back to article If you reckon Google will never tap into Nest's Wi-Fi thermostats, guess again

Nest, the smart-home sensor maker that Google just bought for $3.2bn in cash, has hinted that it may change its longstanding policy of keeping customer data private. In a Q&A at the Digital-Life-Design conference yesterday, Nest CEO Tony Fadell suggested that information collected from his upstart's Wi-Fi-connected thermostats …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    Dangerous information

    If the information stored identifies a location and a usage pattern, it is of great value to burglars. Identifying that a house is unoccupied at weekends, or during certain hours during the week, is an obvious security black hole. Integrating this with G+ would be several steps too far.

    This is something that data protection people should be thinking about already.

    1. Ian Michael Gumby

      Re: Dangerous information

      Damn you beat me to it...

      Hello Google Marketing Droid?

      I want to buy the sensor information for all high net worth individuals in the Silicon Valley and San Francisco area residents to see if they might be interested in my pool cleaning services. I want to make sure that when I knock on the door, they will be home...

      1. JeffyPoooh
        Pint

        Re: Dangerous information

        "...pool cleaning services..."

        A recurring plot theme in a certain genre of videos.

    2. Anonymous Coward
      Anonymous Coward

      Re: Dangerous information

      Google have already demonstrated several times that they are prepared to use data in ways that work for them and against the consumer. Anyone with the slightest interest in data protection should avoid this company like the plague, in my opinion.

      Can't say I feel a pressing need to control my thermostat from the net; but if I did it sure as fuck wouldn't go anywhere near somebody else's cloud.

    3. JeffyPoooh
      Pint

      Re: Dangerous information

      Of course the baddies could also simply notice that the car is gone, and then peek in the front door to confirm that the alarm system has been armed by means of viewing the glowing yellow LED on the Alarm panel, the one marked "ARMED". This would conclusively confirm that the house is empty.

      1. Anonymous Coward
        Anonymous Coward

        Re: Dangerous information

        I like how JefftPoooh's low tech methods of determining whether someone's at home, which have been used by burglars for years gets downvoted, but the tinfoil hat brigade are all over somebody supposedly buying your thermostat data from Google.

      2. Robert Grant
        Happy

        Re: Dangerous information

        And all you have to do is hang around their house, spot the car is gone vs just in the garage or parked outside a neighbour's house, walk up to the window of that specific house and try and spot the alarm.

        That's way more effective than tapping into data that tells you who's at home or not.

  2. Cliff

    $3.2Bn - that's more than a snapchat!

    Mind you, unlike snapchat, they make something more than a passive paedo platform.

    1. Anonymous Coward
      Childcatcher

      Re: $3.2Bn - that's more than a snapchat!

      Fear ! Fear is what you'll be having for breakfast.

  3. Nunyabiznes

    false data

    This might be a good time to install the thermostat outside of the house (not connected to your furnace of course) and let them suck up as much data as they want.

  4. Anonymous Coward
    Anonymous Coward

    Sluuuuurp, sluuuuuurp. Google is just a big vacuum cleaner for data.

    It would be nice if you could firewall the damn thing so it can't dial up to the Internet servers, of course that would probably stop it working right.

    I'll stick with my Heatmiser.

    1. JeffyPoooh
      Pint

      "...firewall the damn thing..."

      You simply need to omit the step of telling it your wifi password. Done. Backup plan is to adjust your router settings in any of a half-dozen ways to prevent it from connecting (MAC filtering, IP filtering, etc.).

      Or, just buy any of the other programmable thermostats for $40 that do basically the same thing, sans Internet.

  5. Anonymous Coward
    Anonymous Coward

    Wasn't Google already vested in this company. Tin hat....

  6. Mark 85

    I somehow don't believe it's just about thermostats

    This and previous articles have indicated that Nest's interest also lies in other appliances such as TV's, dishwashers, stoves, refrigerators, etc. They seem to be implementing what Bill Gates talked about years ago (and some science fiction writers) and having everything interconnected in the house and to what is now the Internet.

    When we think about hackers using these appliances to send spam, that's one thing. Like how do they keep them patched and what security is in place? The scarier part is such clandestine groups as the NSA, et al, those who would like to break and enter for whatever evil deed, and those who just want your personal info. Taking it a bit further, how about an irritated but tech savvy ex who would love to harass you? Or just the neighborhood kid who wants to prank things? Or an electric company or government who thinks you're using too much (power/resources/beer - fill in the blank)?

    I have a gut feeling that all this Internet of Thingies will not end well.

