’Tis the season: November is at its end, and suddenly your shopping list has moved into overdrive with gift purchases, be they intended for family, friends, or an office Secret Santa. With the increasing rise of the Internet of Things (IoT) products, it's very likely you have thought about giving a gift of a connected device this year. There are a lot of positives about ‘smart’ household items that can access more information online: for example you can lower your power bill by making adjustments based on the weather, monitor your in-home pH environment for sounder sleeping, and even set the coffee brewing timer for that perfect cup just as you get out of bed! The catch-22 is that having the IoT in products means the device is pre-programmed to send and receive data, and neither your nor your intended recipient will always be happy where that data goes.
That’s the double-edged sword of IoT: using Artificial Intelligence (A.I]) and access to massive servers online, they can do things devices on their own can’t, such as recognize voice commands or link up with online service offerings, but with a price. The trade is offering more convenience, for less security and privacy, with structures that can, if misused, make the product as much of an outsider’s gateway into your home as a way for your home to connect with the outside world. Already there are studies on how consumers feel about this fact, with a mix of high expectations towards IoT sales against cautious data that points out customers are getting more and more weary over who’s watching; thus best to be aware that even though your intentions may be pure, a connected device might not always be a welcome addition under the tree. Considering the expense of purchase the last thing you want is to pick up a device only to find out later its sole purpose is being used as a door stop.
If you're out shopping here are four items to think twice about, and alternatives for a less intrusive holiday:
1. Reconsider: Centre Stations, such as Amazon Echo, Google Home, or the Wink Hub
To be fair, the technology behind home centres like Echo, Home and Hub pretty amazing: a single control point to control multiple connected devices, and often with the ability to stream online music through speakers as well. However this blog is about privacy concerns, and in that area home hubs simply don't cut it. While some, such as the Wink Hub and Samsung Home Monitoring System are billed to increase security through control of lights, home locks and cameras, recognize that all of these devices have already been susceptible to hacks, meaning security will come down to whom is more tech-savvy: the receiver or the person scanning for devices and ports of entry. There are also concerns with the video and audio recording equipment inherent in these systems: the Echo and Home operate via activation words, recording once the right word is provided to both answer requests and send the recording to the manufacturer’s servers for product improvement analysis. Depending on the device you may be able to access recordings and delete what’s been sent or saved, but it can still be disconcerting. If you're determined to buy your significant other, friend or family member an all-in-one, do try to gage the receiver's comfort with the idea: have they mentioned interest, added it to their wish-lists or shown to be impressed with the concept?
There’s no alternative to the all-in-one, save individual apps and controls for smart devices, however unless the home is hooked up everywhere that’s not likely a concern, and if in-home IoT connected devices range past ten or twenty, privacy likely isn’t top priority. For music streaming alternatives, speakers that connect to existing devices but not the Internet directly are plentiful, and even less expensive than their IoT counterparts. Alternatively, if buying for a significant other or family member that you know wants smart speakers, consider adding assistance with the connection as part of the gift: include with the Echo or Home some help in getting up and running while maximizing security and privacy. Changing default settings from the get-go, such as a unique wake word or adding a PIN number in order to increase authentication can go a long way.
2. Reconsider: Amazon Key
Sorry Amazon: I love you for buying books, DVDs and hard-to-find practical items but this was not one of your better ideas. Convenience may be a factor when I make purchasing decisions, but it certainly isn’t the only one, and if I’m going to give my key to my local courier, we had better have been dating a while first. Much as been made of Amazon’s new product and service offering: using Amazon’s Cloud Cam and a compatible smart lock that allow carriers to deliver packages directly inside the home, instead of sitting outside where items could be damaged by weather or worse, stolen by passer-byes. As others have reviewed however, giving a total stranger access to your home simply because they work of a delivery company isn’t the solution, not to mention already the locks can be scammed and electronically overrun; happy holidays to all the cat burglars out there!
