Would you trust a robot vacuum from a privacy point of view?

[maartendc]

59 minutes ago, Heliian said:

Every on carries around a spy device on their person 247 now.  How is a vacuum going to glean any more information than a smartphone?  

 

Unfounded paranoia is the problem. 

Because maybe I trust the company that makes my phone with my data, but I don't trust Xiaomi (Roborock vacuum) or iRobot (Amazon).

 

Also, phones tend to get very regular security updates and are more buttoned down. Most iot devices or "smart home" devices do not, so they pose a greater security risk. There have been plenty of reports of smart door bells or baby monitors being part of botnets and doing DDOS attacks. Most iot companies don't give an F about the security of the devices they put out.

 

So, yes there is a big difference. It is not paranoia if it is true.

[Omni-Owl]

9 hours ago, maartendc said:

Yeah, maybe I will look into this actually. Although that is more hacking and setup than I had previously thought about. But I had no idea this was even an option.

Yeah vacuuming my whole house takes about 45-60 mins. Only the downstairs takes maybe 20 minutes, which is what the robot would handle.

 

I heard good things from my brother in law about the robot vacuum. I always assumed they were crap, but the consensus seems to be that they are actually OK. Don't expect miracles, but it keeps the place cleanER.

 

Thanks for the input!

I just did a quick google, and I found this: https://github.com/Hypfer/Valetudo

I haven't checked it, but it underlines my point I'd say

 

Always check first if the brand you want to buy can be flashed, and if so, how involved is it (so you can make the best choice), then go buy one of that brand and get on with it.

[maartendc]

46 minutes ago, Omni-Owl said:

I just did a quick google, and I found this: https://github.com/Hypfer/Valetudo

I haven't checked it, but it underlines my point I'd say

 

Always check first if the brand you want to buy can be flashed, and if so, how involved is it (so you can make the best choice), then go buy one of that brand and get on with it.

This looks cool, thanks! Perhaps a fun way to tinker with some tech.

[Omni-Owl]

5 hours ago, Heliian said:

Every on carries around a spy device on their person 247 now.  How is a vacuum going to glean any more information than a smartphone?  

 

Unfounded paranoia is the problem. 

It is in no way unfounded. If I could I'd also turn that off, but I can't. However I also live in a society that requires of me to be available to meaningfully participate. I have accepted, as part of my life, that I carry that device on my person despite I wish I had other options that didn't spy on me. But currently, I don't.

 

That does not mean I want every device I buy to spy on me though. If I can flash the firmware to get rid of the corp that infested it with always-online cloud services that I don't want or use, then I'm more than happy to do that. I just can't do that with my smartphone.

[Omni-Owl]

9 minutes ago, maartendc said:

This looks cool, thanks! Perhaps a fun way to tinker with some tech.

It's quite fun! I recently installed some opensource software on my router to replace its firmware. Was really easy too (OpenWRT I think?).

I ended up reverting it again because it didn't add the benefits I thought it could, but it was still really easy to do if I wanted the option which really counts for me.

[LAwLz]

On 10/12/2022 at 3:59 PM, maartendc said:

Because maybe I trust the company that makes my phone with my data, but I don't trust Xiaomi (Roborock vacuum) or iRobot (Amazon).

 

Also, phones tend to get very regular security updates and are more buttoned down. Most iot devices or "smart home" devices do not, so they pose a greater security risk. There have been plenty of reports of smart door bells or baby monitors being part of botnets and doing DDOS attacks. Most iot companies don't give an F about the security of the devices they put out.

 

So, yes there is a big difference. It is not paranoia if it is true.

It is important to not get too caught up in flashy headline and news stories.

Yes, 5 years ago it was discovered that over 100,000 Ring doorbells were part of a botnet. That is bad, but instead of drawing the conclusion that "IoT bad!" from it, you need to dig a bit deeper into the story.

The "infected" doorbells that were part of the botnet were exposed to the Internet (not NAT:ed or anything) and they had the default username and password.

 

Is it really fair to say "IoT devices are a security risk" if one of the primary examples was not really caused by an exploit? It was just people letting anyone from the Internet access their doorbells and then used default login credentials.

