This might seem painful right now (and frankly, it is), but it’s also a very exciting time in IoT. It feels like the very early days of the web where everything was a bit of a kludge we hacked together but we made things work and it turned into something amazing. That’s where I think we are now with IoT and as infuriating as it often is, it’s an exciting time to be a part of it and well and truly worth a few lighting problems here and there.
I’m in no way against penalties being issued to firms that suffer data breaches and outcomes such as the FTC achieved against Equifax seem quite reasonable. This was a case where Equifax didn’t just fall well short of their obligations to secure customer data in the first place, but they did a woeful job of handling the incident after the fact. The “up to $425 million to help people affected by the data breach” settlement seems fair in this case and it was achieved by an independent government agency, not by lawyers looking to cash in.
There will, of course, be many cases that are simply settled out of court and we may never know the result. I dare say this is often the desired outcome of these class actions; strike a deal that’s appealing enough to avoid extensive court time, give those in the breach who joined the action a pro-rata’d slice of the settlement and the law firm keeps a big chunk of coin themselves without ever seeing a courtroom. Each one of those lawyer advertisements earlier on is there for one reason and one reason only: to make money for the firms involved. They’re not charities, this isn’t for good will, it’s simply business.
- IoT Unravelled Part 1: It’s a Mess… But Then There’s Home Assistant
- IoT Unravelled Part 2: IP Addresses, Network, Zigbee, Custom Firmware and Soldering
- IoT Unravelled Part 3: Security
- IoT Unravelled Part 4: Making it All Work for Humans
- IoT Unravelled Part 5: Practical Use Case Videos
- Sponsored by: 1Password is a secure password manager and digital wallet that keeps you safe online
I moved on and extended the network out to my jet ski with their Mesh products, did a ground-up build in my brother’s house (which I remain jealous of) and just last month, released a free course on UniFi commissioned by Ubiquiti. Clearly, I’m a UniFi convert.
But UniFi isn’t for everyone. It’s a “prosumer” product which means it’s great for everyone from technical people installing it in their homes through to professionals building out entire shopping centres or stadiums with the gear. But it’s not great for non-techies; there’s both design and setup involved and frankly, a heap of features they’ll never need. That’s where AmpliFi comes in, Ubiquiti’s consumer line for the home.
To be clear, using a VPN doesn’t magically solve all these issues, it mitigates them. For example, if a site lacks sufficient HTTPS then there’s still the network segment between the VPN exit node and the site in question to contend with. It’s arguably the least risky segment of the network, but it’s still there. The effectiveness of black-holing DNS queries to known bad domains depends on the domain first being known to be bad. CyberSec is still going to do a much better job of that than your ISP, but it won’t be perfect. And privacy wise, a VPN doesn’t remove DNS or the ability to inspect SNI traffic, it simply removes that ability from your ISP and grants it to NordVPN instead. But then again, I’ve always said I’d much rather trust a reputable VPN to keep my traffic secure, private and not logged, especially one that’s been independently audited to that effect.
As the old saying goes, privacy isn’t necessarily about having something to hide, it’s also about not having something you want to share; if you’re depressed and going to beyondblue.org.au then you may not wish to share that with other people. If you’re having trouble with alcohol and visit aa.org.au then you may not want to share that either. If you’re pregnant and hopping over to pregnancybirthbaby.org.au then, again, you may expect to keep that information private (let us not forget the story of how Target managed to “data-mine its way into [a teenage girl’s] womb”). Just looking up those URLs I was imagining what sort of conclusions would be drawn about me if someone had access to my connection! (No, I’m not a depressed alcoholic teenager who’s expecting…)
A password hash is a representation of your password that can’t be reversed, but the original password may still be determined if someone hashes it again and gets the same result.
And while I'm here, let's not sensationalise the risks with some of the ridiculous hyperbole I've seen already in the media. For example, saying that the Singaporean software product is unsafe because of their autocratic government is just ridiculous (and again, open source it!)
— Troy Hunt (@troyhunt) April 16, 2020
I was invited into the local ABC Radio studio to comment on this piece and online safety in general so in a very meta way, I took my 7-year old daughter with me and captured this pic which, after discussion with her, I’m sharing online:
Discussion quickly went from sharenting to BYOD at schools to parental controls and all manner of kid-related cyber things. Having just gone through the BYOD process with my 10-year old son at school (and witnessing the confusion and disinformation from parents and teachers alike), now seemed like a good time to outline some fundamentals whilst sitting on a plane heading down to Sydney to do some adult-related cyber things!
Digital controls can never replace the role parents play in how the kids use devices; they should be complimentary to parenting rather than a substitute for it.
Some other useful pieces on this topic include: