| > proper vigilance You seriously expect the average person to have anything close to "proper vigilance" with a collection of IoT devices? > reasonable laws I'd absolutely love to see strong data protection laws passed, but that isn't likely in the near-ish future. Also, laws don't protect against bugs. > All the things you listed are things to be planned for. The worst problem in a new, unexplored area are the unknown/unexpected problems. You believe these data risks are minor - I strongly disagree - but how can you even begin to make that kind of judgment? Data persists and CVEs increase with time; how can you be certain that your data (which includes access credentials, e.g. ssl keys/certs, passwords) won't be stolen off some server (or your home devices) 20 years from now? These are huge, unknown, open-ended risks that could suddenly become a problem at any point in the future. > personal computers The PC isn't tied to sensors around the house, with the ability to control various important hardware. The thermostat (nest) is an obvious example: it should be a trivial device, because simplicity is one of the better ways to guarantee reliability. Adding massive complexity and network access left a lot of people with a freezing house[1]. My PC isn't tied to important thing like the thermostat, because adding risk for effectively a nerd toy, social status symbol, and (allegedly) minor heating-bill benefits isn't a good trade-off, and it's terrible security. The PC is a risk, but it can also serve as a place to contain the risk of being connected to a hostile network. > why dismiss something whole cloth I'm not: "...the key problem with IoT in most products is the ... costs do not outweigh the ... benefits." Internet connectivity can work if the benefits sufficiently outweigh the cost of having to actually secure the device and remain vigilant and responsive to new security issues for the lifetime of the device. This is expensive, and approximately nobody is doing that right now. I also find it hard to believe that anything remotely similar to the current IoT toys on the market can ever be profitable enough to pay for their own security. There may be exceptions, of course, but they will be expensive (in some way) and rare. [1] https://www.nytimes.com/2016/01/14/fashion/nest-thermostat-g... |