-himHe makes frequent low quality posts for two reasons:
Money) BASICALLY: He made thousands of shitty posts & bragged about how much money it made him.
DETAILS: He wants u to folow his referer links & pick up his cookie. Even if u dont buy what he linked but do buy something else from that site later on he often makes money;He ALSO tries to drive TRAFFIC to his various BLOGS & vlogs.
Karma)He believes karma acumulates infinitely So he makes lots of pointles posts that r not bad enough to mod down;hoping they wil get moded up;He was a raging ahole when he thoght he had a karma surplus

2)What-can-I-do DOWNMOD u wil usually get more mod points. If he is postng from a new sock acount w/ krma, get his oldst posts first. DOWNMOD him and AC in fresh thrads early on;Metmods wil reward u. METAMOD his posts. REPLY ONLY ANONYMOUSLY to the most deeply nested coments in his threds it helps hide his posts. Dwnvote his SUBMISSIONS, he uses to get krma. REPORT HIM to slshdot & the afiliate progrms he is usng. DONT MENTION his brand names c**mer.

3)What-are-his-namesMost famous:Cre|mer Cdre|mer ILoveFatCashews, Anonymous Cashews, The Fat Bastard aka TCDR

4)Who-is-FatCashewsLoveMe AKA Tardu Lardo,FCLM Funny & anoying; Not me or crimer;He keeps lookout for infestation

5)How-can-I-avoid-his-hustles --===DONT FOLLOW HIS LINKS!!!===--
IF YOU MUST:Use a privte tab & nevr buy anything on the same sesion. If he fools u, close tab, cler the cookies for that site. There r sites other than yutube that wil let u watch his videos. I dont know if people view his contnt but I can pictre his jowls jigling at the thoght of people subvrting his business model
6)Why-are-there-dashes & weird stuffI know most only skim thse posts. I want the most imprtnt infrmton to pop out at a glnce & to keep it shrt. I dont use TCDRs name becase he may think tht he benfits from geting it indxed by serch engnes. Id like 2 thnk TCDR & FCLM for editrial advice

7)Copy: http://archive.is/TtDrY

Re: IoC

You sure about that? Yes the saying is "put the brakes on", but maybe they meant it not as "put a stop to it" but rather as "destroy everything we know about it".

Re:IoC

[b0s0z0ku]

Funny thing is that dumb phones and hardwired phones are still better at being phones than many smartphones today. Also, the actually wired phones don't blast your noggin with microwave radiation.

Re:IoC

[inking]

And pigeons are not only warm to the touch, but can also be eaten in case of a famine. Got to be safe and all.

Re:IoC

[Archangel+Michael]

That is brilliant. I wonder how many people figured the reference. Obscure level expert!

Re: IoC

[PopeRatzo]

I'm not sure either. I rather like the construction "put the breaks on". It's a little unconventional, but in certain context it can be meaningful. Language should be mutable. Even fungible.

Re:IoC

You are correct! :)

I bought devices that don't connect to a central server. I need connect directly to them with telnet client on my iPhone 6S. VPN is overkill, I just redirect the ports on my router to telnet ports on devices, 1 for each device!

I still use my iPhone 6s and reduce my monthly bill from $80 to $50. As a phone and a video camera, the iPhone 6s isn't obsolete and I use it to make my videos on youtube. As a Sprint very special customer for 20+ years, Sprint will always give me a new iPhone for free if I decide to stop using the 6s as a phone in the next several years.

Bonus: get some silver coins, view recommendations on my special Youtube channel dedicated to the topic! They constitute a fail-safe insurance strategy for your retirement!

Also, I find AmazonTM the gretest thing since sliced bread and helps taking care of my health at retirement with the Amazon long tail revenue streams!

All you need to do is find a website with a permissive TOS, say, Slashdot, create a Python script to scrape your own comments, sprinkle Amazon affiliate links in various posts, and then re-post past links whenever possible. You can even make video of yourself going to pick up AmazonTM parcel at the convenience store and post it on your youtube channel for more redundant revenue streams.

They also have a wide supply, the best of latte and clif/power bars at the best cost, espicially if you make a friend buy them for you with your own affiliate link!

Re: IoC

[Sloppy]

So.. it's basically generic power, exactly the same as every other technology that preceded it? Yeah, I can see that.

Seriously, they probably said the same thing about fire and the wheel. You're not wrong.

Re:IoC

[inking]

That’s RIGHT! Technology should be as inaccessible and inconvenient as is humanly possible to keep us safe from manufacturing globalists who want to gather data on how their products are used for EXCLUSIVELY nefarious purposes. I take great offense with your proposed solution though. You forgot to mention the most important point: it should be 100 PERCENT GPL-compliant and be so free—really, there is only one kind of “free”; all else is slavery—that even Stallman would be willing to use it when he’s not creaming up his feet.

Re:IoC

There's a medium somewhere between Stallman and giving the Chinese PLA access to your home cameras, lights, and toaster oven. GP's suggestion of LAN-only access with VPN tunnels for WAN access is a good default for most consumers, but you still have to trust the hardware. You never know what's really in the hardware.

Re:IoC

Energy Star is a joke. A gasoline powered alarm clock received an energy star rating.

https://www.zdnet.com/article/the-strange-story-of-how-a-completely-fake-gas-powered-clock-radio-got-its-energy-star-certification/

Re:IoC

LED bulbs learned from all that

What I really really want is a smart LED bulb with two color temps - daylight and warm white - that switches from Daylight to Warm white about 7PM.

Re: IoC

There are 2 reasons they want it all online.

1. Cloud is a buzzword.
2. In a while they can delete the server software and then everyone has to buy the new version.

Re:IoC

[houghi]

The reason this is not possible for the vast majprity is because ISPs want to milk the 'limited IP4' adresses as much as possible. Even though I am 24/7 connected and so is everybody else that has a cable or xDSL modem, they still do not hand out fixed IPs, unless you pay a lot of money.

That means connecting to your server at home is not easy for many people.

If people had a fixed IP, this would be a LOT easier. An I mean a LOT. It would cost the ISPs the extra income from companies that now pay for something that is not really needed to be paid for.

Re: IoC

[NicknameUnavailable]

We have the tech right now to make cheap abundant electricity from Nickel ribbons held in high pressure hydrogen environments shot with THz radiation via a device almost identical to a LASER diode array (e.g. same thing with different well sizes.) This has been proven beyond a shadow of doubt to work by NASA studies (see: nickel-metal-hydride-low-energy-nuclear-fusion-reactions.) Similarly there have been developments in the realm of electrodynamics repeatedly squashed over the years with everything from assassinations to people like Hutchinson who just got MK Ultra'd into thinking he was a woman or Dollard who was turned into a meth head. To suggest there isn't an active force at work keeping people away from non-computing research in physics is really quite nuts - this doesn't come down to a money/funding issue because many of people who make headway on a budget either disappear or otherwise become pacified.

