

The scariest part about the Internet of Things - Libertatea
http://www.washingtonpost.com/blogs/the-switch/wp/2013/11/19/heres-the-scariest-part-about-the-internet-of-things/

======
Pxtl
I disagree that the wifi is a terrible single-point-of-failure. The chief
concern in privacy security is not a criminal on the street or a member of
your local police department - it's a vast swarm of overseas hackers or
massive advertising conglomerates.

For that case? Keeping the data in your home is fine. Doubleclick and
Tribalfusion aren't going to be wardriving your neighborhood.

Honestly, I'm waiting for somebody to make the one-stop zero-configuration
grandma-friendly home server device. Something that gives you a DropBox-like
file-server with optional internet-cloud mirroring, has a media bay with one-
button backup functionality so you can easily get a detached hard-copy, runs a
Print server and DNLA, its own Gmail-like webmail/imap system. If you make it
a wifi router, it can also run its own domain and whatnot. The problem, of
course, is half the ISPs provide a wifi router that isn't grandma-friendly to
configure.

Have all your home devices talk to _that thing_ and not the Internet.

~~~
eterm
But then the fridge maker wouldn't have "anonymised usage statistics" (to
sell) so where's the incentive for them to make a smart fridge?

~~~
Symmetry
Charing you $10 more for a fridge that saves you $5 on your power bill every
year. Differentiating is really hard for white goods manufacturers, so they
tend to end up with commodity levels of profit on what they sell.

------
Spooky23
The scariest part about the internet of things is that we're apparently doing
it without discernable purpose that delivers benefit to the consumer.

In the 90's, our refrigerators were going to tell us that we're out of milk.
Now our refrigerators are going to be linked to some smart grid that will let
utilities shape our electricity demand. (Presumably via punitive costs)

As a consumer, I say screw the internet of things. I don't want my fridge
letting Heinz know when I'm out of ketchup so they can push ads to me, and I
don't want my dishwasher usage habits or thermostat settings available to
government agencies for "any legal purpose" or my utility company demanding
that I stop making ice during peak electric demand periods.

~~~
intopieces
>my utility company demanding that I stop making ice during peak electric
demand periods.

I think this statement communicates a fundamental misunderstanding of the
energy use management implemented by the SmartMeters, or an attempt to villify
a fairly clever project that has the potential to save tons of electricity.

For one, the SmartMeter system is entirely voluntary, and can be taken out at
any time. For another, at least where I live, it applies only to A/C, and only
will shut off one time, for one hour, once every week during peak usage.

Please do not present promising technology like this as some kind of Orwellian
spectre of tyranny. It's really not.

~~~
shit_parade
>For one, the SmartMeter system is entirely voluntary, and can be taken out at
any time.

Lol, this is often how compelled compliance works, you begin with voluntary
adoption.

This is promising tech but not believing any and all data will be saved and
used for every conceivable purpose including oppression is an obvious feat of
delusion -- have you had your head in the sand this year?

------
kosma
IOT engineer here. As much as it hurts, I have to agree with the spirit of
this article: we, as the industry, are simply not prepared.

Your average embedded engineer does not care much about security. When you
launch a hardware product, the things you care about are stability, EMC
compliance, extending battery life, getting the production chain right,
packaging, cost optimization and squeezing every damn bug that causes random
faults (remember, this is embedded, and pretty much any exception is
equivalent to an instant device reboot). Security rarely gets mentioned simply
because there are dozens of more pressing issues - the most important being
_getting that damn thing to work_. This approach has worked fine for decades
simply because there was no practical way of attacking a device - until now.

Firmware has _always_ been riddled with vulnerabilities. It's just the
Internet connectivity that suddenly made them exposed.

------
wreegab
Excerpt: "it also vastly expands the universe of things that could go wrong,
particularly when it comes to privacy".

Very funny, from an article sitting in a web page filled with tracker scripts
and whatnot.

~~~
acheron
Indeed. I got 9 Ghostery blocks there.

------
sdrinf
Honest question: under what circumstances would it be beneficial for my
dishwasher to be "smart" at all, let alone be connected to the Internet?

If that isn't a demonstrative example, what _specific_ devices _would_ be
useful to have Internet connectivity, and in what specific ways?

~~~
kens
There are a bunch of specific devices that I would really like to connect to
the internet:

Irrigation system: I shouldn't need to punch buttons on a controller box
outside in the rain.

Anything with a clock, e.g. microwave, thermostat: It should get the right
time itself.

Pool heater: I should be able to control it from the house and check the
temperature.

Barbecue: It should let me know if it was left on (like happened yesterday).

Freezer: It should let me know if the door is ajar, before everything thaws.

