SoylentNews is people
SoylentNews
Kashmir Hill and Surya Mattu, over at Gizmodo, write about wiring Kashmir's apartment with as many "smart" gadgets as possible and then observing the data flow. Some of the telemetry streams are not encrypted, some are. Both are observable by the companies they report to, but even those that are encrypted still tell the network in between a lot about the inhabitants of the house and their activities based on when they happen and their volume.
In December, I converted my one-bedroom apartment in San Francisco into a "smart home." I connected as many of my appliances and belongings as I could to the internet: an Amazon Echo, my lights, my coffee maker, my baby monitor, my kid's toys, my vacuum, my TV, my toothbrush, a photo frame, a sex toy, and even my bed.
[...] What our experiment told us is that all the connected devices constantly phone home to their manufacturers. You won't be aware these conversations are happening unless you're technically savvy and monitoring your router like we did. And even if you are, because the conversations are usually encrypted, you won't be able to see what your belongings are saying. When you buy a smart device, it doesn't just belong to you; you share custody with the company that made it.
That's not just a privacy concern. It also means that those companies can change the product you bought after you buy it. So your smart speaker can suddenly become the hub of a social network, and your fancy smart scale can have one of its key features taken away in a firmware update.
Usability was another aspect. She had no less than 14 different "apps" on her smartphone as well as several voice activated devices that still had comprehension difficulties.
(Score: 5, Insightful) by fyngyrz on Sunday February 11 2018, @11:43AM (14 children)
Until there are (open source, I presume) devices that don't phone home (because they are home) to do the typical smart-home things (door locks, AC switches for lights and the like, etc.) and smart hubs that don't have to go out on the net just to figure out WTF you just told it, either you do without, or you accept that you're going to be opening your network to Amazon, Philips, etc.
On the one hand, I suspect these companies already know more about you than they can reasonably mine off your internal network and outright malfuckery is probably at least unlikely from such actors... on the other, well, you can't be certain that someone technical in the company doesn't share their corporate fear of being sued into bloody shreds.
And then there are state actors – pretty sure we can't trust them at all, because there isn't shite you can do about them acting out unless you're rich as Croesus, and even then, still probably nothing but make a stink. Which is not likely to change their behavior.
So, open-source advocates, here's your call to arms: Obviously, people like IOT functionality. Obviously, "calling home" is a petri dish for problems. Address the former; eliminate the latter.
As soon as there is a "server" out on the net to "watch" things "for you", then "you" have a problem. Whatever services these things, if anything, needs to be entirely within the LAN or within bluetooth range, etc.
(Score: 2) by c0lo on Sunday February 11 2018, @01:35PM (10 children)
IoT usually means a product. I don't think many open source contributors have the financial power to start a production and distribution business.
But maybe I'm wrong.
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 4, Informative) by fyngyrz on Sunday February 11 2018, @01:47PM (9 children)
Yeah, you're wrong. :)
Aside from the obvious self-starting mechanisms for a tiny initial fab – kickstarter, savings, credit cards / personal debt, etc. – there are a myriad of companies that'll produce a small hardware project for you. There are many small computer boards with all the hardware you need to form a core of... well, whatever. You only need one, plus a sensor "hat" and/or perhaps a few electronics components, to prototype a design. MyCroft [mycroft.ai], for instance, was built around the Raspberry pi [raspberrypi.org]. I built my own reef aquarium controller from a Raspberry pi; it does wavemaker scheduling, feeding, water quality parameter monitoring, lighting timing and phase. Arudinos [arduino.cc] can be quite useful in these roles as well, though I'm personally not that interested in them.
In any case, the door's clearly open. Perhaps it's not as conducive to the 15 minutes of fame that seems to be driving many current development efforts; or perhaps it's something else. But it's neither a difficult technical or financial issue, that's for certain.
(Score: 3, Interesting) by c0lo on Sunday February 11 2018, @02:53PM (5 children)
Since all this things can be made in DIY, beyond publishing the design and maybe having a prototype series (say 10 devoces), there's little incentive to start production.
