Slashdot Mirror

← Back to Stories (view on slashdot.org)

Smart Lights, Speakers, Thermostats, Cameras and Other IoT Devices Are Being Increasingly Used as a Means For Harassment, Monitoring, and Revenge (nytimes.com)

Posted by msmash on from the other-side-of-the-coin dept.

Smart home devices are supposed to bring convenience to people's lives, but increasingly, their unintended consequences are surfacing, and are being exploited to harass others, an investigation by The New York Times has found. [Editor's note: the link maybe paywalled; syndicated source.] From the report: In more than 30 interviews with The New York Times, domestic abuse victims, their lawyers, shelter workers and emergency responders described how the technology was becoming an alarming new tool. Abusers -- using apps on their smartphones, which are connected to the internet-enabled devices -- would remotely control everyday objects in the home, sometimes to watch and listen, other times to scare or show power. Even after a partner had left the home, the devices often stayed and continued to be used to intimidate and confuse.

For victims and emergency responders, the experiences were often aggravated by a lack of knowledge about how smart technology works, how much power the other person had over the devices, how to legally deal with the behavior and how to make it stop. "People have started to raise their hands in trainings and ask what to do about this," Erica Olsen, director of the Safety Net Project at the National Network to End Domestic Violence, said of sessions she holds about technology and abuse. She said she was wary of discussing the misuse of emerging technologies because "we don't want to introduce the idea to the world, but now that it's become so prevalent, the cat's out of the bag."

89 of 174 comments (clear)

  1. IoC by dehachel12 · · Score: 4, Insightful

    Internet of Crap. They usually are some cheap things released onto the market without serious security protection(who didn't see THAT coming ?). I'll never use them.

    1. Re: IoC by NicknameUnavailable · · Score: 2

      Bet you're starting to understand now why the Illuminati allows computer science to move forward but put the breaks on all physics developments attainable without a multi billion dollar particle accelerator.

    2. Re: IoC by Joce640k · · Score: 2

      "Brakes", the word you're trying to use is "brakes".

      https://en.wikipedia.org/wiki/...

      https://en.wikipedia.org/wiki/...

      --
      No sig today...
    3. Re:IoC by dehachel12 · · Score: 2

      > LED lights (dumb variety)
      so, not a Internet of Crap thing ...

    4. Re:IoC by Fly+Swatter · · Score: 2

      In hindsight, CF bulbs were necessary, but really a joke of a product. Only in todays world would a buyer tolerate ten times the pruchase price, slow starting, flickering, wrong color, gets dimmer with age, can't be dimmed, needs to be recycled because of mercury, doesn't last as long as claimed, and can't be used in half of the (fully enclosed) fixtures. But hey you saved on electricity!

      LED bulbs learned from all that, even the EnergyStar rating requires much longer warranties because the early CF lifespans were laughable.

      Off topic, but speaking of EnergyStar, modern dehumidifiers are like the old CF bulbs in that they do not last. As they inevitably fail in 1-2 years, the failure mode causes them to burn constant electricity until the owner realizes it isn't doing anything. How can something like this ever get an EnergyStar rating? I'm on my sixth one in 7 years - yea and look it up all the brands are like this.

    5. Re:IoC by b0s0z0ku · · Score: 1, Offtopic

      Re: dehumidifiers -- mode of failure is probably accumulation of scale and dust on the evaporator/condenser fins. Washing with a mild acid (vinegar) then hosing the thing off would probably restore the lose efficiency. Also, the filters need to be cleaned or replaced from time to time.

    6. Re:IoC by 50000BTU_barbecue · · Score: 4, Insightful

      modern dehumidifiers are like the old CF bulbs in that they do not last.

      I was just at my parent's place and the Electrohome dehumidifier from the 1970s is still in the basement, chugging away.

      It may not be as energy efficient to operate, but considering it was built once almost 4 decades ago and no one needs to buy a new one, I think overall it's ahead of the game.

      It is built so sturdily I can easily sit on it, and the cooling coils are so thick and stiff I can't move them easily.

      Contrast this to the modern one I have in my house, the housing appears to be made from old pie plates and the cooling coil is so flimsy it shakes back and forth just from wiggling the unit.

      --
      Mostly random stuff.
    7. Re:IoC by sjwest · · Score: 2

      You and i might not use them but our friends at shodan.io will scan for them regardless.

    8. Re: IoC by Anonymous Coward · · Score: 1

      Illuminati is an old word that at one time could refer to a group of wealthy power brokers who were going to rule the world, but are now mostly dead of old age. There is, however; a freudian slip in the use of that word by more recent groups, and of another one in the same vein: prism.

      It's because physics research has seen more dollars than any other type of research over the past 35 years, mostly in the realm of photonics, entangled photons, general quantum entanglement, quantum memory, and quantum communications (at least a $100B). Traditional computer technology has declining value in terms of exploit, spying, and population control. Now it's all about the photons, and those are 1000x more effective.

    9. Re:IoC by Solandri · · Score: 4, Interesting

      The problem isn't the item or their network capability. These things would be fine if you were only able to access and control them over your LAN. The problem is some idiot thought it would be cool to be able to access them over the Internet. As a result the devices connect to some server on the Internet (no doubt allowing the manufacturer to collect marketing info), waiting for your smartphone app to contact the server and connect to the devices remotely.

