• Routhinator@startrek.website
    link
    fedilink
    English
    arrow-up
    176
    arrow-down
    2
    ·
    1 year ago

    Home Assistant. Offline smart home automation you can control.

    Home doesn’t have to be 100% dumb in 2023. But you have to do a little work for it.

    Bonus: your smart home will be more capable and interconnected than any of the commercial smart home options because they are all busy trying to control the entire ecosystem and sue each other. (maybe Matter changes that but I’m not holding my breath)

    • penguin@sh.itjust.works
      link
      fedilink
      arrow-up
      43
      ·
      1 year ago

      Also for security cameras, connect them to something like a Synology NAS so you have the recordings locally and then configure a firewall to block the cameras from any internet access.

      Viewing the cams remotely just means using a VPN to connect to your network and then connecting to the NAS.

      It’s possible to maintain privacy/control and still use modern tech.

      • KnightontheSun@lemmy.world
        link
        fedilink
        arrow-up
        11
        ·
        1 year ago

        One thing I would say is that the camera stream will hammer those disks. They will always be busy. I chose not to run this way and instead loaded up a W10 VM with Blue Iris. I have the vm on a dedicated VM server with raid1 SSDs.

        My Synology has large disks and does other duties. That’s the main reason I didn’t want that extra I/O.

        • 4am@lemm.ee
          link
          fedilink
          arrow-up
          5
          ·
          1 year ago

          What kind of SSDs? I hope you bought enterprise or you are going to get a nasty surprise in about a year…

          • KnightontheSun@lemmy.world
            link
            fedilink
            arrow-up
            2
            ·
            1 year ago

            Eh, even if your prediction came true, it is not so nasty if it happens. I have others and rebuilding is an inconvenience. I also have backups.

            I went for the Crucial mx500 ones. They seemed to have the more positive reviews when I last checked. We will see.

        • penguin@sh.itjust.works
          link
          fedilink
          arrow-up
          1
          ·
          1 year ago

          I use Enterprise drives in mine set up with Synology Hybrid Raid and a full copy of the NAS on another “NAS” (it’s actually a USB attached storage from QNAP).

          Also, set the video streams to h264 or h265 and the bandwidth is lower.

          It’s been fine so far.

          • KnightontheSun@lemmy.world
            link
            fedilink
            arrow-up
            10
            arrow-down
            1
            ·
            1 year ago

            That’s ridiculous. The disks were far more than the cameras. And why be wasteful of those costs I’ve already shouldered? I am as miserly as I can be when spending on my infrastructure.

            • SkyeStarfall@lemmy.blahaj.zone
              link
              fedilink
              arrow-up
              2
              arrow-down
              13
              ·
              1 year ago

              If you can’t afford the disks I’m wondering how you can afford a house

              But I mean, that’s the price of security cameras. You just gotta accept you will need to cycle disks every once in a while, and delete old data.

              • KnightontheSun@lemmy.world
                link
                fedilink
                arrow-up
                11
                arrow-down
                1
                ·
                1 year ago

                Why do you think I cannot afford more disks? Or a house? You incorrectly assume too much and seem unnecessarily argumentative.

                I have already bought the disks and see no reason to work them overly hard for camera surveillance. I worked out another solution that others might be interested in. That’s what this thread is about.

                • SkyeStarfall@lemmy.blahaj.zone
                  link
                  fedilink
                  arrow-up
                  2
                  arrow-down
                  12
                  ·
                  edit-2
                  1 year ago

                  Maybe I should have clarified a bit then, but

                  I really don’t see why you would need to own security cameras if you don’t own a house? If you’re renting that’s not your job, and if you live in an apartment… Well, why do you need security cameras in your apartment? Unless you own the building?

                  My point was mostly that like, a couple of disks is not a big expense, and not something I feel is worth fussing over, personally.

              • Lev_Astov@lemmy.world
                link
                fedilink
                arrow-up
                3
                ·
                1 year ago

                Perhaps he can afford things because he knows how to apply his knowledge to be more frugal with things like this. If you can work around disk lifespan limitations, you’d be wasteful not to do so.

      • Confused_Emus@lemmy.world
        link
        fedilink
        arrow-up
        5
        ·
        1 year ago

        What tics me off is a lot of the big box store brands of cameras don’t allow you to save locally - they don’t bother putting in the feature because then they couldn’t sell you a cloud storage subscription, or they just have the audacity to lock it behind a paywall so you have to pay a subscription to use your own damn hardware.

    • cybersandwich@lemmy.world
      link
      fedilink
      arrow-up
      6
      arrow-down
      1
      ·
      1 year ago

      What do you use for a voice assistant/ speaker mic set up?

      That’s the only thing holding me back. And the Mycroft stuff blew up. :(

      • MrSpArkle@lemmy.ca
        link
        fedilink
        arrow-up
        11
        ·
        1 year ago

        Honestly I rarely use voice controls for my setup. It’s all time/motion triggers. Voice commands are for weird one offs.

