From the translator: a brief retelling of the articleCentralization of smart home devices (like Apple Home Kit, Xiaomi and others) is bad because:
- The user becomes dependent on a particular vendor, because devices cannot communicate with each other outside the same manufacturer;
- Vendors use data about users at their own discretion, leaving no choice to the user;
- Centralization makes the user more vulnerable, since millions of users are immediately vulnerable to a hacker attack.
Mozilla conducted a study in which they found out:
- Some users are willing to sacrifice data privacy for comfort;
- Most are accustomed to having data collected about them and are surprised when this does not happen;
- A significant part of users would like to refuse surveillance, but they have no choice.
Mozilla is evolving its smart home standard and encouraging everyone to move towards decentralization and isolation. Their
Details, links, Mozilla research results will follow.
Smart home devices help make life a little easier, but at the same time, they require the control of your information to be transferred to their manufacturing companies in order to work. IN
This is sound advice, since the companies that manage smart home devices know you're at home, not only when you let them know. Soon they will use permanent microphones and listen literally
At Mozilla, we believe that the user should have control over their devices. ΠΈ data that these devices generate. You must own the data you you have to control where they go, you should be able to
User attitudes towards privacy and IoT
Before looking at the WebThings architecture, let's talk about how users think about privacy in the context of smart home devices, and why it's important to empower people to take charge.
Today, when you buy a smart home device, you get the convenience of being able to control and monitor your home over the Internet. You can turn off the lights at home while in the office. You can check if the door to the garage is left open.
However, just because people buy and use smart home devices, that doesn't mean they're comfortable with the status quo. One recent user survey showed that almost half (45%) of the 188 smart home owners were concerned about the privacy or security of their devices.
User survey results
In autumn 2018, our research team conducted
Smart devices are issued to study participants
We observed (on site or via video chat) how each of the participants went through the entire installation stage and
In addition, we learned about user attitudes towards data collection. To our surprise, all 11 participants were adamant that we were collecting data about them.. They have already learned to expect this kind of data collection, since this is the model that prevails in most platforms and online services. Some of the participants felt that the data was being collected for quality improvement or for research purposes. However, upon learning that no data was being collected about them, two of the participants were relieved that they had one reason less to worry about their data being misused in the future.
On the contrary, there were participants who were not at all worried about collecting data: they believed that companies were not interested in such insignificant information, like turning a light bulb on or off. They did not see the consequences of how the collected data could be used against them. This showed us that we should better demonstrate to users,
Door sensor logs can show when someone is not at home
From this study, we learned what people think about the privacy of the data generated by smart homes. And at the same time, in the absence of an alternative, they are ready to sacrifice privacy for the sake of comfort. And some don't care about privacy because they don't see the long-term negative effects of data collection. We believe that
Decentralization of data management gives users privacy
Smart home device manufacturers have designed their products to provide more service to them than to consumers. Using a typical IoT stack where devices cannot easily communicate, they can build a reliable picture of user behavior, preferences, and actions from the data they have collected on their servers.
Take the simple example of a smart light bulb. You buy a light bulb and download a smartphone app. You may need to set up a block to transmit data from the light bulb to the internet, and perhaps set up a "cloud user account subscription" with the light bulb manufacturer to control it at home or remotely. Now imagine five years later, when you install dozens or hundreds of smart devices - household appliances, energy saving devices, sensors, security systems. How many apps and accounts will you have by then?
The current operating model requires you to share your data with manufacturing companies in order for your devices to function properly. This, in turn, requires that you work only with devices and services of these companies - in such
Mozilla's solution puts data back into the hands of users. Mozilla WebThings does not have the company's cloud servers that store the data of millions of users. User data is stored in the user's home. Backups can be stored anywhere. Remote access to devices comes from a single interface. The user does not need to install many applications, and all data is tunneled through a private subdomain with HTTPS encryption, which created by the user .
The only data Mozilla receives is when the subdomain checks our server for WebThings updates. The user can not give devices access to the Internet at all and manage them completely locally.
The decentralization of WebThings gateways means that each user has their own "data center". The gateway becomes the central nervous system of the house. When users' smart device data is stored in their homes, it becomes much more difficult for hackers to access multiple user data at once. The decentralized approach provides two main advantages: complete confidentiality of user data, and reliable storage behind best-in-class encryption.https.
The figure below compares Mozilla's approach with that of a typical smart home device manufacturer.
Comparison of Mozilla's approach to a typical smart home manufacturer
Mozilla's approach provides users with an alternative to current offerings while keeping their data private ΠΈ convenience of IoT devices.
Further Decentralization Efforts
When developing Mozilla WebThings, we deliberately isolated users from servers that might collect their data, including our own Mozilla servers, while offering an interoperable decentralized IoT solution. Our decision not to collect data is an integral part of our mission and further reflects our organization's long-term interest in new technologies.
Webthings embodies our mission to treat personal security and privacy online as a fundamental right, giving power back to users. From the point of view
Decentralization can be the result of social, political and technological efforts to redistribute power from a minority to a majority. We can achieve this by rethinking and re-architecting the network. By allowing IoT devices to operate on a local network without the need to transfer data to external servers, we decentralize the existing IoT fabric.
With the help of Mozilla WebThings, we are building an example of how a decentralized distributed system through web protocols can influence the IoT ecosystem. Our team has already created a draft
While this is one way to achieve decentralization, there are complementary projects with similar goals at different stages of development to put power back in the hands of users. Signals from other market players such as
By focusing on people first,
Related publications:
Source: habr.com