SoylentNews is people
SoylentNews
from the Protecting-the-product-or-the-public? dept.
The U.S. Consumer Product Safety Commission is conducting a public hearing on the safety of internet-connected consumer products, and is requesting comments.
The Commission hearing will begin at 10 a.m., on May 16, 2018, and will conclude the same day. The Commission hearing will also be available through a webcast, but viewers will not be able to interact with the panels and presenters through the webcast.
...
The growth of IoT-related products is a challenge for all CPSC stakeholders to address. Regulators, standards organizations, and business and consumer advocates must work collaboratively to develop a framework for best practices. To that end, the Commission will hold a public hearing for all interested parties on consumer product safety issues related to IoT.
Although this explicitly does not cover data security and privacy it covers many of the other issues seen with IoT devices.
Comments can be submitted to the commission through the web portal:
You may submit written comments, identified by Docket No. CPSC-2018-0007
...
Electronic Submissions: Submit electronic comments to the Federal eRulemaking Portal at: www.regulations.gov. Follow the instructions for submitting comments.
Seen through the Internet Of Shit twitter feed.
(Score: 3, Interesting) by Runaway1956 on Friday March 30 2018, @01:37AM (1 child)
Your packets? Really? So, you are aware of every packet that your IOT devices sends, and you know what is in those packets? All of those packets are benign, and benefit you specifically?
I want to see the whole IOT burned to the ground. I want to see the villagers, with their torches and pitchforks rooting out the evil. The IOT is not about you, the consumer, any more than animal husbandry is about the cattle. Animal husbandry is all about feeding people, and the IOT is all about enriching corporations. The data must flow!
(Score: 3, Interesting) by Hyperturtle on Friday March 30 2018, @03:20PM
I'd be more supportive of IoT hardware if they came with a little guide that had contents that wouldnt change on a random schedule requiring me to visit some website periodically to learn if the terms of the agreement have changed, agreed to if I keep using the product or read that page.
The guide should say what it does and how it does it, and if i had a firewall, what ports to open or traffic types to permit.
If it phones to a home, where that is, what the ip address or addresses are going to be, or the DNS names that won't change if the IPs do, due to a site failover or other maintenance because they have redundancy and stuff. Or not, say that too.
And also if I do DNS filtering, what do I have to enter in to permit the device to go outbound, and will it work without that?
Can I have it on its own local layer 2 network without needing an internet connection? Can I still expect to use anything on the IoT network if the internet goes down for any reason?
Right now, the only way to find these things out are to purchase and isolate a device and torture it to make it talk. They do not necessraily give up their secrets easily, but when they do, often they have default user names and passwords on some arduino uno or raspberry pi zero or something anyway.
Anyway I do check that stuff, but I am probably in the minority in wanting to know what the devices on my home network are trying to tell other people about me when I am not paying attention--if they get updates and can I block them, and what happens to my gear if the company that made it or supports it decideds to cancel the service. Will by devices get bricked remotely, or just stop working? Can I redirect them, etc.
As you can imagine, there is not a lot out there that works if you don't let it talk to some random dns name in an amazon cloud. I have spoken to tech support that did not know what IP address the product uses or the DNS name. Just that it had to be online to work, have I tried turning it off and on if I have already rebooted my internet connection? Can I bypass my firewall? If the application isn't working right on my computer, did I try disabling all antivirus and other protections?
Not a good feeling when that's mostly the same script no matter who you call. It's like no one paid to support the products know how any of it works. You get clowns like me that are interested in safeguarding my home network that finds out how some of the stuff works, but we'd be labeled dangerous hackers if we had a blog about it.