Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Security Privacy Television

Smart Meters and New IoT Devices Cause Serious Concern 168

dkatana writes: The ongoing deployment of internet-of-things devices is already creating serious issues and discussions about the privacy of users, IoT security, and the potential threat of cyber criminals taking control of sensors and smart devices connected to the Internet.

Security and privacy concerns associated with smart meters are why they are currently "optional" in several countries. That's the case in the Netherlands after consumer organizations and privacy watchdog groups campaigned vigorously to stop the mandatory smart meter deployment. A report from researchers at Tilburg University claimed that "smart meters have the capacity to reveal quite privacy-sensitive information, thus affecting not only informational privacy but also privacy of the home and of family life."
This now applies to televisions as well — an article in Salon discusses the author's new "smart" TV, which came with a 46-page privacy policy. Quoting: "It logs where, when, how and for how long you use the TV. It sets tracking cookies and beacons designed to detect 'when you have viewed particular content or a particular email message.' It records 'the apps you use, the websites you visit, and how you interact with content.' It ignores 'do-not-track' requests as a considered matter of policy. It also has a built-in camera — with facial recognition."
This discussion has been archived. No new comments can be posted.

Smart Meters and New IoT Devices Cause Serious Concern

Comments Filter:
  • by Anonymous Coward on Friday October 31, 2014 @12:57PM (#48281017)

    I would send that TV back if I had made the mistake of buying it in the first place. Stores hate returns. It wastes their time, which is the same as wasting money. They have to re-stock the item and it sells less easily with the box taped up. We should do this on purpose to all devices with "features" like that. Make it cost them. It'll send a message.

    • I'd keep it. Imagine the ads you would get after browsing black twisted dildos on Amazon.
    • Re: (Score:3, Insightful)

      and pay a restocking fee
      • by AmiMoJo ( 196126 ) *

        US consumer laws must really suck. In the UK if you don't agree to the EULA you can return the hardware for a full refund at no cost to yourself. In fact, thanks to EU rules, if you bought the item over the internet then the vendor has to pay the return postage too.

        The simple rule is that if some aspect of the product that was not made known to you when you bought it turns out to make it unusable, you can return it for a full refund. No restocking fees, the principal is that the customer should not be out o

      • by Fjandr ( 66656 )

        I can't remember the last retailer I've encountered in the US that charges restocking fees...

        • Every auto parts/tools outfit has restocking fees for at least some stuff. Sometimes this reflects their typical usage pattern (like auto code scanners) and other times just the cost of dealing with fraud and the actual cost of dealing with restocking, as in electrical components. A percentage of what you get back will be the pulled parts, cleaned up.

    • by turp182 ( 1020263 ) on Friday October 31, 2014 @02:01PM (#48281811) Journal

      Is this TV even legal in all states? It sends the audio it hears to a third party (per the Salon article). Seems that may run afoul of audio recording laws in all-consent states (maybe even single-party consent states). Can providing the TV with power be considered "consent" to have everything you say in your living room sent to a 3rd party?

      From the Salon article:
      “Please be aware that if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party.”

      • by Sun ( 104778 ) on Friday October 31, 2014 @03:15PM (#48282717) Homepage

        Assuming the click-wrap isn't binding, then I don't see how this can be legal even in one party consent jurisdictions.

        Even if the click-wrap is binding, it is only binding to the person who "Agreed" to it. If I'm not allowed to implant a recording device in the room that will listen to your conversations with someone else when I'm not there, I don't see how I have the authority to let someone else do the same.

        Of course, IANAL.

        Shachar

        • Thanks for the comment, I hadn't considered the recording and transmission of a visitor's speech. That clarifies things, but along with you, I am not a lawyer...

      • It sends the audio it hears to a third party

        Does it have voice control similar to Google Now or Siri? Maybe it's being sent off merely for heavy duty transcription.

        • You have to activate those services ("OK Google"). I'm assuming this always listens, even when off (so it can be powered on via voice command).

          And it is a reasonable assumption these services send the data to the company (Google or Apple), not some unnamed "third party". The third party part is pretty scary in my opinion, they make it clear that they aren't the ones listening.

          Maybe the NSA is servicing my TV commands...

