BlogPrivacy & Security
Smart Appliance Spying

Smart Appliance Spying

Nick Bolduc
on Aug 31, 2022
But is your smart home safe to live in? And how can you protect your privacy when your fridge is harvesting your data?

The Amazon-iRobot acquisition has prompted us all to consider (or reconsider, for many of us) a new dimension of privacy. We are so often concerned with—and building for the purposes of—online privacy, that we have been less focused on a different type of privacy invasion.

Privacy in your own home is under attack. Unlike the privacy compromises required by many web2 services, however, this is privacy that can usually be maintained at virtually no cost. Virtually no cost—that is, unless you are already reliant upon smart appliances.

If you have been anywhere on the internet since about 2014, you are probably familiar with some of the earliest general purpose smart appliances—for example, Amazon Echo/Alexa or Google’s Nest. Or perhaps you (or someone you know) have used more specialized products—some of which have been around much longer. Take, for example, the Roomba autonomous vacuum, which has been for sale for almost 20 years, or smart watches, or key chains, or doorbells, or light bulbs.

Or the most ubiquitous smart “appliance” of all—a smart phone. Of course, privacy concerns regarding mobile phones are a well-covered topic, but they fit the wider theme of smart appliances creating avenues for abuse of consumer data and privacy.

Take the privacy policy for the autonomous vacuum, Roomba. From this policy we may find that some Roomba models can “transmit data wirelessly to the Service . . . . stored in a deidentified state (separated from identifiable information).”

It should be a comfort that the data is stored in a “deidentified state,” but by now we should all know that anonymous data is often easily reidentified.

Roombas may collect “information about the robot's movement throughout the environment to create a location "map" of the Robot’s domain and the existence and type of objects (chair, desk, fridge etc.) or obstacles encountered” as well as “Wi-Fi signal strength in each location,” and “device data, such as MAC address, device type, device name, identifier, serial number, product code, network bandwidth usage, and device location within and near the home.”

Roombas may also try to guess what various objects around your house/flat, or connected to your wi-fi are: “types of objects (detected using the camera on your Robot) along with a corresponding confidence factor for that object and its location, the location and confidence factor of Wi-Fi devices connected to your local network, and Wi-Fi heat maps.”

It might seem silly to think that the little robot vacuum is doing all of this, but it’s not at all silly to think that iRobot, or Amazon, might now have the most detailed floor plans of your dwelling that have ever existed.

Speaking of Amazon, we haven’t forgotten about the Ring debacle. Amazon’s Ring is a smart doorbell that enables you to see who’s at the door—just by checking your phone. It also records footage that Amazon might give to law enforcement, as they already have at least 11 times so far this year.

From Ring’s privacy policy:

[We collect] Content (and related information) that is captured and recorded when using our products and services, such as video or audio recordings, live video or audio streams, images, comments, and data our products collect from their surrounding environment to perform their functions (such as motion, events, temperature and ambient light).

(emphasis added)

Or consider the aforementioned Google Nest. Nest represents a suite of products, from smart speakers to thermostats to cameras and more.

We believe the best way to earn your trust is to keep you in control of your information. We only share personal information when you explicitly give permission. When you do give us this permission, we also let you know what personal info we’re sharing and why. And you can stop sharing your personal information at any time.

But are you really in control? Note that you have no say in terms of what data they collect, merely what they share.

In fairness, Nest’s privacy policy actually seems quite a bit less egregious than that of Amazon’s Ring, or Roomba (at least in the author’s estimation)—but there’s a not-so-small problem:

Note: If you use your Nest devices and services with a Google Account, then your data will be handled as described in the Google Privacy Policy

And we should all know that Google does not have the greatest record when it comes to consumer privacy.

Don’t use smart appliances! Or if you do, keep them disconnected from the internet. If you must use an internet-connected smart appliance, read their privacy policy, be aware of what sacrifices in terms of privacy or anonymity you are making for the sake of convenience, and keep in mind that they may still end up mishandling your data, or leaking it, or providing it to the government without your consent or a warrant.

Not everyone values privacy to the extent that we do—we understand this, but it’s up to us (you too) to make sure that everyone understands the consequences of surrendering it. Talk to your friends and family about their smart appliances, if they have any. Don’t drown them in articles or arguments. Be persistent, not overbearing. Ask if they would allow a stranger, or a group of strangers, to sit in their home and listen to them in case they wanted to play a Spotify playlist, or place an Amazon order—or vacuum their house.

To be utterly clear, we are not in the least opposed to technological advancement, automation, or even smart appliances themselves. We think autonomous vacuums, automatically adjusting lights, and voice-activated appliances are cool—really cool. But such tech offers unique opportunities for the exploitation of consumer privacy—and many companies are ravenously taking advantage of these opportunities.

They are failing you.

Nick Bolduc
Share article on: