Tag: privacy

Internet of Spies

If you’ve followed my blogs for any length of time you’ve probably heard me making disparaging remarks about the so called “Internet of Things”, this idea that one day everything will be networked to everything else, and oh, the fun we’ll have!

Your refrigerator will order your food when it gets low. Your cupboard will order food when you get low on staples. Your toilet will monitor your health and report the data to your doctor. Your bed will monitor your sleep habits. You can turn the lights on and off in  your house with your phone. You’ll be able to control the heat and cooling in your home from your cell phone. Your counter top will nag you “Are you sure you really need that cookie? Hmm? Mr. Scale tells me you’ve put on a few pounds…”

Now if you are one of the people who think this is the best thing ever, I have a question for you: Have you actually stopped to think about any of this nonsense?

Let’s have a little chat about the IOT, shall we? Let’s start with this little tidbit:

Bundesnetzagentur removes children’s doll “Cayla” from the market

Now, if you clickety click that link, you’ll find that the Bundeswhatever, a German regulatory agency, banned a children’s doll, declaring it to be little more than a concealed surveillance device because, well, because it pretty much is. Designed to interact with children, it uses an internet connection to monitor everything being said around it, sending it off to some server somewhere. It has little or no security, you don’t know where the information being gathered is being sent or what is being done with it. But you can be sure that someone, somewhere, is probably making money off it by selling the data.

And in case you think this is an isolated incident, it isn’t. Similar complaints have been made about an interactive Barbie doll. Security investigators found that it was a simple matter to use the doll to steal WiFi passwords, login information, files from computers linked to the home network… Fortunately the company that made the software was good about fixing the problems. But legally nothing is being done about what the company actually does with the data because here in the US our government’s policy is that privacy is a wonderful thing, but if someone can make money off violating your privacy so that money can to be used to buy politicians, well, where’s the harm in that, right?

Vizio was just fined $2.2 million for “smart” televisions that were spying on people. The company had installed tracking software in its televisions that tracked everything the owners watched, without telling the buyers of the sets it was doing it. There was a case a few years ago where an internet connected toy in the UK was serving up sexually explicit ads on the toy.

Now consider devices that are even smarter than that, that collect data about your eating habits, what you’re buying at the store, your physical health. There are dozens, hundreds of companies that would love to get their hands on that data to directly market things to you, that would benefit from knowing what your health is like, etc.

Even if the device isn’t actively spying on you, they can be troublesome. If we’ve learned anything about the Internet over the years it’s that it is not a safe place to play in. If a device can possibly be hacked, it will. If not for profit, than just for the sheer pleasure of vandalizing something.

You come home from work and find your garage door open and the garage cleaned out of anything of value because someone hacked your cell phone enabled garage door opener. Your house was emptied too because someone hacked your IOT enabled security system. Oh, and to make things even more fun, they hacked your heating controls and turned your furnace off in January and your house is frozen, the water pipes burst. And just to rub it in, your IOT enabled lights are flashing obscene messages in morse code.

I know this is getting a bit on the long side, but let me babble on here for a while longer before I wrap this up.

Now I readily admit that some of this technology is genuinely useful, especially for someone who is disabled or otherwise challenged. But a lot of it, even most of it, just isn’t. I don’t need to have an app on my cell phone to run my furnace. I have a device hanging on the wall that is connected to nothing but the furnace itself that does it for me. If I want to turn the AC on before I get home from work I can use a non-connected programmable timer that costs less and isn’t hackable.

The same is true of most of this stuff. I don’t need it, you don’t need it. Oh, it may be convenient, but is the convenience of being able to unlock your door with a cell phone worth the security risk? Not really.

It’s all marketing. Most of the convenience, security and safety issues being promoted by the developers of IOT technologies is illusory. The fake fears, the phony convenience, all standard marketing techniques to try to convince you that you really, really need this stuff.

Addendum: Then there is the deliberate outright spying… Like this case in Pennsylvania.

If you can’t be bothered to follow the link to the Wikipedia entry on the case, here’s a run down. A school in Pennsylvania loaded the laptops of all of it’s students with spyware that was capable of monitoring everything the students did for “security” reasons.

Including surreptitiously turning on the cameras in the laptops and recording videos and still images of everything. Including the students in their own homes, in their own rooms, in their own beds. They found over 700 still images that had been captured of one single student, even of him in bed sleeping and changing clothes. And those images were given to other employees of the school district. Since the cameras were active in the bedrooms and homes of other children who had the computers, one can assume that videos and images of them changing clothes, in the nude, etc were also captured. The school turned out to be doing this not just to students, but to teachers as well.

Warning for OSX users

I’m not sure exactly when this happened, possibly with updating to Sierra, possible during one of the security updates to OSX that took place over the last couple of months, but you want to double check your iCloud settings on all of your iMacs and Macbooks. I didn’t find this out until I suddenly got a warning that I was running out of capacity on my iCloud drive.

I had disabled all automatic storage and backup from from my iMac to my iCloud account because I don’t need it except for photo sharing. I do my own backups to external devices so I didn’t need it for that. I also didn’t want documents, emails or other information being stored off-line out in the cloud because I don’t particularly want things like financial information, tax returns and similar information stored heaven only knows where on some server I have no control over.

Somewhere along the way, perhaps with the upgrade to Sierra, Apple decided to reset all of my iCloud preferences and now everything was turned on. It was automatically saving my entire documents folder, desktop files, contact lists, calendar, and pretty much everything out on the iCloud. Even worse, it had also turned on iCloud for every third party application that has iCloud capabilities – word processors, accounting software, a couple of photo editors — all of them were now storing duplicates of everything out on the cloud as well as on my local drives.

Not only is this a privacy concern, it also sucked up a hell of a lot of storage space, and while iCloud storage isn’t exactly expensive, it still costs money.

So if you use iMacs or Macbook computers, go to your system preferences and check your iCloud preferences so you know what’s actually being stored out on the cloud somewhere.

Important – just found out the hard way that if you do disable Sierra’s ability to “share” your documents and desktop with iCloud, and then delete the documents and desktop folders on your iCloud account, it will also delete the documents folder and any documents, photos, etc you have on your desktop from  your iMac’s local hard drive as well.

And, of course, I’d emptied the trash bin before I found this out and had to restore my documents folder from backup (Thank you Time Machine)

Additional note: Apparently just switching iCloud functions off doesn’t actually do anything. After switching it off, deleting the unwanted files from the cloud, I discovered OSX put them right back again. I had to log out of my iCloud account, reboot the computer, then log back in before the changes actually went into effect.