Besides, there's a cost of compliance:
- dealing with mains - I reckon you'll need to certify the product as safe to operate. Even Nixie tubes require a voltage high enough to trigger the need of certification.
- RF emission - I reckon there's yet another certification to do
Many will sell the product as a kit to get around this compliance cost - which means hobbyist market segment rather than general availability
Compliance will vary country to country, here's what's applicable for UzS [nist.gov].
And we haven't yet considered "consumer protection" compliance - warranty, license legaleses, etc.
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 2) by fyngyrz on Sunday February 11 2018, @07:30PM (2 children)
DIY is kind of the point. Publishing the design and verifying with a prototype is likely all it would take. If someone wants to go commercial with it, then that'd be great, but it's absolutely not required.
In the US, if you build it yourself from scratch or a kit, then no, neither is true.
Again, in the US, if you build it yourself from scratch or a kit, no warranty need be involved with the finished result, only the components, and that's not the end user / builder's concern. License, legalese... those are available boilerplate, free, if the designer(s) want to bother. Better to put the design up public domain and not feed the lawyers, though.
The SDR (Software Defined Radio) community has done this multiple times. We did end up with purchasable hardware made in the small quantities we wanted. Ham radio operators do this sort of thing with great regularity, too, with all kinds of devices. Eventually, someone will do it for light switches, door locks, etc.
(Score: 2) by c0lo on Sunday February 11 2018, @11:18PM (1 child)
Well, I was under the impression you speak in the context of 'open source IoT for masses' not for hobbyists or enthusiasts.
As in
Because a (mature enough)** hobbyist will shun the cloud, s/he's the master of her/his creation, why would he give control to a third party over it?
--
** I've seen many 'projects' published on various places by padwans that were tricked in the dark side by companies selling kits. The 'wohoo, control your remote car over internet and see your room using the webcam' kind of projects.
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 2) by fyngyrz on Monday February 12 2018, @12:43AM
I see. No, I'm not concerned too much with the masses. They have their farcebook, their twaddle, etc. There's no hope for them.
I am a firm proponent of the idea that we can't fix stupid. Yet.
So what I am suggesting is that those of us who are woke, to abuse a somewhat pop term, can do better, both for ourselves, and for each other.
There's a chance – small, but non-zero – that such things might catch on, and someone might be willing to step in and mass produce some things because they aren't actually outright assholes, as are Google, Amazon, Philips and so on. MyCroft is one example of such an effort gaining traction. The various "hats" and "shields" for the Raspberry pi and Arduino units serve as other such examples. A fair number of SDR designs and kits too.
But I am under no illusion that the general population can be saved from the mess they've allowed to overtake them at this point in time.
(Score: 3, Funny) by frojack on Sunday February 11 2018, @08:58PM (1 child)
Dear Colo: Its 2018.
No, you are mistaken. I've always had this sig.
(Score: 2) by c0lo on Sunday February 11 2018, @11:04PM
Dear frojack, steampunk mods for clocks, computer enclosures and what not is a timeless art/craft.
I'm on my phone now, posting links is bitch, but I'm sure you can google for some images - some are quite beautiful.
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 4, Insightful) by Hyperturtle on Sunday February 11 2018, @05:26PM (2 children)
Fyngyrz has it right -- motivated people can do a lot with hardware that can be configured without the need of someone else's computer to make it run. That's how the PC industry used to work.. 'personal computer' as opposed to more modernized 'portable dumb terminals', I guess.
I went through a great deal of hoops to get the refrigerator and dishwasher I have to connect to my devices. They came with that functionality and wasn't part of my purchase decision; it's hard to avoid in a similar manner that if you want the higher end entertainment system in a car, you might not be able to get it without other bundled options.
