The Internet of Unwelcome Gifts
It’s that time of year when many of us are out buying gifts for ourselves or others – or if you’re tight like me, waiting for the sales in the New Year to buy those big-ticket items. Ahem. Regardless, please do not buy IoT / "smart" devices as gifts for people you care about.
Here’s the thing: at this point in time, most people who want a dedicated assistant-in-a-can device already have one. If they don’t own one already, it may be because they realise they will hardly use it – most of these things are only ever used to play music and maybe set a timer. The first many of us knew about Amazon’s efforts to sell Alexa skills for actual cash money was when they missed their revenue forecast… badly. How badly did they miss? Well, against what I would have thought was a pretty conservative target by Amazon’s standards of $5M, they achieved… $1.4M. That’s 28% attainment, also known in sales circles as "pack up your desk and get out – and be quick about it, I already called Security". In other words, very few people are using Skills at all, and basically none are using for-pay skills.
Of course there are any number of surreptitiously "smart" devices. For instance, these days it is pretty much impossible to buy a consumer TV without an operating system powerful enough to connect to the Internet over wifi and run streaming-video apps. This also means they are powerful enough to snoop on user’s behaviour. You might think this is not too bad – after all, YouTube already knows exactly which cute cat videos you watched – but these days, the state of the art is capturing whatever is displayed on screen, and trying to run analytics on that. If you watch home videos or display your photos, well, the privacy policy you clicked through when you set up the TV says it’s okay for the company to own those now. This is why even staid Consumer Reports is offering advice to turn off snooping features in smart TVs — and yes, they called it "snooping", not me.
If you think TVs are bad, other categories are even worse; see this IEEE report that calls out security risks of drones, vibrators, and children’s toys.
All of this means that there is a good chance that your possible gift recipient, especially if they are technically inclined, considered and rejected smart devices for security reasons. In case you think I’m just a lone crank over here in my tinfoil hat, it’s worth noting that the FBI issued notices about securing smart TVs around Black Friday, while the French government just sent out this warning about internet-connected food processor.
At least someone with some technical skills might have a chance of heading off the snooping at the network edge with something like a Pi-Hole. Definitely don’t buy anything with an Internet connection for your Muggle friends and relatives!
This is the sort of thing that Mozilla’s excellent Privacy Not Included project is designed to highlight. Note that this is not a blanket anti-tech position; if you browse over to the Privacy Not Included site, there are a ton of "smart" devices that are not creepy. But then there are the others, such as the infamous Ring camera, which manages a hat trick of terrible security, accommodation with a surveillance-driven police state, and enablement and reinforcement of racist tendencies.
In light of recent reports about the security of Ring devices, we’re suspending our recommendation of Ring products & updating affected guides as soon as possible. Ring owners should turn on 2FA & update their passwords with a new, previously unused one. https://t.co/96G6bSmxwq
— NYT Wirecutter (@wirecutter) December 19, 2019
In this context, Apple’s announcement that they are joining forces with Amazon, Google, and Zigbee to establish a new, more secure and interoperable IoT standard may be a hopeful sign that the Wild West era of ill-considered experimentation in IoT is coming to an end – or it may be a well-intentioned standard that simply ends up gathering dust on a shelf in Cupertino.
Turn up the heating, I’m freezing!
I’m sorry Dave, I can’t let you do that.
Regardless, don’t buy any devices that are too smart for their own good – or more importantly, yours. If there is no good reason for a thing to be "smart", then stick to the dumb version: it no doubt works better today, and won’t be obsolete tomorrow when the vendor goes out of business or simply terminates support for that product line.