back to article How the CIA, Comcast can snoop on your sleep patterns, sex toy usage

Smart home devices supply much more personal information than you might imagine – even when the data is encrypted – it appears. In a study [PDF] of seven popular products, the team from Princeton University in the US decided to dig into how much they could figure out about a person's daily habits just by analyzing the internet …

  1. Kernel

    "We could easily see a router manufacturer figuring out a way to disguise identify such traffic and use a new privacy setting as a unique selling point sell the information in a timely manner."

    FTFY.

    Just wait for the message to pop-up on your tablet or PC - "We see your sex toy is slowing down - would you like to order new batteries for it now?"

    1. MyffyW Silver badge

      Never really seen the need for anything electrical, never mind electronic, when it comes to the humble dildo.

      1. Anonymous Coward
        Anonymous Coward

        Never really seen the need for anything electrical, never mind electronic, when it comes to the humble dildo.

        Well that's what we thought until we tried one of those 'for both of them" devices. SWMBO was sceptical of the cost, but soon changed her mind the first time we used it ;-)

    2. fran 2
      Coat

      You can always tell it to buzz off

      1. Antron Argaiv Silver badge
        Happy

        Leave mine running 24 hrs a day

        Let them wonder...

  2. Number6

    I'm glad my home is dumb. Apart from smartphones, I have one IoT device on the system and that mostly operates on a fixed timetable, I only talk to it to change the schedule. It's also hideously insecure, using http with no encryption in sight, and the server out in the cloud is slower than a snail on valium. A real POS of design. One day I'll hack the protocol and set up my own equivalent so it need not talk outside the firewall.

    My router runs OpenWRT, so hopefully less likely to have dodgy firmware.

    1. td97402

      Lose the Unsecured IOT Device

      There is no excuse for leaving an unsecured device connected to the net these days. I wonder how many bot-nets it participates in already.

      1. Voland's right hand Silver badge

        Re: Lose the Unsecured IOT Device

        There is no excuse for leaving an unsecured device connected to the net these days. I wonder how many bot-nets it participates in already.

        Most likely none - OpenWRT does not have upnp NAT traversal by default, you need to install the package. My own ones sit behind spare ports on the WiFi access point running OpenWRT which has its config "inversed". It thinks that the ports on the "inside" are the hostile wild Internet. That is where the cameras, etc are. It allows the house to query them, but it does not allow them to get anywhere.

      2. Number6

        Re: Lose the Unsecured IOT Device

        There is no excuse for leaving an unsecured device connected to the net these days. I wonder how many bot-nets it participates in already.

        If that was aimed at me, it's secure in that it only talks to their server. Internal to my network it's on a VLAN of its own and I've sat there and watched what it does using tcpdump on the router so I don't think it's participating in anything. That's how I know it uses http clear text to communicate.

    2. Warm Braw

      Apart from smartphones

      Well, given that your smartphone can watch and listen to everything you do, a remote observer can probably figure out you turned the light on without needing the input from a "smart" switch...

      1. Number6

        Re: Apart from smartphones

        I normally put my phone into flight mode overnight, I guess that's a usage pattern they can spot. In theory it stops it transmitting, but given that it's a software switch, no doubt someone can override that. Sometimes I forget to restore it to normal and about noon the following day I decide that things have been a bit quiet and realise why.

    3. Anonymous Coward
      Anonymous Coward

      Not dumb - smart

      What you describe is not a "dumb" home at all, but a very "smart" one.

  3. a_yank_lurker

    Not Surprised

    There is a lot of information one can learn by just watching usage patterns.

    1. Yet Another Anonymous coward Silver badge

      Re: Not Surprised

      Unless you put extra life batteries in your personal massager, strap your fit-bit to it and put your nest in the freezer.

    2. handleoclast
      Paris Hilton

      Re: Not Surprised

      Yeah, a simple traffic analysis gives a lot away. If my computer is receiving packets from pornhub, I'm probably masturbating.

    3. JaitcH
      Meh

      Re: Not Surprised

      The Plod, an other 'intelligence agencies', love those smartmeters since they can be, in demand, provide a constant trail of real time data.

      When you go to bed, when you have a midnight 'tinkle', when you raid the fridge, when you make tea/coffee, etc.

      And none is IoT - just reading the electricity and water consumption.

      But at least the technically knowledgeable can block the RF signals, and insert juicy ferrite RF filters in the power feed into the house, etc.

  4. Anonymous Coward
    Anonymous Coward

    Sorry to bother you

    We realise this is a bad time, going by your average usage duration, but would you be interested in buying our latest offering; "The Intruder 5000"

    1. Rich 11

      Re: Sorry to bother you

      You forgot the advertising vid.

  5. Anonymous Coward
    Anonymous Coward

    Do we need any more justification

    to give all this IOT stuff/chap/shit the big middle finger and get it out of our homes?

    Please don't give me all that marketing double/triple speak about how convenient it is especially those door locks that are being heavily peddled on TV at the moment. It is only there to spy on you and help those who want to sell you more crap stuff so that the thieves can come and relieve you of it.

    Say NO to IOT and things like Amazon Echo, HomePod etc.

    None of this shit will get into my home. I don't care if I am considered a luddite but I've been around IT and Tech kit for 40+ years to know when using this stuff is just plain wrong.

    1. Michael H.F. Wilkinson Silver badge

      Re: Do we need any more justification

      Precisely. I remember a lecture on "Ambient Intelligence" (anyone remember that catchphrase? Just one of the many phrases of things now going under the IoT moniker) at a conference, and the speaker raved on about how ideal it would be to have your home automatically start playing your favourite music when you entered. I suggested to the speaker that I (as many others) have rather wide-ranging tastes in music, and what I feel like depends HEAVILY on my mood. How would these things know what I wanted. The speaker gave a rather evasive answer and suggested errors weren't a huge problem, whereupon I suggested that if the system got it wrong and started playing the wrong music when I was in a particularly foul temper, I might go to its major data banks with a large axe and give it a reprogramming it would never forget. I added I also did not need refrigerators ordering beer for me, let alone self-satisfied doors, auto-chefs, or nutrimatic machines,

      You can probably tell I had been playing some old HHGTTG tapes in the car on my way to the conference (as important educational material for the PhD students who were travelling with me)

      Doffs hat (roo-leather Barmah today, it's pissing down) to the late, great Douglas Adams

  6. chivo243 Silver badge
    Trollface

    Lazy or smart

    I still don't have any smart home gadgets... No plans for the future. So a little of column A and a bit more of column B.

    1. Chris G

      Re: Lazy or smart

      The smartest 'aid' I have in my home is my wife, she knows what I like when I like and because she wants to, doe!s as much as she can to make me happy. In turn I reciprocate, to be honest she is connected to the internet frequently but only to chat with family and friends.

      I know when the fridge needs restocking, the temperature is too high/low etc, I can't think of anything IoT can do for me that my wife doesn't already do.

      Plus normal people don't marry the internet.

      1. Anonymous Coward
        Anonymous Coward

        Re: Lazy or smart

        "Plus normal people don't marry the internet.'

        But an awful lot of them seem to have a lot of sex with it...

      2. JaitcH
        Happy

        Re: Lazy or smart

        Some married men would prefer an IoT to a live, chatting, wife - they don't argue back, don't argue and you can choose your own TV programs.

  7. Neil Barnes Silver badge
    Big Brother

    I suppose it would not be considered friendly

    if one, in the absence of any actual IoT items, were to generate fake requests to the known servers?

    Nah, that would be like fake news. Bad.

    1. Anonymous Coward
      Anonymous Coward

      Re: I suppose it would not be considered friendly

      @Neil Barnes - genius! Have an upvote from me. Hmmn, I think I know a chap who might know how to fake such stuff, I wonder if he fancies a free Italian meal? :-)

  8. MJB7

    The problem, is that I don't think enough people actually care about privacy to pay extra for a router feature. In fact, I suspect that nearly all routers are supplied by the broadband supplier, and they certainly aren't going to want extra privacy or extra traffic.

    1. Anonymous Coward
      Anonymous Coward

      Relatively few people knows how to configure a router to get more privacy (and security), most consumer user are thereby OK with the supplied one.

      But it's getting worse - too often with some ADSL2+ lines and fiber, which are also used more and more to carry voice also, you are no longer allowed to use your own router - you are forced to use the supplied one.

      You need to add your own firewall behind the router, which adds cost and complexity - easy for people with a good knowledge of IT, hard for the general user. Thereby more an more ISP will control your gateway to the Internet, and they'll like to see what the traffic carries.

      1. Pat Att

        But which router to choose?

        Could you recommend a router that is relatively easy to configure in this way? Preferably too, one to which an external antenna can be added (as I will need it to create a WIFI bridge to a home-office in the garden (or is a separate device usually used for that?)).

        1. 2460 Something

          Re: But which router to choose?

          Have a look at the openwrt table of hardware and choose one that fits your budget/needs.

    2. Anonymous Coward
      Anonymous Coward

      If there were no such commercial product as insurance...

      ... how many people do you think would take steps to insure their property or their lives?

      1. Sir Runcible Spoon
        Paris Hilton

        Re: If there were no such commercial product as insurance...

        Whilst we are on recommendations, I have a NCU that I'd like to turn into a router (or transparent bridge) that can also run wireshark.

        Best OS and software for the job?

  9. Long John Brass

    You had me at ...

    Smart Plug .... Fnar Fnar Fnar

  10. Blotto Silver badge

    Simple way to elude the snoopers

    VPN

    Peer to peer uploading constantly, maybe adobe updates or just win 10

    QoS marking all non peer to peer traffic as preferred

    So long as no unusual spikes or dips you should be ok, prob spikes at home time anyway as others come home and turn their machines on which in turn start pulling data from your peer to peer thereby masking your iot.

    1. Anonymous Coward
      Anonymous Coward

      I see a gap in the market...

      For a VPN that tunnels use of IOT to random locations and use patterns. Problem is, snooping is part of the service. How can your Internet Connected Fridge order more beer without your Credit Card details? At which point, it's too late to anonomise.

  11. Potemkine! Silver badge

    "smart" like in "smart, my ass"

    Labeling IoS devices as 'smart' is just another marketing trick to make people buy more junk.

    It makes people sacrifice safety, privacy and personal freedom in exchange of a little more laziness, a little more fat around the hips, a little more false feeling to have own's ego satisfied.

    1. Neil Barnes Silver badge

      Re: "smart" like in "smart, my ass"

      The Machine Stops: http://archive.ncsa.illinois.edu/prajlich/forster.html

  12. Teiwaz

    Everyone Just leave 'em on 24/7...

    ...And wait for the rising concern of 'man' hours wasted on the orgasm news reports.

    Well, either that or wait for the sex toys to either vibrate out the door or achieve consciousness and start demanding voting rights.

    There's nothing at all way 'Smart' about the 21st Century, so far I get the feeling we're on track to repeat most of the mistakes of the 20th.

    1. John G Imrie
      Coat

      Re: Everyone Just leave 'em on 24/7...

      so far I get the feeling we're on track to repeat most of the mistakes of the 20th

      Only faster and harder.

      1. This post has been deleted by its author

  13. Anonymous Coward
    Anonymous Coward

    A real "smart home"

    A real "smart home" is a house that contains at least one intelligent, well-informed human being who has a brain and uses it often to good effect.

    Such a house will contain absolutely no Trojan Horse electronic devices that could be used to spy on the occupants - or even to harm them.

    1. Teiwaz

      Re: A real "smart home"

      A real "smart home" is a house that contains at least one intelligent, well-informed human being who has a brain and uses it often to good effect.

      Smart home still far, far off then, at least in the mainstream...

  14. jonathan1

    I want to "own" my smart home...

    Hi all,

    Quick question - would you guys use the technology if it didn't dial out over the web and was a closed loop? (Putting phone remote control to one side for the moment). If you could buy a "magic controller box" and install it where all the commands / requests stay there and which all of the various devices hook into would that be acceptable?