Alarm system: monitoring and control.

Stereo: should be able to control from my phone.

Washing machine: notification if I left wet clothes in it, or if it goes off
balance and stops.

These are mostly available now, but not in an easy-to-use way. Home automation
seems to be like the home computer industry in the 1970s: you have to really
want to do it, you need to be a bit of a hacker, it costs a fair bit, and what
you end up with is pretty primitive. I think there's a huge market for someone
to solve home automation. What I want is when I buy an irrigation controller
from Home Depot (for example), it "just works" as part of a home system.

Edit: A couple people asked why connect to the internet? I should be able to
do these things remotely, e.g. from the office or my phone.

a_c_s mentions that the time tinkering could outweigh the benefit. That's kind
of what I'm getting at with my 1970s home computer analogy - you could do e.g.
word processing back then, but it wasn't worth the difficulty for most people.
Now non-technical people can buy a computer at Best Buy and easily do word
processing. Likewise, home automation needs to become something that is built
in to products and "just works" by default, rather than something for hackers.

~~~
a_c_s
Thanks for enumerating this.

However, for me, the amount of time 'saved' for tasks like this seems like it
could easily be outweighed by having to spend even a minimal amount of time
tinkering/debugging the setup of these devices.

Given that my phone sometimes forgets which wifi network to use, I can only
imagine having to reconfigure my microwave, washing machine, stove/oven,
dishwasher, stereo, etc. occasionally. If each device forgets the wifi network
infrequently, like once every six months, that means 12 times a year I have to
configure wifi one of my six smart devices. This amount of reconfiguration is
more time/frustration/effort than would be saved by the kinds of notifications
listed.

~~~
evacuationdrill
I agree, but ideally they'd be wired in. Perhaps new homes at one point will
have Ethernet ports behind your stove, microwave, etc.

It's interesting that you chose 6 months, because that's how often you have to
change the time. :D

------
lazyjones
The engineers mostly understand these Things, but they do not have the same
priorities as consumers, nor do they care about privacy, security, safety
(apart from compliance with regulations). A good example is the recent trouble
with LG smart TVs "phoning home" and LG telling consumers basically to suck it
up since they accepted the ToS.

Regulations cannot fix this or prevent abuse / privacy intrusions any more
than the law can prevent illegal NSA wiretapping. Consumers will never be
informed enough (they mostly don't care, or do not have access to a thorough
analysis of these devices' behavior), so we're basically doomed.

~~~
Zigurd
I predict "Your Home IoT Firewall for Dummies" is going to sell big.

------
discostrings
I got to 'Ten years ago, the word "smartphone" didn't exist' and stopped. I
know it's just a topic-establishing observation, but it's terribly
incorrect.[0] If the writer couldn't be bothered to check that basic claim, I
can only assume it's a fluff piece.

[0] [http://www.zdnet.com/microsoft-launches-smartphone-
assault-3...](http://www.zdnet.com/microsoft-launches-smartphone-
assault-3002124261)

~~~
fr0sty
Linked article is just over 11 years old. Is the author's rounding of 11 years
down to 10 that offensive?

~~~
discostrings
Actually, yes.

It wouldn't mind if the term originated 11 years ago and the author stated it
was coined 10 years ago. But the author claimed it was _less than_ 10 years
old, and the term was around for many years before 2002--I just found that
article as a quick example for younger readers who might think the term
"smartphone" developed as a generic word for "iPhone-like device"\--it may
seem crazy, but some people actually think this, and the article's opening
supports that narrative.

Inaccurate, unthoughtful statements like this lead us to forget history, and
they especially do a disservice to articles contemplating developments in the
near future. I think it's relevant to the article that "smartphone" was a part
of tech and business life and news before it became a household term--these
products see a lot of development and a niche user base before, suddenly,
everyone has them. That nascent period, during which products' dangers can be
considered and hopefully diminished, is essential.

------
gmuslera
If security cameras teach us something, is that they are riddled with security
bugs, never updated, and with hardcoded backdoors/admin passwords. The
internet of things have high chances to make that problem worse, as it will
give remote action more than just monitoring.

And that without even taking into account our friends at the NSA and similar,
that will require remote access to anything popular.

------
gooderlooking
"Just because I know how to write PHP doesn't mean I understand these
vulnerabilities at all."

Ouch.

You need to know a lot more than PHP to make your toaster talk to your
dishwasher. And I'm pretty certain it's not the Maytag Man who's going to make
it happen.

The concern over securing mesh networks is real, but the argument in the
article is terrible.

~~~
Glyptodon
I don't know... a lot of terrible wifi router software is written in PHP, and
it's not clear that you can expect something different from your microwave.

