Nah, I have a bunch of stuff and couldn’t care less. If someone wants in my home they’ll take out a window. Nobody is zero daying their way past a lock 🤣
One of the most draining things about trying to look after privacy is the number of ways other people’s choices undermine that.
I don’t mean to dump on other people for those choices … usually… but it’s hard that the conveniences they take compromise the privacy that I like and that some others need more.
And what’s the worst an internet connected thermostat could do, discomfort you to death? If someone got into my Google account past 2fa etc id have bigger worries.
For me it’s more the privacy aspect. IOT devices tend to be network weak points. Things like Alexa constantly listening. I could see myself self hosting home assistant maybe in the future but not of the things smart devices enable are really a value add for me personally.
You don’t need home devices to lose your privacy like that. Your phone’s themselves are constantly listening in.
Was talking to the wife in the car one time about buying a new pair of tennis shoes, and when I got home that evening and watched YouTube videos and such, I was getting so many tennis shoe ads it was actually quite spooky.
Oh definitely, I go to a lot of effort to try and mitigate it (graphene OS, no Facebook, social media, pihole for network wide ad blocking, simplelogin for email aliasing, no smart devices) but there’s always plenty of invasive apps/services even you’re privacy conscious.
No they aren’t. Not in any sense that even explained in common sense language to normal people.
They are listening to what amounts to be a key pair(s) voice imprint. That’s done at a hardware level. And despite it be career making and be worth millions nobody has reported any large scale beach of trust in many years.
The major players have an excellent track record of being secure.
First, the attacker needs to be within wireless proximity of the device, and listen to MAC addresses with prefixes associated with Google. After that, they can send deauth packets, to disconnect the device from the network and trigger the setup mode. In the setup mode, they request device info, and use that information to link their account to the device and - voila! - they can now spy on the device owners over the internet, and can move away from the WiFi.
Congrats, you found a single instance. It was patched via the security program. It relied on physical proximity.
Then you link another scenario where an utterly insignificant portion of users data was shared with partners.
It’s grasping at straws and both those incidents are unrelated to always on recording. None of that shit you linked is related in the least bit. It’s slippery slope bullshit you’re trying to pull.
Astroturfing 🤣🤣🤣 good lord I wish I could get paid arguing with uninformed privacy zealots.
So much so for your “excellent track record of being secure.” right? Specially this taking almost a year to be patched.
Now image the exploits that were found not by researchers, but malicious parts…
I mean, if you were a paid astroturfer I could understand, because people have to make ends meet right. But doing that for free? What a dystopian world we live in
This is why I like boarderless security, and did even before all these smart devices came around. Every device should be responsible for its own security. It meant your laptop is still protected when you’re on some random wifi network. Networks shouldn’t be built like eggs; hard on the outside, soft on the inside.
It does take more technical skill to setup, though.
Or they could just dime out the heat/AC and give you a huge energy bill. Or kill the furnace in the winter, while you’re on vacation, and let your pipes burst.
Nobody is doing that. A hacker doesn’t cause chaos just for the fun of it. They have nothing to gain by playing with your thermostat when they can spend less man-power exploiting corporations for money and data.
The downside, though, is that installing the ransomware, currently, requires the hackers to either have physical access to the thermostat or trick the victim into loading malicious files on the device on his own.
And if a hacker is in your home, they’re not a hacker. They’re just a burglar.
Realistically speaking who targets an individual house in the hopes of accessing something important and usable when companies lose millions of customer financial and personal information basically every month?
To do what though? People are worried about their internal network being compromised, but the average person has basically nothing worth stealing on their home network given the insane amount of work it takes to compromise it.
The fears of your internal home network being compromised are way overblown.
It’s not just damage to your home network, it’s using that as part of botnets do do other crime. And it’s collecting data on you for sleazy purposes, that then gets leaked (sometimes) to those who want to use it for crime.
the insane amount of work it takes to compromise it.
Really?
The great thing about software is once you develop an insane trick to get into one child’s internet-connected doll (oh yes, there’s that too) you can roll it out to try ten million dolls across the world.
