Many of the things in our homes connect to the internet, allowing us to control them with our phones via an app, to be part of an online community or to access content online.
Everything’s sharing everything
Many of these devices have cameras and microphones, capturing highly personal information inside the home.
It’s not always clear that data is being captured, how that information is used, or who has access to it. This is often hidden inside complicated terms and conditions.
For some devices, the manufacturer’s business model is selling personal information on to others “If you’re not the customer, you’re the product”
Finally, many of these devices have security vulnerabilities, opening them up to attackers on the internet.
We showed people problems in their home
We prototyped Scout, a service that monitors devices connected to a home wifi network, and showed it to four people who use these kinds of devices in their homes.
We showed them some potential vulnerabilities in a home network that was similar to their own. They saw how personal information was transferred to a third party company, allowed via a clause buried deep within a product’s terms and conditions.
How much do people understand about the risks of connected devices?
Most of our participants had not thought about how secure or private the connection between their devices and the internet was.
No I didn’t realise. It’s quite scary actually.
Some knew there were risks, but not the specifics.
More things are becoming connected to the internet. You hear more stories of people hacking into things, the more secure you can be the better.
Can we make security exploits visible and understandable?
When we showed them the Scout prototype, our participants immediately understood the implications for their individual situation.
It sounds like, when you’re sitting in a room with a smart TV, it could potentially be sent to a third party.
You could be buying something over the phone, doing your insurance, giving your credit card information to pay for your insurance. If someone has intercepted that, they could commit fraud on my account.
Would people “downgrade” their devices to make them more private?
Despite our participants obvious discomfort at learning about the flaws in devices they had bought, they weighed up their options and broadly decided to take no action.
Cost was a factor; smart devices had been a significant outlay, and the idea of reducing their functionality was not appealling.
…they weighed up their options and broadly decided to take no action
But again, if I’ve spent a lot of money on it. I don’t know if I would. I don’t know. Just stick to it and take the risk, potentially.
Once informed, people were very good at balancing the risks against the benefits they get from their devices.
I wouldn’t take it back for a refund because he likes it too much. It’s like big brother. He feels safer with it.
Can we help people work together to influence manufacturers?
People were interested in the idea of lobbying manufacturers to change their practices through the service. We thought this might be a good way to link in with membership and the wider Co-op campaigning work.
I would assume that the team behind Scout would contact British Gas that people aren’t happy about them sharing their data. I’d click on the join option.
I would join 3865 people asking Samsung to change this.
There was a mistrust of companies
You don’t know who to believe. Samsung are saying they’re not breaking laws, this article is saying that it is.
But deep down they would probably do that [share data with third parties] anyway without asking permission.
There was a clear difference between inside and outside the home
My sister doesn’t use it all, she doesn’t like the idea of having cameras in the house.
If it’s purely that they can look at what’s on the CCTV, that’s only outside the house so that’s OK.
People have a very individual view of what is private
If you read out credit card details it would be a problem but normal conversations, not that bothered.
I did hear about this, smart TVs recording private conversations. It’s a bit Orwellian.
In principle I don’t think this is OK, even if they don’t do anything with it.
It doesn’t matter that much if people can see my photos.
If the government wanted to use it for a purpose that might make me think it’s OK but not just corporates.