      The way they should work is they should never connect to the Internet, and should limit their network activity to your LAN. If you want to control them from outside your home, you should set up a VPN server on your router (many of them come with one built-in now), and use the VPN client on your phone to access your LAN from the Internet, giving you access to those devices.

      Unfortunately, this is beyond the technical capabilities of the vast majority of users, and they don't want to learn how to do it, so we end up with these IoT devices which access the Internet directly. Same reason everyone sells their soul and shares their news and photos on Facebook, instead of setting up their own personal website/blog.

    10. Re: IoC by Anonymous Coward · · Score: 1

      You sure about that? Yes the saying is "put the brakes on", but maybe they meant it not as "put a stop to it" but rather as "destroy everything we know about it".

    11. Re:IoC by b0s0z0ku · · Score: 4, Interesting

      Funny thing is that dumb phones and hardwired phones are still better at being phones than many smartphones today. Also, the actually wired phones don't blast your noggin with microwave radiation.

    12. Re:IoC by inking · · Score: 1, Funny

      And pigeons are not only warm to the touch, but can also be eaten in case of a famine. Got to be safe and all.

    13. Re:IoC by Archangel+Michael · · Score: 1

      That is brilliant. I wonder how many people figured the reference. Obscure level expert!

      --
      Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
    14. Re: IoC by PopeRatzo · · Score: 1

      I'm not sure either. I rather like the construction "put the breaks on". It's a little unconventional, but in certain context it can be meaningful. Language should be mutable. Even fungible.

      --
      You are welcome on my lawn.
    15. Re: IoC by Sloppy · · Score: 1

      So.. it's basically generic power, exactly the same as every other technology that preceded it? Yeah, I can see that.

      Seriously, they probably said the same thing about fire and the wheel. You're not wrong.

      --
      As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
    16. Re:IoC by Anonymous Coward · · Score: 2, Informative

      Energy Star is a joke. A gasoline powered alarm clock received an energy star rating.

      https://www.zdnet.com/article/the-strange-story-of-how-a-completely-fake-gas-powered-clock-radio-got-its-energy-star-certification/

    17. Re:IoC by houghi · · Score: 2

      The reason this is not possible for the vast majprity is because ISPs want to milk the 'limited IP4' adresses as much as possible. Even though I am 24/7 connected and so is everybody else that has a cable or xDSL modem, they still do not hand out fixed IPs, unless you pay a lot of money.

      That means connecting to your server at home is not easy for many people.

      If people had a fixed IP, this would be a LOT easier. An I mean a LOT. It would cost the ISPs the extra income from companies that now pay for something that is not really needed to be paid for.

      --
      Don't fight for your country, if your country does not fight for you.
    18. Re: IoC by Anonymous Coward · · Score: 1

      It's literally impossible for women to lie, Nazi.

    19. Re: IoC by Jason1729 · · Score: 1

      3. The can collect as much data from you as possible and sell it to third parties.
      4. They can charge a monthly fee for "premium" features that realistically have nothing to do with the cloud or infrastructure.

    20. Re:IoC by Anonymous Coward · · Score: 2, Insightful

      Yep, phones 20 years had better sound quality and connected faster than the ones we have today.

      Anyone else remember when you'd press buttons on the TV remote and the channel would change instantly? Remember when you'd put a video came in your console, power it on and start playing instantly?

      Tech products are getting worse and worse year by year, but hey, nobody needs a 4 year computer science degree when you can learn to code at a 2-week bootcamp. Because those are totally the same thing.

    21. Re:IoC by ncc74656 · · Score: 1

      The reason this is not possible for the vast majprity is because ISPs want to milk the 'limited IP4' adresses as much as possible. Even though I am 24/7 connected and so is everybody else that has a cable or xDSL modem, they still do not hand out fixed IPs, unless you pay a lot of money.

      Most routers support dynamic DNS. If you want your stuff accessible through a domain you control, you can create a CNAME entry on your domain that points to the dynamic-DNS hostname (so that home.example.tld gets redirected to example.dyndns.org, or whatever).

      If your ISP is using CGNAT, this won't work, but other than your cellphone and its service provider, how many are actually implementing CGNAT?

      --
      20 January 2017: the End of an Error.
    22. Re: IoC by Miamicanes · · Score: 1

      Let's not forget the 10-20 seconds it takes to wake up 3 sleeping monitors because Windows has to re-negotiate HDCP handshakes with each of them, one by one. Made worse by the hellbent-determination of Windows to put monitors to sleep at every possible opportunity... even IF you try disabling that behavior. The next Windows update blows all the changes you made away, and you're back to reading manuals while twiddling the mouse with one hand to trick Windows into thinking it's active.

      Seriously, I think someone even made a box that sits between your mouse & computer and automatically generates fake mouse activity after some period without mouse activity for this exact purpose.

    23. Re: IoC by Miamicanes · · Score: 1

      Frankly, the PLA is the LEAST of my worries. China's government has no authority to prosecute me, and I doubt whether it genuinely CARES what random Americans do. If I had family members or substantial investments in China I *might* care... but I don't.

