Why I Keep My Home Dumb: the Trojan Horse of Surveillance
The Trojan Horse of Surveillance
If you value your freedom, consider keeping your home “dumb”. Smart devices are all the rage, but the privacy policies of Internet of Things (IoT) reveal them for what they really are – the Trojan horse of surveillance. Designed to destroy the sanctuary of our home and our body.
Gadgets are fun, miraculous, they save time and money, they make us look cool, they even facilitate good habits! What’s not to like?
The ancient Greek myth about the Trojan war is a cautionary tale. In the story, the Greeks besieging the independent city of Troy designed a cunning plan to breach its defenses. They made a giant wooden horse and presented it to the city as a gift. Once the Trojan horse was within the walls, soldiers emerged from the inside and opened the city gates. Troy was destroyed.
Since then, a “Trojan horse” came to mean any scheme that causes a target to voluntarily invite an enemy into a protected place.
The Trojan horse was a “free” gift that came at a heavy price. Today we pay top dollar for “smart” devices and invite the Trojan horses of surveillance into the sanctuary of our homes. Once they enter our lives, we need to brace ourselves for the attack by the armies of algorithmic mind control concealed within.
Privacy policies really are surveillance policies. Their battle cry “We are committed to your privacy!” is a lie: as a business, they are committed to surveillance profits, only possible in the absence of privacy.
Shoshana Zuboff, the author of The Age of Surveillance Capitalism featured in The Social Dilemma documentary, calls Internet of Things supply routes for surveillance capitalism, whose goal is to convert human experience into products of predicting and manipulating human behavior. These prediction products are then sold to real customers – advertisers or anyone else seeking to control our minds.
Smart household objects are the perfect two-way vehicles for accomplish this goal:
Pull: they supply behavioral data to the tech companies.
Push: they act as agents of behavior modification.
Behavioral data can be used in two ways:
- Reinvested in the user experience to improve the product. That’s what we assume when we buy it.
- Fed to machine intelligence to manufacture user behavior predictions for sale. We did not sign up for this.
Tech gurus promise us that in the future the Internet will disappear into the background, becoming an integral part of everyday reality. Every object would be connected: our furniture, our clothes, our food, our body.
Everything we use will be watching us – and manipulating our behavior outside our awareness.
To conceal the real purpose of connected devices, our attention is diverted to their benefits, while the enormous cost to our privacy is hidden in the small print of privacy policies no one reads.
Even if we did read them, it would make no difference. There is no “Decline” button. If you do not accept the surveillance, the product simply would not work: essential functions are held hostage to surveillance revenues.
No doubt, smart devices provide a lot of value. Unfortunately, their utility is a devil’s bargain.
You must pay with your soul that would be data-mined to the very depths of your being.
The trade-off between convenience and privacy is real. What really happens to data collected by our helpful gadgets?
I read through several “privacy” policies. Here is what I found.
After voluntarily strapping these tracking devices onto ourselves, humans are no longer free-range animals. From that moment on, our behavior, movements, breathing, heart rate, sleep, even menstrual cycles belong to the Big Other.
In 2019, Fitbit was bought by Google. The author of Surveillance Capitalism warns us that the reasoning behind such acquisitions is establishing new supply routes for behavioral data – health data being the most valuable kind. Combined with everything else Google already knows, commercial use of health data is inevitable – unless it is made illegal.
What Do They Know?
- Your name, email, password, date of birth, gender, height, weight, phone number, profile photo, biography, country, username, your logs for food, sleep, water, and female health; content of your messages within Fitbit network, plan, goals, and actions you record with your coach, your calendar events, the number of steps you take, your distance traveled, calories burned, heart rate, sleep stages, active minutes, precise geolocation data, your web activity, and all devices you use to access Fitbit.
- There is more: “if you connect to Facebook or Google, we may receive information like your name, profile picture, age range, language, email address, and friend list.”
- Employers and insurance companies also share your data with Fitbit to “determine your eligibility for discounts”.
Privacy Not Included
- There are a lot of witnesses to your workout regime: Fitbit invites them to “promote new features or products that we think you would be interested in” and transfers “information to our corporate affiliates, service providers, and other partners”.
- Fitbit finds you with targeted ads across all of your devices: it works “with partners who provide us with analytics and advertising services” to serve “advertisements across the internet”.
