All posts in “Internet of Things”

Smart home makers hoard your data, but won’t say if the police come for it

A decade ago, it was almost inconceivable that nearly every household item could be hooked up to the internet. These days, it’s near impossible to avoid a non-smart home gadget, and they’re vacuuming up a ton of new data that we’d never normally think about.

Thermostats know the temperature of your house, and smart cameras and sensors know when someone’s walking around your home. Smart assistants know what you’re asking for, and smart doorbells know who’s coming and going. And thanks to the cloud, that data is available to you from anywhere – you can check in on your pets from your phone or make sure your robot vacuum cleaned the house.

Because the data is stored or accessible by the smart home tech makers, law enforcement and government agencies have increasingly sought out data from the companies to solve crimes.

And device makers won’t say if your smart home gadgets have been used to spy on you.

For years, tech companies have published transparency reports — a semi-regular disclosure of the number of demands or requests a company gets from the government for user data. Google was first in 2010. Other tech companies followed in the wake of Edward Snowden’s revelations that the government had enlisted tech companies’ aid in spying on their users. Even telcos, implicated in wiretapping and turning over Americans’ phone records, began to publish their figures to try to rebuild their reputations.

As the smart home revolution began to thrive, police saw new opportunities to obtain data where they hadn’t before. Police sought Echo data from Amazon to help solve a murder. Fitbit data was used to charge a 90-year old man with the murder of his stepdaughter. And recently, Nest was compelled to turn over surveillance footage that led to gang members pleading guilty to identity theft.

Yet, Nest — a division of Google — is the only major smart home device maker that has published how many data demands they receive.

As first noted by Forbes last week, Nest’s little-known transparency report doesn’t reveal much — only that it’s turned over user data about 300 times since mid-2015 on over 500 Nest users. Nest also said it hasn’t to date received a secret order for user data on national security grounds, such as in cases of investigating terrorism or espionage. Nest’s transparency report is woefully vague compared to some of the more detailed reports by Apple, Google and Microsoft, which break out their data requests by lawful request, by region, and often by the kind of data that the government demands.

As Forbes said, “a smart home is a surveilled home.” But at what scale?

We asked some of the most well known smart home makers on the market if they plan on releasing a transparency report, or disclose the number of demands they receive for their smart home tech.

For the most part, we received fairly dismal responses.

What the big four tech giants said:

Amazon did not respond to requests for comment when asked if it will break out the number of demands it receives for Echo data, but a spokesperson told me last year that while its reports include Echo data, it would not break out those figures.

Facebook said that its transparency report section will include “any requests related to Portal,” its new hardware screen with a camera and a microphone. Although the device is new, a spokesperson did not comment on if the company will break out the hardware figures separately.

Google pointed us to Nest’s transparency report but did not comment on its own efforts in the hardware space — notably its Google Home products.

And Apple said that there’s no need to break out its smart home figures — such as its HomePod — because there would be nothing to report. The company said user requests made to HomePod are given a random identifier that cannot be tied to a person.

What the smaller but notable smart home players said:

August, a smart lock maker, said it “does not currently have a transparency report and we have never received any National Security Letters or orders for user content or non-content information under the Foreign Intelligence Surveillance Act (FISA),” but did not comment on the number of subpoenas, warrants and court orders it receives. “August does comply with all laws and when faced with a court order or warrant, we always analyze the request before responding,” a spokesperson said.

Roomba maker iRobot said it “has not received any demands from governments for customer data,” but wouldn’t say if it planned to issue a transparency report in the future.

Both Arlo, the former Netgear smart home division, and Signify, formerly Philips Lighting, said that they do not have transparency reports. Arlo didn’t comment on its future plans, and Signify said it has no plans to publish one. 

Ring, a smart doorbell and security device maker, did not answer our questions on why it doesn’t have a transparency report, but said it “will not release user information without a valid and binding legal demand properly served on us” and that Ring “objects to overbroad or otherwise inappropriate demands as a matter of course.” When pressed, a spokesperson said it plans to release a transparency report in the future, but did not say when.

Neither spokespeople for Honeywell or Canary — both of which have smart home security products — did not comment by our deadline.

And, Samsung, a maker of smart sensors, trackers and internet-connected televisions and other appliances, did not respond to a request for comment.