A main example that comes to mind is nanny cam or iot security cam ransoms for example. They don’t target specific individuals at first, they exploit a mass vulnerability, gather sensitive footage then blackmail. Another example, while not directly affecting IoT users’ lives was the Mirai botnet attack.
This implies looking at hundreds of thousands of nanny cams, for probably lots of hours before you end up with any footage thts worthy of ‘blackmail’. And I’d bet many homes would literally never have anything blackmail worthy even happen on camera. Oh no, they saw me naked!?! What am I going to do if my coworkers found out I walk around naked in my own home. I’d just tell them to take a hike and release my naked footage if they really wanted to.
I think that example is probably the most serious one. If you live in regions that go to -40c you most definitely don’t want your thermostat to just stop heating the house.
Sure it’s definitely an extreme example for the sake of argument but it’s one with potentially severe consequences (what if it happens while everyone is sleeping, or while all humans are away with only pets in the house, etc etc).
At the same time, it’s nice to be able to check what temperature it’s at while you’re away. I have a zwave thermostat myself, gives “smartness” without the reliance on someone else’s computer.
These iot software are usually minimum viable products with weak security. A zero day for them is fast simpler than trying to get a zero day in windows.
For example, I had a friend that worked at one of these companies, that recently lost a lot of money, and while he was there they had their master keys in the git repo on GitHub. At this point they were well past a billion dollar valuation.
Nah, I have a bunch of stuff and couldn’t care less. If someone wants in my home they’ll take out a window. Nobody is zero daying their way past a lock 🤣
“im not actually too worried about my privacy and data being misused, im worried about everyone’s being misused, and that it’s being normalized”
And folks wonder why I’m in a constant state of existential dread, we all know it won’t stop there if the corpocunts have anything to say about it.
One of the most draining things about trying to look after privacy is the number of ways other people’s choices undermine that.
I don’t mean to dump on other people for those choices … usually… but it’s hard that the conveniences they take compromise the privacy that I like and that some others need more.
Relevant xkcd
Fun that “crypto nerd” has changed meaning since then
Not to be confused with crypto bro.
It would be a cheap way of creating onlyfans content though.
If I found out my convulsing into my partner would make money idk do it in a heart beat 🤣
Who said you’d get the money though. That fine print you always agree to would say any content from the security cameras would be owned by them.
I would easily undercut with direct to consumer via OF after I understood the true value of my cock.
And what’s the worst an internet connected thermostat could do, discomfort you to death? If someone got into my Google account past 2fa etc id have bigger worries.
For me it’s more the privacy aspect. IOT devices tend to be network weak points. Things like Alexa constantly listening. I could see myself self hosting home assistant maybe in the future but not of the things smart devices enable are really a value add for me personally.
You don’t need home devices to lose your privacy like that. Your phone’s themselves are constantly listening in.
Was talking to the wife in the car one time about buying a new pair of tennis shoes, and when I got home that evening and watched YouTube videos and such, I was getting so many tennis shoe ads it was actually quite spooky.
Oh definitely, I go to a lot of effort to try and mitigate it (graphene OS, no Facebook, social media, pihole for network wide ad blocking, simplelogin for email aliasing, no smart devices) but there’s always plenty of invasive apps/services even you’re privacy conscious.
Jesus Christ “always listing”.
No they aren’t. Not in any sense that even explained in common sense language to normal people.
They are listening to what amounts to be a key pair(s) voice imprint. That’s done at a hardware level. And despite it be career making and be worth millions nobody has reported any large scale beach of trust in many years.
The major players have an excellent track record of being secure.
Facebook doesn’t.
Found the astroturfer
Whatever you say. Still not a single person who can list consumer devices using this tech.
Whatever you say astroturfer.
But it does not look like like they are secure at all
Hey, we even have leaks… .
Tell your boss to update your script
Congrats, you found a single instance. It was patched via the security program. It relied on physical proximity.
Then you link another scenario where an utterly insignificant portion of users data was shared with partners.