      • 4am@lemm.ee
        link
        fedilink
        arrow-up
        7
        ·
        1 year ago

        This is HomeAssistant’s year of the voice. It’s all built in now; they just released wake word capabilities.

      • Routhinator@startrek.website
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        You can use Sonos speakers or any generic smart speaker that is not bound to a brand (like Google /Alexa)

        Pro tip, Ikea smart speakers are rebranded Sonos at lower prices, and come hidden in all kinds of furniture forms.

        However you don’t need to wholesale jump to HA and lose voice. For $8 CAD I got the Nabu-casa HA cloud assistant and SSL proxy (portal to your home HA without need to punch holes in firewalls) and their cloud assistant integrates with Google or Alexa.

        So you can tie everything together and then move things over to the HA ecosystem as you have time, eventually cutting the Google/Amazon limbs off.

      • Player2
        link
        fedilink
        arrow-up
        2
        ·
        1 year ago

        It’s really easy to control it with voice by basically replacing Google assistant on an android device. Look up the Wyoming Protocol interaction in Home Assistant

      • NessD@lemmy.world
        link
        fedilink
        arrow-up
        2
        ·
        1 year ago

        Not OP, but I use Google Assistant at the moment. Gonna switch as soon Home Assistant makes it possible.

      • CosmicTurtle@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        You supposedly can connect Google home/Alexa to Home Assistant but it’s not for the feint of heart. I’m just starting this and it’s not a weekend project. Might be a few days before it’s up and running.

        The main issue holding me back is that I don’t want Amazon to link my house electronics to my actual account.

        I set it up on its own VLAN and I’m starting to onboard it but hit a bump when it asked for my Amazon account credentials. So when I have some free time, I’m going to create a dummy Amazon account that will be used to control Alexa. Probably hook it up with a Privacy credit card set to burn after the first purchase with a limit of $5.

        There is a plan to integrate these more tightly into Home Assistant, but it won’t be for a while.

      • drphungky@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        arrow-down
        2
        ·
        1 year ago

        Google because they have the best voice control and I’ve already given them my data through Gmail, search, and for many years chrome. It’s the one compromise I make because the product is good enough it’s worth the cost to me. But if you don’t want them having your data, your voice options are pretty limited.

      • NightAuthor@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        It can be a bit of work, but if you’re a tech geek you’ll enjoy shopping for / making compatible devices and getting it all set up.

  • npz@lemm.ee
    link
    fedilink
    arrow-up
    121
    arrow-down
    5
    ·
    edit-2
    1 year ago

    Software developer. Having my home constantly phoning home to megacorporations sounds creepy, but more importantly, none of these smart home products solve a problem. They just add additional points of failure to appliances that have historically been sufficiently reliable.

    • Potatos_are_not_friends@lemmy.world
      link
      fedilink
      arrow-up
      26
      arrow-down
      1
      ·
      1 year ago

      Software developer. The frequency of stupid features that PMs request, followed by our urgency to implement it as fast as possible has opened up so many bugs and issues. Knowing that, why the hell would I want to open up potential failure to things I expect to work 100% of the time, like a toaster?

      • whatwhatwutyut@midwest.social
        link
        fedilink
        arrow-up
        14
        arrow-down
        1
        ·
        1 year ago

        Software programmer. I have a Google Home running because I’m lazy af and like to be able to verbally turn on/off lights. I also use it to combat ADHD symptoms because saying “set an alarm” is less likely to distract me from what I’m doing than pulling out my phone is.

    • uis@lemmy.world
      link
      fedilink
      arrow-up
      15
      arrow-down
      1
      ·
      edit-2
      1 year ago

      Indeed. Like what is fridge? Motor with piston in a puddle of oil and a thermostat. Why the fuck it needs any corpo bullshit?

    • flames5123@lemmy.world
      link
      fedilink
      arrow-up
      11
      arrow-down
      3
      ·
      1 year ago

      Smart lights solve a problem. I have LEDs with programmable scenes that I can swap to easily. I don’t have white light constantly on all times of the day.

  • lightnsfw@reddthat.com
    link
    fedilink
    arrow-up
    92
    arrow-down
    2
    ·
    1 year ago

    I can confirm. I don’t want technology in my house I don’t have full control over. All these “smart devices” that run through smartphone apps in the cloud can fuck themselves. The amount of access most people give these corporations into their lives is insane to me.

    • Damage@feddit.it
      link
      fedilink
      arrow-up
      25
      ·
      1 year ago

      Agree. That’s why I use ZigBee devices, they have their own offline network.

      Softwares like Home Assistant are the only acceptable smart home solution.

    • tburkhol@lemmy.world
      link
      fedilink
      arrow-up
      6
      arrow-down
      5
      ·
      1 year ago

      I really like the data - to see how weather and my activity influences temperature, air quality, network… I can absolutely see, just in the temperature data, when I get out of bed; air quality shows when I cook, exercise, open windows. Nobody who’s not me needs that data, so all the sensors plug into an RPi or, at most, connect through zigbee/bluetooth. I can’t even imagine what They can infer from Smart TV or wifi refrigerator, and cameras can fuck right off.

