29 votes

The "S" in "IoT" is for Security

14 comments

  1. [3]
    MetArtScroll
    Link
    Indeed, as the source title suggests, the S in IoT is for “Security,” and, as another commenter here noted, the P in IoT is for “Privacy.” An even bigger problem is that in many jurisdictions what...

    Indeed, as the source title suggests, the S in IoT is for “Security,” and, as another commenter here noted, the P in IoT is for “Privacy.” An even bigger problem is that in many jurisdictions what the article author did might be quite illegal. Needless to say, intellectual property reforms are needed globally.

    10 votes
    1. [2]
      teaearlgraycold
      Link Parent
      Under what laws might the author’s work be illegal? I know DRM has an undeserved legal protection against reverse engineering. But that’s not something that all software can claim to be.

      Under what laws might the author’s work be illegal? I know DRM has an undeserved legal protection against reverse engineering. But that’s not something that all software can claim to be.

      2 votes
      1. MetArtScroll
        Link Parent
        It is indeed reverse engineering; in many cases, reverse engineering in private is OK (though it should be always legal in private IMHO), but here the author also published a description of what...

        It is indeed reverse engineering; in many cases, reverse engineering in private is OK (though it should be always legal in private IMHO), but here the author also published a description of what had been done (again, should still be legal IMHO, but MHO is not followed by way too many jurisdictions).

        1 vote
  2. [7]
    ImmobileVoyager
    (edited )
    Link
    And the P is for privacy, I suppose. I love the way it's phrased, but this is a concern that's been in my mind for a couple of years. Except for small DIY thingies, nobody ever owns a software. We...

    And the P is for privacy, I suppose.

    The only way to own my lamp was to pwn my lamp.

    I love the way it's phrased, but this is a concern that's been in my mind for a couple of years. Except for small DIY thingies, nobody ever owns a software. We are mercifully allowed to use softwares as per some End User Licence Agreement. Even the GPL is a conditional permission to use.

    That goes for cars too. We love to own automobiles, but the owner could not even ingress his vehicule without using some software, let alone start it or drive it. I've lost count of how many computers there are in a modern car : is it 6, or 15 ? How does it go when you buy a brand new car ? Do you sign some EULA ? How nosy and chatty are those embedded softwares ? How comes that we are complacent about those lethal black boxes in our public space ?

    Being born a geek, for decades I've dreamt of the moment when I'd be able to control home appliances from a computer. That moment is seemingly now but I'll pass : I should have stressed more explicitely what I meant :

    I (and nobody else) could control (and not feed) home appliances from a my own private computer.

    Also, I am more or less an obsolete model. I read Brave New World and 1984 before I learned to code, and even that was before computers became personal, and thus long before they became the instruments of the Surveillance Capitalim currently ensnaring us all.

    8 votes
    1. [6]
      Macil
      Link Parent
      The GPL only conditionally revokes permission to redistribute software. It doesn't restrict usage. You're free to maintain a private fork of GPL software that integrates proprietary code, etc.

      Even the GPL is a conditional permission to use.

      The GPL only conditionally revokes permission to redistribute software. It doesn't restrict usage. You're free to maintain a private fork of GPL software that integrates proprietary code, etc.

      10 votes
      1. [5]
        ImmobileVoyager
        Link Parent
        I know. I mention it here because it is still a licence : one is granted permission to use the software, one does not own it, be it a proprietary software propelling a gadget lamp or an onboard...

        I know.

        I mention it here because it is still a licence : one is granted permission to use the software, one does not own it, be it a proprietary software propelling a gadget lamp or an onboard software computing matters of life and death.

        What I mean to insist on here is that our ever-increasing reliance on softwares has profundly changed how we understand ownership, and thus the control one individual can exert on his "own" life and even on his "own" self.

        (Comparing the merits and faults of the numerous software licences will be for another time)

        1. [2]
          pvik
          Link Parent
          I am not really sure I understand your gripe with GPL. GPL is a license just like MIT, any text that dictates how you can use software/code, albeit freely-distributed code is still referred to as...

          I am not really sure I understand your gripe with GPL.

          it is still a licence

          GPL is a license just like MIT, any text that dictates how you can use software/code, albeit freely-distributed code is still referred to as a license.

          one is granted permission to use the software, one does not own it

          GPL is typically associated with code that builds the software. You can inspect it, audit it, fork it and make changes, that pretty much checks all the boxes for owning software.
          What makes you feel you don't own GPL software?

          As an open source developer who writes code for free, I would very much like to have the option to dictate how people use my code, often times I just release stuff under MIT license, but I respect the GPL and it's variations for the impact it has had on open source technology.

          our ever-increasing reliance on softwares has profundly changed how we understand ownership

          I don't think blaming our reliance on software for this is entirely right.
          Companies have slowly changed how much of a product they sell us, we own and shifted the goal-posts gradually.