It’s grasping at straws and both those incidents are unrelated to always on recording. None of that shit you linked is related in the least bit. It’s slippery slope bullshit you’re trying to pull.
Astroturfing 🤣🤣🤣 good lord I wish I could get paid arguing with uninformed privacy zealots.
So much so for your “excellent track record of being secure.” right? Specially this taking almost a year to be patched. Now image the exploits that were found not by researchers, but malicious parts…
I mean, if you were a paid astroturfer I could understand, because people have to make ends meet right. But doing that for free? What a dystopian world we live in
The issue is that the thermostat can be used as a jump box into your network.
That’s when/where all the nefarious things happen.
This is why I like boarderless security, and did even before all these smart devices came around. Every device should be responsible for its own security. It meant your laptop is still protected when you’re on some random wifi network. Networks shouldn’t be built like eggs; hard on the outside, soft on the inside.
It does take more technical skill to setup, though.
Or they could just dime out the heat/AC and give you a huge energy bill. Or kill the furnace in the winter, while you’re on vacation, and let your pipes burst.
Nobody is doing that. A hacker doesn’t cause chaos just for the fun of it. They have nothing to gain by playing with your thermostat when they can spend less man-power exploiting corporations for money and data.
Really? Ok, that could be a one-off: here’s a more concrete example.
Yeah, but:
And if a hacker is in your home, they’re not a hacker. They’re just a burglar.
Realistically speaking who targets an individual house in the hopes of accessing something important and usable when companies lose millions of customer financial and personal information basically every month?
Nobody attacks an individual house, people exploit vulnerabilities en masse.
To do what though? People are worried about their internal network being compromised, but the average person has basically nothing worth stealing on their home network given the insane amount of work it takes to compromise it.
The fears of your internal home network being compromised are way overblown.
It’s not just damage to your home network, it’s using that as part of botnets do do other crime. And it’s collecting data on you for sleazy purposes, that then gets leaked (sometimes) to those who want to use it for crime.
Really?
The great thing about software is once you develop an insane trick to get into one child’s internet-connected doll (oh yes, there’s that too) you can roll it out to try ten million dolls across the world.
A main example that comes to mind is nanny cam or iot security cam ransoms for example. They don’t target specific individuals at first, they exploit a mass vulnerability, gather sensitive footage then blackmail. Another example, while not directly affecting IoT users’ lives was the Mirai botnet attack.
This implies looking at hundreds of thousands of nanny cams, for probably lots of hours before you end up with any footage thts worthy of ‘blackmail’. And I’d bet many homes would literally never have anything blackmail worthy even happen on camera. Oh no, they saw me naked!?! What am I going to do if my coworkers found out I walk around naked in my own home. I’d just tell them to take a hike and release my naked footage if they really wanted to.
I think that example is probably the most serious one. If you live in regions that go to -40c you most definitely don’t want your thermostat to just stop heating the house.
Pretty extreme example, and im sure you would manually intervene at that point
Sure it’s definitely an extreme example for the sake of argument but it’s one with potentially severe consequences (what if it happens while everyone is sleeping, or while all humans are away with only pets in the house, etc etc).
It’s happened before too: https://news.sophos.com/en-us/2016/01/18/nest-smart-thermostat-glitch-leaves-cold-feet-and-steaming-mad-customers/
At the same time, it’s nice to be able to check what temperature it’s at while you’re away. I have a zwave thermostat myself, gives “smartness” without the reliance on someone else’s computer.
Whats -40c I only know freedom units. Im guessing its -20f
Believe it or not, it’s also -40f :D for once we’re all happy.
Coincidentally -40c is also -40f
Raise your AC and or Heating bills?
Without you noticing though?
They’d time it for when you are on vacation.
These iot software are usually minimum viable products with weak security. A zero day for them is fast simpler than trying to get a zero day in windows.
For example, I had a friend that worked at one of these companies, that recently lost a lot of money, and while he was there they had their master keys in the git repo on GitHub. At this point they were well past a billion dollar valuation.