Re:IoC

[inking]

Which is precisely why this entire conversation is nonsensical to the bone. You don’t need to set up a VPN if you trust the company enough not to cause harm to you. Usage data will not ruin your life even if the company’s servers are breached. If you don’t trust them, a VPN won’t help you either as there are a million ways they can screw you over on both software and hardware levels. All GP is really trying to do is make everyone’s life harder to -feel- marginally safer.

Re: IoC

It's literally impossible for women to lie, Nazi.

Re: IoC

[Jason1729]

3. The can collect as much data from you as possible and sell it to third parties.
4. They can charge a monthly fee for "premium" features that realistically have nothing to do with the cloud or infrastructure.

Re:IoC

Yep, phones 20 years had better sound quality and connected faster than the ones we have today.

Anyone else remember when you'd press buttons on the TV remote and the channel would change instantly? Remember when you'd put a video came in your console, power it on and start playing instantly?

Tech products are getting worse and worse year by year, but hey, nobody needs a 4 year computer science degree when you can learn to code at a 2-week bootcamp. Because those are totally the same thing.

Re:IoC

[ncc74656]

The reason this is not possible for the vast majprity is because ISPs want to milk the 'limited IP4' adresses as much as possible. Even though I am 24/7 connected and so is everybody else that has a cable or xDSL modem, they still do not hand out fixed IPs, unless you pay a lot of money.

Most routers support dynamic DNS. If you want your stuff accessible through a domain you control, you can create a CNAME entry on your domain that points to the dynamic-DNS hostname (so that home.example.tld gets redirected to example.dyndns.org, or whatever).

If your ISP is using CGNAT, this won't work, but other than your cellphone and its service provider, how many are actually implementing CGNAT?

Re:IoC

IoT devices being used to spy on people is not an "unintended consequence", it is the main purpose of these devices! That purpose is now coming to light. These devices have no security, because that would interfere with their main purpose, which is to spy on their "owners". Collecting people's private data and selling it has become one of the biggest businesses in the world!

Re: IoC

[Miamicanes]

Let's not forget the 10-20 seconds it takes to wake up 3 sleeping monitors because Windows has to re-negotiate HDCP handshakes with each of them, one by one. Made worse by the hellbent-determination of Windows to put monitors to sleep at every possible opportunity... even IF you try disabling that behavior. The next Windows update blows all the changes you made away, and you're back to reading manuals while twiddling the mouse with one hand to trick Windows into thinking it's active.

Seriously, I think someone even made a box that sits between your mouse & computer and automatically generates fake mouse activity after some period without mouse activity for this exact purpose.

Re: IoC

[Miamicanes]

Frankly, the PLA is the LEAST of my worries. China's government has no authority to prosecute me, and I doubt whether it genuinely CARES what random Americans do. If I had family members or substantial investments in China I *might* care... but I don't.

On the other hand, bored troll losers looking for random shits & giggles scare me a lot, precisely because they DO have the potential to cause large-scale harm to random strangers at little personal risk & with minimal effort.

Re: IoC

[Miamicanes]

Someone (in France, I think) came up with an entirely reasonable compromise a few years ago -- Carrier-grade NAT with a static shared public IP, and 16-1024 port addresses (out of the 65,535 possible) permanently forwarded to the private IP assigned to each customer. End users configure their router as always (except technically, now double-NAT'ing). The only difference is, ports 1-32768 are shared by everyone sharing the public IP, and only a known range of upper ports gets forwarded to you (say, 49153-50177). So you don't have *complete* freedom to run services on any arbitrary port, but you still *do* get a stable range of ports at a static IP address to do it with.

Sadly, his proposal died early in the IETF process... the ipv6 militia mobilized against it as a threat to their sense of urgency (by giving everyone another relatively painless way to hit snooze for 10-20 years), and lack of interest by the DHCP people (many of whom are ipv6 militia-members themselves) to extend it to include port-range info was the deathblow.

I personally have no problem with ipv6 per se, besides the fact that it's still dysfunctional in too many current setups. I had to disable it on my router, because having it enabled added 5 seconds to almost every DNS resolution... apparently, fsck'ing Windows refused to do both 4 and 6 lookups in parallel... it would try ipv6, wait, stall, time out after 5 seconds, THEN do the ipv4 lookup & continue instantly. Request after request. :-(

Re:IoC

I just love it when creimertards attack each other.

Re:IoC

[jythie]

But.. wireless!... apps!.. things!..

Re:IoC

Yep, phones 20 years had better sound quality and connected faster than the ones we have today.

Anyone else remember when you'd press buttons on the TV remote and the channel would change instantly? Remember when you'd put a video came in your console, power it on and start playing instantly?

Tech products are getting worse and worse year by year, but hey, nobody needs a 4 year computer science degree when you can learn to code at a 2-week bootcamp. Because those are totally the same thing.

Yeah, and lets not forget that phones 20 years ago were physically all connected to each other with real wires. Wires that required people to put them up, to every single fucking house in the country. Wires that were a supreme waste of natural resources.

Let's also not forget today that LTE calling sounds vastly superior to the older analog shit from the 80s and 90s. LTE and WIFI calling is the best voice quality you can get, and all brought to you via the iPhone and androids, phones that also replace your desktop and laptop and any piece of paper you ever used to have to lug around.

It's almost like tech products are getting better and better, universally, and old people just hate progress and change.

Re: IoC

Let's not forget the 10-20 seconds it takes to wake up 3 sleeping monitors because Windows has to re-negotiate HDCP handshakes with each of them, one by one. Made worse by the hellbent-determination of Windows to put monitors to sleep at every possible opportunity... even IF you try disabling that behavior. The next Windows update blows all the changes you made away, and you're back to reading manuals while twiddling the mouse with one hand to trick Windows into thinking it's active.

Seriously, I think someone even made a box that sits between your mouse & computer and automatically generates fake mouse activity after some period without mouse activity for this exact purpose.

For all the apple hate around here, guess which OS is the only one that doesn't change your settings with software updates? That's right, MacOS and iOS. The only ones. Anyone who's seriously used Linux or Android will know about settings changes, anyone windows will know it religiously. MacOS and iOS, they don't even know such things are possible, because really, why should they be?

Re:IoC

[Fly+Swatter]

No they simply lose their refrigerant charge over time, they are not designed to be repaired or refilled so it goes to the dump. It is a true throw away appliance. The brand I have stuck with is the one that actually warrants the 'sealed system' for five years, but instead of exchanging they simply 'buy back' the appliance, which you get to keep and find a way of discarding without incurring a recovery fee for refrigerant appliances.

Re:IoC

This is patently false. Probably less than 30% of consumer routers in existence at all don't support dynamic dns services. And since probably 85% of users use the combo cable router/modem that came from their ISP, and out of the remaining 15% probably 75% of those buy the cheapest router they can find, I'd say that maybe 3-5% of consumers have access to dynamic dns.

Re: IoC

[terrycarlino]

Any technology can be misused.

