An engineer got curious about how his iLife A11 smart vacuum worked and monitored the network traffic coming from the device. That’s when he noticed it was constantly sending logs and telemetry data to the manufacturer — something he hadn’t consented to. The user, Harishankar, decided to block the telemetry servers’ IP addresses on his network, while keeping the firmware and OTA servers open. While his smart gadget worked for a while, it just refused to turn on soon after. After a lengthy investigation, he discovered that a remote kill command had been issued to his device.
Louis Rossman should do a segment on them.
He did. Where he said the article looked AI generated and so he wasn’t going to waste any time with it.
I am planning to make a list of devices I really do NOT want near me. Starting with this one.
Gonna be a long list…
Time to run off into the forest I suppose
Network segmentation.
But yea, you don’t want a moving cam/mic device reporting home…
I wish companies would at least offer a “no data collecting/selling” price option. Like, how much would they make from selling my data? Just give me the option to pay that extra amount so I can buy a vacuum without thinking about how it’s spying on me.
My concern is that they’ll include the equipment for spying on you, and just enable it later.
I bought a Hue because it said “no online account required!” Later they changed their mind.
I want the promise plus open standards and a base of libre software. I want them to tie themselves to the mast.
Yeah, good point. Owners of Samsung “smart” refrigerators started seeing ads on them recently.
I’m sure there was some sort of legal terms that users had to agree to to enable that, but it still feels like a scam. Some amount of those fridge owners would not have bought the fridge if they knew there would be ads on it at any point in time.
I mean, if I felt I could control the little computer in a smart fridge without expending excessive effort to do so, I might be interested in getting one myself. Absent other concerns, a tablet integrated into my fridge could be handy to monitor the appliance, make quick or even automated grocery list updates, etc. Not earth shattering, but still marginally useful.
Do they not just a cheaper version that could come without wifi or Bluetooth? I usually get that option where available for any products. because I’m a cheap ass.
There are older models you can get that work that way. They’re just less convenient in that you have to clean them out yourself. I had one for a long time, but I wanted one that is self-emptying.
How is this legal?
Shitty terms of service.
This is every single ‘smart device’ out there. The way I was able to block everything in 2 Roborocks at home was by setting them up in Home Assistant over Matter, blocking everything and using it from HA only (us the schedules, those remain in the robots). It’s less than convenient allowing it access to the update servers once per month to see if there’s any and then blocking it again, but it’s something.
We’re preparing our ‘smart home’ for our new house that’s not finished yet by choosing only devices that are matter over wifi (not thread) so that I can set it all up to work locally ove Home Assistant. That, in my opinion, is the best way to keep some convenience while shutting those assholes out.
Most of them, sure. Every single one until proven otherwise, yes. Every single one, no qualifiers? No.
Brands like Shelly allow you to completely disable the cloud, which AFAIK makes them stop phoning home completely except for update checks.
I think a lot of “Home Assistant certified” brands are good privacy-wise, as that means that they don’t care about pushing you onto their proprietary cloud.
If I don’t own it 100% then reimburse me if you disable it.
For me the worst part is that someone developed the functionality to monitor and track, until the signal is lost, and if so, kill. It’s really crazy how daring this is.
Say it with me. If buying doesnt mean 100% ownership…
Then pirating isn’t stealing.
… FUCK THE DMCA!
What did I win?
then they will buy it
Same story with this guy (in french)
https://www.youtube.com/watch?v=OGMRUiBOFj0
Highly recommend watching his stuff, might be very technical but also super methodical
Reject bottom feeder, Embrace Rigid vacuum.
broom chads stay winning
Yeah, mine has it. I have to go into the app once a week and manually delete it.
Smart vaccuum that needs an app to use. Are we really this stupid, everyone?
Hello friend.
This seems like a good time to inform you that you have the option to communicate in such a way that you don’t make yourself look like an asshole.
As do you, friend.
Play stupid games win stupid prizes.