      On the other hand, bored troll losers looking for random shits & giggles scare me a lot, precisely because they DO have the potential to cause large-scale harm to random strangers at little personal risk & with minimal effort.

    24. Re: IoC by Miamicanes · · Score: 1

      Someone (in France, I think) came up with an entirely reasonable compromise a few years ago -- Carrier-grade NAT with a static shared public IP, and 16-1024 port addresses (out of the 65,535 possible) permanently forwarded to the private IP assigned to each customer. End users configure their router as always (except technically, now double-NAT'ing). The only difference is, ports 1-32768 are shared by everyone sharing the public IP, and only a known range of upper ports gets forwarded to you (say, 49153-50177). So you don't have *complete* freedom to run services on any arbitrary port, but you still *do* get a stable range of ports at a static IP address to do it with.

      Sadly, his proposal died early in the IETF process... the ipv6 militia mobilized against it as a threat to their sense of urgency (by giving everyone another relatively painless way to hit snooze for 10-20 years), and lack of interest by the DHCP people (many of whom are ipv6 militia-members themselves) to extend it to include port-range info was the deathblow.

      I personally have no problem with ipv6 per se, besides the fact that it's still dysfunctional in too many current setups. I had to disable it on my router, because having it enabled added 5 seconds to almost every DNS resolution... apparently, fsck'ing Windows refused to do both 4 and 6 lookups in parallel... it would try ipv6, wait, stall, time out after 5 seconds, THEN do the ipv4 lookup & continue instantly. Request after request. :-(

    25. Re:IoC by jythie · · Score: 1

      But.. wireless!... apps!.. things!..

    26. Re:IoC by Fly+Swatter · · Score: 1

      No they simply lose their refrigerant charge over time, they are not designed to be repaired or refilled so it goes to the dump. It is a true throw away appliance. The brand I have stuck with is the one that actually warrants the 'sealed system' for five years, but instead of exchanging they simply 'buy back' the appliance, which you get to keep and find a way of discarding without incurring a recovery fee for refrigerant appliances.

    27. Re: IoC by terrycarlino · · Score: 1

      Any technology can be misused.

      I've seen cases of abusive spouses using double-sided locks (Locks which require keys on both sides) to trap victims. Taking the phone (landline). Etc.

      The problem is always the same and so is the answer. Dump the abuser. Be prepared to defend yourself.

      Sure get a restraining order. Call police if they break it. But when seconds count the police are only minutes away. So be prepared to defend yourself.

    28. Re:IoC by b0s0z0ku · · Score: 1

      "Wires" are still there, either as fiber or as a cable connection. They also are much smaller and less resource-intensive than the big 200-amp cables carrying power to the home. What's wrong with people to put them up? Everyone's got to work and eat, after all.

    29. Re: IoC by houghi · · Score: 1

      So why not make such a product and sell it? I do remember those things, but would not be willing to pay extra for it.

      Because I also remember what percent of my wage I had to pay for it. I solved the issue with the channel switching. I realized I did it so iften, because nothing was interesting enough to hold my attention. So I cut the chord.

      All in all a first world problem.

      --
      Don't fight for your country, if your country does not fight for you.
    30. Re:IoC by Agripa · · Score: 1

      In hindsight, CF bulbs were necessary, but really a joke of a product. Only in todays world would a buyer tolerate ten times the pruchase price, slow starting, flickering, wrong color, gets dimmer with age, can't be dimmed, needs to be recycled because of mercury, doesn't last as long as claimed, and can't be used in half of the (fully enclosed) fixtures. But hey you saved on electricity!

      LED bulbs learned from all that, even the EnergyStar rating requires much longer warranties because the early CF lifespans were laughable.

      LED bulbs sure learned something all right; produce an even more expensive product and buy legislation mandating its use.

      In my experience, LED bulbs do not last any longer than CF bulbs; where I live they have a half life of about 6 months unless powered by an online UPS. The manufacturers love to list the operating life of the LEDs until they dim a certain amount but that has nothing to do with the ballast failures. They still do not work in most lamp fixtures due to limited operating temperature range. The warranties are a joke; just try returning one and see how much it costs in time, effort, and money. Now return every bulb over a 6 month period and repeat.

    31. Re:IoC by houghi · · Score: 1

      Oh, I know how to do that and even know what the words mean. But you need to know how to do it and ther should be no reason to use such a complex system as Dynamic DNS. We do not connect with POTS anymore.

      One provider even told me that it would be cheaper not to have Dynamic IP. He implemented a simple webinterface where people could add a CNAME to their domain name similar to their email adress with a . instead of an @ so easy to remember.

      your.name@example.com became your.name.example.com
      Easy as.

      --
      Don't fight for your country, if your country does not fight for you.
  2. Ah Yes by NicknameUnavailable · · Score: 1

    When spyware makers don't put security in their systems such that they can't be held responsible for being the only party capable of selling user information. They deserve what they get for using the devices.