I've seen cases of abusive spouses using double-sided locks (Locks which require keys on both sides) to trap victims. Taking the phone (landline). Etc.

The problem is always the same and so is the answer. Dump the abuser. Be prepared to defend yourself.

Sure get a restraining order. Call police if they break it. But when seconds count the police are only minutes away. So be prepared to defend yourself.

Re:IoC

Regarding dehumidifiers, I've had one that worked fine for more than 1-2 years, which I only gave away after leaving the tropical country. I had to use it pretty much every day besides the cold dry winters. I imagine you just got some lemons?

Re:IoC

[b0s0z0ku]

"Wires" are still there, either as fiber or as a cable connection. They also are much smaller and less resource-intensive than the big 200-amp cables carrying power to the home. What's wrong with people to put them up? Everyone's got to work and eat, after all.

Re:IoC

blast your noggin with microwave radiation

Please don't spread pseudoscientific fear mongering just because you have a hangup about smartphones. Thanks.

Re:IoC

I bet you would not be willing to pay for all the extra costs to make it more durable. Back in the day, a LaserJet was like a brick, I could literally stand on it while it printed my thesis. But it cost over $4,000 in today's dollars, and there is no way anyone would pay that much to stand on their printer anymore. Probably the same for sitting on your dehumidifier. Same for furniture. People who shop at Ikea wonder why furniture is built so flimsy and cheap. People who buy hardwood furniture wonder what everyone else is talking about. (Not really, we know why, the $10k bill for a bedroom set makes it clear.) But the IKEA people don't seem to realize, they just chose to buy cheap stuff that wasn't an option in the old days, when everyone had to buy nicer stuff or go without.

Re: IoC

[houghi]

So why not make such a product and sell it? I do remember those things, but would not be willing to pay extra for it.

Because I also remember what percent of my wage I had to pay for it. I solved the issue with the channel switching. I realized I did it so iften, because nothing was interesting enough to hold my attention. So I cut the chord.

All in all a first world problem.

Re:IoC

[Agripa]

In hindsight, CF bulbs were necessary, but really a joke of a product. Only in todays world would a buyer tolerate ten times the pruchase price, slow starting, flickering, wrong color, gets dimmer with age, can't be dimmed, needs to be recycled because of mercury, doesn't last as long as claimed, and can't be used in half of the (fully enclosed) fixtures. But hey you saved on electricity!

LED bulbs learned from all that, even the EnergyStar rating requires much longer warranties because the early CF lifespans were laughable.

LED bulbs sure learned something all right; produce an even more expensive product and buy legislation mandating its use.

In my experience, LED bulbs do not last any longer than CF bulbs; where I live they have a half life of about 6 months unless powered by an online UPS. The manufacturers love to list the operating life of the LEDs until they dim a certain amount but that has nothing to do with the ballast failures. They still do not work in most lamp fixtures due to limited operating temperature range. The warranties are a joke; just try returning one and see how much it costs in time, effort, and money. Now return every bulb over a 6 month period and repeat.

Re:IoC

[houghi]

Oh, I know how to do that and even know what the words mean. But you need to know how to do it and ther should be no reason to use such a complex system as Dynamic DNS. We do not connect with POTS anymore.

One provider even told me that it would be cheaper not to have Dynamic IP. He implemented a simple webinterface where people could add a CNAME to their domain name similar to their email adress with a . instead of an @ so easy to remember.

your.name@example.com became your.name.example.com
Easy as.

Re:IoC

Check Philips Hue for that. The ethernet bridge has a local API and works while firewalled from the Net.

Re:IoC

Sounded factual to me. Did you think they work over subspace or something?

Re:IoC

You're buying crap bulbs or there's something serious wrong with your supply. I started switching to LEDs about 5 years ago and not a single one has failed or noticeably degraded yet. And I use them a lot.

Re:IoC

Not logical really. If your *main* purpose is to create a spy device, you would want to secure it sufficiently to make sure it *only* answers to you and can't be easily taken over by some random botnet and thus out of your control.
It's more like they don't give a shit about security, and that's the main thing; any spying is just a bonus.

Ah Yes

[NicknameUnavailable]

When spyware makers don't put security in their systems such that they can't be held responsible for being the only party capable of selling user information. They deserve what they get for using the devices.

its much worse than that.

[nimbius]

As any Slashdotter knows, smart lights, switches, and power relays are poorly regulated and secured.
If a coordinated attack were to take place against thousands, or millions of these devices,
they absolutely could be used to shutter an electric grid in under a minute by inducing a triplen wave:

https://electricalbaba.com/tri...

Re: its much worse than that.

I don't think it's a regulation issue. People need to get smarter or they need to be subject to some force that will make them smarter.

Re: its much worse than that.

We used to have a force like that. It was called "natural selection".

Re:its much worse than that.

As any Slashdotter knows, smart lights, switches, and power relays are poorly regulated and secured.
If a coordinated attack were to take place against thousands, or millions of these devices,
they absolutely could be used to shutter an electric grid in under a minute by inducing a triplen wave:

https://electricalbaba.com/tri...

What’s that have to do with the article, the summary, the headline, or domestic abuse via smartthing in the home.

You could do more damage by posting NEW - Free water Fridays posters around a community on water restrictions.

Dr Evil is spinning in his chair with excitement... Meanwhile, on planet Earth, people are abusing and harassing their exes and SOs with internet connected crap in their homes from lack of enterprise grade access controls on home IOT gadgets.

Re:its much worse than that.

Sure it could.

Re: its much worse than that.

[supremebob]

The problem is that most people (mostly contractors) usually try to buy the cheapest thing that they find at the Home Depot when they can get away with it. We really need to try to save those people from themselves.

We already have regulations in place that "dumb" switches aren't allowed to be so poorly made that they can catch your house on fire (no matter how cheap they are), so we should probably have something similar with the "smart" ones.

Default "abc" or "123" passwords on an IoT device should probably be treated like a faulty ground wire at this point, since they are becoming just about as dangerous.

Re:its much worse than that.

[ctilsie242]

The problem is that IoT companies have no vested interest in security. If their devices are used for that, worse case is that the C-levels short their stock, make the announcement, and "mourn" the dead company on the deck of their new ship. The average person in the company has to choose between making deliverables or security... and deliverables are what keeps the badge from being disabled.

Best way to fix? Don't buy that crap. If you want to buy a $3000 fridge (and have the ability to add a flue and a gas connection), buy a fridge that uses natural gas and electric, so your beer stays cold if power goes out. If a TV requires an always-on connection, return it as defective, which it is. By not buying insecure IoT stuff, it helps everyone.

Re: its much worse than that.

[b0s0z0ku]

Also:

IoT devices should be required to be able to work peer-to-peer if possible, ideally via a hub that acts as a VPN/firewall.

IoT devices that use a clown server should be required to be supported for 10 years. Having to throw away a thermostat after two years because the manufacturer shut down the cloud servers is wasteful as hell.