      But I can see where, if you like the data but can’t figure out how to manage it yourself, cloud devices could seem pretty attractive. Techno-magic and fun to be part of, and there’s so many people saying that privacy just doesn’t exist anymore. Probably people with an IoT security camera in their bedroom.

  • Dozzi92@lemmy.world
    link
    fedilink
    arrow-up
    71
    ·
    1 year ago

    This post feels like more than just the privacy aspect. Every day I read about some connected devices going brick because they are no longer supported. Shit, my Roku 4 went brick because they need me to buy a Roku HD, and I suckered up. What’re you going to do when your doors won’t open because some company decides they don’t want to support them, or worse they go under? I am not IT, but why would I want to come home from a day of answering tickets and have to reprogram some proprietary hardware so I can make dinner?

    • lseif
      link
      fedilink
      arrow-up
      31
      ·
      1 year ago

      thats why the F in FOSS means free as in freedom

    • Patches@sh.itjust.works
      link
      fedilink
      arrow-up
      4
      ·
      1 year ago

      What’re you going to do when your doors won’t open because some company decides they don’t want to

      Do not worry my friend. On that day day it will already have been decided that you are only licensing the ability to do so. They will put you in jail for opening your own door, and you’ll have given them the legal right to do so in the EULA.

    • ericatty@infosec.pub
      link
      fedilink
      arrow-up
      5
      arrow-down
      2
      ·
      1 year ago

      I’m reading Radicalized by Cory Doctorow and the first story haunts me most. (Although I have 1 more to go) He has warned against the IoT Torment Nexus which means “they” are already creating it.

      Our refrigerator is over 20 years old. It’s now obsolete according to the manufacturer. They recommend replacement over repair. I dread the day we can’t bring it back from the dead.

    • uis@lemmy.world
      link
      fedilink
      arrow-up
      3
      arrow-down
      7
      ·
      1 year ago

      Wow. Now I can show it to old ladies who don’t know english and live near me when they will mention ДЭГ.

  • douz0a0bouz@midwest.social
    link
    fedilink
    English
    arrow-up
    70
    arrow-down
    9
    ·
    1 year ago

    I know some software engineers like that. Some of it is knowing that the companies that make iot devices don’t give a crap about security. Some of it is plain ol paranoia. Mechanical door locks can be picked does that mean you invest in guard dogs? Crime is a thing but so is misanthropy. I think we should take reasonable precautions but believe that there are more good ppl than bad.

    • Bonehead@kbin.social
      link
      fedilink
      arrow-up
      80
      arrow-down
      3
      ·
      1 year ago

      Mechanical door locks can be picked, but it must be done at the lock in plain view rather than at a distance sitting in a car while you do the majority of the work and then casually walking up and opening the door. Locks are more of an inconvenience than a deterrent, so it should be made as inconvenient as possible. Connecting them to the internet is the exact opposite of that.

      • variants_of_concern@lemmy.one
        link
        fedilink
        English
        arrow-up
        32
        arrow-down
        3
        ·
        1 year ago

        But more realistically someone robbing your house is going to ring your doorbell to see if someone is home, then just walk around checking for unlocked windows.

        • Bonehead@kbin.social
          link
          fedilink
          arrow-up
          27
          arrow-down
          1
          ·
          1 year ago

          True, but again it’s about making it as inconvenient as possible. Manually locking windows and making sure they are locked is effective. In some places they put security bars on the windows. Tall fences can also create obstacles as well.

          You won’t stop everyone that wants to break in, but you can create enough trouble to keep out most people. Making it convenient for yourself by connecting everything to the internet just makes it convenient for everyone else too.

          • tburkhol@lemmy.world
            link
            fedilink
            arrow-up
            14
            ·
            1 year ago

            You can’t ever stop someone who really wants to get into your home. The best you can do is make your home look too tedious to bother with.

            Or make your neighbor’s home more attractive. Try keeping the neighbor’s house key, neatly labelled & with alarm code, under your own doormat. Just in case.

          • BottleOfAlkahest@lemmy.world
            link
            fedilink
            arrow-up
            5
            ·
            1 year ago

            Tall fences are usually privacy fences and they can make it really easy for a thief to spend a ton of time unseen in your backyard.

              • merc@sh.itjust.works
                link
                fedilink
                arrow-up
                2
                ·
                1 year ago

                Is the fence going to have a gate, and is that gate going to be locked? If so, you better put a fence around it to be safe.

        • NaibofTabr@infosec.pub
          link
          fedilink
          English
          arrow-up
          17
          ·
          1 year ago

          Bear theory.

          My house doesn’t need to be impenetrable, it just needs to be more of a hassle to get into than yours.

          • FireTower@lemmy.world
            link
            fedilink
            arrow-up
            9
            ·
            1 year ago

            Not even that. It just needs to look like more of a hassle.

