←back to thread

314 points walterbell | 2 comments | | HN request time: 0.416s | source
Show context
jqpabc123 ◴[] No.43689886[source]
The ultimate long term solution --- refuse to buy any home product that defies local control.

If a wifi password is required to make full use of the device, I will return it.

If some users want to sacrifice security and privacy for "convenience", that's on them. But if you want to sell me the product, at least provide the option to decline without loss of functionality. Otherwise, no sale.

As an example, I refuse to buy a doorbell camera that doesn't support RTSP.

replies(7): >>43690116 #>>43690556 #>>43690969 #>>43691012 #>>43691509 #>>43692845 #>>43694018 #
fidotron ◴[] No.43691012[source]
> As an example, I refuse to buy a doorbell camera that doesn't support RTSP.

This is a good example of conflicting security requirements.

Not wanting the video to go to the cloud is fine, but most cameras with RTSP enabled allow any other device on the network to trivially get the camera stream, and sometimes also control the camera. This is why some camera companies require you jump through hoops to unlock RTSP - I don't like it but I can see why they do it.

This is one reason I've come to believe it's necessary that every device must see a totally different network universe from every other, able only to see the local controller server. (This is how I ended up playing with on AP video relays in my profile, as an effort to see what's involved). Things like multicast discovery is cool, but an absolute privacy and security disaster area.

replies(1): >>43691425 #
jqpabc123 ◴[] No.43691425[source]
but most cameras with RTSP enabled allow any other device on the network to trivially get the camera stream, and sometimes also control the camera.

Not a real concern when the network is fully under my control. I can easily restrict access as I see fit.

I surrender all control when I give up my wifi password and allow similar access to somebody's network located somewhere on the internet. Further access can be (and has been) granted to others without user knowledge or consent. For example:

https://arstechnica.com/tech-policy/2022/07/amazon-finally-a...

replies(1): >>43691995 #
bluGill ◴[] No.43691995[source]
You can - but will you? And you are in the tiny minority of people who understand what that even means. The vast majority of humans have better things to do with their life than figure out how to secure their personal network. (I'm not saying they are too stupid to figure out how - just that they have better things to do with their time)
replies(3): >>43692216 #>>43693165 #>>43693944 #
1. fidotron ◴[] No.43692216[source]
Exactly, this stuff needs to be made the easy default.

Right now domestic IoT and Home Assistant are like Windows Mobile and Symbian prior to the iPhone: proof that something interesting and useful is possible in the domain, but requiring an enthusiast level of investment in knowledge and time to maintain and operate.

Were I a billionaire I would be attempting to launch the Android (in the original intended sense) of IoT to solve that.

replies(1): >>43725315 #
2. unsnap_biceps ◴[] No.43725315[source]
Matter, specifically matter over thread, is pretty much the right solution for the end devices.