Re:its much worse than that.

[b0s0z0ku]

Do any TVs actually require an always-on connection to display ATSC or HDMI video signals? (!)

Re: its much worse than that.

I know that "clown" server was a mistake, but I actually like the term. A clown server is a cloud server with no expectation of being around in the future.

+10 modpoints for correct use of "aggravated"

It didn't make the problem MAD, it made the problem WORSE.

-Legal.Troll (a /. hero who can't post because of negative karma)

Re:+10 modpoints for correct use of "aggravated"

Maybe your negative karma is the result of people being annoyed by your constantly needing to point out how well you've read the dictionary.

This is probably the most annoying sort of commentary on this website and it occurs way more often than necessary. We get it. The meanings of words erode over time and you're very smart.

Captcha: frauds

"Stupid people hook crap up to internet ends bad!"

Stupid people hook up cheap Chinesium crap to the internet and it ends badly.

Whoda thunk?!?

Stupid

They don't want to introduce the idea to the world?

Then people won't stop buying this crap. It's not an issue of "make a law" it's an issue of "let consumers know so the market can work correctly"

You have 2 competitors and one has no security, they don't sell any products and the bar is raised.

Wtf is 2018.

Re:Stupid

[Fly+Swatter]

You have 2 competitors and one has no security, they don't sell any products and the bar is raised.

Wtf is 2018.

You are right, it is 2018. So you have 100 competitors and one has security but costs more than the other 99 knockoffs that all came from the same factory. They don't sell any products and go out of business. That is 2018.

obMovieReference

[cascadingstylesheet]

"It's coming from inside the house!"

Internet of Simple Home Invasion Tactics

[nctritech]

Internet of Simple Home Invasion Tactics. That's what we need to start calling this. "IoSHIT."

Smart?

[bobby]

Easily duped is not smart.

Hate to victim blame

[stealth_finger]

Hate to victim blame, but anyone who buys an IoT thingy and actually plugs it in to the internet is all but asking for it. If it can't do it's job not connected, don't buy it, and if it does, don't connect it.

Re:Hate to victim blame

[_Sharp'r_]

Yeah, these IoT devices are so very difficult for anyone in the home to deal with.

I mean, if you have physical access, it's just waaaaaay to difficult too just unplug/disconnect something without understanding exactly how it works. Probably need a contractor for that...

Re:Hate to victim blame

[Mashiki]

Well some stuff is so leaky it's stupid. Look at the recent bit with baby monitors for example. We're not talking about a lack of passwords, but rather that the devices are so badly designed that any form of protection is easy to bypass, much like all of those "smart locks" that idiots have been pushing.

Re:Hate to victim blame

Yes, there's an easy fix. Unplug those Echos, Rings, Nests, Hues, etc your ex installed and put them in the bin (or mail them to him).

Re:Hate to victim blame

[doconnor]

For some of these devices, like thermostats and light switches, it is difficult for people without any experience with circuitry or electronics to replace them.

Re:Hate to victim blame

[worf_mo]

Hate to victim blame, but anyone who buys an IoT thingy and actually plugs it in to the internet is all but asking for it.

Not all victims bought or installed the IoT devices in the first place. This is often a case of an abusive person that installs an IoT device in their (ex) home to keep their (ex) partner under surveillance or to harass them.

FTA:

Usually, one person in a relationship takes charge of putting in the technology, knows how it works and has all the passwords. This gives that person the power to turn the technology against the other person.

Re:Hate to victim blame

[idji]

The victim didn't buy this stuff, the perp did, installed it, and the left, leaving the victim with unknown tech in the house. So there is nothing to blame the victim for. If "he" installed the internet router and other geek IoT things, how is "she" supposed to know what it is without paying an electrician $100+ to go through and explain what the junk is. "She" knows if she touches anyhting herself the internet and tv probably stop working.
This is abuse of secret knowledge by a geek "he" over a non-geek "she".
And yes, I know couples where she changes the light-bulbs and he is clueless, because he doesn't know the difference between 20W and 40W and doesn't know which way to screw in the lightbulb (clockwise?? counterclockwise??)

Re:Hate to victim blame

[quantaman]

Hate to victim blame, but anyone who buys an IoT thingy and actually plugs it in to the internet is all but asking for it. If it can't do it's job not connected, don't buy it, and if it does, don't connect it.

Except in this case if the victim protested they were liable to get punched.

This isn't a story about devices being hacked. This is a story about abusers installing smart home tech in order to control and monitor their partner.

Re:Hate to victim blame

[edtice1559]

Huh? These devices have pretty good security controls and are not what we're talking about here at all. They give up a lot of data to their corporate overlords but not unauthorized third parties.

Re: Hate to victim blame

Old baby monitors were not even close to secure. They could be monitored by cheap walkie talkies.
Hell sometimes the TV would pick that shit up.

Re: Hate to victim blame

It's 2 wires, maybe 3. Figure it out.

Re: Hate to victim blame

Lightbulbs are so hard!

My mom told my stepdad the kichen needs light bulbs. So he brings home 3 150w halogen bulbs that could illuminate the whole block...

Re:Hate to victim blame

Unfortunately, manufacturers have been creating IOT devices that actively search out ways to connect to the internet. LG TVs & Win 10 are just two of many examples. One could wish that manufactures would devote as much time to security, as they do to trying to violate the owner's privacy.

Re:Hate to victim blame

[suutar]

the problem is that the person who installed it is probably still considered an authorized party, and may be the one with the ability to reset passwords.

Re:Hate to victim blame

[edtice1559]

That may or may not be true, but it's still not the issue that is being discussed. Many devices have such poorly implemented security controls that anybody (authorized or not) can control the device trivially. The ones mentioned by the OP aren't perfect, but they have been developed with security in mind by competent people.

Re:Hate to victim blame

[suutar]

Ah, you're focused on this thread, not the story it's attached to. Fair enough, but I think the person you replied to was thinking of the "manipulative ex installed stuff, how to get rid of it" part.

Re:Hate to victim blame

[edtice1559]

Okay, I see your point. Yeah, if you think your ex is using an IoT device in your home that (s)he setup to spy on you, selling it on eBay seems like a good choice!

None in my house, ever

If you're too lazy to stand up and close the light yourself... or just install a Clapper, you deserve this.

Re:None in my house, ever

[geekmux]

...or just install a Clapper...

Hello Time Traveler! Mind if I call your answering machine and leave a message? I have this cool 5-minute recording of random clapping noises. I keep it on a cassette tape labeled Your Shit was Never Secure...

Re: None in my house, ever

Tap...straight to voicemail bitch.

Re:None in my house, ever

I install smart switches in your house. I don't ask.
I beat you up and you get a restraining order.
I harass you by playing with your lights and thermostat, locking or unlocking your doors.
You don't know electronics very well and are relatively helpless other than spending money and calling a specialist.

Re:None in my house, ever

What's an answering machine?

It is as they say...

