Forgot your password?
typodupeerror
Privacy Google Technology Hardware

Privacy Worries For 'Smart' Smoke Alarms 90

Posted by Soulskill
from the remember-when-we-just-had-to-worry-about-our-devices-catching-fire dept.
Advocatus Diaboli sends this excerpt from an article about the data collection capabilities of the Nest Protect 'smart' smoke alarms, and how they could become a privacy concern: Consider that each Protect is packed full of sensors, some of which are capable of much more than they're doing right now: From heat and light sensors to motion sensors and ultrasonic wave sensors. This simple little device could scrape an incredible amount of data about your life if Nest asked it to: From when you get home, to when you go to bed, to your daily routine, to when you cook dinner. Now imagine how a device like that would interlock with another that you keep on your wrist, like the forthcoming Android Wear. Together, they would create a seamless mesh of connectivity where every detail of what you do and where you go is recorded into a living, breathing algorithm based on your life.

Neither Nest nor Google has stated any intention to turn Nest's hardware into more than it is right now. Protect is an alarm, the Thermostat is a thermostat. But as Google ramps up its vision to connect every aspect of our world, from Android Wear to its acquisition of a company that specializes in high-res, near-instantaneous satellite imagery of Earth, it's easier than ever to see why it would cough up billions for a company that has installed hundreds of thousands of Wi-Fi connected devices in the homes of Google users."
This discussion has been archived. No new comments can be posted.

Privacy Worries For 'Smart' Smoke Alarms

Comments Filter:
  • by Anonymous Coward

    It's just not stupid enough to come right out and say it though. Having all of this information will make AT BEST their ads more effective because they can advertise food when you are hungary and sleeping pills when you are restless....at worst their data will be used against you in cases being built against you.

    There is no reason this device needs to store or transmit ANY of the data it uses to smoke detect.

    • by umghhh (965931)
      I do not thin that legit ads are a problem but neither you nor I can distinguish legit ads from malicious ones which devise needs where there is none and doing some other stuff nobody wants except their authors or police department that now can detect that you rolled a conical object and now a sweet smelling cloud is being dispersed by air condition - augment this with automatic sentencing or even better preemptive sentencing as after all system will know you wanted to commit a terrible crime even before yo
    • Google is a surveillance company. That's what they do. That's how they make their money.

      I had bought a Nest and two Protects before the sale was announced but I won't buy any more. If it gets discovered that they are harvesting any information from them, I will remove them immediately.

      It was a good idea but adding the surveillance and data harvesting aspects makes it something I won't have in my home. Right now they are on probation but it won't take much for me to pull them.
  • If you don't want to be tracked, you need to dump your cell phone immediately. It collections location information and has both audio and video recording (in two directions) capabilities. Worrying about a "smart" thermostat, smoke detector, or watch is silly. We're way past that.

    • Re: (Score:2, Interesting)

      by Anonymous Coward

      Bull. Privacy is not an either-or-proposition.
      It is a spectrum and every new data-stalker device we accept in our lives pushes us further into the black.

    • by mbone (558574)

      What, you don't turn your phone off and put it inside a metal box from time to time?

      Seriously, what is wrong with you?

    • Your average smart phone knows where it is, the exact position in 3D space, what devices are nearby, whether it is being held versus on a table or in a pocket, whether you are laying down, sitting, walking, jogging, running, biking or driving, whether you are indoors or outdoors, what the temperature is, what the atmospheric pressure is, what the relative humidity is, UV levels, air quality levels, the tone of your voice to determine whether you are happy, sad, angry, ..., and in many cases what your heart
      • by Anonymous Coward

        > it is an exercise in futility considering that we knowingly don't care

        No, "we" only don't care because of ignorance. The average smart phone user has never thought through the implications of all the sensor data on their phones. The average smart phone user doesn't pay any attention to that stuff in exactly the same way that the average driver does not pay attention to stuff like oil pressure and ignition timing, most don't even think about RPMs despite it being right their on the dash. Same thing w

    • by Lumpy (12016) on Tuesday June 17, 2014 @07:34PM (#47258851) Homepage

      Dave from the NSA here, can you please move the change from the pocket with your cellphone to the other pocket? It's getting hard to hear what you are saying when you walk.

