Most active commenters
  • fidotron(3)
  • jqpabc123(3)
  • bluGill(3)

←back to thread

314 points walterbell | 12 comments | | HN request time: 0.408s | source | bottom
Show context
jqpabc123 ◴[] No.43689886[source]
The ultimate long term solution --- refuse to buy any home product that defies local control.

If a wifi password is required to make full use of the device, I will return it.

If some users want to sacrifice security and privacy for "convenience", that's on them. But if you want to sell me the product, at least provide the option to decline without loss of functionality. Otherwise, no sale.

As an example, I refuse to buy a doorbell camera that doesn't support RTSP.

replies(7): >>43690116 #>>43690556 #>>43690969 #>>43691012 #>>43691509 #>>43692845 #>>43694018 #
1. fidotron ◴[] No.43691012[source]
> As an example, I refuse to buy a doorbell camera that doesn't support RTSP.

This is a good example of conflicting security requirements.

Not wanting the video to go to the cloud is fine, but most cameras with RTSP enabled allow any other device on the network to trivially get the camera stream, and sometimes also control the camera. This is why some camera companies require you jump through hoops to unlock RTSP - I don't like it but I can see why they do it.

This is one reason I've come to believe it's necessary that every device must see a totally different network universe from every other, able only to see the local controller server. (This is how I ended up playing with on AP video relays in my profile, as an effort to see what's involved). Things like multicast discovery is cool, but an absolute privacy and security disaster area.

replies(1): >>43691425 #
2. jqpabc123 ◴[] No.43691425[source]
but most cameras with RTSP enabled allow any other device on the network to trivially get the camera stream, and sometimes also control the camera.

Not a real concern when the network is fully under my control. I can easily restrict access as I see fit.

I surrender all control when I give up my wifi password and allow similar access to somebody's network located somewhere on the internet. Further access can be (and has been) granted to others without user knowledge or consent. For example:

https://arstechnica.com/tech-policy/2022/07/amazon-finally-a...

replies(1): >>43691995 #
3. bluGill ◴[] No.43691995[source]
You can - but will you? And you are in the tiny minority of people who understand what that even means. The vast majority of humans have better things to do with their life than figure out how to secure their personal network. (I'm not saying they are too stupid to figure out how - just that they have better things to do with their time)
replies(3): >>43692216 #>>43693165 #>>43693944 #
4. fidotron ◴[] No.43692216{3}[source]
Exactly, this stuff needs to be made the easy default.

Right now domestic IoT and Home Assistant are like Windows Mobile and Symbian prior to the iPhone: proof that something interesting and useful is possible in the domain, but requiring an enthusiast level of investment in knowledge and time to maintain and operate.

Were I a billionaire I would be attempting to launch the Android (in the original intended sense) of IoT to solve that.

replies(1): >>43725315 #
5. NoMoreNicksLeft ◴[] No.43693165{3}[source]
>The vast majority of humans have better things to do with their life than figure out how to secure their personal network.

One might hope this to be the case, but there are mountains of evidence to the contrary.

>I'm not saying they are too stupid to figure out how

Never fear. I'm here to say it so that you don't have to. Most are too stupid.

6. jqpabc123 ◴[] No.43693944{3}[source]
The vast majority of humans have better things to do with their life than figure out how to secure their personal network.

Sure. But this doesn't have to be an either/or choice.

It's possible to make it easy for those willing to surrender all privacy and control without making it impossible for those who don't.

Example: Amcrest cameras are just fine with being restricted to the local network. If you ask nicely and order direct, they'll even give you a discount.

https://amcrest.com/

replies(2): >>43695165 #>>43696389 #
7. bluGill ◴[] No.43695165{4}[source]
that is the wrong take. We need to protect the people who have better things to do.
replies(1): >>43696203 #
8. dd_xplore ◴[] No.43696203{5}[source]
People who have better things to do, won't want rtsp
replies(1): >>43698760 #
9. fidotron ◴[] No.43696389{4}[source]
We need a system so pervasive that if you order random devices from aliexpress they use it, and they cannot cause trouble because they're properly contained. It's not enough for you to have good security, you need to know your neighbours do too.

My vision of how this should work can be inferred from https://github.com/atomirex/umbrella Essentially in the future wherever we have WiFi APs those should also be media SFUs (and probably MQTT brokers or similar) where each client will only see the AP and things the applications running on the AP have explicitly allowed, including streams piped opaquely from anywhere else.

The idea that being connected to WiFi means ability to see other devices and the public internet needs to stop being the default.

replies(1): >>43696788 #
10. walterbell ◴[] No.43696788{5}[source]
Per-device WiFi auth/identity can help with IoT device isolation.
11. bluGill ◴[] No.43698760{6}[source]
What they do want though is their privacy protected. They shouldn't have to think about why or how they want it protected, they should just have it done for them.
12. unsnap_biceps ◴[] No.43725315{4}[source]
Matter, specifically matter over thread, is pretty much the right solution for the end devices.