• @[email protected]
    link
    fedilink
    English
    5411 months ago

    Yet another reason why IoT crap sucks. You don’t need to put everything on the internet. This one should be obvious.

    • @friend_of_satan
      link
      English
      24
      edit-2
      11 months ago

      The “S” in IOT is for “security”.

    • @books
      link
      English
      1511 months ago

      Home assistant tries to keep shit local.

      • @[email protected]
        link
        fedilink
        English
        11
        edit-2
        11 months ago

        depends on the device.

        If the device dont provide local connection, there is nothing home assistant can do about it. Some device will also send data to the cloud even it is locally controlled by HA.

        • @books
          link
          English
          411 months ago

          Oh for sure. But unlike smart things or any other hub, only the data that needs a cloud connection will go through the cloud…

          • archomrade [he/him]
            link
            fedilink
            English
            1
            edit-2
            11 months ago

            Home assistant is great at what it does, but the problem is too big for HA to really fix it by itself.

            It’s the end-devices that are the biggest culprits, paired with the apps installed on your phone. It’s the reason Google was basically giving away their home-mini’s the last couple years.

            If you use a smart device that comes with - or requires - an app, it’s almost guaranteed that app collects a certain amount of data from you to be sold or utilized for user profiling.

            The problem is that everyone has half a dozen of those devices already, and swapping them all out takes time, effort, and money that most people simply don’t have.

            It’s a challenge even for the truly dedicated and privacy-minded individual to know which devices are locally hosted and which ones use local internet access or a permissive phone apps to function. Even if you DO manage to keep a clean slate, there are always companies that change their policies once they have high-adoption and force cloud integration on their users. See Phillips, Chamberlain, Microsoft, Google, Amazon…

            I love Home Assistant, but it’s a nightmare trying to cut out all the unsecured bullshit I’ve found myself with even in the past two years.

        • @[email protected]
          link
          fedilink
          English
          111 months ago

          Thanks to laziness of the device manufacturers, a lot of them either expose some data endpoints locally, or just use Zigbee which can be easily paired to be used local-only.

          Those that require Wi-Fi access can be filtered on the router to disable internet access.

    • GigglyBobble
      link
      fedilink
      1511 months ago

      People don’t think about that. You have to register somewhere in order to use your $12.99 cam, install some app and are good to go.

      How would a someone not interested in tech know that the footage data is stored on some online server and you are at the mercy of their itsec.

      • archomrade [he/him]
        link
        fedilink
        English
        2011 months ago

        Which is why these companies that are marketing wifi and cloud-polling devices should be held responsible for the data breaches and regulated more rigorously.

        It should be cost-prohibitive to design a smart device that sends data to a centralized server, but they do it because the upside value of having the data is so attractive. They shouldn’t be allowed to hide behind a ToS agreement with mandatory arbitration when their security is inevitably breached.

        • @AlfredEinstein
          link
          English
          811 months ago

          Take it up with your congressman.

          Seriously. It sounds like you have an informed and well-reasoned opinion. They’re not 100% corrupt. And they usually only hear about tech from industry lobbyists.

          Let them hear from an intelligent constituent for a change.

          • KᑌᔕᕼIᗩ
            link
            fedilink
            English
            211 months ago

            Good luck with that, your voice is going to be drowned out by all the companies masquerading as “people” whom they really represent.

            • @AlfredEinstein
              link
              English
              211 months ago

              Taking the time to get in touch with representatives at all levels of government is just good citizenship.

              Sure, there are lobbyists. But there’s me too. We can’t expect to enjoy a civilized society unless we put in the effort.

              • KᑌᔕᕼIᗩ
                link
                fedilink
                English
                111 months ago

                Having done this before and being told to basically get stuffed from one of their underlings I have zero faith in it. It’s basically just another token thing that’s about as useful as “thoughts & prayers” for the most part.

                • @AlfredEinstein
                  link
                  English
                  111 months ago

                  You have to be nice. You’re selling an idea that is probably foreign to them.

                  • KᑌᔕᕼIᗩ
                    link
                    fedilink
                    English
                    111 months ago

                    I don’t mean they literally told me to get stuffed. They won’t personally take your call nor read your letter. You might get lucky and they’ll let you physically come into their office but that’s about as far as you’ll get.

              • archomrade [he/him]
                link
                fedilink
                English
                111 months ago

                I do it when I can, but that kind of influence just can’t be done by a handful of tech-literate terminally-online weirdos. It takes a buttload of money or a massive amount of public attention to push an issue like this forward, especially when political operatives absolutely benefit from both the data and the companies involved. The political calculus just isn’t there.

                More people need to know and care about this before any legislator is going to spend political capital on it.

      • @[email protected]
        link
        fedilink
        English
        111 months ago

        The question isn’t “how would someone know…?” the question is “do you know what a hacker does?”.

    • @[email protected]
      link
      fedilink
      English
      0
      edit-2
      11 months ago

      With end to end encryption, and requiring manual key transfer (no key sync), this would not be an issue.