      Also please go stand over next to that tall brunette to your left, her cellphone sucks and we cant get a good recording of her discussion about what her boyfriend did to her last night.

      Thanks!

  • a living, breathing algorithm

    Wow.

  • This is why proper privacy and property rights must properly legally extend to data hosted in cloud services.

    The private companies that offer cloud-based services are not what worry me. There are a lot of sound economic reasons (see: the devops movement) for why this kind of product architecture (where a physical product, coupled with always-on connectivity and a remote cloud-hosted service) makes a whole lot of sense. There are a lot of market incentives for these companies to clearly delineate what they

    • I think most of us geeks grew up terrified of the very idea of the Orwellian Telescreen. However, it's not the technology that's evil (many of us have plenty of devices with a camera integrated with a display), but the threat of its use without consent.

      My latest laptop came with a built-in, user-facing camera.

      I immediately put a piece of opaque electrica tape over it - even before swapping out the hard disk for a fresh one and installing Linux.

      The tape isn't coming off until I have a removable shutter to ta

      • The Orwellian telescreen was coupled to a rather effective police state where it was considered normal for them to summarily torture and execute people.

        Do you really think the problem in 1984 was the telescreens?

        • Do you really think the problem in 1984 was the telescreens?

          Telescreens are "an enabling technology". I see no reason to leave them, and thus any hypothetical government-or-other spy, enabled in my personal space.

  • by Anonymous Coward

    I am so pissed off about the way the home automation market is developing. Every single one of these products tries its hardest to make sure it is fully connected to the internet when what it really ought to be doing is the opposite - trying to minimize internet dependence. It is a goatscx sized security hole, not just in terms of being co-opted by a third party but also as this article points out - spying on you by the very company you bought the devices from.

    Some of stuff coming out is freakin awesome

    • Re: (Score:2, Informative)

      by Lumpy (12016)

      Odd, I work in the real home automation market and none of the Crestron, Control4, AMX or Vantage stuff is going that route. Only the very very low end self install stuff is "cloud based".

      Maybe if you bought real home automation gear you would find that what you don't like is not in the real stuff, it is only present in the low end toy stuff.

      • by aXis100 (690904)

        The problem is it can be up to an order of magnitude different in price.

        There's not a lot of good reason for home automationto be that expensive, the technology has been capable for a while. The trouble has always been user base and and making it user friendly enough for a muggle to install. That's where the big tech companies have an advantage and are making some cheap, attractive devices.

        Unfortunately the way this is going will set up two distinct camps - subsidised cheap devices that are cloud connecte

      • by Polo (30659) *

        Do not overlook the fact that other companies will undercut you in price, just to "deal themselves in" in some fashion. Probably under the guise of "use your iphone to flush your home toilet while you're on vacation!"

    • by jxander (2605655)
      I'm just upset that you missed an obvious opportunity to say "The cloud is raining on home automation"
    • by sjames (1099)

      Mod parent up!

      That is exactly the problem. A smoke detector's primary job is to make a loud noise when there is smoke or CO. I see no reason it should talk to the cloud for that, ever.

      Even where client/server makes sense, I want a server under my exclusive control. Personally, I won't touch any of the stuff unless/until it has a published API. Part of that is because device makers tend to make crappy interfaces and part is because sooner or later it will be necessary to integrate components from multiple ve

    • by pedrop357 (681672) *

      It's why I eschew Nest and the similar offerings from other companies for something like this:
      http://www.temperaturemanager.... [temperaturemanager.com]

      It costs more but doesn't need internet connectivity to customize settings.

      The fact that my (free, won in a drawing) Plantronics BT earpiece needs internet connectivity to change its settings is the dumbest thing in the world. An app is still downloaded to my PC, but I need an internet connected browser to make the changes.

  • Most us hate this stuff, but it's the way everything is heading. Much like social networking, it's going to become increasingly difficult to live a "normal" life while abstaining.