I have a standard vacuum. I spend about 10 minutes a day vacuuming. Miele has no telemetry whatsoever lol
Ugh. Stop shaming people for wanting to automate mundane tasks. No one’s playing a stupid game here, the problem isn’t robot vacuums. The problem is that manufacturers insist on holding features hostage on the basis that you connect said vacuum to the Internet, so they can harvest (and then sell) your data. Be mad at that, not at normal people wanting to make a boring chore less burdensome.
Disagree. My experience is they still don’t get everything, can’t do furniture or corners well or under furniture. They’re stupid. They’re expensive and if you really can’t spend 10 minutes or less to vacuum your house daily or every other day it speaks volumes on the type of person you are.
I stand by what I said. More money than brains.
Disagree, and I think you’re stupid for putting people down for using these. The data harvesting is the big issue, but let’s ignore that for a second.
You’re right that they don’t do a great job at getting everything, but if you use it to maintain a level of cleanliness alongside vacuuming then that shortcoming doesn’t really matter much. Instead of vacuuming 10 minutes every single day, you could do it once a week and have the robot do it between vacuums. If somebody travels for work and is away from home regularly then using these things is actually a good fit.
But go off, friend. Keep flexing that you’re superior for doing a mundane task for 10 minutes every day. Everybody else is stupid except for you.
I hope this stupid phrase dies in the coming year. It’s about time.
Yeah good for you, but that’s hardly the point now is it? There is nothing wrong with automating stuff like this and expecting it to work without bullshit like the post happening.
The point is it’s stupid and people who want to automate 10 minutes out of their day are equally stupid
I spend about 10 minutes a day vacuuming
Yes and the point being spending 300$+ to eliminate 10 minutes a day is absolutely hilarious.
As a layman, can someone explain what the ramifications of smart devices sharing your data is. I know it’s bad, but I don’t understand why it’s bad and how it’s used against you.
The problem that is created by a person’s private data being collected against their will is primarily a philosophical one similar to the “principle of least privilege”, which you may be familiar with. The idea is that those collecting the data have no reasonable need for access to it in order to provide the services they’re providing, so their collection of that information can only be for something other than the user’s benefit, but the user gets nothing in exchange for it. The user is paying for the product/service they get, so the personal data is just a bonus freebie that the vendor is making off with. If the personal data is worthless, then there is no need to collect it, and if it does have worth, they are taking something of value without paying for it, which one might call stealing, or at least piracy. To many, this is already enough to cry foul, but we haven’t even gotten into the content and use of the collected data yet.
There is a vibrant marketplace among those in the advertising business for this personal data. There are brokers and aggregators of this data with the goal of correlating every data point they have gotten from every device and app they can find with a specific person. Even if no one individual detail or set of details presents a risk or identifies who the specific person is, they use computer algorithms to analyze all the data, narrowing it down to exactly one individual, similar to the way the game “20 questions” works to guess what object the player is thinking of–they can pick literally any object or concept in the whole world, and in 20 questions or less, the other player can often guess it. If you imagine the advertisers doing this, imagine how successful they would be at guessing who a person is if they can ask unlimited questions forever until there can be no doubt; that is exactly what the algorithm reading the collected data can do.
There was an infamous example of Target (the retailer) determining a young girl was pregnant before she told anyone or even knew herself, and created a disastrous home situation for her by sending her targeted maternity marketing materials to her house, which was seen by her abusive family.
These companies build what many find to be disturbingly invasive dossiers on individuals, including their private health information, intimacy preferences, and private personal habits, among other things. The EFF did a write-up many years ago with creepy examples of basic metadata collection that I found helpful to my understanding of the problem here:
https://www.eff.org/deeplinks/2013/06/why-metadata-matters?rss=1
Companies have little to no obligation to treat you fairly or even do business with, allowing them to potentially create a downright exile situation for you if they have decided you belong on some “naughty list” because of an indicator given to them by an algorithm that analyzed your info. They can also take advantage of widely known weaknesses in human psychology to influence you in ways that you don’t even realize, but are undeniably unethical and coercive. Also, it creates loopholes for bad actors in government to exploit. For example, in my country (USA), the police are forbidden from investigating me if I am not suspected of a crime, but they can pay a data broker $30 for a breakdown of everything I like, everything I do, and everywhere I’ve been. If it was sound government policy to allow arbitrary investigation of anyone regardless of suspicion, then ask yourself why every non-authoritarian government forbids it.
I know that’s a lot; it is a complicated topic that is hard to understand the implications of. Unfortunately, everyone that could most effectively work to educate everyone on those risks is instead exploiting their ignorance for a wide variety of purposes. Some of those purposes are innocuous, but others are ethically dubious, and many more are just objectively nefarious. To be clear, the reason for the laws against blanket investigations was to prevent the dubious and nefarious uses, because once that data is collected, it isn’t feasible to ensure it will stay in the right hands. The determination was that potential net good of this kind of data collection is far outweighed by the potential net negatives.
I hope that helps!
That’s an interesting article. The biggest insight is that it can go around hippa for example.
This guy fucks!
A detailed room-mapping scan is basically a wealth report disguised as vacuum telemetry: square footage, room count, layout complexity, “bonus” spaces like offices or nurserie; all of it feeds straight into socioeconomic profiling. And once companies have that floor plan, they’re not just storing it; they’re monetizing it, feeding it into ad networks, data brokers, and pricing algorithms that adjust what you see (=and what you pay) based on the shape of your living space.
And a mapped floor plan also quietly exposes who lives in the home, how they move, and what can be inferred from that.
Isn’t this information already available? Like if I’m house shopping I know how many rooms the house has and the area of the house.
You know rough dimensions you don’t have a robot going through and literally mapping every item on the floor, high traffic areas , details about amount of people that live there, possible pets, and then tying it to your IP and then selling that to advertisers.
The crazy thing isn’t that they do that it’s that you have to pay money for an item that then does that without your permission and if you attempt to stop it they brick your item that you paid hundreds of dollars for
I don’t know for certain if they sell your data (but they probably do) but you can use a wifi router and how it reflects in a room you can fully map a room with enough accuracy that you can tell what a person is typing on a keyboard which is kind of terrifying if you think about it
How is that information used?
They sell it, some of it is sold to advertisers but recently companies like palantir have been buying these large collections of data, de anonymizing it and then they can use it to develop profiles about people which they can then sell to the government
And that’s what they admit to doing
Once your data is out there it’s essentially impossible to get it back
One aspect to consider is exactly what data these devices are exfiltrating from your network. You usually can’t see the contents of the telemetry sent, but given that a LOT of smart devices have cameras and/or microphones, do you really trust that your IoT devices are not sending back audio and or video recordings of the inside of your house?
Email me the blueprints to your house, your address, name, and your favorite hobbies and I will tell you the answer.
You might get some snarky comments, but the way I envision it is that the fuller of a picture companies can get of you (when you’re running a vacuum, when you’re driving, when your lights are on and off, etc.) the more data they have to try and run predictive analytics on your behavior and that can be used in a variety of ways that may or may not benefit you. At this point it’s mostly just to get you to buy things they think you’ll buy, but what happens when your profile starts to match up with someone who commits crimes? Maybe you get harassed by the authorities a little more often? Generally the lack of consent around how the data is collected and how it’s used is the problem most people have.
what happens when your profile starts to match up with someone who commits crimes?
I’d dismiss this as fanciful ten years ago. But we’ve got ICE agents staking out grocery stores and flea markets looking for anyone passably “illegal”. Palantir seems to have made a trillion dollar business model out of promising an idiot president the ability to Minority Report crime. And then you’ve got the Israeli’s Lavendar AI and “Where’s Daddy” programs, intended to facilitate murdering suspects by bombing the households of relatives.
I guess it wouldn’t hurt to be a little bit more paranoid.
Old news that’s been posted several times in the last weeks
Jesus christ, just vaccuum your own house already. This is the largest tradeoff I have ever seen for the minor inconvenience of a single household chore.
This comment is fucking insane lol
I dont even vacuum. I get on my knees and clean my floors by hand.
I can’t do that, I have bone spurs (actually though)
That’s why this invasive tech is criminal. Just plain criminal.
This shit is two months old. How many times is it going to recirculate?
until something meaningful is dore about it i hope
