Privacy
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
The backend security bug effectively exposed an army of internet-connected robots that, in the wrong hands, could have turned into surveillance tools, all without their owners ever knowing.
Suprise, if it has cameras, microphones, gps, data mapping capabilities and speaks to a server outside of your home it is by definition is a surveillance tool.
All of this has always been predicated on the idea that the surveillance will never be used against you somehow. I don't know why anyone ever bought into that.
Which is why we need to de-normalize this thought process. People should always ask, why does my vacuum need to go online? Or at the very least, can I turn that "feature" off?
because vacuum makers lock away advanced capabilities on the app making a home network the only way you can access them.
of course, when you're shopping, it'll use those advanced features as advertisements; but there's no way to know that ahead of time unless you're buying the most expensive models available.
And to top that off, those features have a terms contract you need to accept to use. Yet you don't know what that entails until you spend a lot of money.
Both your point and this also needs to be denormalized. We should be able to have full visibility for purchase decisions and have no push back on returns if we don't.
if it has cameras, microphones, gps, data mapping capabilities and speaks to a server outside of your home
It has also happened with baby monitors. Well, almost endless other IoT devices too. But baby monitors are a particular issue. They have speakers in them too. Attackers were exploiting it and playing very disturbing sounds to cause extreme distress to babies.
Remember, the S in IoT stands for security.
That really sucks.
For those with a robot vacuum you might want to look into Valetudo. Or just not connect it to the internet.
I guess the most plausible explanation is incompetence, there wouldn't be a reason to do this on purpose (a backdoor), right? Since the company could have easily used different credentials per device that they store anyway?
I would rather say ignorance. They just shit on IT-security for the sake of fast product launches.
A slightly similar event happened to Pudu service robots last year August. An auth token that could be used for all their robots.
Gosh, their drones are getting banned in the US. This just seems to help their case.