            They really just let anyone buy those signs that say you have security cameras or an angry dog.

            • variants_of_concern@lemmy.one
              link
              fedilink
              English
              arrow-up
              6
              ·
              1 year ago

              Someone mentioned to me that those angry dog signs are a liability because if someone gets bit they can say you knew you had angry dog, so it’s best just to have a sign that says dog and doesn’t mention it’s mood

              • FireTower@lemmy.world
                link
                fedilink
                arrow-up
                2
                ·
                edit-2
                1 year ago

                Might dependsl on your jurisdiction. But I wouldn’t be worried they’d probably need to prove you had a duty of care to them which you acted outside of which resulted in injuries that could have been avoided by you acting with a reasonable level of care.

                Also if you did have a duty of care to them and knowingly had a dangerous dog not warning someone of known dangers (the dog) might constitute a break of your duty of care.

                Tldr: It depends, you get what you pay for get your advice from actual local lawyers not random people on the street or the internet (like me).

      • CosmicTurtle@lemmy.world
        link
        fedilink
        English
        arrow-up
        14
        ·
        1 year ago

        I think CGP Grey has a video about this concept. It’s not so much that a mechanic lock is better or more secure.

        It’s more that it takes one person $x seconds to break into one lock.

        That’s very different than allowing a million people the opportunity to break your digital lock millions of times.

        • merc@sh.itjust.works
          link
          fedilink
          arrow-up
          7
          arrow-down
          1
          ·
          1 year ago

          It’s a different threat model.

          An average house lock is pretty easy to pick. An average picker of locks could get through in minutes. Someone who trained for years could get through in a few seconds if they’re lucky. Someone using a pick gun, willing to risk damaging the lock, can often get through in seconds. But, each individual lock is different, so you never know how long it will take to get through. Taking any more than 10 seconds to get through a door looks suspicious, so it’s very risky to try to pick a lock if you’re not willing to take a chance at looking suspicious, even if you’re a master lock picker.

          With electronic locks, if there’s an exploit for that lock and the person going up to the lock has access to it, they could get through instantly and not look at all suspicious. If there’s no exploit, the person is out of luck. The person trying to break in also doesn’t have to have any expertise. They just need access to the exploits. Also, because people are constantly trying to find exploits, there’s almost guaranteed to be a time when your lock is vulnerable. Making it worse, with an electronic lock, someone can inspect the lock one time, and then just wait for a vulnerability for that particular lock to be available.

      • PlasmaDistortion@lemm.ee
        link
        fedilink
        English
        arrow-up
        3
        arrow-down
        1
        ·
        1 year ago

        And my smart lock alerts me when someone unlocks it. Sure it could be hacked, but it is more likely that someone will just kick the door open.

        • oatscoop@midwest.social
          link
          fedilink
          English
          arrow-up
          3
          arrow-down
          1
          ·
          1 year ago

          Picking locks takes skill, kicking down a door is higher risk of alerting someone or getting caught. Those both deter a lot of would-be criminals.

          Whereas a hack creates a situation where criminals are going to target those devices – it’s “low risk”. Any opportunistic asshole with 2 brain cells can download the hack and go around trying doors until it works.

    • Linssiili
      link
      fedilink
      arrow-up
      17
      arrow-down
      1
      ·
      edit-2
      1 year ago

      In a meeting with a (business) customer regarding security precautions, my coworker had a great suggestion: we buy a mountain in Switcherland Switzerland, build a bunker there for the servers and hire a private army for protection. The customer liked the idea…

    • general_kitten
      link
      fedilink
      arrow-up
      12
      arrow-down
      5
      ·
      1 year ago

      actually good mechanical door locks can only be picked by a handful of people in the world with special tools most of whom are locksmiths

      • bort@feddit.de
        link
        fedilink
        arrow-up
        22
        ·
        edit-2
        1 year ago

        the word “picked” does a lot of heavy lifting here.

        Most professional thieves won’t care about damaging your lock. It’s called “breaking” and entering for a reason.

          • AlexWIWA@lemmy.ml
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            Yeah but how many people looking for a smash and grab are going to bring tools to cut through a wall instead of just going next door or through the window?

      • douz0a0bouz@midwest.social
        link
        fedilink
        English
        arrow-up
        8
        arrow-down
        3
        ·
        1 year ago

        And a properly secured network can’t be compromised by some amateur thief sitting in their car. Point was that foolproof security is a fantasy.

        • bladerunnerspider@lemmy.world
          link
          fedilink
          arrow-up
          12
          ·
          1 year ago

          I think the real point is that mechanical locks don’t track when you leave and enter your home like electronic ones do. Not whether they are better or worse than mechanical.

          • almar_quigley@lemmy.world
            link
            fedilink
            arrow-up
            6
            arrow-down
            1
            ·
            1 year ago

            A “hacker” breaking into your house is a fantasy. If some one wants in they are….breaking….into your house. Ie breaking your door or window. Mechanical or not doesn’t make a difference. It’s all security theater. However you can know the status of internet connected locks at least.

