Resisting the cloud... no care for privacy... wired vs. wireless

Tags: #<Tag:0x00007fc3ec826420> #<Tag:0x00007fc3ec826290> #<Tag:0x00007fc3ec826178>

It almost looks like click bait, but, I am aware that privacy is taken much more seriously by Europeans than the English-speaking world. So is (almost a necessity) the resistance with regard to using cloud-based services for home automation.

I realise that lot devices these days require the cloud to function; do you care?
Or do you deliberately chose services which do not require the cloud?
Can this approach [not going cloud] sustained in the future (or is it a lost cause) [as in: or is this approach futile]?

The third aspect is wired vs wireless…
I can tolerate [the radiation of] EnOcean type devices which are active for seconds in a day; but do not feel comfortable in dousing my home in wireless signals active 24/7.
Is this paranoia, or is there a point of avoiding wireless as much as possible and use wired Ethernet instead? [I did not intend to start a deep debate about, whether this is nonsense or real, just invite a quick answer like: don’t care, don’t believe, not relevant or the opposite or anything in between:slight_smile: ]

I am keen on your thoughts, given that when you do home automation you are facing all these concerns – and at least think about them once.

Thank you for your reply :slight_smile:

[Later edits to provide clarity in angled brackets]

I’m with you Max.

I have a personal horror of cloud functionality. Relying on future corporate goodwill in a world of “Planned obsolesence” seems crazy, never mind the security risks.

Security risks are real. "Why would anyone hack my heating system, they can’t make money out of that?"
Well, there is a threat of bitcoin mining using your devices.
But sometimes hacker’s purpose is just disruption, and if you have the resources of a nation state at your disposal you might just figure out how to shut down all the homes in, say, Finland.

Yes, it does look paranoid written down :slight_smile:

Wired<>wireless - I’ve certainly made a concious decision to go wired, as much to do with the distances involved in our case, as with security. But on a commercial site I would feel uncomfortable about wireless as an avoidable risk.
Not keen on wireless home security systems. Sometimes its useful for say, outbuildings. But it’s possible to keep core systems wired in these situations, with wireless as extra.

I do worry about folk who sometimes seem to be enthusiastic about linking their front door lock to the internet. Stop and think! :slight_smile:

1 Like

I’m for non-cloud for two main reasons:

  1. I don’t want to be dependent on the plans of a commercial minded Company
  2. I want full control over my devices - as long as they don’t go defective

I’m not so naive as to believe my data would only used for my use in the cloud. On the other Hand I trust the companies to use my data anonymously only for their marketing purposes. But really, I wouldn’t care if they use it otherwise - if I would have a benefit from it: like free cloud use or personalized content/Services.

But I had already personal experience with devices, which are now useless to me, because I can’t integrate them to openHAB directly (because the API didn’t come as promised or the cloud service turned commercial and way to expensive). So I only buy new devices, which don’t require cloud-access and offer some kind of API or otehr interfaces to openHAB.
Lastly, I’m concerned, if either my internet connection or the cloud service is down for some reason I couldn’t use my devices - so I need them in my Intranet.

the other part wired vs wireless: I prefer wired, but also see more and more devices go wireless only and i use them - I already have a wifi mesh in my house, so i don’t really care, if those devices use that one. But: for vital purposes (fire/smoke/CO sensors, heating, …) I will never use wireless Solutions. They are wired to openHAB AND some reliant certified device (e.g. a siren for fire/gas detection).

2 Likes

[several edits]

And what about the British ? SCNR.

Of course I do, and for at least two reasons: reliability and privacy.
While you can have vastly different opinions and lengthy discussion on how bad the latter is in general or w.r.t. specific data your devices reveal, you shoudn’t ignore the first one. If your electrical or heating system can be affected when either your Internet connection or the Cloud provider’s service are down (or either you or the Cloud provider are hacked, or or or), this is very bad system design and there’s noone to blame but yourself. Also think of indirect effects.

Guess what, yes. It’s in fact a very strong reason not to buy that product.

