Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

You should check the connections it makes. From the review of a sister product:

Now for the bad news. In the last 24 hours my network security blocked: 6,936 calls to AMS ("The Cloud"); 9,523 calls to s000.linkplay.com, 6,050 calls to www.yahoo.com; 6,050 calls to www.microsoft.com; 9,650 calls to Amazon Technologies; 6,049 calls to Aliyun Computing - Beijing China;3,468 calls to Google; That was 94% of the attempted connections outside of LAN.



Yeah that's if you want stuff like spotify to work and all the streaming sites.

You can block those from your router and keep it all local and play MP3s if you like (or air play)


I don't think blocking something is an accurate measure. Of course the box is going to retry if it got blocked the first time. What else would it do?


There’s no valid reason for something running in my home to be contacting a server in Beijing. Period.


I think you are not the target market for cloud services.

Companies often buy services based on cost. If the cost is less to get a server in Beijing, many will choose to get one there.

The country in which the server is located has little to do with the privacy or security posture of the service.


That makes zero sense to anyone who’s ever worked on hosting things in China.

Their Great Firewall makes it a no-go for practically everything and everyone. At the best of times the latency and packet loss are hideous, with abysmal throughput. And then you get cut off randomly for hours, days, or decades at a time on the whim of random CCP members with no recourse.

Paying them is a giant pain in the arse as well.

It is quite literally never the best option.

Hosting sites in Russian — in the middle the current war — would make more sense!


Are you okay with it contacting servers in the US? Other countries? If so, which? Where do you draw the line?

Personally, I run my smart home fully locally, but it's interesting to me to see the geographic location of the server emphasized so strongly.


Let's be realistic. We're in a complicated time.

If you're in the western world, you really should consider avoiding IoT devices that call home to Chinese servers. You could be turning yourself into a potential botnet member if things go geopolitically sideways by keeping these products on your network. If you have access to other networks from home, you're inviting access into those networks from a box that should only be there for streaming music.

Better if things don't call home at all, but second best is choosing western servers under control of western actors.

I hope that one day we no longer have to consider the political origin of servers our devices to call back to, but that's a few years away at least. In the meantime, devices that call back to noone are still the best.


I don't disagree with what you posted, but I find it naive to believe that a "western" server doesn't expose you to the same risk.


https://en.wikipedia.org/wiki/Room_641A


Same risk, different rule of law


* you could be turning yourself into a potential botnet member

wherever the server is

* you're inviting access into those networks

wherever the server is


Apparently those requests weren’t necessary for using the device, so arguably it shouldn’t do them without user consent in the first place, and certainly not retrying multi-thousand times per day. It just shows that data economy and privacy wasn’t a design consideration of the software, which should be a red flag.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: