The Internet of Shit:
Lets face it, it’s always been and always will be The Internet of Shit:.
The Internet of Shit:
Lets face it, it’s always been and always will be The Internet of Shit:.
Flagged for victim blaming.
32 million, assuming no one has two cameras, would by itself be 10% of the population. Obviously there are going to be some owners of more than one, but there isn’t necessarily a lot of overlap with owners of other smart devices, though. Something closer to 10% may be more likely. Even more likely yet for middle class+ homes. I’d say more than 1-in-10 people I know have IOT devices - that I know of.
At least a few people have IOT cameras, and a (different) number more who have Amazon/Google devices - mostly given to them by others. I don’t know how many of those “assistants” are actually even plugged-in, though…
I do wonder if abusers are also more likely to get IOT devices precisely in order to spy on their partners in the first place.
Yeah. It seems especially especially true of victims of abuse - not only the abuser but anyone sympathetic to the abuser (because, for example, they’re abusers themselves) join in on the gaslighting by pretending the complaints have no validity and the complainant must be delusional.
Do you think your circle of friends is typical of Americans? I have never seen anything of the kind, although I haven’t searched. Of course this only proves I am anti-woman, pro-stalker, and most likely a crypto-Trumpist.
I couldn’t say - anecdata and all that. Middle-class Californians with devices for a variety of uses - including IOT cameras for checking on pets while at work, renters with IOT locks, Echos gited by young relatives, etc.
Wait, shouldn’t that prove the opposite?
Installed by them or by their landlords? The latter would be a hard NOPE for me, if I were apartment-hunting; the former, very likely an equally hard NOPE from my landlord if I asked permission to install it.
That is the problem with nonphysical keys such as passwords, or credentials: you can easily lose track of who has been granted access, and this gets especially bad when relationships sour. I admit that I can get into the head of the jerks who do abuse this, and understand how tempting it can be to screw with the thermostat your ex asked you to set up, or to keep looking at the webcam because she never changed the default settings. (Note: I want to be clear that I never did anything like this, but that devil did sit on my shoulder once, so I know how easy it is to become that creep.)
It really is upon the makers of these devices, really, to force password resets before using the first time, but also for us to get away from the whole “oh, tech is too complicated, let me do it for you/you do it for me” mentality we have built up. We don’t hand out keys to our cars, gym lockers and flats willy-nilly, so we need to treat everything like that. And I am confident we will get better, but it’s this in-between phase where we haven’t grasped it yet that is painful.
Aside from the opacity (and in not a few cases outright incorrectness) of the permissions interfaces there is the significant problem that the duly authorized owner of the device, from the device and vendor’s perspective, may well also be the adversary.
A lot of the consumer IoT trash has permissions settings so opaque as to be useless(or security so poor as to make nominal permissions irrelevant); but ease of viewing, logging, and modifying credentials is normally one of the big perks of electronic access control: locks don’t generally keep logs and re-keying is a nuisance.
If the system assumes that whoever first punched in am email address is the legitimate owner, though, that helps you a great deal less.
The tricky bit with such a proposal would be the implementation:
Making it clear that merely being an authorized party on a cputer system for CFAA purposes isn’t good enough if circumstances are now such that your access via the authorization is invasive in other respects; but that is mostly of retrospective use.
For it to be proactively useful, substantial architectural changes, with some likely side effects, would be required: does the court maintain a list of your household devices in case it becomes necessary to lock someone out of them? Enforce a real-name policy on all accounts so that it can be determined if an access attempt is bring committed by a named party? In the case of court-ordered password resets do they use Comey’s golden key to unlock the thing so it can be re-keyed?
The general principle that harassment and surveillance by electronic means, even in cases where you are an authorized actor for CFAA purposes, are still harassment and surveillance seems like a good one(pity you’d even have to clarify the point; but I suspect that you do); but it’s a lot harder to imagine a situation where the court could actually redress the ability to keep merrily abusing the system, rather than just charge you with it after the fact, without having substantially more control over, and information about, basically all electronics than we normally want the cops to have.
If the person seeking the order can provide the information that sidesteps that issue; but also means that effective redress is now gated to people of sufficient expertise, which isn’t what one wants.
Yeah, the main reason why IoT devices are so shitty is because configuration often is an afterthought. Interfaces are driven by the showroom, not by actual UX/UI planning. Take registration, for example, and how may still imitate a paper form, with fields to fill out where applicable, language written by their legal department to cover their asses rather than actually assist the new owner, and also follows the disposable mentality – things get thrown out rather than passed on, and making second-hand ownership a pain is a benefit, not a bug. Manufacturers would be happy if you had to buy a new device because your ex kept the passwords.
I guess I am trying to say that the scummy short-sightedness of the manufacturers is an issue, and though I am confident about future generations, I fear ours will be stuck with irresponsible device makers enabling stalkers. At least a few years.
I would think that cameras are the most likely to be multiply owned. Plus, you need something more active to do the kind of harassment described.
Oh, it is a minefield, I agree. I was not proposing a firm solution, more just trying to indicate there needs to be one.
Liked for this phrase, alone. It IS the core problem.
The problem is, there will come a time when purchasing any appliance the only option will be an IoT device. We, as a society are losing control.
This was pointed out by several persons in the comments for the security camera purchase. Oh the irony!
Why don’t these victims simply change the authenitcation code on their devices?
Yes, yes the are.
I have screwdrivers and I know how to rip wifi antennas out by the roots. If it isn’t dumb when I buy it, I can make it dumb.
Unplugging you, of course.