Of course, just don’t select devices that require to have a working cloud connection.
I guess there will continue to be devices to work autonomously, too.
And you can always decide to not deploy a service at all if you don’t find a proper device.
I admit there’s some tempting ones such as Home and Alexa where there’s no great alternative available yet (check out Mycroft, though), but for the rest, there are.

On wireless radiation and security. Well. While wired is to be preferred for a number of reasons, it simply isn’t possible everywhere and almost any new device nowadays seems to offer wireless connectivity only. Wired also comes at a price (you need to deploy the wires).
On radiation: as you put it, I would feel your position is a little bit on the paranoid side. You happen to wear alloy hats, too ? :wink:
IT (in)security, speaking in general, does not really happen on the physical layer. While wired is better in theory, in practice there’s way more attractive attack vectors on higher protocol levels to affect both, wired and wireless.

I would maybe make a distinction between HA oriented wireless systems like EnOcean, KNX RF, ZWave on one side. They are optimised for low-bandwidth operations, reduce communications to a minimum and at least ZWave provides reasonable protection against attacks on the wireless level (not fully sure ZigBee fits into this category, too).
Native IP WiFi devices on the other hand are chatty: lots of unneeded packets, more radiation and power consumption, less usable time slots for bandwidth-intensive WiFi (non-HA) applications.
And they’re definitely way more dangerous because they can be accessed from the internet. Combine that with the number of security issues already known in that tech space and those new ones to show up every day.
Now of course if you’re an IT techie able to properly handle that (use encryption only, patch devices appropriately etc.) you might still want to use 'em but then you are aware of the risk they come with and are able and willing to mitigate or take that risk. (BTW: I am IT techie, still I avoid WiFi where possible - you need to be ever vigilant, and in the end, it’s just too much time and efforts you need to invest).

1 Like

It depends. I tend to be a bit more practical and assess everything on a case-by-case basis and weigh the risks, the benefits, and cost differentials and decide based on how that comes out.

For example, I have a Nest:

Risk Mitigation
Third parties know when I’m home None
Requires internet connectivity to remotely access and control Will still work locally without internet connectivity
Someone could hack the Nest and muck with my climate control Google appears to take infosec seriously, the damage possible is minimal due to other mitigations
Depends on a company maintaining their cloud services Nest is very popular giving Google incentive to keep their servers running

The cost differential was impossible to beat, my power company gave it to me for free. I’m OK with the mitigations above so I have a Nest.

NOTE: this is not an exhaustive analysis, I usually go into far more detail than this.

When choosing between options the fact that it doesn’t require a cloud service is one factor in favor of choosing one option over the other, but it is not necessarily the deciding factor.

I don’t know if I understand the question. If you mean whether avoiding cloud-based devices is a lost cause then I think the answer is yes, as time goes on you will have to compromise on capability and features and your choices in devices will become more and more limited.

It depends on what you perceve are the dangers from using wireless. From a security perspective, wireless can be less secure than wired in a lot of ways. They can be jammed. There are often vulnerabilities discovered in key aspects of the system that could let someone break into your system. There are some vulnerabilities in Zwave and more in Zigbee.

If your fears are health risks of wireless, IMHO, I think that might be a bit paranoid. Personally, I think based on my understanding of the studies published thus far and my understanding of the physics involved that the risks are quite low with wifi and the frequencies that most home automation wireless devices operate at. I’m no expert and I’m not going to try to convince you or anyone else. That is just the conclusion I’ve come to with what I know.

However, there are a lot of good reasons why one would choose wired over wireless. It is more reliable. It is easier to find and correct problems. It is faster. It is less susceptible to interference. From a security perspective it requires physical access to compromise. If it were practical, I’d run everything wired. But the cost benefit calculation doesn’t pan out for me. It would cost far too much for too little benefit to make it worth while.

Of course, wired is not a panacea for security. If you have a cheap Chinese IP camera that is exposed to the internet or downloading updates from a compromised update server it is just as exposed and vulnerabile as the one that does all this wirelessly.