My home aquarium system is not as high tech as his, but I had done similar things. I also made a number of hydroponic systems, after studying pictures of what was out there commericially and then seeing what didn't kill plants when I experimented. Most of that was controlled via "x10" hardware; the device controlling it was (and still is, on the occasion I need to change something) a windows 98 laptop with a serial port that connects to a "modem" that plugs into my electrical system and speaks to other devices plugged into outlets.
They mostly get commands only if they are more complicated than their 4KB of memory allows for; typically macros that do this then do that and try again a few times if no acknowledgement is received due to the laundry/washing machine adding noise to the circuit and causing transmission delays.
Back to the refrigerator and dishwasher; they have rj45 ports on them that are really USB connections. Those connections go to what is essentially a USB ethernet wifi connector. They then, if that is what you did, require a 24x7 connection to the vendor. The wiring is non-standard; you need their product because even if you got a usb to ethernet bridge that you wired properly based on experimentation, the device has code that runs that does the talking for the appliance.
To truly embrace the future, my refrigerator requires an account created and log in for:
the appliance vendor
something called 'if this then that' (dumber than turtle graphics programming that totally cant be run locally without logging into them because cloud--what if you moved your refrigerator how could it work??)
An active internet connection; such as the one you already pay for
To use it, you cannot actually connect to it with a computer. No, it requires a smart phone. Thus it requires:
An active cell phone service plan with data
an iPhone or Android phone -- nothing else is supported
registration on the apple, or google company stores, to download the application
The appliances did not come with anything that lets you actually use the connection. You must go out and agree to 5 different terms of services, pay two different ISP bills (at the time I checked, you could download the app over wifi but it wouldn't talk without the data plan for cellular service--and there is no desktop equivalent), and agree to share data between them all and their valued partners which may change over time. Each company said to contact the privacy policies of their vendor list because they cannot keep track of that for you, and none of them would alert the user if the policy changed; check back frequently for any changes.)
Instead, I bought the developer kit; it was cheaper than the wifi adapter I mentioned. Then I hooked that up to a laptop. Then I installed linux on a USB stick, and downloaded the tools necessary to talk to and query the appliances. There are example configurations/scripts out there that let you play what sounds like ansi music, flash the lights, bypass various safety thresholds for fun, etc... and also look at diagnostic info that even the most agreeable user is not allowed to see, even if they accept all the terms and conditions. A lot of the data is not visible to the actual consumer and relates to performance, use habits, etc. Use a lot of ice and they will send ads for their seperate ice makers, etc.
The utility of how I access the hardware is something that I introduced; it is not available to people that enroll in the consumer marketed system; the only things you get from that are reminders to buy things, fear based marketing, and interruptions to tell you that something that was going to happen anyway is partway complete. Buying the developer kit comes with no wizards, guis or instructions. You need to install linux on whatever the adapter will connect to, and find and install the development tools yourself. It was rewarding to do, and bypassed all of that other crap.
Everything works without fear of changes, I can read the info when the internet is down, if the wifi is down, and without concern that some remote firmware update is going to require me to sign up for something else, all the while not having to agree to 5 other companies (and their valued partners) learn more about how I use it, to better market to me.
I mean google and apple and microsoft don't need to know I have this. The developer kit lets you do everything and not even require a login except for the linux OS itself that you control anyway; it doesn't need an internet connection beyond your getting the tools. I shouldnt have to log into some 3rd party site that tracks you by real name and ties your behavior to everything for marketing purposes... just to get the application to access the appliance... etc.. blah blah. I guess I miss the days when the stuff you need to use what you bought actually came in the box and didn't require proof of my identity to some third party company and require agreeing to a contract unrelated to the hardware itself, just to get something I'll ignore because it sucks anyway.
(Score: 1, Interesting) by Anonymous Coward on Monday February 12 2018, @02:07AM (1 child)
Searching the Ubuntu packages I find this:
bottlerocket - Utility to control X10 Firecracker devices for home automation
Back around 2000, I was at a company that controlled a whole bunch of X10 devices off of a telnet-to-serial converter box.
