The Internet of Things and your right to a private life


We’re fanatical about your privacy and security.

“Technology is nothing. What’s important is that you have a faith in people, that they’re basically good and smart, and if you give them tools, they’ll do wonderful things with them” – Steve Jobs.

The Internet of Things (IoT) is very much here and it’s likely to be around for quite some time.

On the face of it, an interconnected network of every day devices sounds both good and smart but is our faith in such devices and the people who create them well-placed?

As a privacy-minded organization, we have our doubts.

The essence of the problem is the fact that manufacturers of so-called ‘smart’ devices have two main motivations – the need to make a compelling product that sells and the often greater need to make a financial profit.

With that in mind, you have to ask where their interests lie – is it in privacy and security or in generating a return on investment?

The trouble with wearable IoT

The first problem with IoT from an article writing point of view is the fact that there are so many devices which now fall under that umbrella, from watches to fitness trackers and television sets to fridges and many, many other devices besides.

With that in mind, we are only looking at a few of them today but that doesn’t mean to say that you should instantly assume that other ‘smart’ devices are any different.

So, if we first look at what is arguably the gadget de jour – the wearable fitness tracker (and the same applies for the so-called ‘smart’ watch) – what can we learn?

The first point, and the most salient, was made very eloquently indeed by an August 2014 report from Symantec in which the security vendor highlighted how the cost of tracking such devices was a mere drop in the ocean when compared with the cost of actually purchasing one.

For just $75 Symantec researchers were able to build a tracker using a Raspberry Pi, a Bluetooth 4.0 adaptor, an SD card and a battery pack. Once completed, the homemade tracker was taken to public locations in Switzerland and Ireland and used to passively scan the airwaves and pluck out device serial numbers or other identifying information which could be used to track the wearer, prompting researchers to say:

“In our testing, we found that all the devices we encountered can be easily tracked using the unique hardware address that they transmit. Some devices (depending on configuration) may allow for remote querying, through which information such as the serial number or a combination of characteristics of the device can be discovered by a third party from a short distance away without making any physical contact with the device.”

Worse than that, the researchers also dug deeper into wearable devices, discovering that the associated apps often contacted multiple domains, leaked data and had questionable privacy policies that gave the impression that developers were either not taking privacy seriously or had not thought through their policies – a sign, perhaps, that profit comes before people?

Therefore, as the report suggests, the use of wearable tech is not synonymous with privacy and any reader concerned about the latter would be well advised not to purchase the former.

The trouble with household IoT

But wearable devices are not the only devices that fall under the IoT heading – household appliances do too, often with unfortunate side effects.

The previously mentioned fridge is a good example. Back in January 2014 a large-scale global cyber attack was under way. Law enforcement knew they weren’t looking for the stereotypical spotty, nerdy kid in his mum’s basement though – they had an altogether different type of suspect in mind.

Described as white and barely three feet tall, the accused was in fact an IoT refrigerator who stood accused of sending out over three quarters of a million spam emails. Not on his own mind – he had help – from 100,000 other similarly connected household gadgets.

While a spam run is hardly a threat to your privacy, it is a damn big nuisance and an indicator of how household devices can be used for purposes beyond those which they were built for.

Take for instance the humble TV set.

Back in November 2013 The Register reported how supposedly smart TVs from Korean manufacturer LG were too clever by far.

By dialling home every time the user changed channel it could actually be argued that the TV set was watching more than the viewer themselves.

Worse than that, it was also discovered that media files played on the set via inserted USB sticks were also fair game – the names of files were also sent back to South Korea. While some LG-owning viewers were probably not too fussed about who knew they were watching videos of their cat, or looking at a collection of dodgy selfies, purveyors of adult ‘art’ may have been less enthusiastic about LG being aware of their late night viewing pleasures.

What do we think of IoT

By now you have probably guessed that we here at ExpressVPN are not the biggest fans of the Internet of Things.

While some of the devices could well satisfy our inner geek, the accompanying privacy concerns shatter our faith in smart people doing good things with them.

We don’t like the idea of being tracked via our watches or fitness devices and we’re even less keen on how the data from those devices can end up on third, fourth or even fifth party websites, either through the implementation of unclear privacy policies, or through potential security issues at data storage centers.

We like our milk cold but we don’t want our fridge taking advantage of our hospitality by offering Viagra to our friends, family members and other online contacts.

And we certainly don’t want our TV set to know what we watch at night, however wholesome our viewing habits are.

And we definitely, definitely do not want any association with the new breed of devices that offer to help us with our after-TV activities thank you very much. It’s not only because we don’t need any help in that area, it’s also because we know how data can end up in the wrong hands and we don’t know what would be worse – strangers seeing how we ‘perform’ or medical insurance companies knowing about our pedestrian or risk-fuelled private lives.

Coping with the Internet of Things

To conclude, the Internet of Things is interesting but it is scary too.

Gadgets and gizmos appeal to many people and there is and will be a huge level of interest in just about anything that can connect to the internet in order to help us get fitter, save money or help us bring a little control to our otherwise chaotic lives.

So we know some of you will dabble, even though we don’t think you should.

With that in mind, here are some damage limitation tips (if you though we were going to offer tips on how to stay completely safe with the IoT then you probably should keep well away from it):

  • Always lock any internet-enabled device with a screen lock or password to prevent unauthorized access
  • Never, ever, ever, use the same password more than ONCE. Every account and device you have should have a unique and hard to guess password that does not contain names or pathetic excuses for security such as the ever-popular “123456”
  • If your device is Bluetooth-enabled switch it off when not in use
  • Read privacy policies carefully, especially in regard to how data is stored, used and who it is shared with. If third parties can gain access to your data read their privacy policies too
  • Never share too much information with a connected device or associated website
  • If you are using a device that allows you to share results or other data with social sites think carefully before doing so – if you put fitness data online, for example, then anyone can (and will) read it
  • Does your IoT device note location data? If so, make sure it isn’t sharing it unnecessarily
  • Is your device telling you that an app or operating system update is available? What are you waiting for – install it now
  • Can you add a security solution to your device? If so, do so
  • Can your device make use of encryption technology? You know what you need to do.

Featured image: dragonstock / Dollar Photo Club

ExpressVPN is dedicated to your online security and privacy. Posts from this account will focus on company news or significant privacy and security stories.