      • fishos@lemmy.world
        link
        fedilink
        arrow-up
        5
        arrow-down
        2
        ·
        1 year ago

        And those locks cost hundreds a piece. A “there is a security system here” sign would do more useful work. And a locksmith will tell you that picking is what you try AFTER you just try bypassing the lock entirely. Aka shim the door or break a window. Exactly what a burglar will do if they really wanted in. You do know that your garage door can be disabled with a coathanger threaded inside and grabbing the release hook, right? Or a jack wedged under with a crowbar, right? Or your decorative gnome in the front yard thrown through a window? Locks are a deterrent.

    • AlexWIWA@lemmy.ml
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Locks can be picked, but good locks require picking skills far beyond what the average break and entry will have. They can be drilled, but that’s loud and increases the odds of being caught.

      A software vulnerability can be triggered silently and will look like you’re an expected guest.

      They’ll likely just smash the window in the back yard though so it’s a moot point

    • Wooki@lemmy.world
      link
      fedilink
      arrow-up
      1
      ·
      edit-2
      1 year ago

      It’s not just poor security that’s easily hackable, it’s mainly the unreliability and frustration of having to continue to work when you get home to fix your dam light switch because it doesn’t work because it got out of sync when the microwave is turned on. No thanks.

  • AVengefulAxolotl@lemmy.world
    link
    fedilink
    arrow-up
    48
    arrow-down
    4
    ·
    1 year ago

    The idea of a smart home? Fck yeah. Having it connected to some elses computer (cloud), fck no!

    Having a home server only accessible by tailscale vpn, smart vacuum cleaner connected to it, not exposed to the internet, oh boy i love it!

  • LemmyIsFantastic@lemmy.world
    link
    fedilink
    arrow-up
    51
    arrow-down
    8
    ·
    edit-2
    1 year ago

    Nah, I have a bunch of stuff and couldn’t care less. If someone wants in my home they’ll take out a window. Nobody is zero daying their way past a lock 🤣

    • lseif
      link
      fedilink
      arrow-up
      33
      arrow-down
      1
      ·
      1 year ago

      “im not actually too worried about my privacy and data being misused, im worried about everyone’s being misused, and that it’s being normalized”

      • CaptKoala@lemmy.ml
        link
        fedilink
        English
        arrow-up
        4
        ·
        1 year ago

        And folks wonder why I’m in a constant state of existential dread, we all know it won’t stop there if the corpocunts have anything to say about it.

      • milicent_bystandr@lemm.ee
        link
        fedilink
        arrow-up
        2
        ·
        1 year ago

        One of the most draining things about trying to look after privacy is the number of ways other people’s choices undermine that.

        I don’t mean to dump on other people for those choices … usually… but it’s hard that the conveniences they take compromise the privacy that I like and that some others need more.

    • Cosmic Cleric@lemmy.world
      link
      fedilink
      English
      arrow-up
      8
      ·
      1 year ago

      Nobody is zero daying their way past a lock 🤣

      It would be a cheap way of creating onlyfans content though.

        • Cosmic Cleric@lemmy.world
          link
          fedilink
          English
          arrow-up
          4
          ·
          edit-2
          1 year ago

          If I found out my convulsing into my partner would make money idk do it in a heart beat 🤣

          Who said you’d get the money though. That fine print you always agree to would say any content from the security cameras would be owned by them.

    • dlok@lemmy.world
      link
      fedilink
      arrow-up
      12
      arrow-down
      9
      ·
      1 year ago

      And what’s the worst an internet connected thermostat could do, discomfort you to death? If someone got into my Google account past 2fa etc id have bigger worries.

      • TheWiz@lemm.ee
        link
        fedilink
        arrow-up
        21
        ·
        1 year ago

        For me it’s more the privacy aspect. IOT devices tend to be network weak points. Things like Alexa constantly listening. I could see myself self hosting home assistant maybe in the future but not of the things smart devices enable are really a value add for me personally.

        • Cosmic Cleric@lemmy.world
          link
          fedilink
          English
          arrow-up
          8
          arrow-down
          3
          ·
          edit-2
          1 year ago

          You don’t need home devices to lose your privacy like that. Your phone’s themselves are constantly listening in.

          Was talking to the wife in the car one time about buying a new pair of tennis shoes, and when I got home that evening and watched YouTube videos and such, I was getting so many tennis shoe ads it was actually quite spooky.

          • TheWiz@lemm.ee
            link
            fedilink
            arrow-up
            6
            ·
            1 year ago

            Oh definitely, I go to a lot of effort to try and mitigate it (graphene OS, no Facebook, social media, pihole for network wide ad blocking, simplelogin for email aliasing, no smart devices) but there’s always plenty of invasive apps/services even you’re privacy conscious.

        • LemmyIsFantastic@lemmy.world
          link
          fedilink
          arrow-up
          3
          arrow-down
          8
          ·
          1 year ago

          Jesus Christ “always listing”.