(Score: 2) by Hyperturtle on Tuesday February 13 2018, @12:22AM
Yes, x10.com was handing out those firecracker devices for free with purchases for a while. I bought my stuff prior to that offer -- but it all still works. I might have gotten one for a light bulb or something but I had bought so much stuff during a sale I ended up with more than I could feasibly use once I figured out how to make things work.
There was a y2k bug... it worked on jan 1st 2000 but not Jan 2nd, so when I went out of town after making sure it all still worked on Jan 1st after a party... well I came back a week later and everything was dead, dying, or dessicated. Or all of that. Man was I upset. They released a y2k patch for the "activehome" software and life was good after that.
There are some fancy x10 software packages out there that let you do some pretty amazing things with the right hardware and sequence of events; it also requires some ingenuity and creativity to sort of plan it out. That if this then that thing I mentioned is sort of like the x10 macros--except x10 doesn't require you to give up your privacy in exchange for a little convenience.
My x10 stuff still works 18 years after a y2k issue (so does that windows 98 laptop...) I don't think most of the requirements my refrigerator demanded from me to get online will even be around in 18 years. (the refrigerator itself replaced one that came with the home; it was at least 20 years old... so that problem may be very relevant. There is no promise that the services you expect to be there will even be working 5, 10 or 20 years from now. Look at the sonos and nest hardware that are seeing premature end of life simply because its too expensive to keep lights on, and a revenue loss if there is no forced upgrade.)
(Score: 1, Troll) by r_a_trip on Sunday February 11 2018, @03:00PM (1 child)
How about people move their obese, McDonalds arses of the couch and go operate a mechanical switch. No spying and free exercise. Win/win.
(Score: 3, Interesting) by fyngyrz on Sunday February 11 2018, @08:41PM
How about "people", obese or otherwise, do whatever they want and ignore your input on the matter?
Mmm-hm. Let's concentrate on filling our lives with tasks that completely waste our time and energy, shall we, and just ignore the fact that there are really fun ways to exercise for free (a list "flipping light switches" rarely appears on, btw) and that the optimum way to deal with spying and theft by corporate and state and dark actors is not to live like it's 1930.
Here, in my old church, the main light switch is 60 feet away when we come in the front door, arms full of groceries or whatever. Now, I could have run a hundred bucks worth of Romex and put in a few more bucks worth of light switch hardware, but you know, it's actually less expensive (by more than half) and doesn't require one of us to drop whatever we're holding to just say "open the door" and "turn the lights on." A smart thermostat is very useful here as well, where the temperatures hit -40º every winter; it's nice to know if we need to rush home and deal with heating problems before there is a $10,000 water damage event from burst pipes – the thermostat fires off an email and we know the moment the interior temperature is below the hysteresis range we've set. It's also very handy to bring up the lights when we've paused the home theater before someone trips over a cat. And so on.
Yeah, we like living in the 2000's just fine, thanks.
In any case, while spying on our habits by corporations is (at least) despicable, that's not really the serious problem, in my view. The serious problem is the malware that is out to do damage and theft of resources / financial data, or compromise our legal positions.
(Score: 3, Insightful) by VLM on Monday February 12 2018, @01:26PM
It shocks me how the definition of "smart house" has changed since the 90s when I had misterhouse running Perl polling on X10 continuously thru the Insteon years (all the capacitors in all my Insteon devices are dead now, other than an RF only themostat) now thru the z-wave era. Also for whatever reasons I moved from misterhouse to openhab a couple years ago, just in time for the 2.0 upgrade fun. All open source, no phoning home. All universally connected, I use one app on my phone (web browser) and control everything at once without needing 14 apps for all those crappy vertical silos.
Its like falling asleep in '98 or so and waking up finding out the definition of the colors black and white had been swapped, and then trying to figure stuff out. So let me get this straight, you put something painted white out in the sun and it gets super duper hot because it absorbs all the light, now wait a second are you talking about "1998 white" or "2018 white" because they're opposites...