
The 'internet of things' is sending us back to the Middle Ages - colinprince
https://theconversation.com/the-internet-of-things-is-sending-us-back-to-the-middle-ages-81435
======
jeffdavis
The problem is software complexity. You can't really own anything you don't
understand, and you can't be free in a world you don't understand. And we
don't understand software.

Imagine a naive young king who doesn't understand how to do anything for
himself. He will easily be controlled by those around him that do understand
the world.

Of course, nobody before ever understood everything about the world. But
different people understood different aspects in depth, and education gave
literacy so people could share expertise.

Software is so complex that nobody really understands it. Nobody understands
how a car works, nobody understands how a phone works, because they are both
controlled by hopelessly complex software. Governments can't regulate
emissions because the software changes the emissions controls based on
arbitrary unknown factors. Security problems are just a small subset of the
surprising ways complex software behaves -- surprising even to the software
engineers who build it.

And the key is that this is all _new_ complexity that didn't exist before.
Physics and biology were developed to understand pre-existing complexity, so
we always made forward progress. But we are moving backwards now because we
are introducing complexity faster than we are understanding it -- much faster.

Therefore this is actually worse than the naive king mentioned above. In that
example, it's just an asymmetry of information, and that can be resolved
through education. Software is so complex education can't hope to keep up.

~~~
int_19h
I disagree. Not understanding how my car works is not a problem for ownership,
so long as I can decide where to delegate all the maintenance etc that
requires it to work. When I can choose my mechanic, I own it. When I have to
take it to a dealership, because of all the DRM'd electronics inside, I no
longer do.

~~~
jeffdavis
"I disagree...When I can choose my mechanic, I own it."

I think we are in agreement here. You don't personally need know everything
about everything you own. But someone needs to know enough about it that you
can use their expertise or learn from them if you care to.

The myth is that it's about _who_ knows -- the right laws (or the right
consumer pressure) will open up the right information, and freedom will
supposedly follow. That's a minor factor, sure, but I believe it's more of a
myth.

The real thing holding us back is that _nobody_ understands these complex
software stacks, we are just building them bigger and bigger and understanding
them less and less.

------
zizek23
Some technologies empower, others disempower and if iot devices and things
like self driving cars are not rolled out with proper systems of user control
and privacy they will disempower people.

For many in the industry this is not a concern, a mere technology issue, an
inevitability, an opportunity for profit.

Fortunately there is growing skepticism and awareness of the intrusiveness.
And self congratulatory messages on technology forums belittling user
ignorance - oh they are dumb so we will take control - as if everyone should
be a technology expert will be seen for the betrayal of users it is.

Self preservation comes naturally to humans and given most technology folks
are happy, even proud to work with deeply intrusive spyware companies, they
are not going to be perceived as harmless as before. There is going to be a
backlash against the so called 'nerds' involved in this one way transfer of
power.

------
feelin_googley
Authored by a law professor.

It is Apple who pioneered this concept of the device that the user really does
not own or control - the "smartphone". The computer that remains tethered to
the manfacturer continually feeding back user data.

Manufacturer makes replacing the OS difficult. Manufacturer gets root.
Manufacturer gets right to modify OS remotely. And no surprise, manuacturer
gets plenty of data about users. Manufacturer did not ask for these
privileges. They just took them. It was not always this way.

But users accepted it.

And so other companies followed Apple's lead. I find the company's official
statements about how they protect privacy to be offensive to common sense.

Want to protect privacy? _Stop forcibly collecting any and all data._ (Not
just "less than so-and-so".)

If users really believe that sending data to Apple will help Apple create the
"best experience" then let them opt-in to collection and send it voluntarily.

The users own the device. If they wish untether from Apple's "ecosystem", then
that is their right.

There exists at least one user who does not want a company to collect their
data, put it on a networked computer and then purport to "protect" it. They
want the company to stop collecting their data. Why? Because they have weighed
the risks and decided it is not worth it.

IMO the "smartphone" is part of the IoT and was the first "thing". Because it
was a thing where software was used to take away some of the control from the
owner (control that owners had previously); owners only get partial control.

Going forward, if one is opposed to internet connected things one does not
fully control, the solution is not to select the things that collect the least
data or that offer the most control. ("I trust Company X because they collect
less data than the other companies.") The solution is to _choose things that
are not internet connected_.

~~~
zimzam
Apple collects very little user data. Developers have complained about the
limits Apple puts on collecting data and Apple News partners have been quite
frustrated. Even the people who originally developed Siri were frustrated by
not having access to more user data.

There are plenty of companies like Facebook and Google that have no regard for
user privacy but I wouldn't include Apple in that bucket.

------
jwmullally
I agree. Copy+pasting an old comment of mine from this old thread
[https://news.ycombinator.com/item?id=12683924](https://news.ycombinator.com/item?id=12683924)

> A general solution to IoT security would be for all IoT devices to only
> communicate to your personally owned home gateway, which would run open-
> source drivers for each device to provide the networking/external
> communication functionality. The IoT device could even be assigned its own
> isolated network link to the router (i.e. sandboxed).