The 'S' in 'IoT' stands for security. ....I'll be here all night.

"unintended" my ass.

If you think any of this is "unintended", you are a complete moron. Unlike them. They aren't morons. They are just evil.

Re:"unintended" my ass.

[geekmux]

If you think any of this is "unintended", you are a complete moron. Unlike them. They aren't morons. They are just evil.

Uh, a default password of password sent over insecure protocols is not "evil". That's just plain stupid, and their only intent in doing so was to save cost.

Re:"unintended" my ass.

It probably is unintended, originally. A decision can make sense for a couple that's together and trusts each other, but then become a bad decision if they split up. Believe it or not, the negative consequences of a breakup might even include non-technological issues.

Re: "unintended" my ass.

Hey I didn't know jamming a knife in your ass would hurt you. I'm stupid, not evil.

Every technology gets abused

[gweihir]

There are always some power-hungry fuckups that do it. At least these here are obvious about it, unlike the NSA, the GCHQ and other groups of no ethics whatsoever.

Re:Every technology gets abused

Every technology gets abused

. A bit like your mom

weasel words

[cascadingstylesheet]

"Increasingly", "many", "more"

How many? How do you know?

It makes a great story, but "many" of these kinds of stories don't have much to back them up, as to the size of the problem.

It might be helpful to say "X percent of DV cases in {area} in 2017 involved smart home devices" or something.

Re:weasel words

[110010001000]

It means "we need to bring in a consulting company to understand this. Please send money."

Fragmentation is bad - hubs need to be smarter...

[b0s0z0ku]

Imagine if a home had a single hub for the smart devices that acts as a VPN server. All traffic between the devices and the Internet would be mediated by that hub. Changing the password or key on the hub would automatically lock out all external devices.

Compare this to the current paradigm, where there's a cloud provider for each brand of device, with different authentication information for each. It's easily possible to forget to change some of the passwords when someone moves out/is kicked out of your home. Fragmentation is the problem here.

The traffic would of course be peer-to-peer (i.e. phone-to-hub via Internet) in my paradigm, not going through a bunch of 3rd-party servers to be mined, sliced, diced, and spied upon.

Not everything needs to be connected to the net

A couple of years back, I was getting my annual boiler service done. The two guys from British Gas went about inspecting everything and then asked if I was interested in getting Hive. They talked up the benefits of it: being able to control my central heating when I'm not in, the system intelligently switching on the heating when it notices I'm heading home from work, the system switching stuff off when it notices the last person leave the house (all via their smartphone).

I told them no. When they asked why not, I told them that not everything needs to be connected to the internet. Besides, my heating is on a timer and if I want to change the temperature, I can walk the five steps from my sofa to the thermostat and adjust it that way. At the end of the day, it would only take one hack to bugger up all the Hive-connected central heating systems and so I wasn't interesting.

The two guys gave one another "that look" - the one that says, Ah, silly paranoid nerd. No, not silly nerd, I think I'm being very sensible. Why I imagine Hive has a manual override and such hacks have yet to occur, it's not a matter of if, it's a matter of when. Imagine going away for two weeks to discover your central heating has been running full blast 24/7, or during the coldest week of the year the system simply won't stay on because it's being ordered not to.

No thanks. I'll stick to the old fashioned methods of turning on my lights, running my kettle, and checking to see how the food in the oven is doing (I mean, ffs who the hell needs a wifi camera in a fucking oven?!!!)

Re:Not everything needs to be connected to the net

[b0s0z0ku]

As far as the "Last person leaving the house" problem, this can be solved using a three-way switch at the door. If the switch is on, the regular thermostat is switched into the heat circuit and turns the heating on at 20C or whatever. If the switch is off, there's still a backup fixed-temp thermostat in parallel that cuts in if the temp drops below 15C or something like that. The last person out of the house turns it off, first person in turns it back on. It won't kill anyone to be in a cold house for a few minutes.

Re:Not everything needs to be connected to the net

[PPH]

The two guys gave one another "that look" - the one that says, Ah, silly paranoid nerd.

Your name is probably in a database too. 'Refused installation of a Telescreen.'

Re:Fragmentation is bad - hubs need to be smarter.

[b0s0z0ku]

And before you say "Dynamic IP", Dynamic IP doesn't require use of a cloud intermediate. Only some type of dynamic DNS service (doesn't literally need to be DNS) to point devices to the right place.

(fart sound)

did you say something dave? is something bothering you? phewww... no heart no spirit no life.. recycle along.. https://www.youtube.com/watch?v=q0o_0b5abwA

The Law playing catch-up yet again

"law-enforcement officials said the technology was too new to have shown up in their cases"

I'm fed up with this excuse. Heard it so many times before - when is someone with a budget going to address this kind thing?

Re:The Law playing catch-up yet again

[b0s0z0ku]

In certain parts of the US, they're too busy chasing illegal immigrants and small-time drug users to focus on crimes that actually cause physical or psychological harm...

Re:The Law playing catch-up yet again

[cayenne8]

In certain parts of the US, they're too busy chasing illegal immigrants and small-time drug users to focus on crimes that actually cause physical or psychological harm...

Well, they do often cause physical and psychological harm....?

I think US citizens should have the right to do with their bodies as they wish, however.

And we should protect our borders from those committing the crime of crossing illegally...if they start right off breaking the law, then it would seem logical they don't have qualms about breaking other laws here.

Re:The Law playing catch-up yet again

[b0s0z0ku]

Moralistic moronic nonsense. The law is just a set of words written by a bunch of old farts who managed to con dumb people into voting for them.

By your argument, we should shoot speeders and pot smokers -- they've already broken the law, so they're more likely to commit murder. Might as well prevent crime before it happens.

I think the inverse is actually true with illegal immigrants. They're less likely to commit violent crimes because the consequences can often be dire. Not only jail, but deportation back to a war-torn country or one where gangs are looking to kill them.

Re:The Law playing catch-up yet again

[ahadsell]

Nice opinion. Got any facts?

Re: The Law playing catch-up yet again

[houghi]

You forgot to ask yourself if the law is just and if the pu ishment meets the crime. To blindly follow a law because it is alaw is like blindly follow an order.

Re: The Law playing catch-up yet again

[cayenne8]

You forgot to ask yourself if the law is just and if the pu ishment meets the crime. To blindly follow a law because it is alaw is like blindly follow an order.

If you don't like the law...CHANGE the law.

By they way, it is the legislators that make and pass the laws, so, tender your vote that way election time.

But until then, the law is the law.

And this is a surprise to anybody why exactly?

[SciCom+Luke]

People have attempted to gain dominion over others since the dawn of time. The whole desire to put everything you own, and everything that monitors yourself, your baby, your food, your laundry, the loks on your door, your car and make it near-public, it is expected that people will abuse the opportunities you offer. This does not mean that the owner is to blame, but it does mean that the owner puts him or herself in a lot of risk. Sometimes that goes wrong... If you roll the dice, you sometimes roll a 1. Is that so unxpected?

Re:Fragmentation is bad - hubs need to be smarter.

[ctilsie242]

I've preferred that model. Have everything communicate via Z-Wave, Bluetooth, or similar to a hub, which is hardened, and has a manifest/profile for every device including what it can talk to (and 0.0.0.0/0 as a netmask is not going to be allowed.) Perhaps 2-3 hubs for redundancy, if that is what is wanted. This way, there is a hardened device doing all the Internet stuff, rather than devices made in the cheapest Chinese factories with software made by the sloppiest, "get 'er done, it builds, ship it" methods.

However, IoT makers get a lot of cash through analytics, so they want to chuck as much data as the device can glean. It isn't like anything is going to happen to them. Even the GDPR just means they do their stuff in a non-European country.

How shocking...

[lance_of_the_apes]

...and unexpected this is. :-|

Based on the comments no one read the article

This is not about some unknown person controlling crap. This is about an abusive spouse who installs stuff to spy/control/annoy their spouse at home. Think I put my wife in a cage when I leave and screw with her remotely while watching on the remote camera to get my rocks off. Better security is not going to help. May hurt as these sick individuals will be safe as no one can see what demented things they are doing to their spouse.

Stop being ridiculous

[shaitand]

Yes, there is someone out there making their partner a veritable slave in their home. But we've taken this so extreme you won't actually ever encounter it in life situation and act like it is everywhere and are conflating the idea with hundreds of things that aren't that to create the illusion it is everywhere and women terrified.

All spouses of all genders have suspicious and paranoid moments and everyone tries to startle others and laughs when they jump sometimes. You and your spouse ARE both entitled to not be perfect. Try to be careful not to fall into arguments based on the slippery slope fallacy that have been pushed by others with an agenda which is served by your judgement being clouded by emotion and over sensitization. 999 times out of a thousand this is harmless and just call your spouse out on it if something like this is bothering you because while you want to have a sense of privacy you aren't actually entitled to it from your partner. It is your partner who ultimately is choosing to respect your privacy on the assumption there is nothing to find and it is on you to make sure that is actually true.

A slap or a punch might do objective physical harm and under rare or exceptional circumstances could be part of an accident causing serious damage but generally speaking they aren't that big a deal which is why society accepted them as means to address extremely unacceptable and/harmful behavior when an individual refused to correct themselves. Getting rid of these options as we have means also taking on the obligation to never "lose your shit", betray your spouse, embrace an irrational philosophy which allows you to pretend emotions justify irrational behavior. The very existence of tinder shows just how good a job we are doing.

Re:Stop being ridiculous

[drinkypoo]

Yes, there is someone out there making their partner a veritable slave in their home. But we've taken this so extreme you won't actually ever encounter it in life situation and act like it is everywhere

The easier it becomes to do a thing, the easier it becomes to do an uncharacteristic thing in a moment of weakness. Little girls don't lock their diaries because even they think the lock can't be broken, any more than people lock their front doors because they think their lock can be broken. It's because lots of people will just walk in, and plenty of people will just take something that isn't nailed down. A simple lock that's easily defeated stops the impulsive, if not the determined.

These systems are so vulnerable that they practically invite snooping. If someone can get into your camera just by googling the stuff written on it, the odds go way up that they will. This is actually true of malicious actors as well as the bored and curious; a notable portion of them are incompetent.

Re:Stop being ridiculous

[shaitand]

"These systems are so vulnerable that they practically invite snooping. If someone can get into your camera just by googling the stuff written on it, the odds go way up that they will. This is actually true of malicious actors as well as the bored and curious; a notable portion of them are incompetent."

I don't deny that at all. But this isn't about third parties gaining unauthorized access, this is about painting a spouse as an abuser if they access these devices in their own home.

Re:Stop being ridiculous

"These systems are so vulnerable that they practically invite snooping. If someone can get into your camera just by googling the stuff written on it, the odds go way up that they will. This is actually true of malicious actors as well as the bored and curious; a notable portion of them are incompetent."

I don't deny that at all. But this isn't about third parties gaining unauthorized access, this is about painting a spouse as an abuser if they access these devices in their own home.

NO, this is about abusers accessing these things when they are not in the home, because they have been kicked out and don't live their anymore, and then utilizing their access to record secret videos of their ex-girlfriend and put them on the internet, or mess with the lights and internet to torment them, just when the abusee thought they were safe and free from abuser.

Re:Stop being ridiculous

There really isn't much of anything like that on the internet these days. It is all wives cuckholding their husbands with lesbians sporting black strapons and bbcs.

Re:Stop being ridiculous

[drinkypoo]

Actually, using a home security system to spy on a partner IS abuse. It's a violation of privacy.

Re:Stop being ridiculous

[shaitand]

We aren't neccesarily talking about a home security system there are likely cameras and microphones on a dozen or more devices in your home and dozens of other smart devices that could definitely be exploited to provide insight into movement and activity in the home. An intelligent individual could fingerprint and monitor known activities and usages throughout the home with nothing more than smart monitoring of power usage.

Privacy violation along with most things can certainly be used as a tool of abuse. It is important to remember that your right to privacy doesn't prempt your partners rights and is mostly waived by the commitments you've made to them and your acceptance of the benefits you gain in turn. Like any contract, social or otherwise, you are bound by the terms and have waived any of your rights necessary to meet the terms and relationships have an out clause. If you have waived any rights that would prevent the other party from determining if you violate the terms or enforce the agreed and/or implied consequences. Relationships are about balance and balance is usually found both parties doing their best to get over personal boundaries, sensitivities, feelings, hangups, especially any that get in the way of understanding and working in harmony with your partner. If you are actually married you don't even have rights your partner isn't allowed to waive on your behalf to a third party, why would you think you have any right to hide something from them short of a divorce?

Advice to Victims

[omfglearntoplay]

Unplug the bad device from the network... as in unplug that wire that isn't power. No wire because WiFi?... realistically 99% of the IoT stuff is WiFi, do this to keep it disconnected:

1. Change the password on your WiFi router, and do not update it on your IoT devices.

2. If you don't know how to do that, throw away your old WiFi router and buy a new one, which will force you to make a new password.

Re:Advice to Victims

Great advice, but how does this help the victims? The vast majority of them will never see such a thing. You're preaching to the choir here. I'd imagine most /. readers are well aware of the dangers of the IoT and have either taken measures or decided they don't care.

This needs a solution that can be implemented once (or possibly on a political level), rather than one that needs to be implemented in every household in the connected world.

Re:Advice to Victims

The IoT device might default to any available open network if it can't find encrypted networks it has credentials for. Local bad actors can take advantage of this by making an open network nearby. IoT devices are terrible in all ways.

Re:Advice to Victims

Great advice, but how does this help the victims? The vast majority of them will never see such a thing. You're preaching to the choir here. I'd imagine most /. readers are well aware of the dangers of the IoT and have either taken measures or decided they don't care.

