If you've been reading here, you aren't wondering.Every time a major Internet-connected-product is released, we keep coming back to the debate over security vs. convenience. The progression of arguments goes something like this:
- One group expresses outrage/skepticism/ridicule of how this product doesn't need to be connected to the Internet;
- Another group argues how the benefits outweigh the risks and/or how the risks are overblown;
- There will be news stories on both sides of the issue, and the debate soon dies down as people move on to the next thing; and
- Most users are left wondering what to believe.
This is a really good idea. The article is long but very thought provoking. The one thing that I would add is that there isn't a snowball's chance in the Mojave Desert that this will happen. The reason is that security is the last thing on the IoT designer's minds. IoT engineering funding comes from one of a very few places:As a security researcher, I often wonder whether the conveniences offered by these Internet-connected-devices are worth the potential security risks. To meaningfully understand the nuances of this ecosystem, I consciously made these devices a part of my daily life over the past year. One thing immediately stood out to me: there seems to be no proper mechanism to help users understand the ramifications of the risk/reward tradeoffs around these commonly used “personal” Internet-connected-devices, which makes it difficult for users to have any sort of effective understanding of their risks. I pointed out the same in a recent CNN Tech article about Amazon Key, where I also said:A simple rule of thumb here could be to visualize the best case, average case, and worst case scenarios, see how each of those affect you, and take a call on whether you are equipped to deal with the fall out, and whether the tradeoffs are worth the convenience.
- The existing appliance sales are flat, so quick add Internet connectivity to the refrigerator/stove/etc. The goal is to raise the price point by adding cool and flash.
- Adding Internet connectivity to the device is "Insanely Great" and will let you sell to people who want to "Think Different". Hey, it worked for Apple, didn't it?
- Someone wants to spy on you, and so makes your Barbie doll or whatever "Interactive".
In none of these cases do any of the marketing folks want you to actually be able to understand the risks you are introducing into your home. Heck, I've been doing this for over 30 years and I can't understand the risks.
And so my approach is to say "not just 'no' but 'HELL no'" to any IoT devices. Sorry, I don't want a cool refrigerator, I want one that keeps my food cold (at a low cost). Sorry, I don't care if you think I should "think different". And as to spying - yeah, that's typically my starting assumption for all of these devices.
That's probably unfair, to the devices and to the people who designed them. But without the slightest possibility of figuring out just what is being done to me, that's actually my best option. It very well may be your best option, too. At least until Silicon Valley marketroids earn some of our trust back.