At the end of the day I follow my training. I look at the risks (i.e. vulnerabilities * liklihood that it will be attacked * impact if the vulnerability is successfully attacked = risk) and see if there are any mitigations I can put in place and decide if the benefits outweigh the risks enough to accept the risk.

1 Like

Is Google good? :grin:

1 Like

From the view of the consumer, no company I have encountered is good for the consumer, unless it is a social enterprise of sort.
As long as there is designed obsolesce (which started as early as in the late 60s), no green-washing of any kind will make me believe the company is ‘green’ (or implied sustainable) for the planet, and thus for human life and well-being.

When any large company buys a small company that makes a product that is a direct competitor to something the big company already makes the likelihood the small product will shut down goes to near 100%. Look a Pebble for another example.

Honestly, that particular case is one is of Revolv failing, not of Google being evil (not that I’m claiming anywhere that Google is good). Revolv was going away no matter who bought them or were going out of business. They failed to get enough market share to compete and grow market share fast enough to satisfy their owners.

And my point isn’t that Google is good and trustworthy. My point is that Nest is popular and successful in the marketplace and as long as it remains so the likelihood that Google will shut it down is low. Low likelihood means lower risk. When Nest stops being successful in the marketplace or Google comes up with some new API to connect to it then the likelihood will go way up.

But still there is that risk and so my calculation is:

Vulnerability = Google shuts down the Nest API
Likelihood = < 20% chance over the next 12 months
Impact = Loss of the ability to control my hvac from OH et al
Mitigation = Keep $200 in reserve to buy a replacement

So if Google were to shut off the API tomorrow I would be a few days without the ability to control it from OH, the cost of a new thermostat, and time to install and configure the new one to work with OH. Given the Nest didn’t cost me anything in the first place this is well worth the risk. If I were to buy a thermostat now I probably wouldn’t buy a Nest and choose something Zwave controlled. If I had a bunch of Nests the impact would be a lot more.

But my personal risk exposure is quite low so keeping the Nest is a no brainer. Everyone needs to make this same sort of calculation (maybe not as rigorous as I do) when weighing what devices and technology to buy. And they need to periodically reassess the risk exposure to make sure there are not some new mitigations to deploy (e.g. prematurely replace a component before it is end of life because keeping it is too risky).

As revolv was only for US market I didn’t know neither company nor product - but the key point is: don’t rely on cloud services if you want to stay independent and you have choices. :wink:
…and of course a play on words with google mantra. :smirk:

Let’s not start on Brexit :wink:

1 Like

My point is it isn’t fair to make such a blanket statement. Everyone’s personal situation is different. Everyone’s ability to accept the risk that a cloud service will go down is different. Everyone’s risk when a cloud service goes down is different.

Just having a blanket “no cloud services” policy can result in the loss of opportunities, capabilities, and more expenses. Yes, a cloud service can go away at any time, but the impact of that is not the same for all users and all devices.

If you’re able to asses the risks and know exactly what you’re doing I’m 100% with you. But the majority isn’t trained in technology, they “just use” it. Don’t get me wrong, I’m convinced of cloud technology, in fact I work daily for companies to use them. But it comes with a high risk. Take Sonos, they also shut down “too old” hardware. If we as consumers accept being cash cows and we accept planned obsolescence and have enough money, patience and endurance to replace items every couple years - ok. But my opinion is I’d like to have hardware to last longer and which is reliable… At least in crucial parts of my home.

2 Likes

Thanks to all; appreciate the feedback…

I am certainly against designed obsolescence, it is against any notion of sustainability, and also argue, what I buy is mine, and what I do with it my decision alone. While I am reliant on a bunch of ‘services’, my aim is to reduce these dependencies to the bare minimum. Even more so with infrastructure systems, such as home automation, where I am designing and implementing a system which runs on premise, autonomously, and for a functional horizon of decades.
In particular for the latter point, capitalist systems do not fit the bill by definition.

Well, happy home automation. :slight_smile:

Short answers? :smiley:

cloud based home automation? No

closed source firmware? No

Wireless? Where needed, just keep distance and limit power. LAN preferred.

1 Like