- When you participate in challenges or employer wellness programs, your data becomes public for anyone to see.
- In case you plan to commit a crime, make sure neither you nor your victim wears a Fitbit: the company may “disclose information about you to comply with a law”. Fitbit data already lead to convictions for murder.
In fact, while wearing a Fitbit, it’s safer to not consider any misbehavior. Assume that everything your Fitbit records can and will be used against you. Even when personal identifiable information is not supposed to fall into the hands of third parties, with the right legal pressure or analytical tools it can be traced back to individual users – you and me. The potential to use activity data for injury or disability legal cases is limitless.
Lifestyle information from wearable devices like Fitbit, AppleWatch, and others is eagerly sought after by insurance companies for “more accurate underwriting and new pricing models”. If I go for a daily run, my medical insurance will be discounted. If your Fitbit location shows you at McDonalds at lunchtime, your premium would be raised.
That’s where this is going. Google will decide.
Nest Learning Thermostat
What Do They Know?
- Everything Google already knows about you from your Google account: who you are, where you live, your real-time movements, your interests, the content of your emails, your address book, your entire search history, etc.
- Data collected by Nest: your WiFi password, address or ZIP code, email, environmental data from the sensors (temperature, humidity, light), heating and cooling usage, your HVAC system capabilities, your phone information once you download the app, your location, your Internet activity when you use any Nest services.
- Data from Google + data from Nest = a detailed profile of you.
Privacy Not Included
- Nest senses when you are at home to adjust temperature: This means that Google knows your schedule and can make assumptions about your next move.
- Nest app monitors your phone’s location to learn your habits even when you are far away from the thermostat: the feature is called Home/Away Assist.
- Family members can have individual accounts for managing Nest, which means that all of their phones can be tracked in real time.
- Nest data comes back to you in the form of targeted ads: “for our legitimate interests and those of third parties”, “to help us make sales, marketing, and business decisions.”
- Nest shares information with “partners interested in providing demand-response services or other incentive programs”. Your energy usage data is sold to your utility company – and to their competitor too.
- Nest assures users that they “take steps to keep non-personal information from being associated with you”, but with the right algorithmic tools in the wrong hands anonymous data can be traced back to the real person and address.
- Nest data can be shared with the law enforcement: the company cannot legally refuse and you have no say in it. Do you trust the government?
- Insurance companies have been eager to get their hands on Nest data, and they got it. Nest is partnering with home insurance companies “to help people stay safe while saving money on their insurance policies”. Nest product owners get discounts on home insurance – that’s nice. Can you envision a scenario when your insurance company refuses to pay a claim based on Nest sensor readings, not on what you say?
- If you have multiple Nest products interfacing with one another, they share information between themselves – and with anyone who has access to the system.
- Such access is for sale: Works with Nest program gives access to Nest devices to third-party developers, including such sensitive information as when your home is set to “Away”, or video camera footage. Somebody you do not know knows you are not home. Somebody you do not know can look in on your children through your security cameras.
- When your information is shared with these third parties, Google instructs you to read THEIR privacy policies to learn their surveillance practices. University of London legal scholars concluded that purchasing a single Nest product enters the user into nearly a thousand such “contracts”.
Opting out of surveillance would compromise the functionality of Nest products. The consequences could be dire: frozen pipes, failed carbon monoxide and fire alarms, hacked security systems. The utility is hostage to surveillance.
Nest Trojan horse family is growing rapidly: it is integrated with everything Google Home, including video door bells, alarm systems, locks, indoor cameras, audio assistants, streaming displays, lights, smoke detectors, WiFi, etc. There is an entire ecosystem of smart home products that integrate with Nest.
In case you didn’t notice – Google moved in with you.
Read Nest “privacy” statement
Read Google (31 pages) “privacy” policy
Amazon’s Alexa Voice Assistant
Should you let Alexa into your home? After witnessing our kids doing their math homework at their cousins’ house with Alexa’s help, we decided not to.
What Do They Know?
- Amazon’s Echo captures every sound in the room. It is always listening.
- It knows your name, address, e-mail, nickname, phone number, your job, credit card information, your family members, and your address book.
- It tracks your IP address, every web page you visit, which devices you use Alexa service from, and your Internet data from third parties, including your social media activity.