This needs a solution that can be implemented once (or possibly on a political level), rather than one that needs to be implemented in every household in the connected world.

That sounds like a nanny state. Whatever happened to being responsible for one's own self? If the victims are too stupid or lazy to disconnect their IoT devices, then I have no sympathy for them. It's not that hard to use Google and find out how to reconfigure or disable the network connection of those devices. And before anyone says that these are poor people without Internet access, two points: 1) Why do poor people have expensive, overpriced IoT appliances in their homes? 2) There are public libraries with free Internet access.

At times, it seems that victims are victims because they want to be victims or act in ways that make it more likely for them to be victimized.

Re: Advice to Victims

You missed step 0: First, ask your abuser for the money to buy a new router.

You are aware you are coming from a position of privilege in what you write?

I will never have one of these devices

in my house. Ever. Working IT security for years and understanding how this stuff works has put me off of it long before Nest, Echo, Google Home, et al ever made the scene. To knowingly allow blatant spies into you midst is a sign of absolute carelessness. No one needs their house to be "automated" unless they're handicapped. My Honeywell HVAC system is simply good enough. I don't need or want an app to control anything in my home. I don't want or need a "connected' home. Being tethered to my on-call mobile phone is bad enough. When I'm home, I want to be away from connectivity as a whole unless I'm gaming.

as designed..

as designed. Just ask Google.

The reality is, the internet and its "things", browsers included, is a heedless goldrush where risk indifferent short sighted megalomaniacs -Jack Dorsey comes to mind as a prototype- inflict socially destructive , pointless services and gadgets on shortsighted people who are having the real consequences of their participation, subscription or purchase systematically and deliberately hidden from them.

In the end, people will sort it out, vote with their wallets and eyeballs and society will take its lesson.

In the meantime, it's tough to watch it unfold.

The Internet Of Hacked Things

[Citizen+of+Earth]

Why do you want hackers to control your house?

Re:The Internet Of Hacked Things

I really liked "Demon Seed."

Mod parent Off-Topic

This has jack shit to do with poorly maintained/cheap stuff, and it's all about these things being correctly configured to answer to their intended (at the time) master .. who happens to move out but still retains control of things to mess with their ex.

(How you got modded up, instead of down to -1 Off Topic, is a testament to the moderators' incompetence. No thinking person would have modded you up, unless their goal was to maliciously pollute the discussion with distractions. You are a waste.)

If there's a lesson here, it's that things need obvious reset buttons available to whoever has physical access, so that possession, not whoever-set-the-password-first, becomes the primary means of deciding to whom it should ultimately answer.

On trends towards digitally-facilitated slavery

[Paul+Fernhout]

I was responding to this blog post -- especially the conclusion and Marx quote at the end (quoted here):
"Return of the Slave Society"
https://thesphinxblog.com/2017...
"... There's a substantial tradition, especially in the nineteenth century, of contrasting ancient slave society with modern capitalism. I always recall the Aristotle quote with which I started from Marx's evocation of it in Das Kapital: foolish Greek, thinking that machinery would lead to a life of leisure, rather than being the surest method of lengthening the working day! Likewise, "the Roman slave was bound with chains... the modern wage-labourer is bound to his owner by invisible threads". Manifestly, Marx failed to imagine that the remorseless logic of capitalism might lead workers to be displaced rather than exploited, and that we might be better off thinking of analogies between Juvenal's "bread and circuses" snark and the joys of social media...
> "On the one hand, there have started into life industrial and scientific forces, which no epoch of the former human history had ever suspected. On the other hand, there exist symptoms of decay, far surpassing the horrors recorded of the latter times of the Roman Empire. In our days, everything seems pregnant with its contrary. Machinery, gifted with the wonderful power of shortening and fructifying human labour, we behold starving and overworking it. The new-fangled sources of wealth, by some strange weird spell, are turned into sources of want. The victories of art seem bought by the loss of character. At the same pace that mankind masters nature, man seems to become enslaved to other men or to his own infamy. Even the pure light of science seems unable to shine but on the dark background of ignorance. All our invention and progress seem to result in endowing material forces with intellectual life, and in stultifying human life into a material force. (Marx, Speech at the anniversary of the People's Paper)""

==== My own comment there: https://thesphinxblog.com/2017...

Hi Neville, Thanks for the insightful post on what can we learn about our possible future from studying a past society where "autonomous tools" were ubiquitous [Ancient Rome with slaves].

I've been wondering myself what we could learn about the future of robotic economics from the pre-Civil War US South and its slave-based economy. Given robots and AIs might have feelings in the future, that includes the previous moral justifications for what we now find abhorrent to do to people such as outlined in "Defending Slavery: Proslavery Thought in the Old South: A Brief History with Documents" by Paul Finkelman.

Thanks for expanding the picture for me to include reflections from Roman society. You might find of interest some of Marshall Brain's speculative writings on the future of robotics and economics (and the resulting concentration of wealth) like in his "Robotic Nation" essays.

I especially like your tangential point that "Marx failed to imagine that the remorseless logic of capitalism might lead workers to be displaced rather than exploited".

To go off further on that tangent (reflecting your Marx quote, including "At the same pace that mankind masters nature, man seems to become enslaved to other men or to his own infamy"), one of the saddest things about modern times is that all these advanced technologies -- technologies that could be used to liberate people's time in a post-scarcity way -- these technologies are instead being used mainly to regulate people's time via Orwellian 24X7 surveillance both at work and at home. People are even voluntary inviting Alexa, Siri, and so on into their homes to potentially eavesdrop on everything they or their children say -- like with the human slaves of old. But there is a twist now of potentially recording everything said in a home and c

IoT "thing"==any computer

It's clear that a lot of people (you, for example) not only decided against reading the article, but also didn't read the Slashdot summary or even the headline. But felt compelled to post.

Boy and girl's eye meet. One thing leads to another, smoochy smoochy, let's play house. Girl says "I'm a girl so I'm going to dork out on makeup." Boy says "I'm a boy so I'm going to dork out on computers."

Boy can actually do a good job. He may be able to perfectly maintain everything, and it's all secured and inaccessible from the Internet. His and her phones are on a VPN that talks to homeassistant or whatever, and things are correct.

Boy smooches wrong girl. Original girl says "You're a bad boy. Move out." Boy angrily moves out, but maybe doesn't take all the computers with him (maybe she paid for some of them, or maybe he wants to leave his agents in the house). Boy still has access. He can clicky clicky and things happen that girl doesn't want to happen.

Girl has gear that used to be good, perfectly designed, but now answers to someone else. She's no longer better off than someone who had put Apple or Google in charge of the computers. And like an Apple or Google user, girl loses. Gotta chuck it, or else take control of it. Maybe she can do that, and maybe she can't. But it's one more thing to worry about when she's also changing the door locks (unless they're part of this, grrr), updating her insurance stuff, telling the neighbors "call me if you see that creep hanging around here", etc.