          No they aren’t. Not in any sense that even explained in common sense language to normal people.

          They are listening to what amounts to be a key pair(s) voice imprint. That’s done at a hardware level. And despite it be career making and be worth millions nobody has reported any large scale beach of trust in many years.

          The major players have an excellent track record of being secure.

                • LemmyIsFantastic@lemmy.world
                  link
                  fedilink
                  arrow-up
                  1
                  arrow-down
                  1
                  ·
                  edit-2
                  1 year ago

                  First, the attacker needs to be within wireless proximity of the device, and listen to MAC addresses with prefixes associated with Google. After that, they can send deauth packets, to disconnect the device from the network and trigger the setup mode. In the setup mode, they request device info, and use that information to link their account to the device and - voila! - they can now spy on the device owners over the internet, and can move away from the WiFi.

                  Congrats, you found a single instance. It was patched via the security program. It relied on physical proximity.

                  Then you link another scenario where an utterly insignificant portion of users data was shared with partners.

                  It’s grasping at straws and both those incidents are unrelated to always on recording. None of that shit you linked is related in the least bit. It’s slippery slope bullshit you’re trying to pull.

                  Astroturfing 🤣🤣🤣 good lord I wish I could get paid arguing with uninformed privacy zealots.

      • bitwolf@lemmy.one
        link
        fedilink
        arrow-up
        21
        arrow-down
        1
        ·
        1 year ago

        The issue is that the thermostat can be used as a jump box into your network.

        That’s when/where all the nefarious things happen.

        • frezik@midwest.social
          link
          fedilink
          arrow-up
          7
          arrow-down
          1
          ·
          1 year ago

          This is why I like boarderless security, and did even before all these smart devices came around. Every device should be responsible for its own security. It meant your laptop is still protected when you’re on some random wifi network. Networks shouldn’t be built like eggs; hard on the outside, soft on the inside.

          It does take more technical skill to setup, though.

        • groucho@lemmy.sdf.org
          link
          fedilink
          English
          arrow-up
          5
          ·
          1 year ago

          Or they could just dime out the heat/AC and give you a huge energy bill. Or kill the furnace in the winter, while you’re on vacation, and let your pipes burst.

          • RGB3x3@lemmy.world
            link
            fedilink
            English
            arrow-up
            2
            ·
            edit-2
            1 year ago

            Nobody is doing that. A hacker doesn’t cause chaos just for the fun of it. They have nothing to gain by playing with your thermostat when they can spend less man-power exploiting corporations for money and data.

              • RGB3x3@lemmy.world
                link
                fedilink
                English
                arrow-up
                1
                ·
                1 year ago

                Yeah, but:

                The downside, though, is that installing the ransomware, currently, requires the hackers to either have physical access to the thermostat or trick the victim into loading malicious files on the device on his own.

                And if a hacker is in your home, they’re not a hacker. They’re just a burglar.

        • greenskye@lemm.ee
          link
          fedilink
          English
          arrow-up
          3
          arrow-down
          1
          ·
          1 year ago

          Realistically speaking who targets an individual house in the hopes of accessing something important and usable when companies lose millions of customer financial and personal information basically every month?

            • RGB3x3@lemmy.world
              link
              fedilink
              English
              arrow-up
              1
              ·
              1 year ago

              To do what though? People are worried about their internal network being compromised, but the average person has basically nothing worth stealing on their home network given the insane amount of work it takes to compromise it.

              The fears of your internal home network being compromised are way overblown.

              • Nahdahar@lemmy.world
                link
                fedilink
                arrow-up
                1
                ·
                1 year ago

                A main example that comes to mind is nanny cam or iot security cam ransoms for example. They don’t target specific individuals at first, they exploit a mass vulnerability, gather sensitive footage then blackmail. Another example, while not directly affecting IoT users’ lives was the Mirai botnet attack.

                • greenskye@lemm.ee
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  ·
                  1 year ago

                  This implies looking at hundreds of thousands of nanny cams, for probably lots of hours before you end up with any footage thts worthy of ‘blackmail’. And I’d bet many homes would literally never have anything blackmail worthy even happen on camera. Oh no, they saw me naked!?! What am I going to do if my coworkers found out I walk around naked in my own home. I’d just tell them to take a hike and release my naked footage if they really wanted to.

              • milicent_bystandr@lemm.ee
                link
                fedilink
                arrow-up
                1
                ·
                1 year ago

                It’s not just damage to your home network, it’s using that as part of botnets do do other crime. And it’s collecting data on you for sleazy purposes, that then gets leaked (sometimes) to those who want to use it for crime.

                the insane amount of work it takes to compromise it.

                Really?

                The great thing about software is once you develop an insane trick to get into one child’s internet-connected doll (oh yes, there’s that too) you can roll it out to try ten million dolls across the world.