- Alexa knows what you are searching for, listening to, or sending. From your activity, a detailed profile of your behavior and personality emerges.
- To track you, Alexa would “currently use third-party pixels and cookies from Google. Please contact Google directly for more information about its privacy practices” (remember, that’s another 31 pages).
- There is a speculation that Amazon could start tracking what health information we ask for through Alexa, effectively building profiles of users’ medical histories.
Privacy Not Included
- Surveillance is the default option. Amazon automatically stores all Echo’s recordings, unless you opt out or delete them.
- Alexa hands you over to advertisers: it works with “advertising partners to display interest-based ads to you”, based on “your interactions”. Through Echo and any other device you use. If you click, customer information is shared with that “partner”.
- And they pay for the privilege to sell to you: Alexa can make “available to you services, products, or applications provided by third parties”.
- It knows your friends and family and can potentially influence your entire social network. Sharing your contacts allows Alexa to send messages and emails using your voice commands.
- Amazon not only listens to you, it also sees you: later Echo models come with a camera. Natural Language Processing already gives it the insight into your innermost feelings and insecurities. Considering facial recognition technology, it can now look at every person inside the home, and know what they are doing, feeling, and planning. Hey, this could be a feature: always know what your wife is thinking, just don’t tell her how!
- Like Nest devices, Amazon’s Alexa pairs up with a number of third-party developers who can get access to your data and have their smart home products display a proud label “Works with Alexa”. Alexa technology is already integrated with thousands of IoT objects.
- Anything you say at home in the presence of Alexa can and will be used against you. In certain cases, Alexa’s recordings have been handed over to the authorities.
- The vast collection of human experience stored by Alexa is a tempting treasure to be seized by big business, big government, or hackers.
- Mass surveillance through Alexa would be ever so helpful to deal with any form of political opposition.
Alexa is just the best known voice assistant – there is also Google, Apple’s Siri, Microsoft’s Cortana, Samsung’s Bixby – all chasing the same prize: human experience.
The goal is the ubiquitous AI Voice that commands your entire life. It knows better what you should buy, do, how you should vote, where you should go on vacation, what you should think and feel. It works with “trusted partners” and powers its recommendations with their advertising dollars. Taking all decisions out of your hands.
Roomba iRobot Vacuum
Google mapped the entire outside world with Google Maps and Google Earth, your living room is next. Google’s long-held dream is to map the insides of individual homes – so there is no sanctuary from the all-seeing eye. Roomba vacuum is perfectly positioned for just such a task.
The company’s CEO caused a stir when he let slip that the floor plans of private homes collected by Roomba vacuum could be sold to third parties. After backlash, the statement was revised that they only intend to “share them for free with customer consent”.
The possibilities are tempting. Advertisers might suggest a coffee table in an empty spot detected by the vacuum. The robot knows who lives in the home, how affluent the family is, what everyone’s habits and routines are. It knows where you work and where your children sleep. Commercial use of private lifestyle information is a goldmine.
What Do They Know?
- Your name, email address, username and password, address, billing information, phone number, and what Robot you own.
- Your social network profile information and interactions, such as “Liking” or “Following.” This data is “dependent upon your privacy settings with the social network”. Translation: everything Facebook knows about you, your vacuum knows too.
- Information about the environment in which the Robot is deployed: a map of your home, floorplans, the existence and type of objects (detected using the camera) – chair, desk, fridge, etc., “room names” and “zone names”, the location of Wi-Fi devices connected to your local network, and Wi-Fi heat maps.
- Lifestyle information, such as your leisure and other interests, number of children and number of pets, information about your home environment, and your income.
- The names and app IDs of the smart home apps on your phone.
- Every action you take on the website or app, and the location where you access it from.
- iRobot App on your phone collects device data, IP address, device type, device name, identifier, serial number, product code, network bandwidth usage, and device location within and near the home. That’s right – your vacuum cleaner knows where you are on planet Earth at any given time.
- Images and video from inside your home: “we will collect images on your robot. We may stream video to partner apps that you select through your device”. No worries, they say that pictures and videos of everything inside your home will not be stored. We have to trust them on that. And those other partner apps too.
Privacy Not Included
- Cross-selling: your data is taken because of “our legitimate interests”. Among those are “to inform our direct marketing”, and to develop “products and services that may be of interest to you”.
