Dear Internet of Things: human beings are not things


#1

[Read the post]


#2

Time for Project BLUESKY, a family of cloud-independent technologies.


#3

While all this is nice to imagine, seriously doubt if the big corporations will allow it to pan that way. they will push whatever they want to into our lives no matter what filters/rules we set.don’t see a spamless future ever from here on.


#4

I applaud the idea of reconsidering the ‘internet of things’ to focus on the ‘these things are my things, and they gather data for me, and store it under my control, to serve my interests’ concept; and would say that this is absurdly superior to the current ‘these things are things you pay for and keep charged; but they basically remain property of the vendor forever, and are pretty much just surveillance devices’ model. Kudos.

However, I have deep concerns about being able to make it work. This model will still fail less badly than the current one(which throws open the gates to the barbarians immediately, and provides them room service); but there are both some architectural constraints that make more-invasive approaches more powerful for some problems; and classic; but ugly, " ‘agreement’ between parties of unequal power" problems.

In terms of architectural constraints(some partially created by ‘parties of unequal power’; but some more or less inherent), there are several issues:

One is simply that, without a design that borrows fairly heavily from the paranoid side of signals intelligence, and countermeasures, it will be very, very, difficult to prevent eavesdropping attacks by adversaries who can deploy usefully large numbers of listening stations(which, given the declining cost of multiple fixed-function radios in a little internet connected box, or an SDR setup in a little internet connected box, means “Basically all retail chains, municipalities, owners/renters of billboard space, ISPs that provide CPE equipment, telcos with networks of cell towers and assorted equipment boxes in widely distributed easements; and various other parties”). Encryption can prevent them from actually getting the contents of the traffic; but bluetooth, wifi, cellular, and other wireless transmitters, at least in default configuration, absolutely bleed useful ID information and triangulation and signal strength inferences can nail down location reasonably robustly. Unless all the ‘things’ in your life are hardwired or fundamentally cleverer than those available today, you’ll be a walking RF beacon spewing UIDs.

Another is that some capabilities are not possible to implement within the constraints of power-limited mobile devices; and even if the power and storage are available(either through advances in mobile technology or connection to a friendly real computer) may not be available without the cooperation of a less-than-totally-trustworthy 3rd party.

For instance, those little ‘activity tracker/fitness band’ things, as currently designed, all phone home to the mothership. In part, this is just because they can; and you are product, etc. In part, though, it’s because a lot of them depend on 3rd party analysis technology that simply isn’t for sale, except as a service(the companies that sell to end users are typically rather quiet about this; but the big player appears to be ‘MotionX’, which a whole bunch of them get from [Fullpower technologies][1]. If you want to know who is on the list, it’s usually easier to check Fullpower, rather than try to find mention of them on the vendor’s site.) The fact that the raw sensor data aren’t neatly exposed, or even necessarily owner-accessible at all, is just a ‘fuck you!’ from Jawbone et al.; but the fact that the more sophisticated inferences(calories burned, sleep quality data, that sort of thing) are only available if you report back to the mothership is a product of the fact that the algorithms for making those inferences, even if your phone is punchy enough to run them, are not available for purchase(at least by little people, I haven’t been able to determine if Jawbone and friends are able to host their own systems running Fullpower software, or whether they have to ship the data directly to Fullpower and receive the digested results only.)

We are seeing a similar development in speech recognition: historically you could buy speech recognition software packages that ran offline(if only because running always-online was pretty unrealistic until recently); but, while the offline options aren’t going away in the near future, most of the new entrants, and the ones that aren’t more or less strictly speech-to-text typing programs, are ‘cloud’ only(and, aside from the decision to keep it this way because they can, this gives the vendor a much, much, larger dataset to work with for ongoing improvements, so local-only is unlikely to keep pace.

Location information is in a somewhat similar boat: classic ‘GPS’(generically speaking, GLONASS, GALILEO, IRNSS, and any GPS-alikes fielded by people who don’t want Uncle Sam to have the killswitch for their missile guidance tech usually work the same way) is available without 3rd party entanglements. You just need to listen to the constellation and do the math. However, going from cold-off to fix is fairly slow. The various ‘assisted’ location services require that you leak data to the entities operating them; but offer markedly better performance(the fact that Apple, Google, and MS make ‘location services’ a “either you get nothing, or you get assisted GPS/ground-beacon triangulation; but agree to let us use you as a data harvesting node for our mapping efforts”; with no ‘I don’t want your “location services”; but let me use the GPS receiver in my device’ option is pure because-we-can fuckery; but the fact that A-GPS works better, faster, and lower power than GPS is just a technical truth.)

The notion of providers broadcasting information about their offerings, rather than your ecosystem’s feudal lord feeding you what they wish you to see is, also, a vast improvement; but still one vulnerable to inferential attacks: as a broadcaster-merchant I’m definitely in a worse position to analyze you than as your data overlord; but I still get to see what offers you react to(though the reasons for your decision are opaque to me); and I have the option of(probably with unnerving granularity, thanks to directional antennas and similar fun) ‘probing’ the consumer landscape by broadcasting a large number of at least slightly different offers in different times and locations in an attempt to characterize the demand patterns and willingness to pay of each spatially relevant region across time(this technique becomes markedly more powerful if you haven’t solved the “I’m bleeding RF UIDs everywhere I go” problem mentioned above, since I can then tailor my ‘broadcast’ offers specifically to you.)

Again, let me be clear: I am delighted by your approach that this ‘IoT’ stuff should be a network of agents that serve their owner, the person, rather than a network of listening posts that data mine the consumer peon; but, while ‘IoT’ devices built on this model will definitely be better than the alternative for those who buy them; I am concerned by the fact that there are some things where it is simply hard to beat the guy who has access to vast scale; and also the fact that ‘IoT’ will also mean vast numbers of cheap, connected, devices serving the will of owners who are the same adversaries you don’t want your devices serving.

You will be better off if your devices aren’t immediately betraying you; but as the cost of connected sensors plummets, the people who control the physical space(and handle internet service/routing of communications that aren’t local point-to-point) also get to enjoy the cost reductions; and are very, very, well placed to apply at least very, very, aggressive traffic analysis; possibly substantially more sophisticated inferential attacks. Doesn’t mean we should capitulate; but it does mean that, even if every device we own is fully dedicated to our interests, we cannot afford to underestimate the capabilities that our adversaries will retain; or how close to the dystopian-IoT outcome they may be able to get even without the cooperation of our personal systems. [1]: http://www.fullpower.com/


#5

Don’t ask for fucking permissions. Hack the things to do your bidding. The corporations can have their wishes but it’s ultimately on us engineers to get what we want and to tear our tech out of their grip.


#6

I was and am in this camp, but with general purpose computers we had a better way, and later in the mobile era there was the Sharp Zaurus SL-5500 and then the Nokia Maemo tablets and phones(both with some closed driver issues).
Hacking your stuff is doing your best to make an unfriendly gadget friendly.
Without drivers we are stuck with the horrible Android/Cyanogen kernel and the stuff built onto it like surfaceflinger making X11 video and easy porting native ARM linux apps a massive effort to re-invent the wheel you have already paid for.
Going through this now on a Nexus 7 flashed with Ubuntu Touch.
I have inhaled way too much solder fumes for the sake of hacked gadgets, but why cant we have nice things like consumer grade flagship products which do not fight the worldwide community to a stalemate when we want to transition to owning and ruling our stuff from just having a usable substitute which fights us sometimes in possession?


#7

Because capitalism.

I’d love the world you describe. We’re stuck in the stalemate one, so far. Hope something evolves that does a class-break in the status quo.


