|
|
|
|
|
|
by virmundi
3361 days ago
|
|
|
All the things you listed are things to be planned for. None of them are extremely terrible in and off themselves with the proper vigilance. Even the data logging should be solvable with reasonable laws. Apply the general argument to personal computers. Anyone can attack your PC. Once pawned, they can get valuable information. Your IP could be wrongfully associated to a crime, which brings Jonny Law to your door. Given all of this, I still assume you see the idea of being connected via a PC as a good thing since you wrote a response via a browser. My question was essentially, why dismiss something whole cloth? You raise valid things to consider, but I don't think that anyone of them is a death stroke to IoT. They are, at least in my opinion, design considerations for products that make sense. |
|
|
You seriously expect the average person to have anything close to "proper vigilance" with a collection of IoT devices?
> reasonable laws
I'd absolutely love to see strong data protection laws passed, but that isn't likely in the near-ish future. Also, laws don't protect against bugs.
> All the things you listed are things to be planned for.
The worst problem in a new, unexplored area are the unknown/unexpected problems. You believe these data risks are minor - I strongly disagree - but how can you even begin to make that kind of judgment? Data persists and CVEs increase with time; how can you be certain that your data (which includes access credentials, e.g. ssl keys/certs, passwords) won't be stolen off some server (or your home devices) 20 years from now?
These are huge, unknown, open-ended risks that could suddenly become a problem at any point in the future.
> personal computers
The PC isn't tied to sensors around the house, with the ability to control various important hardware. The thermostat (nest) is an obvious example: it should be a trivial device, because simplicity is one of the better ways to guarantee reliability. Adding massive complexity and network access left a lot of people with a freezing house[1]. My PC isn't tied to important thing like the thermostat, because adding risk for effectively a nerd toy, social status symbol, and (allegedly) minor heating-bill benefits isn't a good trade-off, and it's terrible security.
The PC is a risk, but it can also serve as a place to contain the risk of being connected to a hostile network.
> why dismiss something whole cloth
I'm not: "...the key problem with IoT in most products is the ... costs do not outweigh the ... benefits."
Internet connectivity can work if the benefits sufficiently outweigh the cost of having to actually secure the device and remain vigilant and responsive to new security issues for the lifetime of the device. This is expensive, and approximately nobody is doing that right now. I also find it hard to believe that anything remotely similar to the current IoT toys on the market can ever be profitable enough to pay for their own security. There may be exceptions, of course, but they will be expensive (in some way) and rare.
[1] https://www.nytimes.com/2016/01/14/fashion/nest-thermostat-g...