          • That really just sounds like they are outsourcing the audio processing to a company that actually sells those services. They don't have their own speech recognition engine, presumably, and don't self-host the software.

            • But, given the context of the actual privacy policy, it means they can listen (and given such freedom, why would they not?). I quoted the Salon article, which was a direct quote from the privacy policy of the TV.

              I don't consider this product a TV. It's a privacy invasion device with a screen (that's how to get around a restocking fee when returning...).

    • by BradMajors ( 995624 ) on Friday October 31, 2014 @02:11PM (#48281911)

      Which TV?

      Article is useless in that no one is able to independently verify that what the writer says is true.

    • disable wi-fi in the menus, if so equipped, and do NOT plug in an Ethernet cable. if the POS still shows up on the wifi connections list, take it back for a refund.

      • by rthille ( 8526 )

        It couldn't get on my network without my hard-to-crack wifi password.
        But it could secretly join some neighbors' open wifi, or an xfinity wifi, or...

      • by sjames ( 1099 )

        Take it back anyway because it must be defective. The voice commands don't work, you see...

    • by lgw ( 121541 )

      I would send that TV back if I had made the mistake of buying it in the first place.

      Well, I have a TV that I'm sure does all that shit, but it doesn't bother me because I never use the "Smart" features, I just wanted the best display panel. It can track "HDMI Port 1" to its heart's content, for all I care. The UIs for these "Smart" devices all suck IMO. A laptop with a wireless mouse (and wireless keyboard that I almost never need, except when Netflix decides to log me out) beats every interface I've seen so far.

      • A laptop with a wireless mouse (and wireless keyboard that I almost never need, except when Netflix decides to log me out) beats every interface I've seen so far.

        Roku's Netflix interface is nice - and there's a smartphone app to search/select content not already on your list.

    • by Jane Q. Public ( 1010737 ) on Friday October 31, 2014 @02:55PM (#48282459)
      These are all things that many of us have been warning about, for many years.

      The "privacy policy" and consumer warnings should be required to be on the OUTSIDE of the box. If it won't fit... don't do it.

      And anything that may be privacy-intrusive should be opt-in ONLY.
  • See the subject. Those are the most useful pieces of information that could have been put in the article but they were omitted for some reason. Does anyone know?

    Rosie

    • by Anonymous Coward

      Does it really matter? Or do you think that other smart tvs somehow are not nearly as scary?

      I have never wanted a smart tv, for exactly the kind of reasons the author outlines. Although I have never gone into actual detail. But the idea of having my television connected to the internet and do all kinds of 'extras' apart from just displaying images, always seemed like a terrible idea.

      • by 0123456 ( 636235 )

        But the idea of having my television connected to the internet and do all kinds of 'extras' apart from just displaying images, always seemed like a terrible idea.

        Yes, but your'e not a TV manufacturer.

        • I use my smart tv for YouTube and Netflix. It is nice being able to watch live from x country shows that wouldn't be able to make it on cable because of screwy time zones and zero commercial breaks.

          I was watching a race last month that was in nice France at 9am my time 2pm local in France. The next series is in dec in Auckland new Zealand. Which makes it 10pm my time even though it will start 2pm local time again.

          What annoys me is Google which blocks smart tv from receiving YouTube unless their account is p

      • Or do you think that other smart tvs somehow are not nearly as scary?

        I haven't the faintest idea one way or the other - which is why I would like to have that information. When the information is available if it turns out that all the other smart TVs do exactly the same thing then I know not to buy a smart TV. If it turns out that most do and a few don't then that acts as the first filter to my buying decision. Not having that information available makes it impossible to make that decision.

        Rosie

      • But the idea of having my television connected to the internet and do all kinds of 'extras' apart from just displaying images, always seemed like a terrible idea.

        Replace television with computer.

        And 'run programs that I don't fully know the source code' with 'extras'.

  • Consumer education (Score:5, Insightful)

    by sinij ( 911942 ) on Friday October 31, 2014 @12:58PM (#48281035)
    Consumers need to be educated on dangers of buying into 'Internet of Things' and 'Smart' appliances. I think the only way is to release and publish exploits, so consumers realize that these "features" are not under their control.
    • by timeOday ( 582209 ) on Friday October 31, 2014 @01:05PM (#48281121)
      Consumers have no way to educate themselves, because the companies are not compelled to reveal what they are collecting or what they are doing with the information with any specificity.
      • by Lumpy ( 12016 ) on Friday October 31, 2014 @01:09PM (#48281183) Homepage

        That and the general public is dumb as a box of rocks in regards to technology.