Meanwhile, we often get botnets using for example Windows computers that are far bigger than these IoT botnets, and barely any news stories gets written about them.

 

A lot of news headlines are written to get clicks and they gloss over important details. "IoT devices are security nightmares! New botnet found!" is a way flashier headline than "A lot of Ring doorbell customers have easy passwords and don't protect their network with basic security - Results in botnets".

 

 

Most exploits we see regarding IoT devices either fall into the category of "not an actual threat to most people" or "is prevented with the absolute most basic security practice imaginable". 

[Takumidesh]

I see a lot of hate for IOT in this thread.

 

IOT != Alexa/Google/etc. connections.

 

Usually those devices are explicitly NOT IOT devices. If it connects to the internet and communicates with servers thousands of miles away it really isn't IOT (atleast in my opinion)

 

IOT devices, usually use mesh protocols like Z-Wave to do interdevice discrete communications, there may be greater integration with things like home assistant, but the core of an IOT device is not just that it has an internet connection.

 

You can easily run advanced Home automation and IOT setups without any big tech companies being involved.

[dalekphalm]

6 minutes ago, Takumidesh said:

I see a lot of hate for IOT in this thread.

 

IOT != Alexa/Google/etc. connections.

 

Usually those devices are explicitly NOT IOT devices. If it connects to the internet and communicates with servers thousands of miles away it really isn't IOT (atleast in my opinion)

Can you tell me what the "I" stands for in IoT?

 

Hint: It stands for Internet.

 

IoT literally means Internet of Things.

Granted, the naming convention to begin with is inconsistent, because not all IoT devices actually need to connect to the Internet, but they do connect to some kind of network (whether that's your local WIFI, an ethernet cable, or MESH network).

6 minutes ago, Takumidesh said:

IOT devices, usually use mesh protocols like Z-Wave to do interdevice discrete communications, there may be greater integration with things like home assistant, but the core of an IOT device is not just that it has an internet connection.

Smart Hubs, such as Google Home, Alexa/Apple smart hubs, etc - are definitely considered IoT devices.

6 minutes ago, Takumidesh said:

You can easily run advanced Home automation and IOT setups without any big tech companies being involved.

This is true of many IoT devices, but not all.

[wanderingfool2]

45 minutes ago, Takumidesh said:

I see a lot of hate for IOT in this thread.

 

IOT != Alexa/Google/etc. connections.

 

Usually those devices are explicitly NOT IOT devices. If it connects to the internet and communicates with servers thousands of miles away it really isn't IOT (atleast in my opinion)

It might be your opinion, but it doesn't match what the definition is.  IoT is essentially anything that uses the internet/LAN to communicate with each other or to be controlled by the internet.

 

7 hours ago, LAwLz said:

Is it really fair to say "IoT devices are a security risk" if one of the primary examples was not really caused by an exploit? It was just people letting anyone from the Internet access their doorbells and then used default login credentials.

Meanwhile, we often get botnets using for example Windows computers that are far bigger than these IoT botnets, and barely any news stories gets written about them.

 

A lot of news headlines are written to get clicks and they gloss over important details. "IoT devices are security nightmares! New botnet found!" is a way flashier headline than "A lot of Ring doorbell customers have easy passwords and don't protect their network with basic security - Results in botnets".

 

 

Most exploits we see regarding IoT devices either fall into the category of "not an actual threat to most people" or "is prevented with the absolute most basic security practice imaginable". 

The way I look at IoT devices, its a cumulative threat.  Like in this example, that vacuum bought now, will it still be receiving security updates in 6-10 years down the road.  What happens when the device is found to have an exploit in it, and it isn't updated?  or what happens when a bit of security is overlooked (or the backend servers are compromised, and used to now gain information on your network).

 

The example of the ring doorbell is just a small one (where it was preventable by the end user).  What wasn't preventable though by the user (if they were using all the IoT tech), QNAP's NAS being targeted (ransomware).  While maybe not strictly an IoT device, it still speaks to having any device internet accessible as a risk.  In this case it was ransomware, but realistically they could have deployed something far more vicious is they wanted to.