This almost has nothing to do with smart switches; the same situation can happen simply with a word processor. Boy sshs in, change resume to mention cock-sucking skills, girl sends to prospective employer quickly without noticing the sabotage, and bad thing happened. Boy sshs in and simply deletes girl's whole project folders, oh and by the way, I took the backup system with me when I moved out. All the usual bullshit is still on the table, but now it also includes the TV (not just on/off but maybe even the list of shows that sickbeard gets for showing on the TV), light switches, HVAC, etc. It's just more stuff, overall, so the stakes are higher.

And that's really what it comes down to. More things are centrally controlled by computer instead of physical presence, which can be a good thing .. until it's not. Until the computers' loyalties become out-of-date.

GOLLY GEE I NEVER SAW THIS COMING!

[Rick+Schumann]

Fools bought into all this stuff in the first place with blinders on not even wanting to see that they were just creating more avenues for attacks on their privacy and now you all scream bloody murder over it. I'm laughing so hard I may dislocate a rib.

Re:Fragmentation is bad - hubs need to be smarter.

Compare this to the current paradigm, where there's a cloud provider for each brand of device, with different authentication information for each.

That is not the current paradigm; it's just one of them. I think most reasonably-intelligent people realize that "cloud providers" are usually one of the worst ways to handle most applications. (Do you know anyone who uses Google Docs or Office 365? I don't.)

If your home automation uses cloud providers, it's because you chose to put some random strangers in charge of your stuff instead of having your own hass (or OpenHab or whatever) talking z-wave to your stuff.

But either approach has the same problem, once you decide to allow remote control of things (e.g. hubby and wife's phones). If there's a break up, then someone needs to revoke someone else's access. But that's the same whether we're talking about light switches, the car or the kid or the house itself. People have had this IoT problem for thousands of years, figuratively. It's just that now, it has grown to include more things, such as light switches. Talk to a 1968 divorcee, though, and you'll near similar stories. ("What?! He terminated the milk delivery! What? He was spotted sneaking into the back yard, unlocking the shed with his own key, and he took something out! Hey, where's my car?! My son didn't come home from school and I called and they said his father picked him up!!")

Breakups are a hard problem to solve.

How about?

How about unplugging it?

There is always a loop hole

[techsparrow]

Nothing can be perfect and there always exists a loop hole. Proper coordination between the devices and their security feature is not known to most of the common users.

Re:CREMER only posts on topic so he can SPAM LATER

You're here to bitch about creimer. Meanwhile, creimer posted two dozen AC comments over the weekend. You don't need a user account to promote your agenda.

Close call

Whew! Close call. The typical computer-illiterate here on slashdot would NEVER have thought to change the password.

Just Disconnect Them

[friedmud]

Why is Slashdot suddenly full of luddites?

My home is full of smart stuff. My fiance has full access to that smart stuff. If she leaves... I can easily revoke her access with one (ok, two) touches of a button in the settings of my iPhone (to revoke her access to Homekit). She won't be able to do anything with my house past that point.

This has absolutely NOTHING to do with "crappy IOT security"... or any such scare mongering thing. All that's wrong here is that people don't know how their own devices work.

If you're not solely using Homekit then there is always another simple solution:

Hue bulbs that someone who has left the house can control? First: unplug the hub. The lights will still function perfectly as "dumb" lights that go on and off with the switch... but not a soul will be able to remotely control them. Want to turn them back into smart lights? Reset the hub and plug it back in and set it up as a new device... the person that's left the house will not be able to control them whatsoever.

That's pretty much the same for any smart stuff: unplug the hub first... then later if you want that capability back - just reset the Hub and set it up as a new device.

It works the same way for Caseta lighting, for Ecobee thermostats (just reset it and re-set it up), for Google Home, Alexa devices, etc.

I don't understand why people feel like they are somehow "at the mercy" of these devices. Just freaking unplug them and no one will be able to control your house... and when you have time to set them back up again - do it.

Why does every damn IOT story on here have to be followed with 1000 luddites screaming "I told you they were insecure!". This is freaking Slashdot! We're not afraid of technology here! We can talk about how to mitigate technological problems and steps to take to solve issues like these.

Jebus!

Re:Just Disconnect Them

[michiganbob]

And furthermore, this article isn't even about the technology being insecure. It's about people abusing their already-granted access to exert power and control over their partner in an abusive relationship.

I feel like the commenters here just see the term "IoT Devices" and see it as an excuse to get on their holier-than-thou anti-Google/Amazon/Nest/etc soapbox. Guess what? No one gives a crap that you still use a flip-phone and "refuse to have an always-listening microphone" in your house. You're not special, and you're not smarter than the rest of us.

Re:Just Disconnect Them

Some are Luddites because they fear technology. Others are Luddites because they understand technology, and respect it.

security through obscurity

"we don't want to introduce the idea to the world"

When will people ever learn that vulnerabilities need to be made public right away? Oh, that's right... it will never happen because it will negatively affect public perception and consumer ignorance, uhm, I mean consumer confidence.

IoT is a fad.

[Qbertino]

Said it 1.5 years ago, will say it again.
IoT is a fad and it will die off pretty soon because of precisely this problem mentioned in TFA.

Nobodies Toaster needs a webserver.

Re: IoT is a fad.

I said this crap was insecure, half assed, lazy, pointless, money sink, less convenient than doing it yourself as you don't have any complicated set up time to do 1 thing... way back in the X10 days.

Re:IoT is a fad.

Nobodies Toaster needs a webserver.

But many toasters need NetBSD.

Liberate your toaster today.

Not in my home

There are no IoT (Internet of Threats) devices here, and never will be.

Re:CREMER only posts on topic so he can SPAM LATER

You don't need a user account to promote your agenda.

See this is why nobody likes you. A good Slashdot poster is here to have a multi-sided discussion and not to promote an agenda.
We don't want to be advertised to you idiotic psychopath

Re:Fragmentation is bad - hubs need to be smarter.

OMFG. This 2018. Why the fuck are you still using hubs? Better yet, where the hell are you buying them?

Now I like that "smart" idea you have. If we take a hub, and make it "smart" then that could work...but we gotta come up with a name for it. Not too cool to attract attention though. I'm thinking something along the lines of a word that is common parlance, but to that very same commoner, doesn't appear to do what it really does.

Something like "switch" maybe...

Found the subject of TFA!

If all of that crap you typed in your two posts is any indication, you are the person, the ABUSER, tfa is talkin about. You dedicated your last paragraph to glories of slappin a bitch around and why that's really ok. Furthermore, just to be extra Deplorable, you followed that up with since you can't beat your wife, you now have to "betray your spouse, embrace an irrational philosophy which allows you to pretend emotions justify irrational behavior" which that last piece doesn't even make fucking sense. I guess you mean "become a libtard" or some such other vulagarity, I don't fucking know.

Thanks Captain Obvious

A monitoring device that you leave on in your home and is attached to the interwebs could be used to monitor you?

Fake news.