Slashdot Mirror
Smart Home Makers Hoard Your Data, But Won't Say If the Police Come For It (techcrunch.com)
An anonymous reader quotes a report from TechCrunch: Thermostats know the temperature of your house, and smart cameras and sensors know when someone's walking around your home. Smart assistants know what you're asking for, and smart doorbells know who's coming and going. And thanks to the cloud, that data is available to you from anywhere -- you can check in on your pets from your phone or make sure your robot vacuum cleaned the house. Because the data is stored or accessible by the smart home tech makers, law enforcement and government agencies have increasingly sought out data from the companies to solve crimes. And device makers won't say if your smart home gadgets have been used to spy on you. We asked some of the most well-known smart home makers on the market if they plan on releasing a transparency report, or disclose the number of demands they receive for data from their smart home devices. For the most part, we received fairly dismal responses. Amazon did not respond to requests for comment, but a spokesperson for the company said last year that it would not reveal the figures for its Echo smart speakers. Facebook said that its transparency report section will include "any requests related to Portal," its new hardware screen with a camera and a microphone. A spokesperson for the company did not comment on if the company will break out the hardware figures separately. Google also declined to comment, but did point TechCruch to Nest's transparency report. Apple, the last of the big tech giants, said that there's no need to disclose its smart home figures because there would be nothing to report, adding that user requests made to HomePod are given a random identifier that cannot be tied to a person.
TechCrunch also asked a number of smaller smart home players, like August, iRobot, Arlo, Ring, Honeywell, Canary, Samsung, and Ecobee.
TechCrunch also asked a number of smaller smart home players, like August, iRobot, Arlo, Ring, Honeywell, Canary, Samsung, and Ecobee.
We used to call this behavior "phoning home" and if a program so much as checked if there was an update available without giving you the option to turn that off, it was shunned. Now you don't even know how a filesystem works anymore and need everything to be in the cloud.
On A&E. Roaches!
This means the police already have all of everyone's data, all the time. They've been granted blanket access. Heads will literally roll before anyone in charge will admit it though. Enjoy.
if it comes packaged as a service and you access a website, portal, or online content to use it, then you dont own it. Read the terms of service, because you likely dont own the data these devices collect either.
if thats the case, it can be leveraged by American law enforcement in routine investigation. That investigation can be triggered by something as simple as driving a nice car while black, or by downloading too many files. https://en.wikipedia.org/wiki/...
Save yourself the heartache of finding out just how deep in bed these companies get with US law enforcement, and use FLOSS home automation. https://www.openhab.org/
Good people go to bed earlier.
Itâ(TM)s called a blind subpoena and itâ(TM)s easily solvable
> that user requests made to HomePod are given a random identifier that cannot be tied to a person.
Except these can be tied to the Apple ID the requests came from and thereby linking you to the person. In addition, it could providing a link to the other devices on the Apple ID so there's the entire ecosystem tied together right there.
No "smart" shit in my home, ever.
"Thermostats know the temperature of your house, and smart cameras and sensors know when someone's walking around your home. Smart assistants know what you're asking for, and smart doorbells know who's coming and going. And thanks to the cloud, that data is available to you from anywhere"
Yes, and it's also available to the police, criminals, and anyone else who wants it bad enough.
This is exactly why all of my home automation gear (dated, but still working) is non-cloud, non-connected devices that are unable to call out or store stuff off site.
Just cruising through this digital world at 33 1/3 rpm...
A nightmare of total surveillance is already a fact and not one god damn fucking thing has done to stop it. You are all pathetic.
We know that the government can secretly force any company to give them what they have.... if you don't host the data yourself, you are screwed.
This stuff is not rocket science, cheap easy to use controllers such as Pi and Micro:bit are out there now
https://www.raspberrypi.org/
https://microbit.org/
https://www.eclipse.org/smarth...
But anything less than full transparency can only mean one thing. There's no point in even speculating. Of course they will record and keep everything, for themselves, and the cops. That should be obvious. Why even bring it up anymore? If you really wanna play with all this 'smart home' shit, do it with your own server and ddns.
Free data for the taking.
Option A: Get data-raped by corporations
Option B: Build your own
You're forgetting the hidden option C
Option C: Disavow all consumer technology because it's FUCKING USELESS. Seriously, think about the actual utility value of all of this crap. It doesn't absolutely NOTHING.
I can't believe people are turning their houses into panopticon for basically no reason. Fuck this gay earth.
The Turkish Intelligence claimed they had graphic video and audio and were searching a private Saudi plane taking the kill team and dissection doctor, back to Saudi Arabia, within ONE HOUR of the murder.
https://www.reuters.com/article/us-saudi-politics-dissident-evidence/turkey-yet-to-share-khashoggi-audio-video-evidence-with-u-s-sources-idUSKCN1MR2V5
i.e. they they a live stream of the gruesome dissection, which means there was a livestream and someone was watching it.
It would be either Skype or WhatsApp because those are the two VOIP allowed in Saudi Arabia.