    1. FrankAlphaXII

      Re: I somehow don't believe it's just about thermostats

      Clandestine groups usually try to do things low profile, and if you're targeted by the Special Collection Service, Task Force Orange, the gentlemen from the Home Office, the Russian FSB/SVR or USSOCOM JSOC's Intelligence Support Activity you'll never know they were there unless they take something, and sometimes they do. If they hack your stuff to accomplish their objective, you'll never know it most likely because they've figured out what you pay attention to while they're profiling you. And if you're doing something that warrants a level of investigation by an organization like that, you're probably involved with something most sane people won't touch. Joe Blow might have his call's metadata collected, but they ain't trying to get a covert modem attached to his airgapped devices.

      The Russians are also notorious for harassing someone that is a thorn in their side by moving stuff around in their apartment or house. That's generally the FSB, sometimes the SVR and GRU do it overseas but the FSB does this very frequently to make their targets uneasy and insecure, and by having someone anonymously call and threaten them by detailing where certain personal items are stored in their dwelling, and how easy it would be for a shitload of laundered money, drugs, weapons, underage prostitutes, bodies, etc to appear during a Militsiya raid (following an anonymous tipoff, of course) where their item is instead. Used to be that both KGB and GRU would do it as part of their active measures programs against individuals. They used to do it more than they do it now, in fact one of my professors in College was on the receiving end of it prior to his defection in the late 70's, but they do still do it to harass people that they want to intimidate into silence.

      The FBI's done it too but they've also been caught several times doing it during the early Hoover and COINTELPRO eras, whereas the KGB/FSB hasn't and as such they have firm plausible deniability. They do it at strange intervals and they make it very obvious that they've been there if its for harassment.

    2. JeffyPoooh
      Pint

      Re: I somehow don't believe it's just about thermostats

      Crikey! My thermostat has been spamming my refrigerator.

    3. Tom 13

      Re: I have a gut feeling that all this Internet of Thingies will not end well.

      You and a lot of other people, which is why so many of these projects have failed.

      When I was a wee lad, I worked for a before-their-time outfit that was trying to build a house filled with the internet of things. Except back then DARPA was still playing with their internet thingie and the rest of us were calling Compuserve or some other local bulletin board with our 9600K modems. We had all kinds of cool gadgets and everything could talk to everything else if you wanted. I never could figure out why the fridge needed to be able to talk to the gas stove, but it could. The energy unit, that I understood. I had trouble figuring out why the washer and dryer needed to talk to the stove either, but in this day I could maybe see it popping up a text message on your TV that you only have 5 minutes left on the dryer so you really should gather the hangers and get your butt downstairs to hang up the laundry. Like I said the system was really cool, and unlike a lot of stuff released to day was being designed with future expandability in mind. And all it would set you back was an extra $35,000-$75,000 for a mid-sized house, depending on your exact options (the touch screen CRTs really drove up the price). You know, the ones that were selling for $150,000 to $200,000 back then.

  7. dan1980

    The law needs to put the consumer first (not the companies)

    This is what I would like to see enshrined in consumer law:

    • Whatever the promises around privacy, etc... when you buy a device (piece of software, video game, etc...), those promises must be held for the life of the device - regardless of any other factors.
    • It is illegal to insert less-favourable terms as part of a software update.
    • If for any reason those promises are reneged upon, the user has the right to a full refund, regardless of age or condition, at the greater of either the original purchase price or current price (to account for inflation and needing to replace the device with a similar alternative),

    What that means, in short, is that if I buy an internet connected device and the manufacturer promises to collect only anonymised data and to never share that with any other parties then not only can they never start collecting identifiable data, if they are bought out by another company, that new owner can't either and no future software update can ever force my consent.

    In a similar vein, I think that when one company buys another, all historical, identifiable customer data should be sanitised. I appreciate that that may be problematic and even unreasonable in some instances.

    Take the following (simplistic) scenario for example:

    1. I sign up with Australian telco.

    2. Australian telco promises to never disclose my data to anyone, except where required by law.

    3. Australian telco is bought by US telco.

    4. All collected data on me is now legally available to the US government.

    Ignoring the possibility that my data is already slurped by the NSA, this kind of thing happens all the time - Optus in Australia was bought by SingTel - I never signed up to have my details available to this Singaporean company. Even if I had canceled my account with Optus prior to the buy-out, my historical data would still be available to them.

    Likewise, if I allow a company I like, with good business practices to have some of my data, I should have some rights when a company I do not like and with bad business practices buys them out.

    1. Anonymous Coward
      Anonymous Coward

      Re: The law needs to put the consumer first (not the companies)

      Makes a lot of sense and is very pro-consumer.

      Thus has no chance of ever getting passed in the US (in Europe it may have a shot)

      1. dan1980

        Re: The law needs to put the consumer first (not the companies)

        @DougS

        Ha! No, not in Australia either (and we have decent protection laws).

