"Smart" doorlocks have policies that let landlords and third parties spy on you

Originally published at: https://boingboing.net/2019/05/03/surveillant-tenancies.html

You are not allowed to change the locks on a house you rent in the USA?


What gets me is why?! Why would you want your lock to be ‘smart?’ Okay, yes, your basic front-door lock in America can be picked by sneezing on it, but if you spring for a nice solid Abloy (Okay, yes, a Protec2 is a hideously steep $250, but I can’t imagine the Latch is that much less, and unlike the Latch it lasts approx. forever) then it is essentially pickproof, and instead of an app you can have a physical item you can just use to unlock it which won’t ever run out of batteries or get broken or be bricked by an update or…

Who the hell thought this was a halfway good idea?


I have no idea who did, but I bet Latch could make a huge fortune if it did a deal with the Chinese government. They would definitely think it more than a halfway good idea.


Leases and laws in the US tend to cluster around a policy that your landlord can come into the premises on 24 hours notice, or in the event of an emergency. You might be able legally to change the locks, but the property owner still needs access, the lease might say otherwise (and probably does if the owner has invested in a multi-unit system), but typically it just isn’t addressed and people assume they aren’t allowed to.


Well yeah, property ownership is more important than literally any other human value.



There are so many ways these “smart home” systems can violate your privacy or be hacked, and most have to do with the company running them behind the scenes either being incompetent, evil, ignorant, or just plain making a mistake.

Can anyone recommend a “smart home” system that doesn’t rely on trusting an internet service to run it? I’m thinking something like a server that runs on your own computer, behind your own firewall.


Since privacy policies are uttered in the same breath along with terms of service agreements, I took a quick look at Latch’s. Sure enough, they want to you give up rights, agree to arbitration, agree to not collaborate to sue Latch in a class action. There is, surprisingly, a way to opt out, though it comes with a confusing set of instructions in case they ever do change that provision (Section 23(b)).

Latch gets to change the arb provision, then you have to write and print another letter and mail it via post to NYC.


I’ll give you two guesses and the first will be correct. Let us just say, it certainly was not tenants.


That needed no snark addition. It IS literally true. Sadly.


Most current North American cylindrical deadbolts use an ANSI 161 prep, a 2-1/8" bore with the backset centered at 2-3/4" from the edge of the door. It’s easy to remove the existing deadbolt yourself and replace it with an Abloy, ASSA or other high security Grade 1 deadbolt. When you move, switch the original deadbolt back in and take your high security deadbolt with you to your next residence. You already have the restricted keys (and a pick resistant cylinder), you haven’t modified or damaged the door and have amortized the cost of the lock over many years. In 10 years, the ‘hideously steep’ lock costs less than $.07/day.


I’m actually in the market for something like this. My eldest and family of four is moving back home for a year to get back on their feet. We’re moving downstairs while they take upstairs, and I’m installing a door betwixt.

Given the laundry room is downstairs, I want to have it unlocked on laundry days, but otherwise kept closed and locked for our privacy (sanity) by the time we get home. Having it be automatic will also help the grandkids know that they can’t just wander down whenever they feel like it.

Anyone know of reputable digital, time-able, deadbolt brands?

seems like a great idea for an air bnb or short term rental. For long term rentals? seems ripe for abuse.

1 Like

Floyd: Open the front door HAL.
HAL: Opening the front door, Dr. Floyd
Floyd: good boy HAL.

I was reading that smart locks were getting popular for New York apartment buildings, as it allowed tenants to temporarily grant building access to delivery people, etc. The problem was, getting into the buildings required everyone to have a smart phone, which not everyone has… So even for this one, particular use, the drawbacks outweighed benefits.

I run Vera (https://getvera.com) in my home, and highly recommend it from a privacy point of view.

The Vera controller hub can be run entirely stand alone - you can set it up without internet access. You can put it directly on the Internet by poking a hole through your firewall, if you’re super trusting of its security, and not trusting of the cloud. Or you can create an account with Vera, and let it connect to their cloud; giving yourself remote access without the risk of trusting their hub is unhackable. Of course this requires trusting Vera’s cloud in return. But it’s your choice.

The really good thing about using Z-Wave, Insteon, and other local (non-IP) devices is that their protocols cannot connect themselves to the Internet. They all require a bridge of some sort. This means remote hackers can’t hack into your ancient, super cheap light switch or garage door opener, and you don’t have to worry about patching everything in your house. The only thing that’s ever exposed to them is the hub, which you can secure as tightly as necessary.

I’ve run Veras for about 10 years now; my only complaint is they’re always a bit too slow and small. (Price point constraints.) I’d rather spend more and get a more capable hub.

1 Like


This topic was automatically closed after 5 days. New replies are no longer allowed.