The first decision you need to make in your smart home journey is selecting the right ecosystem. By ecosystem, I mean the voice-activated smart hub that is used to deliver audio content from the Internet (such as news, weather, and answers to other queries) as well as the main interface with a variety of other smart home devices, such as lighting, thermostats and TVs. In this review I look at two of the three main hubs from Google (the white-topped taller unit on the right) and Amazon (the smaller black unit on the left) and how they stack up.
This is the second in a series of articles on how to successfully and securely deploy smart home technology. The first one can be found here.
Today I begin a series of reviews in Network World around smarter home products. Last year we saw the weaponized smart device as the Mirai botnet compromised webcams and other Internet-connected things. Then earlier this year we had Vizio admit to monitoring its connected TVs and more recently there was this remote TV exploit and even dishwashers aren’t safe from hackers.
Suddenly, the smart home isn’t smart enough, or maybe it is too smart for its own good. We need to take better care of securing our homes from digital intruders. The folks at Network World asked me to spend some time trying out various products and using a typical IT manager’s eye towards making sure they are setup securely.
Those of you that have read my work know that I am very interested in home networking: I wrote a book on the topic back in 2001 called The Home Networking Survival Guide and have tried out numerous home networking products over the years. My brief for the publication is broadly defined and I will look at all sorts of technologies that the modern home would benefit from, including security cameras, remote-controlled sensors, lighting and thermostats, and more.
Smart home technology has certainly evolved since I wrote my book. Back then, wireless was just getting started and most homeowners ran Ethernet through their walls. We didn’t have Arduino and Pi computers, and many whole house audio systems cost tens of thousands of dollars. TVs weren’t smart, and many people were still using dial-up and AOL to access the Internet.
Back in the early 2000’s, I visited John Patrick’s home in Connecticut. As a former IBMer, he designed his house like an IBM mainframe, with centralized control and distributed systems for water, entertainment, propane gas, Internet and other service delivery. He was definitely ahead of the time in many areas.
When I wrote about the Patrick house, I said that for many people, defining the requirements for a smart home isn’t always easy, because people don’t really know what they want. “You get better at defining your needs when you see what the high-tech toys really do. But some of it is because the high-tech doesn’t really work out of the box.” That is still true today.
My goal with writing these reviews is to make sure that your TV or thermostat doesn’t end up being compromised and being part of some Russian botnet down the road. Each article will examine one aspect of the secure connected home so you can build out your network with some confidence, or at least know what the issues are and what choices you will need to make in supporting your family’s IT portfolio of smart Things.
Since I live in a small apartment, I asked some friends who live in the suburbs if they would be interested in being the site of my test house. They have an 1800 sq. ft. three bedroom house on one level with a finished basement, and are already on their second smart TV purchase. One of them is an avid gamer and has numerous gaming consoles. Over the past several months (and continuing throughout the remainder of this year), we have tried out several products. In my first article posted today, we cover some of the basic issues involved and set the scene.
Today, the issue of digital equity is receiving more attention than ever. For good reason; Internet access is no longer a luxury, it is a daily necessity in how we live, work and play. Still, we are far from the most connected nation on earth (as shown above from TransferWise), and a quarter of our homes aren’t yet on broadband networks.
One issue is that the digital divide isn’t a simple binary split between “haves” and “have nots.” There are many shades of grey in between. Not everyone uses the Internet and connected technologies the same way, with the same skill set, or even with the same context. Before we can solve this divide, we have to understand these subtleties.
I met Michael Liimattta at an event last week and he got me started thinking about this in more detail. He is the co-founder of Connecting for Good, a Kansas City nonprofit focusing on digital inclusion. I have taken his remarks from this blog post and added my own thoughts as well.
In our efforts to level the digital playing field for low income families, we must avoid the assumption that all of them relate to technology, computers and the Internet in the same way. To be effective in digital inclusion efforts, we must recognize that there are at least four different subsets within this population, each with its own and different needs.
- The early adopters: Several national studies indicate that low income families with school children have a higher rate of broadband adoption; approximately half of them can access the Internet at home. The cities where we find the highest adoption rates are those where discounted Internet plans have been offered for a number of years and where there is extensive outreach in the public schools. However, these plans are not available everywhere. There are also cost issues: some families have to purchase expensive smartphone data plans to connect their computers, and many families have outdated PCs or don’t have the necessary tech support or lack sufficient bandwidth. These early adopter families also have another issue: understanding the dangers of the Internet in terms of accessing inappropriate content and meeting child predators.
