Scout — A smart-home counterspy agent
Our homes are increasingly populated by connected objects. Bulbs, thermostats, TVs, voice assistants and many other devices all try to make our life easier, but in exchange, they constantly collect and share information about us, with their makers and with other companies. And as these devices become part of our home life routines, it’s hard to keep remembering their privacy-sensitive behaviours.
Scout is our idea for bringing trust in the Smart Home. A device that monitors and displays the online communications of connected objects in real time, and allows to react on any suspicious behaviour by sending the manufacturer a legal request of explanation about the data they collected.
How does it work?
Scout acts as the router where all your devices connect to. Every time they “talk” to another computer somewhere else in the world, sending or requesting data from it, Scout intercepts the data and visualises it on its display, by dropping a new block on a stack.
Each block has a different aspect depending on the data it represents: the colour corresponds to the device that generated it; the shape points to different directions, giving an idea of where the recipient of the communication is located; and the block is filled or unfilled depending on whether the communication was encrypted (inaccessible by unauthorised parties) or not.
Over time, the blocks will fill Scout’s display, creating a visualisation of the otherwise hidden data activity of the Smart Home, and allowing to spot any anomalies at a glance.
For any connected device misbehaviour, such an unusual frequency of communication or unencrypted data exchanges, Scout allows taking actions. Through a button is possible to select the misbehaving device and to send the manufacturer a request for clarification, which the manufacturer is legally required to answer according to 2018 EU Data Protection Regulation (GDPR).
Maybe the anomaly was just an exceptional or faulty behaviour of the product service. Or maybe this is not the kind of product to feel comfortable living with.
In addition to the default mode, there are two other ways of accessing the data. By turning Scout upside down, its screen focusses on the last intercepted exchange, showing detailed information about it on the top of the monitor. A mobile app allows a more comprehensive overview of the data, classified for time and location.
Visual and Technology
We aimed to find a compromise between a visually pleasing appearance, a look that would blend in with a home environment, and Scout’s informative purposes, a visualisation that would allow to easily spot any unusual pattern in the data.
This was particularly interesting as the closest relative to Scout, the home router, is a device that rarely shows itself outside a closet. Eventually, once decided the visual language for the display, we chose a product shape inspired by the simple yet characteristic angular features of the data blocks.
As for the technical aspects, the Scout prototype uses a Raspberry Pi 3 configured as a router and a Node.js app for intercepting HTTP requests from the connected devices. The visualisation is implemented as a web app using the P5.js library.
A 2018 research found that a Samsung Smart TV, every 15 minutes, sends data to about 700 different addresses. That is, 700 different recipients, most likely of different companies, all have access to information related to your TV viewing preferences and habits.
All kinds of consumer electronics are now getting internet connectivity upgrades. And even if the majority of these “smart” devices are not as chatty as that Samsung TV, the situation is still not very comforting. There is, for instance, an internet-connected HP printer that sends filename and PC username for each file that it prints without encryption; or a Philips connected toothbrush that monitors and shares with the company your brushing habits, frequency and even technique (Which). And, as a webcam-based hacker attack in 2016 showed, security measures for connected devices is not something we can take for granted.
How much are we willing to give away privacy for convenience at home? And are we really aware and in control of the actual terms of this exchange?
2018 has seen a turning point for data and privacy online. The Cambridge Analytica case brought the topic to the general public attention and the new EU regulation on data protection (GDPR) came into play, requiring all data processing companies in EU to disclose and explain the data they hold on users at their requests.
But at home, where our new smart devices have access to our and our families most private moments and where we are the most off-guard about privacy-sensitive behaviours, we are not at all equipped to be in control about our data.
So, if in the past we found ourselves thinking on how to design connected devices you can trust; with Scout, we wanted to add trust to the Smart Home you already live in.
The good thing about (good) smart object is how they seamlessly integrate and become part of your lives. But as you forget that they are “smart” you also forget that the data they collect is constantly shared beyond your home’s walls.
In this scenario, Scout is on one hand just another “ambient” device in your collection. Not more eye-catching than the Nest thermostat on your wall and not out of place among your book collection. But on the other hand, it is also the blabbermouth of the bunch, your counter-agent in the otherwise unbalanced info-war of corporate surveillance.
This is an in-depth look at Uniform project Scout, developed as part of the Future Agency project. Please get in touch through our website if you want to know more.