      • Obi
        link
        fedilink
        arrow-up
        13
        arrow-down
        1
        ·
        1 year ago

        I think that example is probably the most serious one. If you live in regions that go to -40c you most definitely don’t want your thermostat to just stop heating the house.

    • AlexWIWA@lemmy.ml
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      These iot software are usually minimum viable products with weak security. A zero day for them is fast simpler than trying to get a zero day in windows.

      For example, I had a friend that worked at one of these companies, that recently lost a lot of money, and while he was there they had their master keys in the git repo on GitHub. At this point they were well past a billion dollar valuation.

  • Emerald@lemmy.world
    link
    fedilink
    arrow-up
    43
    ·
    1 year ago

    Image Transcription: Social Media


    🖖 Jochen Mader 🇪🇺

    I work in IT, which is the reason our house has:

    • mechanical locks
    • mechanical windows
    • routers using OpenWRT
    • no smart home crap
    • no Alexa/Google Assistant/…
    • no internet connected thermostats

    association-of-free-people

    🤔


    elpatron56

    Tech Enthusiasts: Everything in my house is wired to the Internet of Things! I control it all from my smartphone! My smart-house is bluetooth enabled and I can give it voice commands via alexa! I love the future!

    Programmers/Engineers: The most recent piece of technology I own is a printer from 2004 and I keep a loaded gun ready to shoot it if it ever makes an unexpected noise.


    firstdegreeliberty

    Best part though?

    Security technicians: *takes a deep swig of whiskey* I wish I had been born in the neolithic.


  • Meldrik@lemmy.wtf
    link
    fedilink
    arrow-up
    42
    ·
    1 year ago

    I use Home Assistant, but none of my “smart-things” is cloud-based, so it all runs locally. Which also makes it much faster and reliable.

  • IonAddis@lemmy.world
    link
    fedilink
    English
    arrow-up
    42
    arrow-down
    1
    ·
    edit-2
    1 year ago

    I’ve had roomies that were in IT, and generally most things weren’t “smart” appliances. I think the fanciest thing they had was a plex server. We all know how insecure the IoT is.

    I’ve also had non-IT roomies and yeah, they were putting up surveillance cameras and shit and being super-creepy with monitoring.

    I once very, very quietly tried to wash a dish at 1am in the kitchen (and most roomies conclude I’m a ninja as I’m generally extremely quiet to anyone who isn’t hyper-aware of noises already), and my roommate charged out trying to find the water leak.

    I realized later she had some sort of monitoring alert on the water heater that woke her up, and because the house was dark because I didn’t want to wake anyone up with lights so her cameras were dark too, she went into a panic instead of using her common sense. I’d accidentally evaded half her surveillance trying to be a considerate roomie while I washed something quietly in the dark and she lost her frickin’ mind.

    • lightnsfw@reddthat.com
      link
      fedilink
      arrow-up
      29
      ·
      1 year ago

      The guy I rent a room from has an app on his garage door that alerts him every time it opens so now I have to answer for it every time I fucking do anything in the garage (which is the quickest way for me to go in and out of the house). It’s so annoying. I got home 15 minutes early the other day and had a text from him 5 minutes later asking if I got home early. Like… Yea, fuck off dude. I’m about to start going in and out via my window.

      • IonAddis@lemmy.world
        link
        fedilink
        English
        arrow-up
        14
        ·
        1 year ago

        Yeah, same lady that freaked because the water heater kicked on at night also had that on her garage. She was absolutely monitoring coming and going by it.

        I sometimes contemplate how easy it is for people to be stalker freaks and despair.

        • lightnsfw@reddthat.com
          link
          fedilink
          arrow-up
          6
          ·
          1 year ago

          Doesn’t make a difference. I still get the text/phone call. If I let it ring he’ll come ask me about it when he gets home. I think he just gets a rush from it because he’s got nothing interesting going on in his life and it makes him feel like he’s on top of something for once.

            • lightnsfw@reddthat.com
              link
              fedilink
              arrow-up
              4
              arrow-down
              1
              ·
              1 year ago

              He’s not doing it to harass me. I come and go as I please and they don’t complain. It’s literally just because of that stupid notification he gets on his phone and he fixates on it for some stupid old man reason. It’s just an annoyance I have to deal with so I’m venting on here. The rent situation is really cheap so I don’t want to rock the boat too much by complaining to them about shit they do that bothers me.

              • grue@lemmy.world
                link
                fedilink
                English
                arrow-up
                6
                arrow-down
                1
                ·
                1 year ago

                It doesn’t matter what he intends; what matters is the actual effect it has on you.

                • lightnsfw@reddthat.com
                  link
                  fedilink
                  arrow-up
                  1
                  ·
                  1 year ago

                  To an extent yea. But the benefits of renting from him far outweigh this one annoyance. I would be paying 500+ more every month for anyplace else I looked at. I just need to deal with it until I can save enough for a down payment on a house of my own.

      • PlasmaDistortion@lemm.ee
        link
        fedilink
        English
        arrow-up
        6
        arrow-down
        1
        ·
        1 year ago

        He’s not as advanced as he thinks he is. I have the same setup for my garage but I also have a camera in the garage that shows who is in the garage.