  8. Gene Cash Silver badge

    My wireless thermostat is blocked at the firewall

    Any sort of infrastructure device like that, or the Rasp Pi that controls my garage door, does not get net access. My phone talks to the thermostat directly w/o any cloud crap in between.

    1. MrXavia
      Thumb Up

      Re: My wireless thermostat is blocked at the firewall

      I would be very much interested in finding out what thermostat you are using?

      I am also anti-cloud for my own home automation, problem I am having is finding something like a Spark Core that does not rely on the cloud... RaspPi seems too overkill for garage doors to me... but I want more security than I will get from a WiFly...

    2. T. F. M. Reader

      Re: My wireless thermostat is blocked at the firewall

      "My phone talks to the thermostat directly w/o any cloud crap in between."

      And you are absolutely sure that your phone's thermostat control application that the manufacturer so helpfully provided does not send information over, I presume? Or did you develop it yourself?

      1. Stoneshop

        Re: My wireless thermostat is blocked at the firewall

        The first thing I would look at for controlling home automation from a smartphone/tablet or actually just any phone is Bluetooth.Especially if it's for something simple like "I'm around the house, keep the thermostat at $preferred_temp". Couple of BT units to detect whether you're in the bedroom, living room or in the shed, and work off that. Arduino to tie it together, or a RaspPi or BB. For security-related stuff like unlocking or opening doors you might want something that has some kind of authentication in addition to simple BT address detection (which can be spoofed). But you would indeed want to write it yourself and lock down any net-connected central controller.

  9. Wade Burchette

    Advertising!

    I foresee Google using this to deliver you more personal ads.

    For example, your thermostat notes the outside temperature and calculates how much it runs. If your heat runs more than 2/3rd of the other users, Google will then know your heater is older and of a lower efficiency. When you start browsing websites you will then start seeing ads saying "Save money on your heating bill! Call Bob's Heating and AC service."

    Another example, your thermostat notes the outside temperature and sees that it is blue butt cold outside. Suddenly you start seeing ads for Sammy's Sweater Shop.

    Another example, your connected home learns your habits and notes that your away during the evenings but home during the day. It uses this to assume that you are a night worker and you will start seeing ads in your browser for coffee or energy drinks.

    And this could go on and on. The more connected devices you have, the more data can be collected about you. You wouldn't need to be signed in to a Google account on your computer. The "anonymized" data can be connected to the IP address. And thanks to your connected device, Google knows when your IP address changes and thus can keep the data about you for a really long time. I will say no thank you on the connected home.

    1. jonathanb Silver badge

      Re: Advertising!

      Google already knows where you are and what the weather is like outside, so Sammy's sweater shop can already target ads in this manner. The likes of Tesco already use weather forecasts to decide what to stock their shelves with.

      1. Anonymous Coward
        Anonymous Coward

        Re: Advertising!

        Google only knows where you are if you use Android. As an iPhone user, Apple (and AT&T and the NSA) may know where I am, but Google doesn't. If I used Windows Phone or Blackberry, the same would be true.

        Google knows other things about me, such as some of what I might search for, which Apple and AT&T don't know.

        Facebook knows yet other things about me that Apple and Google do not.

        My ISP may know things about me that none of the others do.

        If you can't/won't avoid sharing information, you can at least spread it around a bit so one company doesn't have the full picture. Someone using Google Fiber, Android, Google Maps, Google Chat, Google Mail, Google Search, Google+, Chrome, Nest, Google TV / Chromecast, a car running Android that has some sort of cellular data ability, and so on is pretty much at the mercy for whatever Google wants to do with all that data that they think makes them more money.

        There may be some people left who are naive enough to think that's fine because they're dumb enough to still believe that "do no evil" mantra, but those of us who live in the real world aren't so trusting.

        1. jonathanb Silver badge

          Re: Advertising!

          Google can have some sort of idea where you are from your IP address. Certainly which country you are in, and in most cases they can narrow it down to approximately county level.

        2. Captain Hogwash
          Joke

          Re: "do no evil"

          Spelling mistake. Correct version is do know evil.

        3. fishman

          Re: Advertising!

          <<<If you can't/won't avoid sharing information, you can at least spread it around a bit so one company doesn't have the full picture. >>>

          It doesn't take much for a company to have a good idea about you, so spreading it around means that instead of one company has a "very good" idea about you, three or four may only have a "good" idea about you.

        4. Tom 13

          Re: Apple ... may know where I am, but Google doesn't.

          Keep drinking the Kool-Aid kid, all the hipsters do.

          If you browse the internet with you iThingie, as soon as you hit a website, Google knows it is you. If you have FB account, Google knows. And if you've got a FB account and you have it linked to your iThingie, Google knows. And given that, Google also knows exactly where your iThingie is too.