  3. its much worse than that. by nimbius · · Score: 3, Interesting

    As any Slashdotter knows, smart lights, switches, and power relays are poorly regulated and secured.
    If a coordinated attack were to take place against thousands, or millions of these devices,
    they absolutely could be used to shutter an electric grid in under a minute by inducing a triplen wave:

    https://electricalbaba.com/tri...

    --
    Good people go to bed earlier.
    1. Re: its much worse than that. by supremebob · · Score: 2

      The problem is that most people (mostly contractors) usually try to buy the cheapest thing that they find at the Home Depot when they can get away with it. We really need to try to save those people from themselves.

      We already have regulations in place that "dumb" switches aren't allowed to be so poorly made that they can catch your house on fire (no matter how cheap they are), so we should probably have something similar with the "smart" ones.

      Default "abc" or "123" passwords on an IoT device should probably be treated like a faulty ground wire at this point, since they are becoming just about as dangerous.

    2. Re:its much worse than that. by ctilsie242 · · Score: 2

      The problem is that IoT companies have no vested interest in security. If their devices are used for that, worse case is that the C-levels short their stock, make the announcement, and "mourn" the dead company on the deck of their new ship. The average person in the company has to choose between making deliverables or security... and deliverables are what keeps the badge from being disabled.

      Best way to fix? Don't buy that crap. If you want to buy a $3000 fridge (and have the ability to add a flue and a gas connection), buy a fridge that uses natural gas and electric, so your beer stays cold if power goes out. If a TV requires an always-on connection, return it as defective, which it is. By not buying insecure IoT stuff, it helps everyone.

    3. Re: its much worse than that. by b0s0z0ku · · Score: 1

      Also:

      IoT devices should be required to be able to work peer-to-peer if possible, ideally via a hub that acts as a VPN/firewall.

      IoT devices that use a clown server should be required to be supported for 10 years. Having to throw away a thermostat after two years because the manufacturer shut down the cloud servers is wasteful as hell.

    4. Re:its much worse than that. by b0s0z0ku · · Score: 1

      Do any TVs actually require an always-on connection to display ATSC or HDMI video signals? (!)

  4. +10 modpoints for correct use of "aggravated" by Anonymous Coward · · Score: 1

    It didn't make the problem MAD, it made the problem WORSE.

    -Legal.Troll (a /. hero who can't post because of negative karma)

  5. obMovieReference by cascadingstylesheet · · Score: 2

    "It's coming from inside the house!"

  6. Internet of Simple Home Invasion Tactics by nctritech · · Score: 1

    Internet of Simple Home Invasion Tactics. That's what we need to start calling this. "IoSHIT."

  7. Smart? by bobby · · Score: 1

    Easily duped is not smart.

  8. Hate to victim blame by stealth_finger · · Score: 1, Insightful

    Hate to victim blame, but anyone who buys an IoT thingy and actually plugs it in to the internet is all but asking for it. If it can't do it's job not connected, don't buy it, and if it does, don't connect it.

    --
    Wanna buy a shirt?
    https://www.redbubble.com/people/stealthfinger/shop?asc=u
    1. Re:Hate to victim blame by _Sharp'r_ · · Score: 2

      Yeah, these IoT devices are so very difficult for anyone in the home to deal with.

      I mean, if you have physical access, it's just waaaaaay to difficult too just unplug/disconnect something without understanding exactly how it works. Probably need a contractor for that...

      --
      The party of stupid and the party of evil get together and do something both stupid and evil, then call it bipartisan.
    2. Re:Hate to victim blame by Mashiki · · Score: 2

      Well some stuff is so leaky it's stupid. Look at the recent bit with baby monitors for example. We're not talking about a lack of passwords, but rather that the devices are so badly designed that any form of protection is easy to bypass, much like all of those "smart locks" that idiots have been pushing.

      --
      Om, nomnomnom...
    3. Re:Hate to victim blame by doconnor · · Score: 1

      For some of these devices, like thermostats and light switches, it is difficult for people without any experience with circuitry or electronics to replace them.

    4. Re:Hate to victim blame by worf_mo · · Score: 4, Insightful

      Hate to victim blame, but anyone who buys an IoT thingy and actually plugs it in to the internet is all but asking for it.

      Not all victims bought or installed the IoT devices in the first place. This is often a case of an abusive person that installs an IoT device in their (ex) home to keep their (ex) partner under surveillance or to harass them.

      FTA:

      Usually, one person in a relationship takes charge of putting in the technology, knows how it works and has all the passwords. This gives that person the power to turn the technology against the other person.

    5. Re:Hate to victim blame by idji · · Score: 2

      The victim didn't buy this stuff, the perp did, installed it, and the left, leaving the victim with unknown tech in the house. So there is nothing to blame the victim for. If "he" installed the internet router and other geek IoT things, how is "she" supposed to know what it is without paying an electrician $100+ to go through and explain what the junk is. "She" knows if she touches anyhting herself the internet and tv probably stop working.
      This is abuse of secret knowledge by a geek "he" over a non-geek "she".
      And yes, I know couples where she changes the light-bulbs and he is clueless, because he doesn't know the difference between 20W and 40W and doesn't know which way to screw in the lightbulb (clockwise?? counterclockwise??)

