299
‘People have no idea’: How smart devices spy on us and reveal information about our homes
(english.elpais.com)
this post was submitted on 31 Oct 2023
299 points (100.0% liked)
Privacy Guides
16560 readers
4 users here now
In the digital age, protecting your personal information might seem like an impossible task. We’re here to help.
This is a community for sharing news about privacy, posting information about cool privacy tools and services, and getting advice about your privacy journey.
You can subscribe to this community from any Kbin or Lemmy instance:
Check out our website at privacyguides.org before asking your questions here. We've tried answering the common questions and recommendations there!
Want to get involved? The website is open-source on GitHub, and your help would be appreciated!
This community is the "official" Privacy Guides community on Lemmy, which can be verified here. Other "Privacy Guides" communities on other Lemmy servers are not moderated by this team or associated with the website.
Moderation Rules:
- We prefer posting about open-source software whenever possible.
- This is not the place for self-promotion if you are not listed on privacyguides.org. If you want to be listed, make a suggestion on our forum first.
- No soliciting engagement: Don't ask for upvotes, follows, etc.
- Surveys, Fundraising, and Petitions must be pre-approved by the mod team.
- Be civil, no violence, hate speech. Assume people here are posting in good faith.
- Don't repost topics which have already been covered here.
- News posts must be related to privacy and security, and your post title must match the article headline exactly. Do not editorialize titles, you can post your opinions in the post body or a comment.
- Memes/images/video posts that could be summarized as text explanations should not be posted. Infographics and conference talks from reputable sources are acceptable.
- No help vampires: This is not a tech support subreddit, don't abuse our community's willingness to help. Questions related to privacy, security or privacy/security related software and their configurations are acceptable.
- No misinformation: Extraordinary claims must be matched with evidence.
- Do not post about VPNs or cryptocurrencies which are not listed on privacyguides.org. See Rule 2 for info on adding new recommendations to the website.
- General guides or software lists are not permitted. Original sources and research about specific topics are allowed as long as they are high quality and factual. We are not providing a platform for poorly-vetted, out-of-date or conflicting recommendations.
Additional Resources:
- EFF: Surveillance Self-Defense
- Consumer Reports Security Planner
- Jonah Aragon (YouTube)
- r/Privacy
- Big Ass Data Broker Opt-Out List
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
The best solution IMO is don't let your smart devices have access to the internet. Put them on a VLAN, block them at the firewall, whatever method you prefer. Accessing your home network remotely is one thing, but your air conditioner doesn't need to INITIATE a connection to the outside world.
That's what I did 🙃 Unfortunately, some devices do not work at all without a connection to the manufacturer's cloud, this also needs to be taken into account.
Used this tool just yesterday to stop some bulbs I got at Costco connecting to the cloud.
https://github.com/tuya-cloudcutter/tuya-cloudcutter
Having to hack even bulbs to avoid being spied on is a new level in dystopia.
Oh, I could make it worse if you’d like? That tool isn’t made for just the bulbs I got at Costco, it’s made for any device in the Tuya ecosystem. What’s Tuya? They’re a Chinese white-label manufacturer that makes smart devices that other companies can slap their brand on. They’ll throw you together an app too, but all of the API calls go through their infrastructure. Bonus, they also make security cameras that send footage to their servers, and smart locks too. They’re literally everywhere, but I’m in Australia so that’s where I’m basing this list:
And that is, quite literally, only to name a few.
Thanks mate.Moving forward I am Not going to buy anything "smart"
I mean, there are still plenty of ways to have smart things that don’t communicate with the internet. Ikea’s stuff is all zigbee, they don’t have wifi at all. You can get one of their hubs to control from your phone, or they sell remotes with zigbee you can pair directly to control a set of bulbs. They never have to see internet at all.
@princessnorah @yoz rlly??? I might have to look into this!
Yeah. As well, if you want to upgrade to a Home Assistant setup down the line, all you need is a $50 Zigbee USB adapter. If you’re more tech-savvy then you can also buy bulbs from somewhere like https://www.athom.tech that come pre-flashed with open source firmware. Either ESPHome, Tasmota or WLED are available. These are wifi, but everything is local, and you can block them on your router without issues. ESPHome is what I have running on the bulbs I rescued.
Good link for that site. Currently shopping bulbs for my just recently arrived home assistant green and hard to find consistent information on best bulbs to be using. Love that these are flashed with open source already but I think due to the amount of bulbs I need and their location I'll be better suited with Zigbee. Will definitely check this place for future devices as I build out the system.
Are you new with Home Assistant in general? I’ve got it running in a VM on a rack server, but those HA Green’s sure do look like a tidy little bit of kit. Ikea stuff works well with it Zigbee-wise, I’ve got some of it around. You can get their remotes working via HA to control other things too. Here’s the Blueprint I used: https://github.com/niro1987/homeassistant-config/blob/main/blueprints/automation/niro1987/zha_ikea_tradfri_5button_remote_custom.yaml
Thanks for the info! I am somewhat new to HA, my only experience with it was temporarily checking it out on a VM on my windows Plex server but at that time didn't have my own place was just checking it our for the eventual move. I think I'm going to add Sky Connect for Zigbee and eventually Matter/Thread devices.
The newer version of Ikea's Tradfri bulbs (they aren't selling the old ones anymore) have thread/ matter support on the chips. They should be getting a firmware update soon to enable it. You can also check out the Integrations section on Home Assistant to find devices/brands that are private and work well. The Shelly integration is rated Platinum, and has Local Push: https://www.home-assistant.io/integrations/shelly/
Edit: Also, feel free to hit me up here or on Matrix (link in my profile) if you have any questions or just wanna chat about HA or other self-hosted stuff 😊
@princessnorah that’s awesome! When I move out imma buy all this lmao
I have flashed all the bulbs and ceiling lights in my house and they work locally on FOSS firmware now 😉 It is not a big deal. I have very poor soldering skills, and I did this anyway.
A long while ago, my first foray into smart home stuff was a Phillips Hue system. I used to use it exclusively offline, but I got deeper into smart home stuff and wanted to add some integration into my system. I don’t remember what anymore, but it meant setting up a Hue developer account, so I signed up. Gave them my email address. Stopped using the integration, moved, reset the hub, used it offline for years.
This February I logged into the hub for some reason. I think an accessory wasn’t working and Hue user docs said to log in or some such nonsense.
Five days ago, I got an email from Amazon. They told me that one of the batteries in a Hue switch was running low, and they helpfully provided me with a link to buy new ones. Their page for the device indicated that they were being updated with its battery percentage every 4-8 hours - and that I had authorized Alexa access to my Hue system in February.
I checked the Hue app, and it indicated no apps or services connected to my account.
Logged into the Hue website, dug into my settings, and there were a dozen app’s and services that had been “authorized” to access my account - none that showed up in the app.
Every smart device that has been on my network - devices that I never integrated with Hue (on purpose!) were all happily showing very recent access times to my data. Systems I don’t have accounts to anymore. I revoked access, of course.
Three days ago Amazon emailed me to let me know a different device needed a battery, and showed that Hue had shared the battery level of the device with them that day - 2 days after I revoked access.
Yeah… all their products are getting trashed, reflashed, or used with zigbee hubs I’ve built.
You should never fully trust ANY device on your network. Even if it's not collecting your personal information and sending it off to who-knows-where, there could always be a zero-day exploit just waiting for someone to find it.
You're correct about an outside individual accessing your network, but that still doesn't prevent a device on your network from phoning home.
I think most people have at least some open ports, though. Isn't port forwarding required for a lot of online games? It used to be at least.