WhatsApp is the most likely one, because its how Jared had a backchannel to the crown prince. Jared needs to a special prosecutor investigate his involvement in this murder (Khashoggi is US based journalist).
https://www.usatoday.com/videos/news/politics/2018/10/18/jared-kushner-and-saudi-crown-prince-communicated-via-whatsapp-report/38194287/
https://www.nytimes.com/2018/10/17/world/europe/turkey-saudi-khashoggi-dismember.html
2 WAY CALL:?? 3 WAY CALL??
"Mr. Khashoggi was dead within minutes, beheaded, dismembered, his fingers severed, and within two hours the killers were gone"
They claim to have 7 minutes of the recording, initially claiming video too, but only releasing audio, and then have released only 3 minutes of it to the Turkish press. i.e. it could well be a two way recording, and they might have both ends of the records. 3 minutes is apparently enough for his dissection according to Reuters.
Only the audio extract of one side has been released and that (according to people who've heard it) has Khashoggi screaming as he's dissected,
His appointment at the embassy was 1:15pm in Turkey which is 6am in New York.
https://www.theatlantic.com/ideas/archive/2018/10/jamal-khashoggi-murder-tapes/573295/
"The soundtrack to Jamal Khashoggi’s beating, vivisection, and murder lasts just seven minutes, according to Turkish officials who spoke anonymously to several outlets yesterday. By the end of the recording, the screams have subsided, and Khashoggi is dead, although his alleged killer—a Saudi doctor named Salah Muhammed al-Tubaigy—must have continued sawing away at his limbs for some time after."
So yeh, they have access to everyone's data all the time.
Even if you're a doctor sawing apart a living American resident and think Whatsapp VOIP is encrypted, they have your data.
Oh, and Fox News, you might remember that your news outlet has been critical of Saudi Arabia, particularly when Obama was in power. So before you start your lying shit, you might wonder if your journalists are safe.
"requests made to HomePod are given a random identifier that cannot be tied to a person"
Now, they can be tied to an apple account, and that can be tied to a persons file* of course. Our ad revenue depends on it!
*File contains credit report, purchasing history, web browsing history, location history, people associated with, average economic class, political beliefs, employer, sexual orientation, medical conditions, hobbies, social graph, porn habits/strip club visits/any other possibly embarrassing leverage etc = you've got nothing to hide, right?!? It's ok if we have all of your personal info but you have none of ours, right?
if it comes packaged as a service and you access a website, portal, or online content to use it, then you dont own it. Read the terms of service ...
Even without terms of service that claim ownership of the data, when the data IS yours and nobody claims otherwise: If it's stored on an external service the supreme court has repeatedly ruled that that you have no "reasonable expectation of privacy".
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
"Google also declined to comment, but did point TechCruch to Nest's transparency report......etc....."
Doesn't a FISA warrant require the holder of the data not to release any specific information regarding the warrant, or even the existence of one? Basically it's not a company failure to guard privacy issue, it's a legal requirement. A failure of legislation is where the blame should be placed.
09 F9 11 02 9D 74 E3 5B - D8 41 56 C5 63 56 88 C0 45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2
If they won't say, we can safely assume that they are in fact spying, especially since not spying is a selling point these days. The only question is how much and what they do with that data. Unfortunately, experience suggests that the answers are "a lot" and "things you won't like," respectively.
Your electric company may have already replaced your traditional meter with an electronic meter that monitors your energy consumption on a very fine-grained basis; the data from these meters is already being collected by the utilities. Researchers at UMass showed that they could determine what loads were being switched on and off inside a home with such a meter. Nest smoke detectors monitor "presence" information on a room-by-room basis and feed it up to the cloud. If you have cloud-based "smart home" devices (room by room presence, electrical switch state, thermostat/temperature state, door monitoring, etc., then they are feeding the state of your home to the cloud, where it can be used to determine what the people in your home are doing. If you are using geo-fencing with your smartphone, your location is being fed into these cloud systems (quite apart from the "ordinary" concerns about cell company location monitoring). If you have video/audio devices that feed into the cloud, people with access to that information can observe/monitor directly what the people in your home are doing.
The ability to pull all this information together may involved inter-corporate agreements or a government mandate, but it obviously enables a kind of surveillance that makes past court cases involving thermal scanners being used to peep inside dwellings charming glimpses of a less intrusive era. The fact that there is a) no legislation regarding the protection of privacy, and b) very low public awareness of the risks involved, make it very unlikely that the brakes will be applied to the adoption of these systems any time soon. We are bugging our own homes; the panopticon isn't something the government will force upon us, it is something we are building that the corporations/government need merely to tap into.
AFAIK Information about your devices is stored encrypted in the iCloud and can only be decrypted with the keychain. The keychain can only be decrypted by you, not by apple.
If you access actuators from outside the house, information is exchanged by sending e2e-encrypted iMessages to an iOS device in your house to relay to the device.
This all looks like a sound concept to me.