this post was submitted on 18 Dec 2023
482 points (97.4% liked)

Technology

59593 readers
2967 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] dangblingus@lemmy.dbzer0.com 54 points 11 months ago (4 children)

Yet another reason why IoT crap sucks. You don't need to put everything on the internet. This one should be obvious.

[–] friend_of_satan@lemmy.world 24 points 11 months ago* (last edited 11 months ago)

The "S" in IOT is for "security".

[–] GigglyBobble@kbin.social 15 points 11 months ago (2 children)

People don't think about that. You have to register somewhere in order to use your $12.99 cam, install some app and are good to go.

How would a someone not interested in tech know that the footage data is stored on some online server and you are at the mercy of their itsec.

[–] archomrade@midwest.social 20 points 11 months ago (2 children)

Which is why these companies that are marketing wifi and cloud-polling devices should be held responsible for the data breaches and regulated more rigorously.

It should be cost-prohibitive to design a smart device that sends data to a centralized server, but they do it because the upside value of having the data is so attractive. They shouldn't be allowed to hide behind a ToS agreement with mandatory arbitration when their security is inevitably breached.

[–] AlfredEinstein@lemmy.world 8 points 11 months ago (1 children)

Take it up with your congressman.

Seriously. It sounds like you have an informed and well-reasoned opinion. They're not 100% corrupt. And they usually only hear about tech from industry lobbyists.

Let them hear from an intelligent constituent for a change.

[–] Kushia@lemmy.ml 2 points 11 months ago (1 children)

Good luck with that, your voice is going to be drowned out by all the companies masquerading as "people" whom they really represent.

[–] AlfredEinstein@lemmy.world 2 points 11 months ago (2 children)

Taking the time to get in touch with representatives at all levels of government is just good citizenship.

Sure, there are lobbyists. But there's me too. We can't expect to enjoy a civilized society unless we put in the effort.

[–] archomrade@midwest.social 1 points 11 months ago

I do it when I can, but that kind of influence just can't be done by a handful of tech-literate terminally-online weirdos. It takes a buttload of money or a massive amount of public attention to push an issue like this forward, especially when political operatives absolutely benefit from both the data and the companies involved. The political calculus just isn't there.

More people need to know and care about this before any legislator is going to spend political capital on it.

[–] Kushia@lemmy.ml 1 points 11 months ago (1 children)

Having done this before and being told to basically get stuffed from one of their underlings I have zero faith in it. It's basically just another token thing that's about as useful as "thoughts & prayers" for the most part.

[–] AlfredEinstein@lemmy.world 1 points 11 months ago (1 children)

You have to be nice. You're selling an idea that is probably foreign to them.

[–] Kushia@lemmy.ml 1 points 11 months ago

I don't mean they literally told me to get stuffed. They won't personally take your call nor read your letter. You might get lucky and they'll let you physically come into their office but that's about as far as you'll get.

[–] Treczoks@lemm.ee 2 points 11 months ago

Good luck holding a company sitting in China "responsible" for about anything.

[–] dangblingus@lemmy.dbzer0.com 1 points 11 months ago

The question isn't "how would someone know....?" the question is "do you know what a hacker does?".

[–] books@lemmy.world 14 points 11 months ago (1 children)

Home assistant tries to keep shit local.

[–] baseless_discourse@mander.xyz 11 points 11 months ago* (last edited 11 months ago) (2 children)

depends on the device.

If the device dont provide local connection, there is nothing home assistant can do about it. Some device will also send data to the cloud even it is locally controlled by HA.

[–] books@lemmy.world 4 points 11 months ago (1 children)

Oh for sure. But unlike smart things or any other hub, only the data that needs a cloud connection will go through the cloud...

[–] archomrade@midwest.social 1 points 11 months ago* (last edited 11 months ago)

Home assistant is great at what it does, but the problem is too big for HA to really fix it by itself.

It's the end-devices that are the biggest culprits, paired with the apps installed on your phone. It's the reason Google was basically giving away their home-mini's the last couple years.

If you use a smart device that comes with - or requires - an app, it's almost guaranteed that app collects a certain amount of data from you to be sold or utilized for user profiling.

The problem is that everyone has half a dozen of those devices already, and swapping them all out takes time, effort, and money that most people simply don't have.

It's a challenge even for the truly dedicated and privacy-minded individual to know which devices are locally hosted and which ones use local internet access or a permissive phone apps to function. Even if you DO manage to keep a clean slate, there are always companies that change their policies once they have high-adoption and force cloud integration on their users. See Phillips, Chamberlain, Microsoft, Google, Amazon...

I love Home Assistant, but it's a nightmare trying to cut out all the unsecured bullshit I've found myself with even in the past two years.

[–] derpgon@programming.dev 1 points 11 months ago

Thanks to laziness of the device manufacturers, a lot of them either expose some data endpoints locally, or just use Zigbee which can be easily paired to be used local-only.

Those that require Wi-Fi access can be filtered on the router to disable internet access.

[–] realharo@lemm.ee 0 points 11 months ago* (last edited 11 months ago)

With end to end encryption, and requiring manual key transfer (no key sync), this would not be an issue.