    6. Re:Hate to victim blame by quantaman · · Score: 2

      Hate to victim blame, but anyone who buys an IoT thingy and actually plugs it in to the internet is all but asking for it. If it can't do it's job not connected, don't buy it, and if it does, don't connect it.

      Except in this case if the victim protested they were liable to get punched.

      This isn't a story about devices being hacked. This is a story about abusers installing smart home tech in order to control and monitor their partner.

      --
      I stole this Sig
    7. Re:Hate to victim blame by edtice1559 · · Score: 1

      Huh? These devices have pretty good security controls and are not what we're talking about here at all. They give up a lot of data to their corporate overlords but not unauthorized third parties.

    8. Re:Hate to victim blame by suutar · · Score: 1

      the problem is that the person who installed it is probably still considered an authorized party, and may be the one with the ability to reset passwords.

    9. Re:Hate to victim blame by edtice1559 · · Score: 1

      That may or may not be true, but it's still not the issue that is being discussed. Many devices have such poorly implemented security controls that anybody (authorized or not) can control the device trivially. The ones mentioned by the OP aren't perfect, but they have been developed with security in mind by competent people.

    10. Re:Hate to victim blame by suutar · · Score: 1

      Ah, you're focused on this thread, not the story it's attached to. Fair enough, but I think the person you replied to was thinking of the "manipulative ex installed stuff, how to get rid of it" part.

    11. Re:Hate to victim blame by edtice1559 · · Score: 1

      Okay, I see your point. Yeah, if you think your ex is using an IoT device in your home that (s)he setup to spy on you, selling it on eBay seems like a good choice!

  9. Re:Stupid by Fly+Swatter · · Score: 4, Insightful

    You have 2 competitors and one has no security, they don't sell any products and the bar is raised.

    Wtf is 2018.

    You are right, it is 2018. So you have 100 competitors and one has security but costs more than the other 99 knockoffs that all came from the same factory. They don't sell any products and go out of business. That is 2018.

  10. Every technology gets abused by gweihir · · Score: 1

    There are always some power-hungry fuckups that do it. At least these here are obvious about it, unlike the NSA, the GCHQ and other groups of no ethics whatsoever.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  11. weasel words by cascadingstylesheet · · Score: 4, Insightful

    "Increasingly", "many", "more"

    How many? How do you know?

    It makes a great story, but "many" of these kinds of stories don't have much to back them up, as to the size of the problem.

    It might be helpful to say "X percent of DV cases in {area} in 2017 involved smart home devices" or something.

    1. Re:weasel words by 110010001000 · · Score: 1

      It means "we need to bring in a consulting company to understand this. Please send money."

  12. Fragmentation is bad - hubs need to be smarter... by b0s0z0ku · · Score: 2

    Imagine if a home had a single hub for the smart devices that acts as a VPN server. All traffic between the devices and the Internet would be mediated by that hub. Changing the password or key on the hub would automatically lock out all external devices.

    Compare this to the current paradigm, where there's a cloud provider for each brand of device, with different authentication information for each. It's easily possible to forget to change some of the passwords when someone moves out/is kicked out of your home. Fragmentation is the problem here.

    The traffic would of course be peer-to-peer (i.e. phone-to-hub via Internet) in my paradigm, not going through a bunch of 3rd-party servers to be mined, sliced, diced, and spied upon.

  13. Re:Fragmentation is bad - hubs need to be smarter. by b0s0z0ku · · Score: 1

    And before you say "Dynamic IP", Dynamic IP doesn't require use of a cloud intermediate. Only some type of dynamic DNS service (doesn't literally need to be DNS) to point devices to the right place.

  14. And this is a surprise to anybody why exactly? by SciCom+Luke · · Score: 1

    People have attempted to gain dominion over others since the dawn of time. The whole desire to put everything you own, and everything that monitors yourself, your baby, your food, your laundry, the loks on your door, your car and make it near-public, it is expected that people will abuse the opportunities you offer. This does not mean that the owner is to blame, but it does mean that the owner puts him or herself in a lot of risk. Sometimes that goes wrong... If you roll the dice, you sometimes roll a 1. Is that so unxpected?

  15. Re:Fragmentation is bad - hubs need to be smarter. by ctilsie242 · · Score: 1

    I've preferred that model. Have everything communicate via Z-Wave, Bluetooth, or similar to a hub, which is hardened, and has a manifest/profile for every device including what it can talk to (and 0.0.0.0/0 as a netmask is not going to be allowed.) Perhaps 2-3 hubs for redundancy, if that is what is wanted. This way, there is a hardened device doing all the Internet stuff, rather than devices made in the cheapest Chinese factories with software made by the sloppiest, "get 'er done, it builds, ship it" methods.

    However, IoT makers get a lot of cash through analytics, so they want to chuck as much data as the device can glean. It isn't like anything is going to happen to them. Even the GDPR just means they do their stuff in a non-European country.

  16. How shocking... by lance_of_the_apes · · Score: 1

    ...and unexpected this is. :-|

  17. Stop being ridiculous by shaitand · · Score: 1

    Yes, there is someone out there making their partner a veritable slave in their home. But we've taken this so extreme you won't actually ever encounter it in life situation and act like it is everywhere and are conflating the idea with hundreds of things that aren't that to create the illusion it is everywhere and women terrified.