        • Personally I think the picture is becoming increasingly simple: if data is collected, there is a good chance it will be disseminated and cross-referenced with whatever else is known about you, or that can be statistically inferred from what is known.

          There was a time when I thought that encryption, and layers of computer security features, had given individuals measures to strongly protect information, so long as they didn't do something dumb. Now I don't think so. It is simply not possible to implement

          • by AmiMoJo ( 196126 ) *

            if data is collected, there is a good chance it will be disseminated and cross-referenced with whatever else is known about you, or that can be statistically inferred from what is known.

            Yes, and that's why I find it strange that so many people who are against being monitored and tracked all the time object to European style privacy rules. In Europe individuals have some control over how companies use information about then, and critically can ask for it to be corrected or deleted: the right to be forgotten. Yet somehow this is a bad thing in some people's minds.

          • Encryption and layers of security have given individuals the ability to strongly protect their information. The error is in thinking that they will do so. The unpleasant truth is that most people don't actually care that much about their privacy, aside from what will become known to their circle of contacts. They would be horrified at the idea of their parents knowing about their habbit of reading erotic fiction involving gryphons in bondage and [CENSORED] being '[CENSORED],' but the idea of some technician

            • or a bored contractor at the NSA finding out doesn't bother them

              So much for the US constitution, huh? 'Land of the free and the home of the brave' my ass.

        • by cayenne8 ( 626475 ) on Friday October 31, 2014 @02:49PM (#48282401) Homepage Journal

          That and the general public is dumb as a box of rocks. *snip*

          There...Fixed that for you.

          :)

          Seriously, if you've everworked a job dealing with the general public, you leave with this concept permanently burned into your brain. It sounds elitist to those that have never had to deal with the general public in a meaningful way (retail, support of any kind, food service, etc), but once you do, you just realize most people out there are 100% fucked in the head.

          It amazes me so many of them can even process oxygen correctly.

    • by LVSlushdat ( 854194 ) on Friday October 31, 2014 @01:10PM (#48281193)

      I wonder just how long it will be before 1) there is a law *requiring* you to own/use a television-like device, 2) the only units that are sold have these "features", and 3) once installed you are unable to turn them off or if you do manage to do so, you get a visit by the "tv police"... Of course, the reason for such a "law" making this requirement would be couched in terms like "for the children... terrorists... " ... you get the drill... I feel sorry for the kids of today who will have to live with such shit..
      George Orwell had it right, just a few years too early... Glad I'm over the hill, probably won't last more than 10 more years.. (64 now).. Hopefully, this shit happens after I'm gone....

      • by Sun ( 104778 )

        Please do read George Orwell's 1984. You just described its main features.

        Shachar

        • And now people are using free will to buy it, big brother doesn't even have to force it upon us. And given the inane nature of most content provided, it is the perfect tool for pacification.

    • The same sort of consumers who think Obama is responsible for the poor response to Katrina? Keep dreaming.

    • Mostly useless. Consumers have been warned before. Most have ignored this advice because they have not yet experienced a case where they believe they have been personally harmed.

    • Probably contravenes typical /. viewpoint, but smart meters are great. I have one and love it. I get a feed of its data and create a daily plot based on that information (see here [plot.ly]).

      Smart meters allow accurate time of day pricing, which can help reduce overall consumption and reduce costs for everyone, customers included. It allows the utility company to know more about where demand is and how it varies, and have a better sense of the condition of the grid (especially useful in outages).

      In theory I could ded

      • Probably contravenes typical /. viewpoint, but smart meters are great. I have one and love it. I get a feed of its data and create a daily plot based on that information (see here).

        they had meters that could handle time-of-use metering before they had meters that could handle realtime reporting. they had to come to your house with a fancy PDA once a month and get a dump from the meter.

        • In a sense, we've always had real-time reporting, since you've always been free to go outside and look at your meter whenever you want.
          • In a sense, we've always had real-time reporting, since you've always been free to go outside and look at your meter whenever you want.

