From the translator: a brief retelling of the articleCentralization of smart home devices (like Apple Home Kit, Xiaomi and others) is bad because:
- The user becomes dependent on a particular vendor, because devices cannot communicate with each other outside the same manufacturer;
- Vendors use data about users at their own discretion, leaving no choice to the user;
- Centralization makes the user more vulnerable, since millions of users are immediately vulnerable to a hacker attack.
Mozilla conducted a study in which they found out:
- Some users are willing to sacrifice data privacy for comfort;
- Most are accustomed to having data collected about them and are surprised when this does not happen;
- A significant part of users would like to refuse surveillance, but they have no choice.
Mozilla is evolving its smart home standard and encouraging everyone to move towards decentralization and isolation. Their does not collect any data at all, and can work completely autonomously.
Details, links, Mozilla research results will follow.
Smart home devices help make life a little easier, but at the same time, they require the control of your information to be transferred to their manufacturing companies in order to work. IN from on protecting online privacy, the author recommended buying IoT devices only when the user is βwilling to sacrifice some privacy for the sake of convenience.β
This is sound advice, since the companies that manage smart home devices know you're at home, not only when you let them know. Soon they will use permanent microphones and listen literally , and then offer you cold medicine from its affiliated providers. Moreover, requiring you to transfer data and process logic only on your servers reduces the possibility of interaction between different platforms. Leading companies will rob consumers of the choice of technology they need.
At Mozilla, we believe that the user should have control over their devices. ΠΈ data that these devices generate. You must own the data you you have to control where they go, you should be able to .
should , a set of principles from , which consider maintaining the confidentiality of user data throughout the design and development of the product. Prioritizing people over profits, we offer an alternative approach to the Internet of Things that is fundamentally private and gives users back control over their data.
User attitudes towards privacy and IoT
Before looking at the WebThings architecture, let's talk about how users think about privacy in the context of smart home devices, and why it's important to empower people to take charge.
Today, when you buy a smart home device, you get the convenience of being able to control and monitor your home over the Internet. You can turn off the lights at home while in the office. You can check if the door to the garage is left open. showed that users passively (and sometimes actively) agree to exchange privacy for the convenience of managing their home. When the user does not have the choice of an alternative to gaining convenience in exchange for loss of privacy, he reluctantly agrees to such an exchange.
However, just because people buy and use smart home devices, that doesn't mean they're comfortable with the status quo. One recent user survey showed that almost half (45%) of the 188 smart home owners were concerned about the privacy or security of their devices.
User survey results
In autumn 2018, our research team conducted , which was attended by 11 users from the US and the UK. We wanted to know how convenient and practical our WebThings project is. We gave each participant a Raspberry Pi with WebThings 0.5 pre-installed and several smart devices.
Smart devices are issued to study participants
We observed (on site or via video chat) how each of the participants went through the entire installation stage and . We then asked the participants to keep a diary to document their interactions with the smart home, as well as to keep track of issues that arose along the way. After two weeks, we spoke with each participant about their experiences. Several participants, who were new to the smart home concept, were excited about the IoT's ability to simplify routine tasks; some were disappointed by the lack of reliability of some devices. The impressions of the rest were somewhere in between: users wanted to create more complex algorithms and rules, they wanted a smartphone application to receive notifications.
In addition, we learned about user attitudes towards data collection. To our surprise, all 11 participants were adamant that we were collecting data about them.. They have already learned to expect this kind of data collection, since this is the model that prevails in most platforms and online services. Some of the participants felt that the data was being collected for quality improvement or for research purposes. However, upon learning that no data was being collected about them, two of the participants were relieved that they had one reason less to worry about their data being misused in the future.
On the contrary, there were participants who were not at all worried about collecting data: they believed that companies were not interested in such insignificant information, like turning a light bulb on or off. They did not see the consequences of how the collected data could be used against them. This showed us that we should better demonstrate to users, . For example, it is not difficult to determine when you are not at home using data from a door sensor.
Door sensor logs can show when someone is not at home
From this study, we learned what people think about the privacy of the data generated by smart homes. And at the same time, in the absence of an alternative, they are ready to sacrifice privacy for the sake of comfort. And some don't care about privacy because they don't see the long-term negative effects of data collection. We believe that , regardless of socioeconomic status or technical skills. Now we will tell you how we do it.
Decentralization of data management gives users privacy
Smart home device manufacturers have designed their products to provide more service to them than to consumers. Using a typical IoT stack where devices cannot easily communicate, they can build a reliable picture of user behavior, preferences, and actions from the data they have collected on their servers.
Take the simple example of a smart light bulb. You buy a light bulb and download a smartphone app. You may need to set up a block to transmit data from the light bulb to the internet, and perhaps set up a "cloud user account subscription" with the light bulb manufacturer to control it at home or remotely. Now imagine five years later, when you install dozens or hundreds of smart devices - household appliances, energy saving devices, sensors, security systems. How many apps and accounts will you have by then?
The current operating model requires you to share your data with manufacturing companies in order for your devices to function properly. This, in turn, requires that you work only with devices and services of these companies - in such .
Mozilla's solution puts data back into the hands of users. Mozilla WebThings does not have the company's cloud servers that store the data of millions of users. User data is stored in the user's home. Backups can be stored anywhere. Remote access to devices comes from a single interface. The user does not need to install many applications, and all data is tunneled through a private subdomain with HTTPS encryption, which created by the user .
The only data Mozilla receives is when the subdomain checks our server for WebThings updates. The user can not give devices access to the Internet at all and manage them completely locally.
The decentralization of WebThings gateways means that each user has their own "data center". The gateway becomes the central nervous system of the house. When users' smart device data is stored in their homes, it becomes much more difficult for hackers to access multiple user data at once. The decentralized approach provides two main advantages: complete confidentiality of user data, and reliable storage behind best-in-class encryption.https.
The figure below compares Mozilla's approach with that of a typical smart home device manufacturer.
Comparison of Mozilla's approach to a typical smart home manufacturer
Mozilla's approach provides users with an alternative to current offerings while keeping their data private ΠΈ convenience of IoT devices.
Further Decentralization Efforts
When developing Mozilla WebThings, we deliberately isolated users from servers that might collect their data, including our own Mozilla servers, while offering an interoperable decentralized IoT solution. Our decision not to collect data is an integral part of our mission and further reflects our organization's long-term interest in new technologies. as a means of increasing user engagement.
Webthings embodies our mission to treat personal security and privacy online as a fundamental right, giving power back to users. From the point of view , decentralized technologies can destroy centralized "authorities" and return more rights to the users themselves.
Decentralization can be the result of social, political and technological efforts to redistribute power from a minority to a majority. We can achieve this by rethinking and re-architecting the network. By allowing IoT devices to operate on a local network without the need to transfer data to external servers, we decentralize the existing IoT fabric.
With the help of Mozilla WebThings, we are building an example of how a decentralized distributed system through web protocols can influence the IoT ecosystem. Our team has already created a draftto support the standardization of web usage across other IoT devices and gateways.
While this is one way to achieve decentralization, there are complementary projects with similar goals at different stages of development to put power back in the hands of users. Signals from other market players such as , ΠΈ, show that individuals, households and communities are looking for ways to manage their data themselves.
By focusing on people first, gives people choice: about how private they want their data to be and what devices they want to use on their system.
Related publications:
Source: habr.com