back to article How the CIA, Comcast can snoop on your sleep patterns, sex toy usage

Smart home devices supply much more personal information than you might imagine – even when the data is encrypted – it appears. In a study [PDF] of seven popular products, the team from Princeton University in the US decided to dig into how much they could figure out about a person's daily habits just by analyzing the internet …

Bronze badge

"We could easily see a router manufacturer figuring out a way to disguise identify such traffic and use a new privacy setting as a unique selling point sell the information in a timely manner."

FTFY.

Just wait for the message to pop-up on your tablet or PC - "We see your sex toy is slowing down - would you like to order new batteries for it now?"

34
0
Silver badge

Never really seen the need for anything electrical, never mind electronic, when it comes to the humble dildo.

4
1
Coat

You can always tell it to buzz off

7
0
Silver badge
Happy

Leave mine running 24 hrs a day

Let them wonder...

5
0
Anonymous Coward

Never really seen the need for anything electrical, never mind electronic, when it comes to the humble dildo.

Well that's what we thought until we tried one of those 'for both of them" devices. SWMBO was sceptical of the cost, but soon changed her mind the first time we used it ;-)

0
0
Silver badge

I'm glad my home is dumb. Apart from smartphones, I have one IoT device on the system and that mostly operates on a fixed timetable, I only talk to it to change the schedule. It's also hideously insecure, using http with no encryption in sight, and the server out in the cloud is slower than a snail on valium. A real POS of design. One day I'll hack the protocol and set up my own equivalent so it need not talk outside the firewall.

My router runs OpenWRT, so hopefully less likely to have dodgy firmware.

16
0

Lose the Unsecured IOT Device

There is no excuse for leaving an unsecured device connected to the net these days. I wonder how many bot-nets it participates in already.

4
0
Silver badge

Re: Lose the Unsecured IOT Device

There is no excuse for leaving an unsecured device connected to the net these days. I wonder how many bot-nets it participates in already.

Most likely none - OpenWRT does not have upnp NAT traversal by default, you need to install the package. My own ones sit behind spare ports on the WiFi access point running OpenWRT which has its config "inversed". It thinks that the ports on the "inside" are the hostile wild Internet. That is where the cameras, etc are. It allows the house to query them, but it does not allow them to get anywhere.

2
1
Silver badge

Apart from smartphones

Well, given that your smartphone can watch and listen to everything you do, a remote observer can probably figure out you turned the light on without needing the input from a "smart" switch...

3
1
Silver badge

Not dumb - smart

What you describe is not a "dumb" home at all, but a very "smart" one.

3
0
Silver badge

Re: Apart from smartphones

I normally put my phone into flight mode overnight, I guess that's a usage pattern they can spot. In theory it stops it transmitting, but given that it's a software switch, no doubt someone can override that. Sometimes I forget to restore it to normal and about noon the following day I decide that things have been a bit quiet and realise why.

2
0
Silver badge

Re: Lose the Unsecured IOT Device

There is no excuse for leaving an unsecured device connected to the net these days. I wonder how many bot-nets it participates in already.

If that was aimed at me, it's secure in that it only talks to their server. Internal to my network it's on a VLAN of its own and I've sat there and watched what it does using tcpdump on the router so I don't think it's participating in anything. That's how I know it uses http clear text to communicate.

0
0
Silver badge

Not Surprised

There is a lot of information one can learn by just watching usage patterns.

11
0
Silver badge

Re: Not Surprised

Unless you put extra life batteries in your personal massager, strap your fit-bit to it and put your nest in the freezer.

8
0
Silver badge
Paris Hilton

Re: Not Surprised

Yeah, a simple traffic analysis gives a lot away. If my computer is receiving packets from pornhub, I'm probably masturbating.

5
0
Silver badge
Meh

Re: Not Surprised

The Plod, an other 'intelligence agencies', love those smartmeters since they can be, in demand, provide a constant trail of real time data.

When you go to bed, when you have a midnight 'tinkle', when you raid the fridge, when you make tea/coffee, etc.

And none is IoT - just reading the electricity and water consumption.

But at least the technically knowledgeable can block the RF signals, and insert juicy ferrite RF filters in the power feed into the house, etc.

0
0
Anonymous Coward

Sorry to bother you

We realise this is a bad time, going by your average usage duration, but would you be interested in buying our latest offering; "The Intruder 5000"

9
0
Silver badge

Re: Sorry to bother you

You forgot the advertising vid.

4
0
Anonymous Coward

Do we need any more justification

to give all this IOT stuff/chap/shit the big middle finger and get it out of our homes?

Please don't give me all that marketing double/triple speak about how convenient it is especially those door locks that are being heavily peddled on TV at the moment. It is only there to spy on you and help those who want to sell you more crap stuff so that the thieves can come and relieve you of it.