            Sure, and it's simple enough to read the disc in the meter optically, so logging is not that difficult, either. The power factor is shown right on the meter's face...

    • You would think that exploiting the security of smart appliances would convince consumers that always connected appliances are bad. Well I think it will only make things worse after a few rounds of TV's hacked to display goatse and possible loss of property or life from hacked gadgets. The consumers will be up in arms and the government will step in and make more draconian laws to stop the hacking. The manufactures will throw around money to railroad those laws so they can keep profiting from private data.

  • by Anonymous Coward
    is anyone else here already tired of the phrase 'Internet of Things'. Oh yeah, and get off my lawn!
    • Re: (Score:2, Funny)

      by Anonymous Coward

      get out of the dark ages...

      "Get off my wlan!"

    • Wait until you get a new sprinkler controller for your lawn that will let you change the settings via a smart phone app. You're gonna love "Internet of Things" while turning the water on/off from your rocking chair.
  • by gurps_npc ( 621217 ) on Friday October 31, 2014 @12:59PM (#48281041) Homepage
    I am pretty sure that the single worst and neccessary government over-reach in Orwell's 1984 was the mandatory placement of cameras that you could not turn off.

    Government rules that require cameras be placed in your house is pretty much my definition of a tyrannical dictatorship.

    • I had the impression when I read 1984 that the cameras where a relatively minor annoyance compared to other things, like manipulating language, undermining all interpersonal relationships and the rats eating your face.

      • Manipulating language is called being "politically correct". Human nature undermines interpersonal relationships.

        And now the TV has cameras and microphones.

  • by Anonymous Coward

    You say you care about the privacy implications of this device, but yet you still purchased it?

  • by Anonymous Coward

    I'm not the product, and they treat me that way.

  • simple solution (Score:2, Insightful)

    by Anonymous Coward

    Don't buy those devices. It'll take about two months of zero sales before they sing a different tune.

    What's that? You NEED a TV right now, because DTWS is on? Then STFU and stop bitching, because YOU enabling this very kind of mass data collection. You are the reason it succeeds.

    These companies will do this if you let them. The only answer is not to buy that shit.

  • by Overzeetop ( 214511 ) on Friday October 31, 2014 @01:06PM (#48281147) Journal

    "'when you have viewed particular content or a particular email message"

    Sounds horrible and ominous. Unless, of course, you realize that the TV would otherwise have no way of indicating your next unread message / new messages, sorting your watched shows from your unwatched ones, and allowing you to browse your history. Do not track (I'm guessing) is ignored so that it doesn't break functionality on content sites which need it to, again, show you your history, make viewing suggestions, and keep track of which episodes you've watched. Facial recognition sounds super 1984, but would be exceptionally convenient so that the TV brings up Dr. Who and The Simpsons when you sit down rather than Twilight and Wizards of Waverly Place (though its easy to see how a mis-match - or correct match - could be a bit embarassing).

    Maybe our TVs just need an "incognito mode" on the remote?

    • by bobbied ( 2522392 ) on Friday October 31, 2014 @01:16PM (#48281263)

      Maybe our TVs just need an "incognito mode" on the remote?

      A button on the remote isn't necessary, a paper bag with eye holes will do the trick... If you don't have a black mustache and wear glasses, a set of Grouch-o Mark's glasses might work too.

      • Maybe our TVs just need an "incognito mode" on the remote?

        A button on the remote isn't necessary, a paper bag with eye holes will do the trick... If you don't have a black mustache and wear glasses, a set of Grouch-o Mark's glasses might work too.

        ...or a strip of electrical tape...

        (^^^^^ that's for the camera, so don't get too creative...:)

    • How can it even ignore "Do Not Track"? That's a client setting, not a server setting. If the client doesn't give an option to set "Do Not Track" then how is the client "ignoring" it?

  • by MobyDisk ( 75490 ) on Friday October 31, 2014 @01:11PM (#48281213) Homepage

    It seems like if you pick a random Joe who does not like these technologies, then put that person into the company that manufactures the product, he will completely change positions. There will be no end of excuses as to why it is okay and the public is paranoid. I've even see people slowly go from one viewpoint to the other as a result of project assignments.

    There must be a name for this phenomenon.

    • Indoctrination sounds about right.
    • There must be a name for this phenomenon.