Only Ecobee, a maker of smart switches and sensors, said it plans to publish its first transparency report “at the end of 2018.” A spokesperson confirmed that, “prior to 2018, Ecobee had not been requested nor required to disclose any data to government entities.”

All in all, that paints a fairly dire picture for anyone thinking that when the gadgets in your home aren’t working for you, they could be helping the government.

As helpful and useful smart home gadgets can be, few fully understand the breadth of data that the devices collect — even when we’re not using them. Your smart TV may not have a camera to spy on you, but it knows what you’ve watched and when — which police used to secure a conviction of a sex offender. Even data from when a murder suspect pushed the button on his home alarm key fob can be enough to help convict someone of murder.

Two years ago, former U.S. director of national intelligence James Clapper said that the government was looking at smart home devices as a new foothold for intelligence agencies to conduct surveillance. And it’s only going to become more common as the number of internet-connected devices spread. Gartner said more than 20 billion devices will be connected to the internet by 2020.

As much as the chances are that the government is spying on you through your internet-connected camera in your living room or your thermostat are slim — it’s naive to think that it can’t.

But the smart home makers wouldn’t want you to know that. At least, most of them.

Banksy’s rigged art frame was supposed to shred the whole thing

In the connected future will anyone truly own any thing? Banksy’s artworld shocker performance piece, earlier this month, when a canvas of his went under the hammer at Sothebys in London, suggests not.

Immediately the Girl with Balloon canvas sold — for a cool ~$1.1M (£860,000) — it proceeded to self-destruct, via a shredder built into the frame, leaving a roomful of designer glasses paired with a lot of shock and awe, before facial muscles twisted afresh as new calculations kicked in.

As we reported at the time, the anonymous artist had spent years planning this particular prank. Yet the stunt immediately inflated the value of the canvas — some suggested by as much as 50% — despite the work itself being half shredded, with just a heart-shaped balloon left in clear view.

The damaged canvas even instantly got a new title: Love Is in the Bin.

Thereby undermining what might otherwise be interpreted as a grand Banksy gesture critiquing the acquisitive, money-loving bent of the art world. After all, street art is his big thing.

However it turns out that the shredder malfunctioned. And had in fact been intended to send the whole canvas into the bin the second after it sold.

Or, at least, so the prankster says — via a ‘director’s cut’ video posted to his YouTube channel yesterday (and given the title: ‘Shred the love’, which is presumably what he wanted the resulting frame-sans-canvas to be called).

“In rehearsals it worked every time…” runs a caption towards the end of the video, before footage of a complete shredding is shown…

[embedded content]

The video also appears shows how the canvas was triggered to get to work cutting.

After the hammer goes down the video cuts to a close-up shot of a pair of man’s hands pressing a button on a box with a blinking red LED — presumably sending a wireless signal to shreddy to get to work…

The suggestion, also from the video (which appears to show close up shots of some of the reactions of people in the room watching the shredding taking place in real time), is that the man — possibly Banksy himself — attended the auction in person and waited for the exact moment to manually trigger the self-destruct mechanism.

There are certainly lots of low power, short range radio technologies that could have been used for such a trigger scenario. Although the artwork itself was apparently gifted to its previous owner by Banksy all the way back in 2006. So the built-in shredder, batteries and radio seemingly had to sit waiting for their one-time public use for 12 years. Unless, well, Banksy stuck into the friend’s house to swap out batteries periodically.

Whatever the exact workings of the mechanism underpinning the stunt, the act is of course the point.

It’s almost as if Banksy is trying to warn us that technology is eroding ownership, concentrating power and shifting agents of control.

SpankChain spanked

SpankChain, a cryptocurrency aimed at decentralized sex cams, has announced that a hacker stole about $38,000 from their payment channel thanks to a broken smart contract. They wrote:

At 6pm PST Saturday, an unknown attacker drained 165.38 ETH (~$38,000) from our payment channel smart contract which also resulted in $4,000 worth of BOOTY on the contract becoming immobilized. Of the stolen/immobilized ETH/BOOTY, 34.99 ETH (~$8,000) and 1271.88 BOOTY belongs to users (~$9,300 total), and the rest belonged to SpankChain.

Our immediate priority has been to provide complete reimbursements to all users who lost funds. We are preparing an ETH airdrop to cover all $9,300 worth of ETH and BOOTY that belonged to users. Funds will be sent directly to users’ SpankPay accounts, and will be available as soon as we reboot Spank.Live.

