Why the fuck does a vacuum cleaner need internet access!
Firmware updates. It runs on software that requires routine maintenance if you want it to do all the fancy stuff and needs updates, to keep up with security protocols and fix bugs remotely. That requires internet access.
USB port.
Internet access is absolutely not required for any technical reason
Unrealistic. Not everyone is technically savvy enough to download firmware updates from a website just to put on a USB stick. It’s intimidating to users and takes too many steps thus making it an inconvenience to the customer. Users much rather just call up a number and have a tech fix it remotely.
Additionally, it takes time for firmware updates that contains fixes to get uploaded to a website, so it would really piss users off to have an inop device in the meantime. Much easier and faster to call up a tech and have them fix it remotely.
Also, USB sticks would require the user to get to a computer, which they may not have, and the manufacturer would have to install a USB port on the device itself. I see your point from a security standpoint, but I can’t see a manufacturer spending more on a slower, user-error prone, and in many ways outdated, tech just for the sake of security and privacy
People plug devices into their computers daily for charging and updates.
They can visit websites. They have a robot vacuum ffs, they have a computer.
And firmware can be updated by Bluetooth from a phone and BT on the vac can be turned off when unneeded.
This reasoning is specious. There is no intrinsic reason for any home appliance to need unfettered internet access. Tech bros may want 24/7 upskirt photos of their users, but we don’t have to accept their requests.
We give up nothing by insisting on privacy in our homes. We can have all the cool things without giving it up.
The sheer fact that internet access exists for them indicates there’s a use case. And it’s obvious. Over the air updates are objectively a better user experience. Maybe even the best. For the average consumer that doesn’t even know to use ctrl + c, what do you think they’ll choose: dragging out the USB stick/cord or just having the device take care of itself?
The problem isn’t that the devices have internet access. It’s that we don’t have appropriate legislation governing protection of privacy that would keep this kind of snooping in check.
I prefer to chew my own food as do most adults.
You can’t claim it’s objectively better user experience, we haven’t really tried other alternatives. You made that up. It comes from a place of contempt for the mythical ’user’ that is unwarranted and distasteful. People are not as stupid as you think they are.
There a many work flows that would protect privacy and require no additional steps or unfamiliar actions most consumers of robo vacs already know.
Users have to clean and handle a robo vac frequently. Make an app that guides them in the clean out and does the firmware update by bluetooth (which is only on when the dirt trap is open) AFTER asking permission and explaining the update.
Once more, there is no compelling use case for constant internet connection for these types of appliances. The only reason to include it is to invade privacy for Silicon Valley reasons, which are evil.
It’s really not some mythical user, man. I just laid out the two main methods we were comparing of updating firmware. One process requires literally 0 user intervention after device setup. The other require the user to intervene. In what world is the process where the end user has to do literally nothing to get updates inferior to any process that requires intervention? It’s not that the device has Internet that’s the issue. It’s that there’s nothing respecting privacy! We’re on the same side but you wanna…what…make it illegal to do OTA updates because internet connectivity for devices is intrinsically invasive somehow? I just don’t get it. Your position doesn’t make sense.
Make an app
And now the app pulls gelocation data of the user and takes the data on the device and uploads it through the app because no privacy laws.
Why does using a USB stick to flash the firmware equate with chewing your own food, but using an app to update the firmware not? They didn’t compile the app from code!
there is no compelling use case for constant internet connection for these types of appliances
I literally just gave you one. The ability to push out OTA updates for bugs greatly reduces the complexity of maintaining technical support and development to support legacy features. I don’t know, maybe instantly patching a critical Bluetooth vulnerability to protect users privacy via OTA updates is compelling enough ?Do they have to do it that way? No. The device could just get it via BT from the phone app. Basically the same thing as the device itself doing it.
But the privacy issue still remains even if we remove WiFi from the fucking vacuum and then just let the phone app have WiFi access instead.
Did I make my point better? Removing internet access to the device, doesn’t remove the privacy concern. It just moves it somewhere else. And yes I know there absolutely is a way to do firmware updates in some privacy respecting way, but if you maintain that a 0 step process is less preferable to the majority of users than any process that requires multiple steps… Then I don’t know. Interact with users more? There’s plenty of boomers peck typing their way around the internet.
I admit you have points, friend. I share your concern about privacy. But come on… We got where we are in part because the general users don’t give a flying fuck or even think about privacy.
So not only was the robot vacuum sending data without his permission, the moment he stopped that data from being sent to the company, the company remote bricked his device.
Seemingly more curious than ever, Narayanan now had no reason not to tear the thing apart looking for answers, which is exactly what he did. After reverse engineering the vacuum, a painstaking process which included reprinting the devices’ circuit boards and testing its sensors, he found something horrifying: Android Debug Bridge, a program for installing and debugging apps on devices, was “wide open” to the world.
“In seconds, I had full root access. No hacks, no exploits. Just plug and play,” Narayanan said.
Through a process of trial and error, he was eventually able to connect to the vacuum’s system from his computer. That’s when he discovered a “bigger surprise.” The device was running Google Cartographer, an open-source program designed to create a 3D map of his home, data which the gadget was transmitting back to its parent company.
In addition, Narayanan says he uncovered a suspicious line of code broadcasted from the company to the vacuum, timestamped to the exact moment it stopped working. “Someone — or something — had remotely issued a kill command,” he wrote.
“I reversed the script change and rebooted the device,” he wrote. “It came back to life instantly. They hadn’t merely incorporated a remote control feature. They had used it to permanently disable my device.”
In short, he said, the company that made the device had “the power to remotely disable devices, and used it against me for blocking their data collection… Whether it was intentional punishment or automated enforcement of ‘compliance,’ the result was the same: a consumer device had turned on its owner.”
This has been known for years ever since somebody stumbled upon pics of their home being sent back to the manufacturer. So anyone who doesn’t know by now just hasn’t been keeping up with the news.
An instance years ago of iRobot smart vacs that took pics of a woman on her toilet, among other pics and they ended up on forums and social media. Unfortunately, all smart devices communicate with their manufacturers on the cloud, which employees can get access to, so until all companies are forced to end-to-end encrypt all their data, we take a huge risk in trusting these employees to keep it safe. You’re always taking a chance.
A Roomba recorded a woman on the toilet. How did screenshots end up on Facebook?For real. The guy in the article being shocked is like someone being surprised that Facebook and Google use your data for ads. No shit! Everyone who’s been paying even a little attention knows this.
I hate to say it… But it’s all vacuums that have an internet connection at this time…
Whoever is stupid enough to buy a smart appliance deserves it. The only devices connecting to the internet should be a PC/laptop and maybe a smartphone.