    All spouses of all genders have suspicious and paranoid moments and everyone tries to startle others and laughs when they jump sometimes. You and your spouse ARE both entitled to not be perfect. Try to be careful not to fall into arguments based on the slippery slope fallacy that have been pushed by others with an agenda which is served by your judgement being clouded by emotion and over sensitization. 999 times out of a thousand this is harmless and just call your spouse out on it if something like this is bothering you because while you want to have a sense of privacy you aren't actually entitled to it from your partner. It is your partner who ultimately is choosing to respect your privacy on the assumption there is nothing to find and it is on you to make sure that is actually true.

    A slap or a punch might do objective physical harm and under rare or exceptional circumstances could be part of an accident causing serious damage but generally speaking they aren't that big a deal which is why society accepted them as means to address extremely unacceptable and/harmful behavior when an individual refused to correct themselves. Getting rid of these options as we have means also taking on the obligation to never "lose your shit", betray your spouse, embrace an irrational philosophy which allows you to pretend emotions justify irrational behavior. The very existence of tinder shows just how good a job we are doing.

    1. Re:Stop being ridiculous by drinkypoo · · Score: 3, Interesting

      Yes, there is someone out there making their partner a veritable slave in their home. But we've taken this so extreme you won't actually ever encounter it in life situation and act like it is everywhere

      The easier it becomes to do a thing, the easier it becomes to do an uncharacteristic thing in a moment of weakness. Little girls don't lock their diaries because even they think the lock can't be broken, any more than people lock their front doors because they think their lock can be broken. It's because lots of people will just walk in, and plenty of people will just take something that isn't nailed down. A simple lock that's easily defeated stops the impulsive, if not the determined.

      These systems are so vulnerable that they practically invite snooping. If someone can get into your camera just by googling the stuff written on it, the odds go way up that they will. This is actually true of malicious actors as well as the bored and curious; a notable portion of them are incompetent.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    2. Re:Stop being ridiculous by shaitand · · Score: 1

      "These systems are so vulnerable that they practically invite snooping. If someone can get into your camera just by googling the stuff written on it, the odds go way up that they will. This is actually true of malicious actors as well as the bored and curious; a notable portion of them are incompetent."

      I don't deny that at all. But this isn't about third parties gaining unauthorized access, this is about painting a spouse as an abuser if they access these devices in their own home.

    3. Re:Stop being ridiculous by drinkypoo · · Score: 1

      Actually, using a home security system to spy on a partner IS abuse. It's a violation of privacy.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    4. Re:Stop being ridiculous by shaitand · · Score: 1

      We aren't neccesarily talking about a home security system there are likely cameras and microphones on a dozen or more devices in your home and dozens of other smart devices that could definitely be exploited to provide insight into movement and activity in the home. An intelligent individual could fingerprint and monitor known activities and usages throughout the home with nothing more than smart monitoring of power usage.

      Privacy violation along with most things can certainly be used as a tool of abuse. It is important to remember that your right to privacy doesn't prempt your partners rights and is mostly waived by the commitments you've made to them and your acceptance of the benefits you gain in turn. Like any contract, social or otherwise, you are bound by the terms and have waived any of your rights necessary to meet the terms and relationships have an out clause. If you have waived any rights that would prevent the other party from determining if you violate the terms or enforce the agreed and/or implied consequences. Relationships are about balance and balance is usually found both parties doing their best to get over personal boundaries, sensitivities, feelings, hangups, especially any that get in the way of understanding and working in harmony with your partner. If you are actually married you don't even have rights your partner isn't allowed to waive on your behalf to a third party, why would you think you have any right to hide something from them short of a divorce?

  18. Re:Not everything needs to be connected to the net by b0s0z0ku · · Score: 1

    As far as the "Last person leaving the house" problem, this can be solved using a three-way switch at the door. If the switch is on, the regular thermostat is switched into the heat circuit and turns the heating on at 20C or whatever. If the switch is off, there's still a backup fixed-temp thermostat in parallel that cuts in if the temp drops below 15C or something like that. The last person out of the house turns it off, first person in turns it back on. It won't kill anyone to be in a cold house for a few minutes.

  19. Advice to Victims by omfglearntoplay · · Score: 3, Insightful

    Unplug the bad device from the network... as in unplug that wire that isn't power. No wire because WiFi?... realistically 99% of the IoT stuff is WiFi, do this to keep it disconnected:

    1. Change the password on your WiFi router, and do not update it on your IoT devices.

    2. If you don't know how to do that, throw away your old WiFi router and buy a new one, which will force you to make a new password.

    1. Re:Advice to Victims by Anonymous Coward · · Score: 1

      Great advice, but how does this help the victims? The vast majority of them will never see such a thing. You're preaching to the choir here. I'd imagine most /. readers are well aware of the dangers of the IoT and have either taken measures or decided they don't care.

      This needs a solution that can be implemented once (or possibly on a political level), rather than one that needs to be implemented in every household in the connected world.

    2. Re:Advice to Victims by Anonymous Coward · · Score: 1

      The IoT device might default to any available open network if it can't find encrypted networks it has credentials for. Local bad actors can take advantage of this by making an open network nearby. IoT devices are terrible in all ways.

  20. I will never have one of these devices by Anonymous Coward · · Score: 2, Insightful

    in my house. Ever. Working IT security for years and understanding how this stuff works has put me off of it long before Nest, Echo, Google Home, et al ever made the scene. To knowingly allow blatant spies into you midst is a sign of absolute carelessness. No one needs their house to be "automated" unless they're handicapped. My Honeywell HVAC system is simply good enough. I don't need or want an app to control anything in my home. I don't want or need a "connected' home. Being tethered to my on-call mobile phone is bad enough. When I'm home, I want to be away from connectivity as a whole unless I'm gaming.

  21. Re:None in my house, ever by geekmux · · Score: 2

    ...or just install a Clapper...

    Hello Time Traveler! Mind if I call your answering machine and leave a message? I have this cool 5-minute recording of random clapping noises. I keep it on a cassette tape labeled Your Shit was Never Secure...

  22. Re:Not everything needs to be connected to the net by PPH · · Score: 1

    The two guys gave one another "that look" - the one that says, Ah, silly paranoid nerd.

    Your name is probably in a database too. 'Refused installation of a Telescreen.'

    --
    Have gnu, will travel.
  23. as designed.. by Anonymous Coward · · Score: 1

    as designed. Just ask Google.

    The reality is, the internet and its "things", browsers included, is a heedless goldrush where risk indifferent short sighted megalomaniacs -Jack Dorsey comes to mind as a prototype- inflict socially destructive , pointless services and gadgets on shortsighted people who are having the real consequences of their participation, subscription or purchase systematically and deliberately hidden from them.

    In the end, people will sort it out, vote with their wallets and eyeballs and society will take its lesson.

    In the meantime, it's tough to watch it unfold.

  24. Re:"unintended" my ass. by geekmux · · Score: 1

    If you think any of this is "unintended", you are a complete moron. Unlike them. They aren't morons. They are just evil.

    Uh, a default password of password sent over insecure protocols is not "evil". That's just plain stupid, and their only intent in doing so was to save cost.

  25. Re:The Law playing catch-up yet again by cayenne8 · · Score: 1, Insightful

    In certain parts of the US, they're too busy chasing illegal immigrants and small-time drug users to focus on crimes that actually cause physical or psychological harm...

    Well, they do often cause physical and psychological harm....?

    I think US citizens should have the right to do with their bodies as they wish, however.

    And we should protect our borders from those committing the crime of crossing illegally...if they start right off breaking the law, then it would seem logical they don't have qualms about breaking other laws here.

    --
    Light travels faster than sound. This is why some people appear bright until you hear them speak.........
  26. Re:The Law playing catch-up yet again by b0s0z0ku · · Score: 1, Insightful

    Moralistic moronic nonsense. The law is just a set of words written by a bunch of old farts who managed to con dumb people into voting for them.

    By your argument, we should shoot speeders and pot smokers -- they've already broken the law, so they're more likely to commit murder. Might as well prevent crime before it happens.

    I think the inverse is actually true with illegal immigrants. They're less likely to commit violent crimes because the consequences can often be dire. Not only jail, but deportation back to a war-torn country or one where gangs are looking to kill them.

  27. The Internet Of Hacked Things by Citizen+of+Earth · · Score: 1

    Why do you want hackers to control your house?

  28. On trends towards digitally-facilitated slavery by Paul+Fernhout · · Score: 1

    I was responding to this blog post -- especially the conclusion and Marx quote at the end (quoted here):
    "Return of the Slave Society"
    https://thesphinxblog.com/2017...
    "... There's a substantial tradition, especially in the nineteenth century, of contrasting ancient slave society with modern capitalism. I always recall the Aristotle quote with which I started from Marx's evocation of it in Das Kapital: foolish Greek, thinking that machinery would lead to a life of leisure, rather than being the surest method of lengthening the working day! Likewise, "the Roman slave was bound with chains... the modern wage-labourer is bound to his owner by invisible threads". Manifestly, Marx failed to imagine that the remorseless logic of capitalism might lead workers to be displaced rather than exploited, and that we might be better off thinking of analogies between Juvenal's "bread and circuses" snark and the joys of social media...
    > "On the one hand, there have started into life industrial and scientific forces, which no epoch of the former human history had ever suspected. On the other hand, there exist symptoms of decay, far surpassing the horrors recorded of the latter times of the Roman Empire. In our days, everything seems pregnant with its contrary. Machinery, gifted with the wonderful power of shortening and fructifying human labour, we behold starving and overworking it. The new-fangled sources of wealth, by some strange weird spell, are turned into sources of want. The victories of art seem bought by the loss of character. At the same pace that mankind masters nature, man seems to become enslaved to other men or to his own infamy. Even the pure light of science seems unable to shine but on the dark background of ignorance. All our invention and progress seem to result in endowing material forces with intellectual life, and in stultifying human life into a material force. (Marx, Speech at the anniversary of the People's Paper)""

    ==== My own comment there: https://thesphinxblog.com/2017...

    Hi Neville, Thanks for the insightful post on what can we learn about our possible future from studying a past society where "autonomous tools" were ubiquitous [Ancient Rome with slaves].

    I've been wondering myself what we could learn about the future of robotic economics from the pre-Civil War US South and its slave-based economy. Given robots and AIs might have feelings in the future, that includes the previous moral justifications for what we now find abhorrent to do to people such as outlined in "Defending Slavery: Proslavery Thought in the Old South: A Brief History with Documents" by Paul Finkelman.

    Thanks for expanding the picture for me to include reflections from Roman society. You might find of interest some of Marshall Brain's speculative writings on the future of robotics and economics (and the resulting concentration of wealth) like in his "Robotic Nation" essays.

    I especially like your tangential point that "Marx failed to imagine that the remorseless logic of capitalism might lead workers to be displaced rather than exploited".

    To go off further on that tangent (reflecting your Marx quote, including "At the same pace that mankind masters nature, man seems to become enslaved to other men or to his own infamy"), one of the saddest things about modern times is that all these advanced technologies -- technologies that could be used to liberate people's time in a post-scarcity way -- these technologies are instead being used mainly to regulate people's time via Orwellian 24X7 surveillance both at work and at home. People are even voluntary inviting Alexa, Siri, and so on into their homes to potentially eavesdrop on everything they or their children say -- like with the human slaves of old. But there is a twist now of potentially recording everything said in a home and c

    --
    A 21st century issue: the irony of technologies of abundance in the hands of those still thinking in terms of scarcity.
  29. Re:The Law playing catch-up yet again by ahadsell · · Score: 1

    Nice opinion. Got any facts?

  30. GOLLY GEE I NEVER SAW THIS COMING! by Rick+Schumann · · Score: 1

    Fools bought into all this stuff in the first place with blinders on not even wanting to see that they were just creating more avenues for attacks on their privacy and now you all scream bloody murder over it. I'm laughing so hard I may dislocate a rib.

  31. There is always a loop hole by techsparrow · · Score: 1

    Nothing can be perfect and there always exists a loop hole. Proper coordination between the devices and their security feature is not known to most of the common users.

  32. Just Disconnect Them by friedmud · · Score: 1

    Why is Slashdot suddenly full of luddites?

    My home is full of smart stuff. My fiance has full access to that smart stuff. If she leaves... I can easily revoke her access with one (ok, two) touches of a button in the settings of my iPhone (to revoke her access to Homekit). She won't be able to do anything with my house past that point.

    This has absolutely NOTHING to do with "crappy IOT security"... or any such scare mongering thing. All that's wrong here is that people don't know how their own devices work.

    If you're not solely using Homekit then there is always another simple solution:

    Hue bulbs that someone who has left the house can control? First: unplug the hub. The lights will still function perfectly as "dumb" lights that go on and off with the switch... but not a soul will be able to remotely control them. Want to turn them back into smart lights? Reset the hub and plug it back in and set it up as a new device... the person that's left the house will not be able to control them whatsoever.

    That's pretty much the same for any smart stuff: unplug the hub first... then later if you want that capability back - just reset the Hub and set it up as a new device.

    It works the same way for Caseta lighting, for Ecobee thermostats (just reset it and re-set it up), for Google Home, Alexa devices, etc.

    I don't understand why people feel like they are somehow "at the mercy" of these devices. Just freaking unplug them and no one will be able to control your house... and when you have time to set them back up again - do it.

    Why does every damn IOT story on here have to be followed with 1000 luddites screaming "I told you they were insecure!". This is freaking Slashdot! We're not afraid of technology here! We can talk about how to mitigate technological problems and steps to take to solve issues like these.

    Jebus!

    1. Re:Just Disconnect Them by michiganbob · · Score: 1

      And furthermore, this article isn't even about the technology being insecure. It's about people abusing their already-granted access to exert power and control over their partner in an abusive relationship.

      I feel like the commenters here just see the term "IoT Devices" and see it as an excuse to get on their holier-than-thou anti-Google/Amazon/Nest/etc soapbox. Guess what? No one gives a crap that you still use a flip-phone and "refuse to have an always-listening microphone" in your house. You're not special, and you're not smarter than the rest of us.

  33. IoT is a fad. by Qbertino · · Score: 2

    Said it 1.5 years ago, will say it again.
    IoT is a fad and it will die off pretty soon because of precisely this problem mentioned in TFA.

    Nobodies Toaster needs a webserver.

    --
    We suffer more in our imagination than in reality. - Seneca
  34. Re: The Law playing catch-up yet again by houghi · · Score: 1

    You forgot to ask yourself if the law is just and if the pu ishment meets the crime. To blindly follow a law because it is alaw is like blindly follow an order.

    --
    Don't fight for your country, if your country does not fight for you.
  35. Re: The Law playing catch-up yet again by cayenne8 · · Score: 1

    You forgot to ask yourself if the law is just and if the pu ishment meets the crime. To blindly follow a law because it is alaw is like blindly follow an order.

    If you don't like the law...CHANGE the law.

    By they way, it is the legislators that make and pass the laws, so, tender your vote that way election time.

    But until then, the law is the law.

    --
    Light travels faster than sound. This is why some people appear bright until you hear them speak.........