    2. Tom 13

      Re: Advertising!

      You will be able to skip this add in [15 second countdown timer] to change the temperature on your thermostat.

  10. Hud Dunlap
    Facepalm

    El Reg is missing the real story

    I have a Nest. It is okay. Where Nest is starting to make their money is not selling to the individual consumer, but to Utilities. This is the site from my Utility company. They don't use Nest but it is the same idea. Give the consumer a thermostat in exchange for taking control of the thermostat whenever they want.

    http://www.cpsenergysavers.com/start-saving/rebates/home-manager

    Another issue is that CPS is a public utility. This means that any information that CPS gets from you is a public record. Your light bill is a matter of public record. They can sell this data.

    An interesting issue my neighbor ran into. He bought a house with with one of this home manager systems already installed. He wants to get rid of it but it isn't his property. It belongs to CPS so they have to remove it. He has been trying for months to get them to take it out.

    1. Captain DaFt

      Re: El Reg is missing the real story

      "He bought a house with with one of this home manager systems already installed. He wants to get rid of it but it isn't his property. It belongs to CPS so they have to remove it. He has been trying for months to get them to take it out."

      If he sends them a storage bill for the months it's been in his house since he first asked them to remove it, I'll bet they send someone around to remove it, pronto!

      1. Darryl

        Re: El Reg is missing the real story

        Er, if someone leaves something on your property for months after you've repeatedly asked them to remove it, isn't it considered abandoned, and you have the tight to dispose of it? Maybe a letter to that effect sent to the company would hasten the removal process?

  11. 1235

    Bigger picture

    Doesn't it seem probable that Google aims to assemble and package:

    -The home energy usage patterns and control of the NEXT connected devices.

    -A future NEST wallbox car (battery) loader and Google car technology (e-cars are energy buffers).

    -Google Energy (e-broker and e-trading).

    -Remote control with Android devices.

    Scenario based on your personal preferences, energy prices, car load, etc.:

    -Automatic scheduling of e-car battery loading or off-loading (on premise from your roof to your house, office, ...).

    -Start your washing machine (feed with energy from car, Google Energy, your roof,...).

    -Collect data for tuning planning algorithms parameters (A/B testing).

    -...

  12. Frankee Llonnygog

    Wouldn't Google have been smarter

    to have bought Nest when it had a significant installed base? Rather than discouraging the growth of the user base by raising concerns about privacy?

  13. Anonymous Coward
    FAIL

    Take your "connected homes"....

    ....and shove them where the sun doesn't shine.

    There is no benefit to the consumer from any of this shit. You can witter on about using "smart meters" and "cheaper off peak electricity" all you like, there will be no benefit accrued by the consumer. The benefits are all accrued by business.

    In fact in the UK there won't be any "off-peak" (Economy 7) electricity tarrifs soon as they were only ever designed to encourage usage of the night-time base load from coal-fired power stations (which take weeks to "turn off/on"). As our farcical energy "strategy" is developed by clueless fuckwits (politicians & QUANGOs) all of those coal-fired stations have to shut by 2020 (IIRC).

    So what benefit do you get from a networked thermostat, or electricity meter? What benefit do you get from a washing machine that can be turned on/off remotely by your power company? Sweet fuck all is the answer - unless you're some sort of uber-nerd who obsesses about this sort of crap.

    You think the reduced costs to business will be passed onto the consumer? If you do then I have a bridge for sale in a swamp which will be perfect for you.

    1. Roj Blake Silver badge

      Re: Take your "connected homes"....

      The government likes nuclear power.

      Nuclear power stations aren't exactly easy to quickly turn off, so off-peak tariffs should remain.

    2. SImon Hobson Bronze badge

      Re: Take your "connected homes"....

      While I largely agree with your sentiment, just FYI coal fires stations can ramp up and down in power "relatively" quickly - ie matter of hours. SO they can do a significant amount of load following. They can take a couple of weeks to transition between operating and fully shut down (either way), but that's a different thing. Form cold to running they can take a couple of days, and from hot to running is a few hours. IIRC

      it is nuclear that doesn't like load following. It's not that it can't, but the designs we have now (still, just about) really don't like it - it imposes thermal cycle stresses on them that they'd really rather not do.

  14. Green_Grocer

    Of course, advertisers want to know what you do in your home...

    What is google but a giant advertising agency?

    Scary scenario, they put a secret cigarette smoke detector in the new Nest smoke alarm. It sends the data to Google, and your health insurance bill mysteriously goes up.

    Or how about this one. You set your thermostat a little higher than average hinting you might be a bit older, so you start getting ads targeting older people all over your web pages, TV shows, and junk emails.

    I was going to buy a Nest. Not now...

This topic is closed for new posts.

Other stories you might like