this post was submitted on 18 Dec 2023
480 points (97.4% liked)
Technology
59415 readers
3117 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Yet another reason why IoT crap sucks. You don't need to put everything on the internet. This one should be obvious.
The "S" in IOT is for "security".
Home assistant tries to keep shit local.
depends on the device.
If the device dont provide local connection, there is nothing home assistant can do about it. Some device will also send data to the cloud even it is locally controlled by HA.
Oh for sure. But unlike smart things or any other hub, only the data that needs a cloud connection will go through the cloud...
Home assistant is great at what it does, but the problem is too big for HA to really fix it by itself.
It's the end-devices that are the biggest culprits, paired with the apps installed on your phone. It's the reason Google was basically giving away their home-mini's the last couple years.
If you use a smart device that comes with - or requires - an app, it's almost guaranteed that app collects a certain amount of data from you to be sold or utilized for user profiling.
The problem is that everyone has half a dozen of those devices already, and swapping them all out takes time, effort, and money that most people simply don't have.
It's a challenge even for the truly dedicated and privacy-minded individual to know which devices are locally hosted and which ones use local internet access or a permissive phone apps to function. Even if you DO manage to keep a clean slate, there are always companies that change their policies once they have high-adoption and force cloud integration on their users. See Phillips, Chamberlain, Microsoft, Google, Amazon...
I love Home Assistant, but it's a nightmare trying to cut out all the unsecured bullshit I've found myself with even in the past two years.
Thanks to laziness of the device manufacturers, a lot of them either expose some data endpoints locally, or just use Zigbee which can be easily paired to be used local-only.
Those that require Wi-Fi access can be filtered on the router to disable internet access.
People don't think about that. You have to register somewhere in order to use your $12.99 cam, install some app and are good to go.
How would a someone not interested in tech know that the footage data is stored on some online server and you are at the mercy of their itsec.
Which is why these companies that are marketing wifi and cloud-polling devices should be held responsible for the data breaches and regulated more rigorously.
It should be cost-prohibitive to design a smart device that sends data to a centralized server, but they do it because the upside value of having the data is so attractive. They shouldn't be allowed to hide behind a ToS agreement with mandatory arbitration when their security is inevitably breached.
Take it up with your congressman.
Seriously. It sounds like you have an informed and well-reasoned opinion. They're not 100% corrupt. And they usually only hear about tech from industry lobbyists.
Let them hear from an intelligent constituent for a change.
Good luck with that, your voice is going to be drowned out by all the companies masquerading as "people" whom they really represent.
Taking the time to get in touch with representatives at all levels of government is just good citizenship.
Sure, there are lobbyists. But there's me too. We can't expect to enjoy a civilized society unless we put in the effort.
I do it when I can, but that kind of influence just can't be done by a handful of tech-literate terminally-online weirdos. It takes a buttload of money or a massive amount of public attention to push an issue like this forward, especially when political operatives absolutely benefit from both the data and the companies involved. The political calculus just isn't there.
More people need to know and care about this before any legislator is going to spend political capital on it.
Having done this before and being told to basically get stuffed from one of their underlings I have zero faith in it. It's basically just another token thing that's about as useful as "thoughts & prayers" for the most part.
You have to be nice. You're selling an idea that is probably foreign to them.
I don't mean they literally told me to get stuffed. They won't personally take your call nor read your letter. You might get lucky and they'll let you physically come into their office but that's about as far as you'll get.
Good luck holding a company sitting in China "responsible" for about anything.
The question isn't "how would someone know....?" the question is "do you know what a hacker does?".
With end to end encryption, and requiring manual key transfer (no key sync), this would not be an issue.