The hacker used a ‘reentrancy’ bug in which the user calls the same transfer multiple times, draining a little Ethereum each time. The bug is the same one that previously affected the DAO.

The company pointed out that a security audit on their smart contract would have cost $50,000, a bit more than the amount lost. “As we move forward and grow, we will be stepping up our security practices, and making sure to get multiple internal audits for any smart contract code we publish, as well as at least one professional external audit,” they wrote.

I’ve reached out to the company for clarification but in short it seems the spanker has become the spankee.

Google’s smart home sell looks cluttered and incoherent

If any aliens or technology ingenues were trying to understand what on earth a ‘smart home’ is yesterday, via Google’s latest own-brand hardware launch event, they’d have come away with a pretty confused and incoherent picture.

The company’s presenters attempted to sketch a vision of gadget-enabled domestic bliss but the effect was rather closer to described clutter-bordering-on-chaos, with existing connected devices being blamed (by Google) for causing homeowners’ device usability and control headaches — which thus necessitated another new type of ‘hub’ device which was now being unveiled, slated and priced to fix problems of the smart home’s own making.

Meet the ‘Made by Google’ Home Hub.

Buy into the smart home, the smart consumer might think, and you’re going to be stuck shelling out again and again — just to keep on top of managing an ever-expanding gaggle of high maintenance devices.

Which does sound quite a lot like throwing good money after bad. Unless you’re a true believer in the concept of gadget-enabled push-button convenience — and the perpetually dangled claim that smart home nirvana really is just around the corner. One additional device at a time. Er, and thanks to AI!

Yesterday, at Google’s event, there didn’t seem to be any danger of nirvana though.

Not unless paying $150 for a small screen lodged inside a speaker is your idea of heaven. (i.e. after you’ve shelled out for all the other connected devices that will form the spokes chained to this control screen.)

A small tablet that, let us be clear, is defined by its limitations: No standard web browser, no camera… No, it’s not supposed to be an entertainment device in its own right.

It’s literally just supposed to sit there and be a visual control panel — with the usual also-accessible-on-any-connected-device type of content like traffic, weather and recipes. So $150 for a remote control doesn’t sound quite so cheap now does it?

The hub doubling as a digital photo frame when not in active use — which Google made much of — isn’t some kind of ‘magic pixie’ sales dust either. Call it screensaver 2.0.

A fridge also does much the same with a few magnets and bits of paper. Just add your own imagination.

During the presentation, Google made a point of stressing that the ‘evolving’ smart home it was showing wasn’t just about iterating on the hardware front — claiming its Google’s AI software is hard at work in the background, hand-in-glove with all these devices, to really ‘drive the vision forward’.

But if the best example it can find to talk up is AI auto-picking which photos to display on a digital photo frame — at the same time as asking consumers to shell out $150 for a discrete control hub to manually manage all this IoT — that seems, well, underwhelming to say the least. If not downright contradictory.

Google also made a point of referencing concerns it said it’s heard from a large majority of users that they’re feeling overwhelmed by too much technology, saying: “We want to make sure you’re in control of your digital well-being.”

Yet it said this at an event where it literally unboxed yet another clutch of connected, demanding, function-duplicating devices — that are also still, let’s be clear, just as hungry for your data — including the aforementioned tablet-faced speaker (which Google somehow tried to claim would help people “disconnect” from all their smart home tech — so, basically, ‘buy this device so you can use devices less’… ); a ChromeOS tablet that transforms into a laptop via a snap-on keyboard; and 2x versions of its new high end smartphone, the Pixel 3.

There was even a wireless charging Pixel Stand that props the phone up in a hub-style control position. (Oh and Google didn’t even have time to mention it during the cluttered presentation but there’s this Disney co-branded Mickey Mouse-eared speaker for kids, presumably).

What’s the average consumer supposed to make of all this incestuously overlapping, wallet-badgering hardware?!

Smartphones at least have clarity of purpose — by being efficiently multi-purposed.

Increasingly powerful all-in-ones that let you do more with less and don’t even require you to buy a new one every year vs the smart home’s increasingly high maintenance and expensive (in money and attention terms) sprawl, duplication and clutter. And that’s without even considering the security risks and privacy nightmare.

The two technology concepts really couldn’t be further apart.

If you value both your time and your money the smartphone is the one — the only one — to buy into.