If you want to bypass a key and use your phone to enter your home or remotely unlock the door, pickup smart locks are on the market from Noke, August and Masterlock without the added Amazon webcam. Bear in mind however, none of these are completely uncrackable: security researchers from DefCon proved more research is often still needed before devices are rolled out to the public. Alternatively, if know you know someone who orders frequently and are worried about products on their doorstep, consider the low-tech approach that still works wonders: rent for them a large P.O. Box for the year, keeping items safe and locked up at the post office until the product is in their hands.
3. Reconsider: IoT connected children's toys, particularly those that cannot be turned off.
No, really, if you're buying a gift for a child, particularly no your own such as a doting grandparent or favourite aunt/uncle, don't buy IoT connected toys. How bad is this problem privacy-wise? For starters, Germany has outright banned some products, such as a smart watch with a listening function, and there are calls in the United States to do the same. Multimillion dollar toy company Mattel pulled Aristotle, originally billed as 'an Alexa for kids' from hitting the shelves due to public backlash. When it comes to the IoT and children's toys, it's much more than how much data the toy gathers, it's also situations parents don't consider. Speaking with a friend who teaches cyber security for child caregivers, she pointed out that toys like teddy bears often become 'safe spaces' for children: items of comfort that they can tell secrets to or confide in. To take this information and use it elsewhere, even benignly, would be a massive breach of trust. That audio data should never be recorded or leave the child's toy, regardless of what the manufacturer argues they will or won't do with the data.
There's nothing wrong with a traditional teddy made out of felt and care for cuddles, but if your child does want the fun of Internet connectivity consider items that include a log-in and play through a computer or device that you can then modify with more safeguards, such stronger account authentication and a VPN. Marbotic’s Smart Letters, and Sensible Object LtD’s Beasts of Balance for example, connect wooden smart letters and plastic animals with apps on a screen, they don't actually record or track anything. Above all, educate your child: if you haven't given them the talk about giving away personal information online, now's the time.
4. Reconsider: IoT appliances that could double as secret spy gadgets from James Bond, such as Smart TV sets.
I'll admit it, my Roku is awesome: the ability to stream Netflix right to the television is nice, and I've come to enjoy other channels such as Art Cast, Relax my Dog, and ReefCam. That said, when word about how smart televisions, including Roku TV and Vizio can easily be used to spy on unsuspecting owners, I was grateful that I had purchased mine in the form of an HDMI stick that has no access camera equipment. We live in an age where a device's ability to see, hear and record is often included as a feature of the product, without stopping to ask when recordings are going on or who can hear/see them. Artificial Intelligence and IoT continue to grow in the marketplace, and while often billed as convenient for the consumer sometimes it’s wise to ask who the convenience is really for: the user, or the analyst looking for more data? Rethink items that include video and audio recording where a device that doesn't record will do the job, or where there's no way to know upfront if you'll have control over the data recorded. Above all, if you’ve got your smartphone out while shopping consider looking up products and privacy before putting them into your cart. I still think the Roomba is cute, but none shall enter my home so long as it’s mapping my domain along with cleaning the floors.
If you want to add smart functionality instead of a full purchase consider add-on attachments for the main device, such as the above mentioned streaming sticks. IoT-ready attachments may still have privacy concerns, but typically have access to less information because recording isn't part of the design; they may also be removed if the user wants to use the main appliance separately. Forget buying smart appliances, try buying with a smart mindset: pull out your phone or do home research before you make purchases. Does the product include privacy controls? What types of information can it access? What are the reviewers saying, particularly technology-savvy online magazines such as Wired, the Verge or ZDNet? Keep an eye open and use your best judgement: will an IoT product really be a fit and fantastic present, or would something else be far more appropriate?
Finally, if you really want to get loved ones hooked up, consider giving the gift of privacy and security add-on: Wi-Fi routers with internal VPN capabilities, or a Bitdefender BOX, which is showing promise as an all-in-one security guard for your IoT devices. Books on privacy and home security abound, including titles well suited to teaching parents, teens and children, and those meant to get non-tech family more friendly with cyber security realities. Don't be paranoid, but due exercise caution and look to protect your loved ones in the new year.