 

Other examples, that would make me concerned to have IoT things plugged into my primary network:

Philips Hue bulbs exploit (network infiltration) [2022]

https://tech.hindustantimes.com/tech/news/smart-bulb-can-allow-attackers-to-hack-computer-networks-in-your-home-check-point-report-story-ztka4JTrLj9iAwn7Ss70KN.html

 

Philips Hue bulbs again [2020]

https://www.makeuseof.com/tag/smart-light-bulbs-security-risk/

 

I can't remember what type of device it was, but there was another IoT device that could be exploited by spoofing the router (iirc) and by spoofing the router it would try reconnecting to the new router (and could be exploited to retrieve the wifi network password)

[solado]

When I read threads like this (which are common on multiple platforms), I feel ashamed to care about my privacy and not wanting to share my data unessesarily.

While data privacy is a thing of the past unless you make a full time effort of doing it, I dislike the idea of allowing IOT devices to collect data that can be used for marketing purposes such as when I end up getting junk sent through my letter box.

 

 

[Chiyawa]

Just my opinion:

 

Privacy issue: depends on the manufacturer that 'owns' them. Not to trigger your anxiety, but anything that can connect to Internet post a risk of privacy issue since there's no way to know what data is being transmitted without a technical know how and network monitoring software (did you know you are being tracked by Amazon by just using any website like Google search even if you are in Incognito mode? Now most trackers will use sophisticate behavioural browsing tracking pattern so they can guess determine it is you, even if you use VPN!). The best bet you can do is buying a 'dumb' robot cleaner that doesn't require Internet access. If it needs WiFi access, you can create a special virtual WiFi connection that can't connect to the Internet for the vacuum.

 

Security issue: virtually none if you set up your network properly (a simple disable of SSID broadcasting and WPA2 password encrypted communication is a definite way to deter close to 96% of brute force attacks). You can also set a firewall to block any access from the Internet so meaning only local network can access the vacuum.

[Omni-Owl]

3 hours ago, Caroline said:

You can, you know, get rid of it, as of the time of writing this it's not mandatory to use a smartphone. There isn't any law that states you have to use one to be a citizen of X country.

 

Corpos and governments though are trying hard to force people to use one by overcomplicating things that could previously be done without one with ease like checking your medical record at the hospital, or managing a bank account, if you want to talk to a human they make you book an appointment, even something as silly as buying bus fare tokens is becoming harder as not everyone sells them anymore because you can now pay the fare with a phone.

 

And so on. I don't accept that as part of my life, will that make it harder? sure. I have my reasons, and they go beyond not wanting corporations to spy on me.

Okay, that's your choice. I made it quite clear that I made a choice as well because saying "well you can, no law says..." Is a "technically correct" argument that doesn't address the socioeconomic context at play here nor is it a particularly compelling argument.

 

I want to participate in society, so not having a smartphone does not only make me less competitive it also alienates me in a lot of subtle as well as very obvious ways.

[Beerzerker]

OK, getting things straight here for myself. 

The question asked was: "Would you trust a robot vaccum from a privacy point of view?"
My answer is: "No".

You're welcome.

[TetraSky]

I don't trust a robot vacuum from a cleaning point of view, much less on a privacy one.

[Guest]

Not anymore.

[dalekphalm]

12 hours ago, Caroline said:

What socioeconomic context at play? 

 

 

I participate in society too, just without a phone lol

It's not a strawman to say that there are socioeconomic factors at play for people who decide to opt-out of using modern communications devices such as smartphones.

 

The biggest impact is going to be in networking, availability of communications (and type of communications), and ability to access resources on the fly.

 

In many industries, that simply doesn't matter. For example, if you work retail - no big deal. Especially if you still have a "non-smart" flip phone with SMS.

 

But, if on the other hand, you're a lawyer, and you need email, WhatsApp, SMS, *and* access to the company app platform, pretty much all the time, regardless of where you are - not having a smartphone is going to severely hamper your ability to compete against those that do. Yes there are a lot of old school lawyers that can barely use smart devices - but even with them, they're likely carrying around an old Blackberry at least, and these folks are already well established in their careers.

 

It's a personal choice to opt out of using a smartphone, but let's not pretend like there are no drawbacks of that decision, even if they don't personally impact you in any significant manner.