Say NO to IOT and things like Amazon Echo, HomePod etc.

None of this shit will get into my home. I don't care if I am considered a luddite but I've been around IT and Tech kit for 40+ years to know when using this stuff is just plain wrong.

42
3
Silver badge

Re: Do we need any more justification

Precisely. I remember a lecture on "Ambient Intelligence" (anyone remember that catchphrase? Just one of the many phrases of things now going under the IoT moniker) at a conference, and the speaker raved on about how ideal it would be to have your home automatically start playing your favourite music when you entered. I suggested to the speaker that I (as many others) have rather wide-ranging tastes in music, and what I feel like depends HEAVILY on my mood. How would these things know what I wanted. The speaker gave a rather evasive answer and suggested errors weren't a huge problem, whereupon I suggested that if the system got it wrong and started playing the wrong music when I was in a particularly foul temper, I might go to its major data banks with a large axe and give it a reprogramming it would never forget. I added I also did not need refrigerators ordering beer for me, let alone self-satisfied doors, auto-chefs, or nutrimatic machines,

You can probably tell I had been playing some old HHGTTG tapes in the car on my way to the conference (as important educational material for the PhD students who were travelling with me)

Doffs hat (roo-leather Barmah today, it's pissing down) to the late, great Douglas Adams

16
0
Silver badge
Trollface

Lazy or smart

I still don't have any smart home gadgets... No plans for the future. So a little of column A and a bit more of column B.

3
0
Silver badge

Re: Lazy or smart

The smartest 'aid' I have in my home is my wife, she knows what I like when I like and because she wants to, doe!s as much as she can to make me happy. In turn I reciprocate, to be honest she is connected to the internet frequently but only to chat with family and friends.

I know when the fridge needs restocking, the temperature is too high/low etc, I can't think of anything IoT can do for me that my wife doesn't already do.

Plus normal people don't marry the internet.

4
0
Anonymous Coward

Re: Lazy or smart

"Plus normal people don't marry the internet.'

But an awful lot of them seem to have a lot of sex with it...

7
0
Silver badge
Happy

Re: Lazy or smart

Some married men would prefer an IoT to a live, chatting, wife - they don't argue back, don't argue and you can choose your own TV programs.

0
0
Silver badge
Big Brother

I suppose it would not be considered friendly

if one, in the absence of any actual IoT items, were to generate fake requests to the known servers?

Nah, that would be like fake news. Bad.

14
0
Silver badge

Re: I suppose it would not be considered friendly

@Neil Barnes - genius! Have an upvote from me. Hmmn, I think I know a chap who might know how to fake such stuff, I wonder if he fancies a free Italian meal? :-)

0
0

The problem, is that I don't think enough people actually care about privacy to pay extra for a router feature. In fact, I suspect that nearly all routers are supplied by the broadband supplier, and they certainly aren't going to want extra privacy or extra traffic.

11
0
LDS
Silver badge

Relatively few people knows how to configure a router to get more privacy (and security), most consumer user are thereby OK with the supplied one.

But it's getting worse - too often with some ADSL2+ lines and fiber, which are also used more and more to carry voice also, you are no longer allowed to use your own router - you are forced to use the supplied one.

You need to add your own firewall behind the router, which adds cost and complexity - easy for people with a good knowledge of IT, hard for the general user. Thereby more an more ISP will control your gateway to the Internet, and they'll like to see what the traffic carries.

3
0

But which router to choose?

Could you recommend a router that is relatively easy to configure in this way? Preferably too, one to which an external antenna can be added (as I will need it to create a WIFI bridge to a home-office in the garden (or is a separate device usually used for that?)).

2
0
Silver badge

Re: But which router to choose?

Have a look at the openwrt table of hardware and choose one that fits your budget/needs.

1
1
Silver badge

If there were no such commercial product as insurance...

... how many people do you think would take steps to insure their property or their lives?

0
0
Silver badge
Paris Hilton

Re: If there were no such commercial product as insurance...

Whilst we are on recommendations, I have a NCU that I'd like to turn into a router (or transparent bridge) that can also run wireshark.

Best OS and software for the job?

0
0
Silver badge

You had me at ...

Smart Plug .... Fnar Fnar Fnar

6
0
Bronze badge

Simple way to elude the snoopers

VPN

Peer to peer uploading constantly, maybe adobe updates or just win 10

QoS marking all non peer to peer traffic as preferred

So long as no unusual spikes or dips you should be ok, prob spikes at home time anyway as others come home and turn their machines on which in turn start pulling data from your peer to peer thereby masking your iot.

0
3
Silver badge

I see a gap in the market...