    I'd be much happier if that was the case. I want a home with a Jarvis like in Iron Man but I want it to be my Jarvis not some else's which I'm renting at best / or paying for through my personal data being sold. Its funny how we've gotten to the point where we pay for things and but we don't own them or we pay twice.

    I bought an Echo out of curiosity during prime day. Must confess I've stopped using it except to play music. Turning the lights on is still easier by pressing the light switch. I found I don't have to repeat the action :)

    1. NonSSL-Login
      Big Brother

      Re: I want to "own" my smart home...

      I would use a voice activated system such as the echo if all voice recognition was done locally without any connections over the internet and it sent no data back to the manufacturer.

      However, my attempts at creating a system using public voice recognition projects left a lot to be desired. Still needs some work to get local recognition as good as googles or similar services. We will get there eventually though.

      Plus I want to use my own wakeup word.

      As for the original topic, it is worth the cost to have two routers or a router and firewall setup so you can connect to video streaming services remotely and VPN all other traffic as an example. Just set the default gateway to the main router for video and all other devices have their gateway set to the router/firewall that has the VPN connection for instance. The VPN router has it's gateway set as the main router.

      1. Anonymous Coward
        Anonymous Coward

        Re: I want to "own" my smart home...

        I've done voice control for the PC last month. Was a bit of fun. Got bored quick. Even the useful stuff I setup like "play music/track*", are quicker by hand. For the few times I will be cooking/cleaning/doing other stuff, noise will likely drown out/garble the reading.

        So I'm left with using it as an extra input for games and stuff.

        Voice is like touch... very very use specific and not universal at all.

        *Ok, I got as far as "play music", to search for the track would not be too hard though, but take more time to setup/control

  15. J. R. Hartley

    There is a direct correlation with dildo usage and noise.

    1. Paul Crawford Silver badge
      Gimp

      Yes, and inversely correlated with ball-gag use.

  16. Anonymous Coward
    Anonymous Coward

    I take comfort in...

    The belief that we live inside a simulation and we are already universally monitored and analysed.

    Hang on....

  17. Sherrie Ludwig

    The IoT reminds me of a Victorian house crammed with those goofy gadgets that you see in patent submissions of the era: automatic potato peelers and Rube Goldberg-like devices for turning down the bed. Only with a gossipy maid who knows everybody thrown in. Thanks, I'll pass.

  18. Anonymous Coward
    Anonymous Coward

    Linksys EA7500 -- It's worse than you think....

    Just dumped this Linksys wireless access point. If you use the "easy set up" you get to create a cloud account on a Linksys server, and ALL configuration of your access point is done via the server (i.e. over the internet). This is so that you can use your smart phone to "configure the device from anywhere on the planet".....and so that Linksys knows everything about the LAN in you home!!!!!

    *

    It took nearly a day to configure the device COMPLETELY off the internet.

    *

    Then I reset the thing and took it to the local charity shop.

    *

    How many Linksys owners know what Linksys knows about them? Welcome to the future!!

    1. Ben Tasker

      Re: Linksys EA7500 -- It's worse than you think....

      > Then I reset the thing and took it to the local charity shop.

      You may have done someone a serious dis-service there, would probably have been better to bin it

      1. Anonymous Coward
        Anonymous Coward

        Re: Linksys EA7500 -- It's worse than you think....

        @ben tasker The "serious dis-service" is being done by Linksys....not by someone abandoning a £100 piece and having to buy something else!!!!

    2. Paul Crawford Silver badge

      Re: Linksys EA7500 -- It's worse than you think....

      You could probably have flashed it with DD-WRT or similar and had something more secure and thus useful.

    3. Anonymous Coward
      Anonymous Coward

      Re: Linksys EA7500 -- It's worse than you think....

      That what happens with consumer-level products. Business level ones are usually a bit better, although you may spend more. I got a LAPAC-1200 some time ago (there are now faster models), and without the price of a Cisco or HP kit it's a decent AP (AP only, no router...) with enough pro features to configure a secure network.

  19. fidodogbreath

    It just might work

    ...how can you stop the CIA – or Comcast – keeping tabs on your dildo use? The team dug into various methods, including:

    Don't buy internet connected dildos?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like