- The uninformed: We do not want to forget that there are still low income families that know they need to be online and can afford a discounted Internet plan but simply don’t know what plans are available. ISPs like Comcast, Cox and Google Fiber have staff members dedicated to this type of outreach in cities where they offer discounted Internet services. But they will need more local help to increase awareness.
- The financially challenged: The truth is, there are families that recognize the need to be connected but truly cannot afford to do so. With the FCC’s modernization of the Lifeline program, a $9.25 per month subsidy for broadband services should be available to eligible low income families, if only more ISPs adopted it. There are other programs from local housing authorities and private philanthropy that can also help to defray these costs.
- The unconvinced and intimidated: Lastly, there are low income families that are able to afford a discounted Internet connection but are simply not convinced that they need one or are too intimidated by technology. Ultimately, convincing the adult heads of household is the trick. They must value access enough to dedicate seriously limited financial resources toward paying for an Internet subscription. When it comes to broadband adoption efforts, this can be the most challenging group of all, representing a significant portion of households living on the wrong side of the digital divide. This group also includes people who don’t know the difference between accessing the Web via a phone or the larger screens of tablets and PCs.
Digital inclusions efforts need both dedicated leadership and “boots on the ground” to be executed successfully. Too many efforts focus on providing computers and connectivity but fail to factor in the social dynamic of broadband adoption. To be effective, crossing this divide will take hours and hours of time spent in training and technical support if we are to bring the Internet to the rest of America’s poorest families.
Here is one small step forward: Next week, the National Digital Inclusion Alliance will hold a webinar to introduce digital inclusion practitioners and advocates on the state of digital inclusion at the local community level. You might want to tune in.
As President Donald Trump arrives at the White House to start his term, he faces a very different collection of technology than when former President Barack Obama entered eight years ago. Back then, government PCs sported floppy drives and no president ever personally used Twitter or other form of social media. But the task of making the digital transition isn’t easy, and I describe some of the electronic methods that are being used to preserve the Obama legacy. You can read my post on IBM’s SecurityIntelligence.com blog here.
It isn’t often that there is a very short trajectory from an academic research paper to reality, but when it comes to hacking the 911 emergency phone network this is indeed the case. The paper was written earlier this year and first given to the Department of Homeland Security before being published online this fall.
The researchers from Ben Gurion University in Israel describe how an attacker could knock a 911 service offline by launching a distributed denial of service (DDoS) attack using a collection of just 6000 smartphones. While that is a lot of phones to gather in one place, it is a relatively small number when this is compared to computer-based attacks. And you don’t really need to gather them together physically: you can infect these phones with some malware and control them all remotely.
Like other DDoS attacks, phones (rather than computers) make repeated calls to 911, thereby blocking the system from getting legit emergency calls. It is a chilling concept, because unlike other DDoS attacks, the hackers aren’t just bringing down a website with large bursts of traffic: they could prevent someone from getting life-saving assistance.
In the paper, the researchers simulated a cellular network modeled after the 911 network in North Carolina and then showed how attackers could exploit it.
Now 911 attacks aren’t new: indeed, the DHS issued this alert three years ago and mentioned that more than 600 such attacks have been observed over the years. What is new is how easily the attacks could be launched, with just a few thousand phones and some malware to make it all work. Also, these previous attacks were launched against the administrative phone numbers of the alternate 911 call center, not to the actual 911 emergency lines themselves. If you are interested in how the 911 center operates, I posted a piece many years ago about this here.
There are other stories about hospitals and other businesses that have had their phone systems flooded with calls, blocking any business calls from being connected. And where there is fire, there is at least one security vendor to put it out or protect an enterprise network from being exploited by telephone-based DDoS attacks.
The problem is in the design of the 911 call centers. These centers have no built-in way of blacklisting or blocking callers: they want to be able to answer any call from anyone who has an emergency. Therefore, in the face of a large attack, they would have no choice but to answer each and every call. But let’s say we could implement such a service: that would prevent an unintentional owner of an infected and blacklisted phone from making a legitimate emergency call.