For a VPN that tunnels use of IOT to random locations and use patterns. Problem is, snooping is part of the service. How can your Internet Connected Fridge order more beer without your Credit Card details? At which point, it's too late to anonomise.

0
0

"smart" like in "smart, my ass"

Labeling IoS devices as 'smart' is just another marketing trick to make people buy more junk.

It makes people sacrifice safety, privacy and personal freedom in exchange of a little more laziness, a little more fat around the hips, a little more false feeling to have own's ego satisfied.

1
0
Silver badge

Re: "smart" like in "smart, my ass"

The Machine Stops: http://archive.ncsa.illinois.edu/prajlich/forster.html

1
0
Silver badge

Everyone Just leave 'em on 24/7...

...And wait for the rising concern of 'man' hours wasted on the orgasm news reports.

Well, either that or wait for the sex toys to either vibrate out the door or achieve consciousness and start demanding voting rights.

There's nothing at all way 'Smart' about the 21st Century, so far I get the feeling we're on track to repeat most of the mistakes of the 20th.

1
0
Silver badge
Coat

Re: Everyone Just leave 'em on 24/7...

so far I get the feeling we're on track to repeat most of the mistakes of the 20th

Only faster and harder.

3
0

This post has been deleted by its author

Silver badge

A real "smart home"

A real "smart home" is a house that contains at least one intelligent, well-informed human being who has a brain and uses it often to good effect.

Such a house will contain absolutely no Trojan Horse electronic devices that could be used to spy on the occupants - or even to harm them.

9
0
Silver badge

Re: A real "smart home"

A real "smart home" is a house that contains at least one intelligent, well-informed human being who has a brain and uses it often to good effect.

Smart home still far, far off then, at least in the mainstream...

2
0

I want to "own" my smart home...

Hi all,

Quick question - would you guys use the technology if it didn't dial out over the web and was a closed loop? (Putting phone remote control to one side for the moment). If you could buy a "magic controller box" and install it where all the commands / requests stay there and which all of the various devices hook into would that be acceptable?

I'd be much happier if that was the case. I want a home with a Jarvis like in Iron Man but I want it to be my Jarvis not some else's which I'm renting at best / or paying for through my personal data being sold. Its funny how we've gotten to the point where we pay for things and but we don't own them or we pay twice.

I bought an Echo out of curiosity during prime day. Must confess I've stopped using it except to play music. Turning the lights on is still easier by pressing the light switch. I found I don't have to repeat the action :)

1
0
Bronze badge
Big Brother

Re: I want to "own" my smart home...

I would use a voice activated system such as the echo if all voice recognition was done locally without any connections over the internet and it sent no data back to the manufacturer.

However, my attempts at creating a system using public voice recognition projects left a lot to be desired. Still needs some work to get local recognition as good as googles or similar services. We will get there eventually though.

Plus I want to use my own wakeup word.

As for the original topic, it is worth the cost to have two routers or a router and firewall setup so you can connect to video streaming services remotely and VPN all other traffic as an example. Just set the default gateway to the main router for video and all other devices have their gateway set to the router/firewall that has the VPN connection for instance. The VPN router has it's gateway set as the main router.

1
0
Silver badge

Re: I want to "own" my smart home...

I've done voice control for the PC last month. Was a bit of fun. Got bored quick. Even the useful stuff I setup like "play music/track*", are quicker by hand. For the few times I will be cooking/cleaning/doing other stuff, noise will likely drown out/garble the reading.

So I'm left with using it as an extra input for games and stuff.

Voice is like touch... very very use specific and not universal at all.

*Ok, I got as far as "play music", to search for the track would not be too hard though, but take more time to setup/control

0
0
Silver badge

There is a direct correlation with dildo usage and noise.

2
0
Silver badge
Gimp

Yes, and inversely correlated with ball-gag use.

0
0
Anonymous Coward

I take comfort in...

The belief that we live inside a simulation and we are already universally monitored and analysed.

Hang on....

0
0

The IoT reminds me of a Victorian house crammed with those goofy gadgets that you see in patent submissions of the era: automatic potato peelers and Rube Goldberg-like devices for turning down the bed. Only with a gossipy maid who knows everybody thrown in. Thanks, I'll pass.

1
0
Anonymous Coward

Linksys EA7500 -- It's worse than you think....

Just dumped this Linksys wireless access point. If you use the "easy set up" you get to create a cloud account on a Linksys server, and ALL configuration of your access point is done via the server (i.e. over the internet). This is so that you can use your smart phone to "configure the device from anywhere on the planet".....and so that Linksys knows everything about the LAN in you home!!!!!

*

It took nearly a day to configure the device COMPLETELY off the internet.

*

Then I reset the thing and took it to the local charity shop.

*

How many Linksys owners know what Linksys knows about them? Welcome to the future!!

0
0

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2017