- Your vacuum may not be playing ads to you (yet), but it does it via your Facebook feed: “We permit third-party online advertising networks, social media companies and other third-party services, to collect information about your use of our Website and Apps over time so that they may play or display ads on our Website, on other websites, apps or services you may use, and on other devices you may use.”
- Your vacuum wants company of fellow spying devices. iRobot App connects your account with “smart home partners” to “scan your device for smart home apps in order to suggest smart home connections and to prioritize future smart home automation partners.” The more, the merrier.
- Future surveillance opportunities by a Robot disguised as a vacuum are available through iRobot Beta Program that “enables additional experimental Robot and/or App functionality”.
- Tracking your phone location allows iRobot’s surveillance infrastructure to provide you with “personalized services” wherever you are. They “collect information about the computer, tablet, smartphone or other electronic device you use to connect to our Service.” What does my laptop have to do with a vacuum?! “Legitimate interests” again: “namely to inform our direct marketing”.
- The robot can be integrated with Google Home, giving Google and others a direct view into your living room and the exact plan of your home.
Sleep Number Bed
Sleep Number rushed to clarify that only one model, which is no longer sold, had a voice command feature. Microphones or not, the bed has powerful biometric sensors that enable a number of unknown parties to tune in to your sleep and sex life.
The next logical step would be to offer “relevant” advertising to improve it.
What Do They Know?
- Personal information: name, address, email, IP address, Internet activity, time zone, geolocation of your phone, WiFi access, and data obtained from third parties, “such as public or government databases, social media platforms, and joint marketing partners”.
- Lifestyle information: daily caffeine intake, diet, exercise, television viewing, media usage and medications.
- SleepIQ biometric data collected by the bed and its app: sleep patterns, heart rate, breathing rate, time and motion in bed.
- Demographic data: age, gender, health status, activity details, routines, and preferences.
- Personal data + biometric data + demographic data = detailed profile.
Privacy Not Included
- Your bedroom habits are shared with a long list of “partners” including those “who help us provide you with tailored advertising content”.
- What if you wish to not be tracked? “Because there currently is not an industry standard for recognizing or honoring DNT (do not track) signals, we do not respond to them at this time.”
- The bed is not available in Europe, where data privacy laws are too strict for a product so invasive.
- You can choose to turn Privacy Mode on to keep your data locally on your device, but then “Some features, such as obtaining your SleepIQ score, will not be available”.
- Personal information can be shared with authorities, or transferred in the event of a merger or acquisition.
- If you deactivate your account, Sleep Number will continue to use your personal data. Currently, only California residents have a right to request data deletion.
- The security of your information is “taken seriously”, but…“no data transmission or storage system can be guaranteed to be 100% secure”.
- What if you create a profile for your child? Sleep Number takes “reasonable steps to release such information only to parties capable of maintaining its confidentiality and security”. Whatever that means.
Even if there are no hidden microphones in the bed after customers freaked out, the same customers keep their phones by their beds at night – with microphones that can be accessed or hacked… just a thought.
Your smartphone is, of course, the ultimate “Internet thing”. It knows everything about you, and it goes everywhere with you. Every app you have on it can potentially access highly personal information, gain access to your location, contacts, microphone and camera. Equipped with this knowledge, the phone comes back at you with subliminal behavioral advertising – with the full blessing from Apple and Google.
Information about you is shared across the entire surveillance landscape for the purpose of generating profits, and as we have seen, may be used against you by the authorities. Apple’s policy states: “We may disclose information about you if we determine that for purposes of national security, law enforcement, or other issues of public importance, disclosure is necessary or appropriate.”
Is There a Place to Hide?
After reading surveillance policies, I am determined to keep our home dumb. We adjust our own temperature, vacuum our own floors, open our locks with a key, and only talk to actual humans – not to Alexa, Google, Cortana, and Siri. We have no “smart home” devices, only the bare minimum of computers and phones. On those, I make sure to go into the privacy settings and turn off every tracking feature I can find.
The default privacy settings are never in our favor.
They most likely collect my data anyway, laughing at my naivete, but at least I exercised my free will to say no.
These “privacy” policies are only the tip of the iceberg. Surveillance will become more pervasive over time. There would be a lot more “things” watching us, forced onto us by companies and governments as a default option. The only power we still have over surveillance technology is not to use it.
I choose to remain a free-range human.