    So with "just don't use them" off the table, how do we at least make this more secure. My first thought would be to approach it the same way we approach it when wanting to connect two computers we can't trust and provide a limited subset of functionality. Things like well defined IDLs that define a precise message set, and gateways

    • by Anrego (830717) *

      * houseOnFire=<yes|no>

      Random thought: slashdot obviously filters html to a limited subset of allowed tags. Why not warn the user that "you've got some invalid html there bro!" I know this is my fault for not previewing, but still, this seems trivial and I can't be the only one that makes this mistake occasionally.

      • by gstoddart (321705)

        Ummm ... in the "Allowed HTML" below the entry box for comments, there is a list of, well, allowed HTML. All not allowed HTML is going to fail.

        Armed with that, and the very powerful preview button you mention, you too can avoid broken tags.

        Or do you expect some pre-preview to give you a preview before the preview so you'd know what would have been in the preview if you actually used preview instead of just pressing submit?

        • by Anrego (830717) *

          It's not about broken tags.

          It's about instinctively typing <some required parameter> when describing the syntax of something and having it unintentionally treated as an (invalid) HTML tag, causing it to be disappeared.

          My point was that some kind of warning might be more helpful than just silently deleting the content.

          • by gstoddart (321705)

            There is a warning, it's the preview button.

            Do you want something which gives you annoying warning messages as you type?

            Because, quite frankly, that would suck as bad as Beta.

            It gets silently dropped because of, well, Little Bobby Drop Tables. :-P

            • by Anrego (830717) *

              Do you want something which gives you annoying warning messages as you type?

              Or after I hit submit.

              There is no case where a user is going to want a tag (or an accidentally created tag) deleted. It's always something the user does not want. There is no valid reason for a user to intentionally enter something in the assumption that it will be removed for them prior to being posted. Warning the user that invalid tags have been removed from their post (or would be removed from their post) seems reasonable.

              It gets silently dropped because of, well, Little Bobby Drop Tables. :-P

              This I could at least understand as a cultural thing. A fun gotcha left that way i

    • There are quite a lot of sensors, and processing power in a Nest gadget. It includes a motion sensor, and that data could be extracted to a database, giving us an absolute plethora of sensors spread across homes (ok, mainly rich homes, and certainly a lot in California).
      Such a wealth of data would surely be brilliant for earthquake monitoring.

      • by Anrego (830717) *

        In my completely impractical approach, it would be up to the user (or whoever controls the gateway) to decide what data the device can send.

        So you also have an IDL that describes the fields, potential values, and update rates for your earthquake monitoring, that a user can either allow or deny.

        Obviously it starts to become easier to slip in data covertly, but this idea is impractical anyway, so what the heck!

        You really do highlight the problem though. There is a great amount of legitimate useful purpose for

    • by tlhIngan (30335)

      Most us hate this stuff, but it's the way everything is heading. Much like social networking, it's going to become increasingly difficult to live a "normal" life while abstaining.

      So with "just don't use them" off the table, how do we at least make this more secure. My first thought would be to approach it the same way we approach it when wanting to connect two computers we can't trust and provide a limited subset of functionality. Things like well defined IDLs that define a precise message set, and gateways

  • by Anonymous Coward

    "Don't be evil."

  • I don't know why anyone would even consider having such products inside their house.

  • This cartoon [condenaststore.com] is rapidly becoming reality. What? Could you speak closer to the lampshade, please?
  • by Lumpy (12016) on Tuesday June 17, 2014 @07:30PM (#47258825) Homepage

    listen, Life is NOT a movie, a hacker cant reconfigure the temperature sensor into a "FLIR heat sensor" to give them ANY information other than how hot it is on the ceiling in the hallway where you mounted it. That Passive IR sensor cant be magically turned into an HD IR camera, it's a single specific function sensor that can detect if smoke has entered the chamber, you cant turn it into a spy camera. Then you have a CO sensor that is specifically designed for it's task, again cant be reconfigured as a direction Co2 and other gas sensors to detect if you have been smoking crack in the bathroom again.