#8

It seems that the likely candidates must just be too weird, Elop sold out Maemo/Meego to MSFT in an underhanded deal. There seems to be active desire for things like the Flagship/swansong Nokia N9 before MSFT killed it to clear the runway for Windows phones.
Are we really so strange and out of touch that we are stuck without or going for some bespoke device like the Neo900 for about $1k? Maybe things will get better in mobile when Android mainlines their kernel and normal services will work.


#9

For BBers to mull,
I had a discussion with RMS a few years ago about including a POCSAG paging module in mobile phones.
this would allow you to be reachable but radio silent and passive until you chose the time and place to power up your GSM modem to make an outbound call.
No more explaining to police why you frequently stopped for coffee near a known prostitute, or a drug dealer, or where in the future there will be a massacre of some sort.
The infrastructure is in place, the service in addition to a regular phone bill is typically cheap, and it is completely radio passive, untrackable like a transistor radio, simply waiting and drawing less power than your SIM card, listening for the message string addressed to you and displayed like a SMS or a callback phone number.


#10

Thought. What about a low-power Bluetooth POCSAG dongle? Could work with more devices than just the phone, wouldn’t be limited to one or few phone types. Or maybe a completely standalone one, and keep the phone in flight mode or switched off.


#11

All good ideas, at it’s most paranoid though the point is to keep the mobile device radio passive, like aiprlane mode, so that MAC addresses could not be sniffed or whatever in addition to GSM stingraying. Additionally by having a discreet pager again, unless it could display a QR code of the message, would put one more block between receiving the page and conveniently calling it back, at a time of YOUR choosing. It has to be easy, think PGP/GPG, there are so few easy to use apps that I have to assume a conspiracy keeping all but the most OCD paranoid out of the club.


#12

The QR-code would work.
Optionally, a less secure way would leverage NFC. This could be secured via crypto, though.
Or just have the device attached via USB OTG when needed.


#13

OTG is good, but having something hanging off your phone is a PITA, I have tried this a bit to run RTL-SDR. The Neo900 will have a hacking interface internally but otherwise plug-in is a great way to snap off your USB port.


#14

Or at least ruin both the port and the cable in one go.


#15

Yes. Hence the “when needed” part. Run the receiver independently. Get message, read display, once you want to reply power up the phone and transfer the message there (via QR, bluetooth, NFC, or this USB-OTG cable).


#16

OK in that case I already have working POCSAG rx and decode on my N900, but it burns battery like crazy and risks the port.


#17

Consider it a prototype, or a pre-prototype. A good beginning with warts. SDR implementation will eat batteries, though; a dedicated hardware may be better here. Perhaps a “real” pager with an Arduino chip for interface.

Possibly make a small dongle with little magnets that attaches to the port and the phone like a semi-craddle, and the magnets like the Apple magnetic connector hold the 4 USB lines to the device. Or have the entire device as a cradle attached to the phone.

Or use some other phone, e.g. the Jolla one, which exposes a data bus (in this case I think it is I2C) to user-attachable components, in this case the case.


#18

To be honest I find that Hyperbole overblown.
In the end, it’s about advertising. Advertising is mental trash no matter what. And it doesn’t really matter if it is directed at me or not. I have enough self control to not click and buy everything presented to me… I can resist half the articles on Boing Boing, for example.

So go for it Google. Extract everything you can about me. If I had things to hide, I would avoid you like the plague, but my life is pretty mundane. Monitor my movements. Tell me the best way to drive home. Tell me when I am late for the doctor appointment. Show me a photo gallery of my kids. Tell me when I am due to pay a bill. Tell me when my blood sugar is too high.

I am genuinely cool with it.


#19

Tell anybody with access to your account your movements. Show them the photos of your kids (and, as they use the Big G too, cross-correlate it with their movements.) Tell them what doctor you are visiting. Tell the datamining insurance company that your blood sugar tends to be out of specs.

Such data have that unpleasant tendency to leak like an old chlorine valve.


#20

And that’s the scare tactics. The truth is it hasn’t happened. Your unpleasant tendency hasn’t happened.