Your views and feedback from email and the web
Smart home, loose privacy
I read with interest your article on smart homes (see issue 351, p76) as I have earned more scars than most in this arena. I note you recommend Home Assistant for those that don’t want to share their homes’ innermost workings with US tech giants, but there’s something more troubling at the hardware end of this market. What many people don’t realise, or perhaps don’t care, is that smart device manufacturers find it tricky to link devices in an unknown home network, so instead their devices phone home as soon as you connect them to your Wi-Fi and remain permanently connected.
If you flick a switch in your living room it’s easier for the manufacturer if the data goes via its servers on its way to the light in the corner of your room.
We tolerate this from Amazon or Apple as it’s essential for the services they provide and they have a reputation to protect, with UK and US laws to keep them honest. But what about the Smart Life app that many of the devices you reviewed use? I have friends with 20 or 30 devices controlled through the Smart Life app, and yet they have never spent a penny on the app or its significant infrastructure, which is run by the Chinese company Tuya. An outage anywhere from China to the phone line in your road will render your smart house anything but, and who wants increasingly complex IoT devices in every room that maintain a connection to servers outside of our legal jurisdiction?
The alternative is something like Home Assistant, with any local webhook supporting devices (maybe something from Shelly, sadly absent from your reviews) and a basic grasp of your home network’s IP addresses.
You can then have a light switch talking just across the room to only the light. That sounds smart to me.
Alan Ingram
One last thought
A belated response to Jon Honeyball’s “One Last Thing” piece about the hypothetical Ethernet sniffing device planted in an MD’s office to bring down the company (see issue 350, p130). I do wonder whether the rise of outsourcing for things such as email makes the scenario described less likely or less damaging. If you planted such a device in the Ethernet cable going to my desk, you’d pick up traffic to Office 365 (encrypted end to end), OneDrive (ditto) and various internal wikis and apps. As it happens, we have run all our internal websites and apps behind HTTPS for some years now, but I suspect this would be the weak