Whereas the smart home clearly needs A LOT of finessing — if it’s to ever live up to the hyped claims of ‘seamless convenience’.

Or, well, a total rebranding.

The ‘creatively chaotic & experimental gadget lovers’ home would be a more honest and realistic sell for now — and the foreseeable future.

Instead Google made a pitch for what it dubbed the “thoughtful home”. Even as it pushed a button to pull up a motorised pedestal on which stood clustered another bunch of charge-requiring electronics that no one really needs — in the hopes that consumers will nonetheless spend their time and money assimilating redundant devices into busy domestic routines. Or else find storage space in already overflowing drawers.

The various iterations of ‘smart’ in-home devices in the market illustrate exactly how experimental the entire  concept remains.

Just this week, Facebook waded in with a swivelling tablet stuck on a smart speaker topped with a camera which, frankly speaking, looks like something you’d find in a prison warden’s office.

Google, meanwhile, has housed speakers in all sorts of physical forms, quite a few of which resemble restroom scent dispensers.

And Amazon now has so many Echo devices it’s almost impossible to keep up. It’s as if the ecommerce giant is just dropping stones down a well to see if it can make a splash.

During the smart home bits of Google’s own-brand hardware pitch, the company’s parade of presenters often sounded like they were going through robotic motions, failing to muster anything more than baseline enthusiasm.

And failing to dispel a strengthening sense that the smart home is almost pure marketing, and that sticking update-requiring, wired in and/or wireless devices with often variously overlapping purposes all over the domestic place is the very last way to help technology-saturated consumers achieve anything close to ‘disconnected well-being’.

Incremental convenience might be possible, perhaps — depending on which and how few smart home devices you buy; for what specific purpose/s; and then likely only sporadically, until the next problematic update topples the careful interplay of kit and utility. But the idea that the smart home equals thoughtful domestic bliss for families seems farcical.

All this updatable hardware inevitably injects new responsibilities and complexities into home life, with the conjoined power to shift family dynamics and relationships — based on things like who has access to and control over devices (and any content generated); whose jobs it is to fix things and any problems caused when stuff inevitably goes wrong (e.g. a device breakdown OR a AI-generated event like the ‘wrong’ photo being auto-displayed… ); and who will step up to own and resolve any disputes that arise as a result of all the Internet connected bits being increasingly intertwined in people’s lives, willingly or otherwise.

Hey Google, is there an AI to manage all that yet?

more Google Event 2018 coverage

The Das Keyboard 5Q adds IoT to your I/O keys

Just when you thought you were safe from IoT on your keyboard Das Keyboard has come out with the 5Q, a smart keyboard that can send you notifications and change colors based on the app you’re using.

These kinds of keyboards aren’t particularly new – you can find gaming keyboards that light up all the colors of the rainbow. But the 5Q is almost completely programmable and you can connect to the automation services IFTTT or Zapier. This means you can do things like blink the Space Bar red when someone passes your Nest camera or blink the Tab key white when the outdoor temperature falls below 40 degrees.

You can also make a key blink when someone Tweets which could be helpful or frustrating:

The $249 keyboard is delightfully rugged and the switches – called Gamma Zulu and made by Das Keyboard – are nicely clicky but not too loud. The keys have a bit of softness to them at the half-way point so if you’re used to Cherry-style keyboards you might notice a difference here. That said the keys are rated for 100 million actuations, far more than any competing switch. The RGB LEDs in each key, as you can see below, are very bright and visible but when the keys lights are all off the keyboard is completely unreadable. This, depending on your desire to be Case from Neuromancer, is a feature or a bug. There is also a media control knob in the top right corner that brings up the Q app when pressed.

The entire package is nicely designed but the 5Q begs the question: do you really need a keyboard that can notify you when you get a new email? The Mac version of the software is also a bit buggy right now but they are updating it constantly and I was able to install it and run it without issue. Weird things sometimes happen, however. For example currently my Escape and F1 keys are now blinking red and I don’t know how to turn them off.

That said, Das Keyboard makes great keyboards. They’re my absolute favorite in terms of form factor and key quality and if you need a keyboard that can notify you when a cryptocurrency goes above a certain point or your Tesla stock is about to tank, look no further than the 5Q. It’s a keyboard for hackers by hackers and, as you can see below, the color transitions are truly mesmerizing.