The holiday season means a new round of smart home device adoption ranging from thermostats and doorbells to bathroom scales.
While the convenience these devices provide can be pretty cool, the security and privacy issues are considerable. Device manufacturers can monetize information about your daily life extrapolated from the data sent back to them by these devices, selling it to advertisers and data mining operations.
And in case you missed the memo: you don’t need a permit or license to buy meta data sets, which means cybercriminals may be buying your data too–and yes, all that anonymized data can be re-identified pretty easily. (That’s tech talk for: Your supposedly un-identifiable data is completely identifiable, including your daily schedule, which is of interest to robbers among many other threat actors.)
If you’ve made up your mind to buy a smart home device for your own home or as a gift for someone else, here are a few things to keep in mind:
Do your homework: Not all smart home devices are created equal. Some companies are better when it comes to protecting user privacy (Apple, Ecobee and Anker come to mind); other manufacturers are less awesome, among them Google, Amazon and Wyze. Check the manufacturer’s privacy policy before purchasing and installing a device.
A good rule of thumb: The simpler the privacy policy, the more privacy-friendly the product or service. If you’re looking at twenty pages of legalese for an internet-connected light bulb, it’s more likely to be hiding some creepy data collection policies. If that seems like too big of a hassle, check out the Mozilla Foundation’s *Privacy Not Included website for straightforward explanations about the privacy and security concerns for some of the most popular internet-connected devices on the market.
Be careful when using third-party voice-activated assistants: Many smart home devices offer integration with voice-activated assistants like Siri, Alexa and Google Home. While it’s convenient to be able to have multiple devices tied together to the same platform, bear in mind that using any of them by definition means that you’re sharing your personal information with third parties.
An ironclad privacy policy on the part of a manufacturer amounts to very little if you are, by choice, providing third-party companies with data about how, when and where you’re using said devices.
Use strong passwords and enable two-factor authentication for your accounts: If your smart home device makes you set up a login and password, be sure to use a strong, unique password and enable two-factor authentication. Keep in mind that any internet-connected device is potentially providing a conduit to the rest of the world into your home; if you are reusing a password that’s been previously compromised, you’re providing easy access to cybercriminals who may also have a vested interest in your habits at home.
Adjust your settings: Many smart home devices come with their privacy settings disabled by default. If you connect with a mobile app, opt-out of data collection and limit ad tracking. If a device asks if you’d be willing to share “anonymous” data about your usage, the answer should be “No.” Data can be reidentified and “usage” is all too often code for “information that would be relevant to advertisers.”
Ask yourself if a device is worth the risk: Even if a device comes with strong privacy settings and an impeccable record when it comes to security, keep in mind that in order for it to work properly, it needs to accumulate and process data about your day-to-day life. Companies can change privacy policies and collected data can be intercepted or compromised; the risk-free approach is to keep internet-connected devices out of your home.
Considering the potential risks, is the added convenience of an app-based health scale, light panel or thermostat worth the end of privacy?