          Given that a large percentage of the population don't really care about ownership of their software (nor even think about it), which being a non-tactile entity can also extenuate this.
          Internet as a software platform with subscription services have contributed to this, however, I can't blame companies for monetizing their product more efficiently, that is what a capitalist economy dictates.

          Even software which requires a subscription to use, like the Adobe suite, Office365, etc have become common-place. I hated this trend catching on for years, but I feel like that model for software distribution has become quite common and is here to stay.
          I even pay for intelliJ suite annually, and realized I no longer have a problem with that business model, since I do like to support those devs and their product makes my life a lot easier.
          (IntelliJ's licensing is still a lot better than a lot of other subscription based software out there, which prevent you from using their software once you end the subscription. Whereas with intelliJ's software, you just stop getting updates and access to future releases)

          What I am trying to get to is, I am not sure how important software ownership is at the end of the day. With the billions of man-hours companies spend writing software, realistically they are never going to open-source all their code. Software binary distribution and use as-is terms still works for most commercial software.

          I feel hardware ownership and right to repair are larger issues we currently face, not our reliance on software.

          6 votes
          1. ImmobileVoyager
            Link Parent
            Try to start by shedding the gripe angle, which is completely absent here.

            I am not really sure I understand your gripe with GPL.

            Try to start by shedding the gripe angle, which is completely absent here.

            1 vote
        2. [2]
          petrichor
          Link Parent
          If not a license, what do you think the distinction in "ownership" should be between the person who wrote the software and the people using the software?

          I mention it here because it is still a licence : one is granted permission to use the software, one does not own it, be it a proprietary software propelling a gadget lamp or an onboard software computing matters of life and death.

          If not a license, what do you think the distinction in "ownership" should be between the person who wrote the software and the people using the software?

          1 vote
          1. ImmobileVoyager
            Link Parent
            Idk. Then again, besides small thingies, a software is never written by a person. The question might be the one of the relationship between human beings and the global digital ecosystem, which,...

            Idk.

            Then again, besides small thingies, a software is never written by a person.

            The question might be the one of the relationship between human beings and the global digital ecosystem, which, with just a little bit of imagination, may be seen as autonomous and sentient.

            Old question anyway, but with things digital now governing every aspect of life, the question of who, exactly, owns what has recently taken an acute and unpredented turn.

            Add to this the notions of responsability and accountability that are (were ?) traditionally, and legally, associated to ownership, and you've got material for an interdisciplinary research program of planetary proportions.

  3. Eric_the_Cerise
    Link
    Clever title, good read. It's a bit too technical for average, non-techie readers to understand, but still worth skim-reading for "regular" people to appreciate how ridiculously difficult it is to...

    Clever title, good read. It's a bit too technical for average, non-techie readers to understand, but still worth skim-reading for "regular" people to appreciate how ridiculously difficult it is to actually own/control/secure the IoT devices they "buy".

    6 votes
  4. [3]
    Octofox
    Link
    I don't see light at the end of the tunnel for IoT. The concept of IoT devices is very appealing because they fill an actual need/want for people. But there is just no way to make them work....

    I don't see light at the end of the tunnel for IoT. The concept of IoT devices is very appealing because they fill an actual need/want for people. But there is just no way to make them work. Software is insanely complex so they will always be filled with bugs. Buggy software connected to a network will get exploited. IoT vendors don't care since there is no way the risk falls back on them.

    The only solution I see is if Apple pushes some kind of privacy IoT platform where individual devices do not get to connect to 3rd party servers or to the internet at all but only to an Apple hub. Apple can then make sure they keep that one hub secure and up to date and the rest is protected through that.

    4 votes
    1. lonjil
      Link Parent
      A lot of smart devices already work like that. ZigBee devices can only talk with other devices on the same ZigBee network and their hub, which may or may not be connected to the internet. Though...

      A lot of smart devices already work like that. ZigBee devices can only talk with other devices on the same ZigBee network and their hub, which may or may not be connected to the internet. Though ZigBee is mostly restricted to things with simple actions attached, like sensors, lights, motors, and what not.

      7 votes
    2. joplin
      Link Parent
      Apple has been pushing something like this, at least for security cameras, called Home Kit Secure Video. From what I hear (I haven't tried it yet, but am thinking about it), it's got some rough...

      Apple has been pushing something like this, at least for security cameras, called Home Kit Secure Video. From what I hear (I haven't tried it yet, but am thinking about it), it's got some rough edges. If I understand it correctly, some of the cameras (like eufy, I think?) that support it will store video locally, but allow you to access it over the web via your iCloud account. It also lets you set permissions of who else in your household can see it. (But having not used it yet, it's possible I'm misunderstanding.)

      3 votes