      Corruption.

    • There must be a name for this phenomenon.

      It's a natural result of group dynamics and peer pressure.
      It doesn't even have to be overt peer pressure, as we are social animals and we pick up on social cues.

      Ash was a psychologist who pioneered research into conformity:
      http://en.wikipedia.org/wiki/Asch_conformity_experiments [wikipedia.org]

      Bonus Fact: One of Ash's students was Milgram, later known for his electroshock obedience experiments.

      • It's a natural result of group dynamics and peer pressure.

        This isn't about conformity, this is about self-justification. It can't possibly be bad, because I'm doing it, and I am a good person!

    • "It is difficult to get a man to understand something, when his salary depends upon his not understanding it." - Upton Sinclair
  • by BaronM ( 122102 ) on Friday October 31, 2014 @01:11PM (#48281215)

    My first thoughts, probably like many, were along the lines of "don't connect the TV to the Internet", but that is increasingly impractical as the article points out. Even more so, I can see why I might WANT my next smoke/CO detector, for example, to be connected and able to call the fire department if necessary. It might even be good if it had a mic/camera to allow the firemen to see/hear what is going on -- after all, if they take a look and see me standing there with a pole trying to jab the 'quiet' button and yelling 'false alarm!', they can avoid an expensive and time-wasting truck roll. Or, if they see smoke and people passed out on the floor, they can get it in gear KNOWING that there are lives on the line.

    Basically, in short order we will (almost) all have bugged our own homes/cars/offices for perfectly good reasons. Or, if not for good reasons, than as a condition of our fire/casualty insurance policies.

    Which means, unfortunately, that any technical fixes are attacking the wrong problem. What we need are behavioral/legislative fixes to make inappropriate access to these surveillance systems prohibited and punishable with real teeth. Punishments that breach the corporate veil, and are stricter in cases of official abuse than for 'ordinary hackers'. I wouldn't commence holding my breath for those laws, if I were you.

    At any rate, go vote next week, and vote for 'less bad'. It's the best we can do.

    • Which means, unfortunately, that any technical fixes are attacking the wrong problem. What we need are behavioral/legislative fixes to make inappropriate access to these surveillance systems prohibited and punishable with real teeth. Punishments that breach the corporate veil, and are stricter in cases of official abuse than for 'ordinary hackers'. I wouldn't commence holding my breath for those laws, if I were you.

      At any rate, go vote next week, and vote for 'less bad'. It's the best we can do.

      We need to do more things at once. Vote against those who would aide and abet the personal info merchants. Have a router that's paranoid and only interacts with specific sites. Hardware with uncomfortable "features" disabled - even if it's a physical hard-hack (i.e., screwdriver to lens).

      Furthermore there needs to be a marketing effort or social movement against privacy invaders. Unfortunately, government psyops will do everything they can to demonize and prevent any such movement from taking hold.

    • by mlts ( 1038732 )

      Connecting emergency devices that notify the proper authorities is a solved problem. Even before the Internet was mainstream, fire and burglar alarms used POTS lines, and even cellular connections to dial out.

      What needs to be done is to have emergency devices that dial out be connected to 1 (or may more for redundancy) hardened monitoring servers. These machines are behind a firewall, and don't accept incoming connections.

      For items that accept incoming input via the Internet, the devices themselves should

      • by BaronM ( 122102 )

        I was with you up to here:

        ... a basic fleshlight app...

        Now, I'm just want to remember to NEVER borrow your phone :)

        OTOH, what you've described is basically what corporate IT security has been about for years. It can be effective, but it's a bitch to maintain is will generally be discarded or circumvented in the name of 'convenience' the first time there is a trade-off between security and a shiny new feature.

  • You're not going to have the convenience of the modern world without almost ubiquitous interconnected computerized systems. You're not going to have the reliability you need for these systems to operate properly if you don't have more secure operating systems and identification mechanisms. The decision of what the deal will be when one is traded for the other will not be in your control.

