(Why, and How To) Demand Privacy From the Internet of Things

Google has an amazing service called “Timeline”. Here’s a screenshot of one part of mine:

Location captured from my old phone. Photos were uploaded years later. Google stitched them together into a story. Facial recognition suggested the correct name for my friend in the photo (bottom-left).

You can view your own timeline by visiting https://www.google.com/maps/timeline — you may click “Pause” but there’s no explanation about what “Pause” means.

Pause what, exactly?

Does “Pause” mean:

• pause recording?
• pause sharing my data with third parties or other parts of Alphabet?
• pause compiling web searches, browsing history, photos, location data, etc, into a story?
• pause adding information to this one specific page for me to view?

Google doesn’t really say.

That this data is only available to you via a clunky interface (no way to “download all data”) — and cannot be easily deleted en masse — are troublesome.

Over the next few years the number of Internet-connected devices the average person owns will increase to a handful at first, then a dozen, before becoming the expected norm. Without consumer expectations of privacy (in addition to convenience and quality) we are faced with a panopticonic dystopia of having to choose between the new normal of everyday objects vs old-school, “dumb” devices.

Meanwhile, Barbie records and uploads your child’s playtime conversations to the cloud.

Uploading might be OK, as long as it’s encrypted from device-to-cloud, and from cloud-to-third-party, but the FBI requests otherwise:

Even if the device were expected to encrypt data before sending it to the cloud, millions of devices have been misconfigured or unpatched (this has come up multiple times):

When the developer of the devices tries to do the right thing — using encryption, secure messaging, storage, etc — manufacturing problems can still cause problems.

And still, even after a secure upload to the cloud, images and data must be stored securely. Most often, they are not.

OK — Enough Tweets

Consumers need to be educated before any change will happen. However, it’s currently not a priority for the tech industry to have an informed consumer market. Until we understand, expect and actively seek out secure, honest and trustworthy devices, services and providers, true privacy and security will be out of reach for all but the most informed and technically savvy.