~~~
wepple
This is a great solution to the ownership problem, but now each individual is
responsible for patching and updating their 25 devices? Doesn't solve the
security problem.

~~~
pmontra
The home gateway could download the patches and send them to the devices. Its
firewall will prevent them to phone home or somewhere else no matter what into
those patches.

------
kogepathic
On the whole I agree with the author, but they have glossed over some things I
feel should be addressed:

 _> The computer manufacturer Lenovo, for instance, used to sell its computers
with a program called “Superfish” preinstalled._

Most "serious" users reformat the machine and re-install the OS to get rid of
the OEM included crapware. Not something the average user does, sure, but
you're still allowed to re-install the OS on a commodity x86 system like a
laptop. It's a matter of inconvenience, not impossibility.

 _> This system means that a car company can’t stop me from painting my car a
shocking shade of pink or from getting the oil changed at whatever repair shop
I choose. I can even try to modify or fix my car myself._

You cannot do this with a Tesla. Go look on the internet about people waiting
months for Tesla to repair their cars, or people who have bought totaled
Teslas and fixed them, only to be denied re-certification by Tesla.

I think we will see other electric car manufacturers moving in the direction
of a more closed ecosystem than what we have now with ICE cars. Reason being
that electric cars have a unique drive system (even more than ICE cars) and
usually a proprietary HVDC battery (>60V) and battery management system. The
manufacturer risks increased liability and bad PR if they let people modify
these cars and then they end up in flames.

 _> Samsung cuts deals with lots of software providers which want to take my
data for their own use._

Same deal as with Lenovo, but slightly complicated by the fact that ARM is not
as standardized at a platform level as x86 (yet, I think this is slowly
changing).

Pick a phone that comes without OEM crapware like Google Pixel, or a phone
with good 3rd party ROM support like LineageOS.

 _> What is important is that we recognize and reject what these companies are
trying to do, buy accordingly, vigorously exercise our rights to use, repair
and modify our smart property, and support efforts to strengthen those
rights._

Agree 100%, but this requires consumers to research products before they buy
the cheapest one. We can encourage good behaviour by manufacturers, but it
will mean educating our friends and family and collectively voting with our
wallets.

~~~
userbinator
_The manyfacturerer risks increased liability and bad PR if they let people
modify these cars and then they end up in flames._

Car modding has gone on for around a century(!) and I can't remember a single
instance where someone modified a car, was injured or killed, then blamed the
manufacturer, and the latter was found at fault (instead of the modder or
driver.) It's just the overreaching paternalism that seems all too common with
companies today.

Electric cars are closing the ecosystem simply because the companies can exert
more control (= profit) that way; the "safety" justifications are really to
divert attention away from that.

Of course, Tesla can't stop you trying to paint your car...

~~~
kogepathic
_> Car modding has gone on for around a century(!)_

Perhaps I'm mistaken, but my impression is that people weren't as litigious in
previous decades.

 _> and I can't remember a single instance where someone modified a car, was
injured or killed, then blamed the manufacturer, and the latter was found at
fault (instead of the modder or driver.)_

Sure, but for the past century we've had cars which run on flammable liquid
and are powered by thousands of explosions per minute.

So, it's not entirely news worthy when a car which burns stuff catches fire.
For a car which runs on electricity it's not immediately obvious to people
that there are still components inside plenty capable of producing fire when
damaged or used incorrectly.

~~~
gjjrfcbugxbhf
I'm not sure which I'd least like to be near a burning tank of gasoline or a
burning lithium ion battery.....

~~~
Filligree
Frankly, the battery. Gasoline fumes aren't nearly as toxic, and neither is
likely to explode. In either case you have to run away ASAP.

------
woodandsteel
The problem is that hardware manufacturers want to keep collecting income
after they have sold the product. Imagine if when you bought a car and paid it
off, you still had to pay a fee to the manufacturer for every mile you drove.
And ditto anyone you sold you car to. That is what is basically doing on
today. Rent-seeking anyone?

------
sapote
Credit where I think it's due -- Bruce Schneier was one of the first to
introduce the metaphor of feudalism in this context:

[https://www.schneier.com/blog/archives/2012/12/feudal_sec.ht...](https://www.schneier.com/blog/archives/2012/12/feudal_sec.html)

------
rajandatta
This is in part why supporting the FSF and other bodies that seek to ensure
that choice and transparency are promoted. The only real way to compel
companies to comply is to support viable alternatives to the dominance of a
vendor controlled market.

------
eridius
Wasn't the Roomba sharing maps thing already debunked?

~~~
CharlesW
Yes. From [http://lifehacker.com/tell-your-roomba-to-stop-sharing-a-
map...](http://lifehacker.com/tell-your-roomba-to-stop-sharing-a-map-of-your-
home-1797238670):

> _To clarify, iRobot has not formed any plans to sell data. iRobot is
> committed to the absolute privacy of our customer-related data, including
> data collected by our connected products. No data is sold to third-parties.
> No data will be shared with third-parties without the informed consent of
> our customers. If a customer had already signed up /opted in, iRobot will
> delete the data from our servers if a customer requests it. This is
> retroactive._

> _Clean Map Reports are not shared with third parties. If a Roomba owner does
> not want to share data with a third party such as Amazon (for example, to
> enable voice control from Amazon Alexa), the owner can simply disable the
> skill in the Amazon Alexa app._

------
jgalt212
Fun twitter feed:

[https://twitter.com/internetofshit](https://twitter.com/internetofshit)

------
justonepost
Just wait for full on AI, then you'll see some real digital serf action.