      • RealM@kbin.social
        link
        fedilink
        arrow-up
        1
        arrow-down
        8
        ·
        1 year ago

        Why are you entering/leaving the house through the garage? That seems odd to me.

        • lightnsfw@reddthat.com
          link
          fedilink
          arrow-up
          10
          ·
          1 year ago

          The door in from the garage is closer to my room than the front door? Also I can avoid the kitchen/living area and not have a 10 minute conversation I don’t want to have if the people I rent from are home.

  • Opisek@lemmy.world
    link
    fedilink
    arrow-up
    39
    arrow-down
    1
    ·
    1 year ago

    I work in IT which is the reason: I self-host my smart home crap with strict firewall between it and my home assistant server.

  • pascal@lemm.ee
    link
    fedilink
    arrow-up
    33
    ·
    1 year ago

    I like that my dishwasher tells me when it’s done via app, and I can’t live without my robot vacuum cleaner.

    Still, they’re on a separate vlan so if they get infected, the malware will look around like the John Travolta meme.

  • Ivan@lemmy.world
    link
    fedilink
    arrow-up
    36
    arrow-down
    3
    ·
    1 year ago

    as engineer with almost 6 years of experience: 90% of people in general don’t give a damn, persoanlly I’m like that

    • Dashi@lemmy.world
      link
      fedilink
      arrow-up
      29
      arrow-down
      3
      ·
      1 year ago

      Been in IT for 18 years. I have smart home stuff because i got tired of sitting down on the couch with my beer, que poped for my game and then realizing i forgot to turn off the kitchen light. So yup, smart house, cameras, locks etc because it’s fun. Can someone hack my house? Sure, but they could just as easily put a brick through the window and come in. A lot more people are qualified to do that than hack my voice controlled lights.

    • Firipu@startrek.website
      link
      fedilink
      arrow-up
      7
      arrow-down
      3
      ·
      1 year ago

      Lemmy in general has a hard-on for google/windows/non-Foss hate and extreme privacy :) Double edged sword imo, it’s probably what makes lemmy great, but the whole shtick also becomes old fast :)

      Personally I’ll stick to my Google assistance, windows gaming pc and limited privacy (anonimity to a reasonable degree, almost no pictures of myself or my family on public social media).

      Life is quite stress-free that way tbh :)

      • KrummsHairyBalls@lemmy.ca
        link
        fedilink
        arrow-up
        6
        arrow-down
        1
        ·
        1 year ago

        it’s probably what makes lemmy great, but the whole shtick also becomes old fast :)

        It’s also what will make lemmy fail. Average users are pretty much bullied away back to Reddit. If you want Reddit to fail, you can’t make the alternative a shittier more toxic place to be. Lemmy currently has ~30K active monthly users and dropping steadily.

        Personally with that number dropping, I don’t see many instances staying up, as it’s not free to operate, and app developers will surely dwindle.

        Lemmy is absolutely not a welcoming place if you are interested in anything other than public transit, linux, or FOSS. Lemmy will end up like VOAT. Lemmy may not be filled with child porn, fat hate, and trans hate like VOAT was, but Lemmy is definitely filled with extremists.

        • Socsa@sh.itjust.works
          link
          fedilink
          arrow-up
          2
          arrow-down
          1
          ·
          1 year ago

          Yeah my accounts keep getting banned from major communities for not being violently communist enough. It’s a pretty off-putting to see people saying that all Jews should be murdered and dragged through the streets and then getting banned for saying I don’t even understand what that has to do with socialism.

      • psivchaz@reddthat.com
        link
        fedilink
        arrow-up
        2
        arrow-down
        1
        ·
        1 year ago

        Similar. I take what I consider to be reasonable precautions… I have smarthome stuff but I stick with standards that work locally, or if I must look elsewhere then I aim for FOSS and/or reputable companies. I avoid social media, and avoid putting much of my Identity online.

        Other than that… I dunno, we already live in the privacy post-apocalypse. It’s unavoidable, someone is recording you in every store, some friend will inevitably post some picture of you on Facebook, you’re going to have to deal with people who prefer WhatsApp over Signal or whatever. Just enjoy it and don’t stress.

      • Socsa@sh.itjust.works
        link
        fedilink
        arrow-up
        2
        arrow-down
        1
        ·
        1 year ago

        It’s not what makes Lemmy great. It’s paranoid Luddite nonsense. I mean if people want to live like that fine, but as an engineer with a properly secured home network I think it’s obnoxious.

        • Firipu@startrek.website
          link
          fedilink
          arrow-up
          2
          ·
          1 year ago

          Not saying I’m a fan of that exact behaviour, but a lot of the tech behind the scenes is driven by passionate Foss ppl :)

          I often roll my eyes when I see fear and doom mongering about privacy, but hey, the other side of the coin is equally annoying (people over sharing every single thing they do online :))