  • by Bodhammer ( 559311 ) on Friday October 31, 2014 @01:13PM (#48281227)
    "‘Smith!’ screamed the shrewish voice from the telescreen. ‘6079 Smith W.! Yes, YOU! Bend lower, please! You can do better than that. You’re not trying. Lower, please! THAT’S better, comrade. Now stand at ease, the whole squad, and watch me. A sudden hot sweat had broken out all over Winston’s body. His face remained completely inscrutable. Never show dismay! Never show resentment! A single flicker of the eyes could give you away. He stood watching while the instructress raised her arms above her head and — one could not say gracefully, but with remarkable neatness and efficiency — bent over and tucked the first joint of her fingers under her toes. ‘THERE, comrades! THAT’S how I want to see you doing it. Watch me again. I’m thirty-nine and I’ve had four children. Now look.’ She bent over again. ‘You see MY knees aren’t bent. You can all do it if you want to,’ she added as she straightened herself up. ‘Anyone under forty-five is perfectly capable of touching his toes. We don’t all have the privilege of fighting in the front line, but at least we can all keep fit. Remember our boys on the Malabar front! And the sailors in the Floating Fortresses! Just think what THEY have to put up with. Now try again. That’s better, comrade, that’s MUCH better,’ she added encouragingly as Winston, with a violent lunge, succeeded in touching his toes with knees unbent, for the first time in several years.’" "If you want a vision of the future, imagine a boot stamping on a human face - forever." 1984 - George Orwell
    • Where are mod up points when you desperately need them?
    • The really interesting thing is that human behavior in the US is being coerced and modified, and will continue to be, via social networks. We are self censoring ourselves via what we see others do and say on social networks.

      The "Zuckerberg Effect" is in full effect as people increasingly are of a like hive-mind regarding how they speak, phrases, language, opinions on hot-button issues, music, etc; I have noticed this just in the last five years or so as FB has become sort of the "party"(and I ain't tal
  • Smart Thermostat takes a picture, calls the cops, etc etc etc. Then of course stoners will be shocked. Shocked I tell you.

    • by green1 ( 322787 )

      That's a very long way away. These systems aren't being put in place by the government, they're being put in place by the corporations. Corporations have it in their best interest to avoid doing things like that because it would draw attention to their surveillance, without any financial benefit to themselves.
      What you suggest may happen, but it won't be until the world is wired and the general public is already well aware of it.

      • These systems aren't being put in place by the government, they're being put in place by the corporations.

        The difference between the two is becoming increasingly fuzzy and unimportant.

  • Eventually everyone will have limitless useless information on everything and it will represent nothing, add nothing and be used for nothing.

  • Sounds like someone's finally made the telescreen [wikipedia.org] happen. I for one welcome our new big brother overlords.

  • Why does anyone other than nosy companies think this is a good idea?

  • ...it's still my network. I can control what devices can connect, and to who and how they can talk to the outside.

    Admittedly though, 99.9% of consumers can't do this, and it may be hard to separate the wanted and unwanted traffic.

  • Sounds like it might be a good time to buy a high-end TV

    Just get the model below the one with all the "smart features" and hook it up to your Mythbox

    Seems like you could get a really decent "dumb" TV for a reduced price to use as a monitor.

  • This now applies to televisions as well -- an article in Salon discusses the author's new "smart" TV, which came with a 46-page privacy policy. Quoting: "It logs where, when, how and for how long you use the TV. It sets tracking cookies and beacons designed to detect 'when you have viewed particular content or a particular email message.' It records 'the apps you use, the websites you visit, and how you interact with content.' It ignores 'do-not-track' requests as a considered matter of policy. It also has

  • Just get a big monitor and hook it up to your own computer.
  • Fifty one comments so far and nobody has yet pointed out ...

    In communist Russia, television watches YOU.

  • http://en.wikipedia.org/wiki/T... [wikipedia.org]
    https://www.youtube.com/watch?... [youtube.com]

    Just have to be careful not to be a turncoat.

  • I have a Samsung 32" LCD (120Hz?)TV, which I only use as a computer monitor.
    I read each TOS that came along, it was the third one that you needed to accept to use it as a
    very nice TV; It mentioned monitoring and storing everything you do (sites visited, vids viewed, each key stroke, and well everything). Adding a camera to it (gestures) makes it what the XBOX started out as (watching everything) but was shouted down. Not a word about has
    really been mentioned about the smart TVs.

    I quit there, I have no accou

In the long run, every program becomes rococco, and then rubble. -- Alan Perlis

Working...