    the ONLY data that someone can glean from this is local mounted temperature, alarm state and CO2 levels. Nothing else. even if you left for a 4 week vacation in your Paris apartment you cant even hope to get data if the house is unoccupied unless you set the thermostat to very low and it was the dead of winter.

    https://www.sparkfun.com/news/... [sparkfun.com] 6 seconds on google turned this up. It even has links to the sensors data sheets.
    https://www.ifixit.com/Teardow... [ifixit.com] for the ifixit teardown

    Please, if you write an article, Know something about the subject, spend DAYS researching it before you publish the information. This is why "bloggers" have zero respect and are mostly ridiculed.

    • by plover (150551)

      No, the IR sensor can't be used as a camera. However, the unintended uses for the ill-minded are still plentiful. An IR sensor majes a dandy occupancy sensor, and determines when you are home or not. A power meter can reveal energy use rising as the lights come on at 6, peaking when you make the morning's tea or coffee, going down as you shut off a few lights, and then two short spikes when your garage door opens and closes as you leave. A Honeywell thermostat may even have your vacation return date program

    • by Polo (30659) * on Tuesday June 17, 2014 @09:27PM (#47259643) Homepage

      wrong.

      nest thermostat can detect you, and actively tries to determine if you are home.

      The nest protect can ALSO detect you, and well enough that you can do the "nest wave" underneath it to silence an alarm.

      They also communicate back and forth so that the thermostat can turn off the furnace if there's a fire, and the thermostat can go into "away" mode when nobody is home.

      The protect has two ultrasonic sensors, an occupancy sensor, a light sensor and a variety of smoke/heat sensors:

      Nest protect sensors [nest.com]

      I can't find a simple summary for the thermostat, but it has occupancy, temperature and humidity sensors at least.

      • by Lumpy (12016)

        Is that why my nest thermostat is so bad at detecting if we are home that I returned it? Please use a source other than the manufacturer because your link is full of marketing fluff.

  • I thought I'd seen that somewhere. Here's a source: http://marketingland.com/googl... [marketingland.com] I won't be installing one of those nifty little gadgets anytime soon. It isn't enough that the cost of a Nest Protect is exorbitant, they need to make still more money by selling ads to display on it? Evil, or just a corporation doing what it does?
  • This company gave you the best search engine. Then they made android. You guys like that stuff. Lot's of haters. Google is one of the good guys. (I start on Monday!)
  • I wonder what the first presidential election will be like when candidates are from the facebook generation. Companies like google, facebook, maybe snapchat will have dirt on all the candidates. Google alone will have every search the candidates ever did. Viable candidates will be only those people who are uncommonly boring, or influential enough to squelch the dirt, or trade it for favors. Imagine the power google wields... in part because they gave away their operation system, which doubles as an informat
  • Protect is an alarm, the Thermostat is a thermostat.

    This is actually not true/accurate, they are tied in together.

    For example, if the nest protect detects a fire, the nest thermostat will shut off the heater.

    I believe the nest protect is also used as an occupancy sensor for the auto-away function of the nest thermostat.

  • Coming soon, the rapist app that finds hot women near you who are alone at home right now. The data is available.

  • Knock on the door.

    So, Mister..... Steve, is it? Steve. We, understand, you've been having a rough week. You've burnt the toast now three days in a row, and that's not like normal people. So tell me, Steve? Is there anything, a load on your mind perhaps, that you'd like to share and unburden yourself and return a life of making proper toast?

    No?

    Well then, Steven, you'd be wise to stop burning the, uh, toast. We wouldn't want you to get burned. Would not do at all.

  • Smart devices are cool, the data they collect going to advertising companies and the NSA isn't.

    It is obvious the paradigm should be changed. People love facebook, so why can't we make a distributed facebook where each member has a little roku type device sitting in their home on their network that stores all of their data? Each person that member connects with gets a key that is associated with contact so that you can form secure networks of friends and share data. Then as the owner of your data you can

Genius is ten percent inspiration and fifty percent capital gains.

Working...