this post was submitted on 22 Sep 2023
634 points (99.4% liked)
Technology
59578 readers
2904 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
What times your lights are on or off can expose more than you might think over time. It reveals when you're gone for work, your sleep schedule, how many days a year you spend at home vs traveling/elsewhere, when you stay up late, etc.
But it gets worse. If you give Hue your email or install the app then now you can be uniquely id'd across other products. Hue will sell that data to some advertising agency, who also buys data from Google, Facebook, etc. Now your usage data from other systems can be combined with the Hue data and used to more even more accurately track your day and behaviors.
Big data is a fascinating field, if not completely horrifying.
Also when the keys are inevitably discovered on an unsecured S3 bucket, everyone will have it! In addition to your billing information and other PII.
I'm not sure how do Hue lights work, but if they have any Wi-Fi component they're essentially a device in your network. If compromised (by a hacker or by Philips themselves) they're no different than a device next to yours on public Wi-Fi. Someone will definitely have a desktop PC with vPro with default credentials, or once in a while someone will log into something using HTTP without the S and leak plaintext credentials.
People more well versed in networking often put their IoT devices in a separate network/VLAN so that they are all lumped together and away from personal PCs.
Hell, I even block my ISP-issued modem/router/AP from ever getting an IP address on my network, and that way I can't even receive tech support from them lmao