Well, that was the theory behind the paper. It didn’t take long before someone actually did it “in the wild,” as they say when an actual attack has been observed. Last month a teen was arrested for allegedly doing such an attack and is facing three felony counts. The teen, Meetkumar Hiteshbhai Desai, discovered an iOS vulnerability that was used for launching the attack and flooding a call center in Arizona. Now his phone supposedly was the only one used and it made just 100 calls in a matter of minutes. But that was enough to get the cops on his case.
It is distressing to be sure. But whether these attacks are done by script kiddies or by professional criminals, certainly the opportunity is there and very real indeed.
This week I had a chance to talk to some high school kids in the area. They are part of a business class that is designed to teach kids how to start their own businesses called Spark. The class is taught in a storefront in a local shopping mall, deliberately to give the students a more non-school milleu. I came to talk about using Twitter and other social media tools. I had given this presentation before to previous classes for the past several years, so I wasn’t really focused on the events of the presidential campaign and how current they would be in this context. And I found our discussions quite interesting, but not in the way you might think.
I was actually surprised to the mature responses from the kids. Many of the students thought that some of things being said on social media and on TV about the campaigns were certainly entertaining, but they thought the candidates weren’t acting appropriately. I made the comment that many of the students seemed more mature in their reactions compared to what the candidates Tweeted and posted, and there were nods all around the room.
Xanthe Meyer, the Spark teacher, was also surprised by their responses. “Maybe the kids are more interested in the presidential election this year, because it is racier. But I am also shocked that both candidates’ PR teams allow these kinds and levels of responses. I think this election will be in many studies as an example of what NOT to do,” said Meyer. “I wonder what would have happened if we had social media during the Watergate scandal?”
The class is pretty tech savvy: the kids use Twitter, Slack, Instagram and LinkedIn to communicate with each other and with their teachers, and are encouraged to do so. “It is expected that we use social media more,” said their teacher. I was surprised that many of the kids weren’t really facile with Twitter, and I guess that was one of the reasons why I was there, to help them understand how to use it more effectively.
Meyer has been teaching for decades, and recalls what happened during class when 9/11 happened. “We watched the event live during class on TV. Later, our principal was getting phone calls from parents complaining about my decision. And this was from parents of 17 and 18 year olds. That was crazy. These kids could be drafted!”
I mentioned that during the last couple of debates, parents were posting thoughts about not letting younger kids watch the debates. “In our community, parents do shelter their kids from the news. We are definitely living in a different world politically, and I think this campaign amounts to one big negative political ad that is running continuously. It is like a long version of a TMZ episode that is embarrassing to our nation. Not sure if I know what the true issues are anymore.”
One issue for this and other teachers: using social media is a tricky situation. Last year, a local special ed teacher was suspended for several days after her profanity-laced tweets got her into trouble with the school district. And there are numerous other examples of other teachers who have gotten in trouble over their tweets, which seem tame now compared to what the candidates say about each other lately. Teaching is a tough enough job already – my mother was a special ed teacher for decades – but having to navigate these waters now has to be done with care.
Still, I thought it instructive with all the “locker room talk” and “boys being boys” – at least when it came to this high school class – the kids took the higher road. Maybe there is something we can learn from this to improve our supposedly “adult” discourse.
What do the TV series House of Cards, Moneyball pitcher Chad Bradford, women’s erotica purchases, You Tube Spaces and Harrah’s casinos have in common? I will explain in a moment, as you mull over each of these situations.
In a new book entitled, Streaming, Sharing, Stealing: Big Data and the future of entertainment, two Carnegie Mellon professors present years of researching the book publishing, movie-making, television and music industries and how they treat their customers, their artists, and their data. Their conclusions will both surprise and delight you, and I would urge you to buy this book and read it carefully.
Let’s go back to our intro. In February 2011 when the producers of the show House of Cards approached several cable TV executives to get their show green-lighted. Political dramas weren’t popular, and the execs passed. As you all know, Netflix acquired the rights to the series, but what you may not know is that they paid the production company $100 million for a two-year commitment for he series, rather than buying a single pilot episode.
Why did they do this? Because they knew exactly what were the viewing habits of their customers. They created multiple trailers to promote the series:
- one for Kevin Spacey fans,
- one for customers that liked “strong female lead actors,” as they characterize those types of movies
- one for fans of David Fincher’s movies,
- and another for the people who had rented the original BBC series on DVDs.
It knew exactly the people who would want to watch the series, because it had all the data about their viewing habits. And we all know what happened: Cards became a hit, and is filming its next season.
The authors question the generally held belief that delaying the release of a movie via DVD rental or online stream hurts sales, or that selling a paperback or ebook hurts hardcover sales. What they found is that there are two separate audiences for content: those that have “crossed over” to the digital world aren’t coming back to the analog world. Delaying an ebook resulted in almost no change in hardcover book sales. Delaying a digital movie release after the physical DVD date could cut digital sales by half. Digital and analog are different products, and operate in different universes. “When digital customers couldn’t find the product they wanted to buy when they wanted to buy it, many of them simply left, and didn’t come back. They are either pirating their content or consuming other types of content on Netflix et al.”
The digital world grew out of a “perfect storm” coincidence of three megatrends: the Internet and better broadband, the rise of digital content such as MP3s and downloadable apps and movies, and lower-cost PCs that were usable and affordable. This created so much turmoil that the existing entertainment industries couldn’t cope.
Take women’s erotica, and other specialty genres in the book-publishing world. These books used to be difficult to find, with only a few stores carrying more than a couple of titles, often hidden on selected shelves. But with Kindles and other ereaders, people can buy what they want without having to show the world their tastes. When the first 50 Shades book was written, it was self-published. Fans through online communities promoted it before it became a blockbuster hit.
What about You Tube Spaces? These are video production facilities that anyone who has a sufficiently large audience can book and use. Think of it as WeWork with a soundstage and digital editing bay, but for free. There are classes on all sorts of production techniques. They are located in major cities around the globe: all with the goal of improving the quality of You Tube videos. (Here is a tour that The Next Web took a few years ago of their LA studio.) Such a thing wouldn’t be conceivable just five or ten years ago.
And then there is Moneyball and the pitcher Chad Bradford. He had a quirky pitching style but incredible power as a pitcher. However, the stats normally used by most baseball scouts didn’t capture his performance, and he was overlooked by most of the teams. Eventually, he was signed by Oakland and delivered for a couple of years. Eventually though the other baseball teams got their Big Data act together and Oakland’s advantage evaporated.
Moneyball illustrates another issue: the culture in tech firms differs from those of the entertainment firms such as major studios or book publishers. “Companies such as Google, Amazon and Apple don’t make gut feel decisions – they make quantitative decisions based on what their data tells them.” Once the digital platforms have learned their customers’ preferences, they can market products directly to them, based on what they watch, read, and listen to. They can design specific promotional campaigns to speak to specific groups, and even target new customers.
One final example is of Harrah’s casinos. Back in 2000, the company was doing well. It operated in more markets, and was very profitable. But the gambling landscape was changing: more casinos were being built across the country, often as destination resorts that included show rooms, luxury-themed shopping malls and five-star restaurants. Harrah’s had to pivot from operating independent casinos to integrating them in a single business that looked closely at its customers’ data and who did what where on its properties. It had to focus on extracting value from that data, and in a way that built customer loyalty countrywide. And contrary to its provincial assumptions of the local property managers, using this central data repository and analytics they were able to increase revenues, promote cross-market players, and design new loyalty programs to increase its overall customer base.
The overall moral of this book: entertainment companies are going to have to take control over the customer interface and their customers’ data if they are going to be successful. It should be required reading for any digital marketer.
The online advertising world is undergoing a massive transition right now, trying to cope with an increasing technology war between the advertisers and us, the people that view their advertising. It is messy, it is contentious, and no one really knows what is going to happen in the coming months and years.
Recently, Facebook made changes to the way it works with displaying online ads. They say in that linked post, “We’ve all experienced a lot of bad ads: ads that obscure the content we’re trying to read, ads that slow down load times or ads that try to sell us things we have no interest in buying. Bad ads are disruptive and a waste of our time.”
Here is the problem: one person’s “bad” ad is another person’s opportunity to sell you something that maybe you might want. So they have attempted to clarify the issue, and give users more control over their ad experience. So far, it hasn’t been good.
How many of you Facebook users know about this page to control your ad preferences? I don’t see many hands being electronically raised. Take a moment, click on the above link, and spend a few minutes browsing around to see what they have done. You will be surprised.
The page is full of confusing controls and has a really poor user experience. For example, as you can see from the screen shot, I have given my personal information to three different advertisers, two of whom that I didn’t recognize. When I deleted these two – because I don’t want to hear from them ever again – they first fade, before disappearing from view if I would return back to this page.
Andrew Bosworth, a VP at Facebook, says, “Some ad blocking companies accept money in exchange for showing ads that they previously blocked — a practice that is at best confusing to people and that reduces the funding needed to support the journalism and other free services that we enjoy on the web.” (my emphasis added) That is a lofty thought.
But let’s not just blame Facebook. At least they are trying to take control over the situation and make improvements, so that users will click on more relevant ads and they will be able to charge more for them. How about the traditional news generators, like newspapers and other media companies? What are they doing about online ads?
The short answer is that they are selling every square pixel they can and finding new ways to pop-up, pre-roll, roll over, mix sponsored and editorial content, and in general pollute the overall browsing experience of their online properties. Just about every publication that I want to read places some obstacle (and that is what I think about them) in my way when I try to click on an article that I want to read. Their home pages automatically start playing noisy videos that have me using the mute button on my PC as a default setting, just so I can have some peace and quiet when I am reading in the mornings.
I know, they have to make money. Print advertisers are leaving in droves, subscribers are few and far between, and newsrooms are ghost towns.
So a few years ago, technology comes to the rescue and creates browser plug-ins called ad blockers. These sense pop-ups and other devious methods, and prevent them from displaying ads. It is a great idea, and most modern browsers have incorporated some of their features too.
However, the problem is the blockers worked too well. So Facebook and other major sites who benefit from advertising revenue have decided to block the blockers. Now we have a cat-and-mouse game, where as one side adds new features, the other side figures out a way around them. Malware authors have been doing this for decades.
“More publishers will have to look to more innovative ways to incorporate their commerce with their content.” So says TechCrunch, who ran this story not too long ago. They proposed a sensible argument for how ad blockers can improve the overall experience and at least eliminate the cheesy online ads. But what is happening is that innovation has turned into just using as many ways as possible to put up online ads.
The pre-eminent ad blocking company is called Ad Block Plus. On their blog, they announced a new version of their software that is used by hundreds of millions of users. It is called “Acceptable Ads Platform.” Basically, they get to choose which ads are “good” and which aren’t. They will continue to block the bad ads, but allow good ads by default. You can change this setting and not allow any ads whatsoever.
The New York Times has said, “instead of blocking bad ads, AdBlock allowed ads it deemed acceptable to be seen, often for a price.” This strikes me as something we used to call “bait and switch.” The Ad Block Plus company now wants to be known as a “web customizing” company. This seems a bit naïve, or misleading, or both. It also puts this company in the hot seat to decide what is acceptable and what is not. They claim to be putting together a panel of judges. We’ll see how well that will work.
As I said, this is all early days for what will come. While the web has been with us for decades, and online advertising too, it seems we need to work together to figure out how to best serve up ads that won’t block the editorial content that we were trying to view and still allow the publishers and media companies to make money from our interests. So far, it is sub-optimal for nearly everyone involved.
To hear more about this matter, listen to our latest podcast from Paul Gillin and I where we discuss this issue. Or leave your comments here.
In my post from last week, I addressed some of the concerns in the growing conflict between security and privacy. One of the issues that I didn’t talk about, as several readers reminded me, is the difference between privacy and anonymity. This is often summarized by saying, “I don’t care if someone tracks me, I have nothing to hide.” Well, consider the following scenarios.
Scene 1. You are hiking on a remote trail. As you are enjoying the view, someone is taking pictures with their smartphone and pointing their camera in your direction. So essentially your image is being taken without your consent. At first, you think this is fine: after all, you are anonymous, just some random hiker. But when the photographer posts your image on their social feed, your face is recognized thanks to the site’s software. And now, not only are you identified, but your location is also specified. So you have been tagged without your consent. One way around this is to wear specialized clothing that defeats flash photographs, as shown here.
Scene 2. You maintain a very active Pinterest account and post numerous pictures when you are at various events, or when you travel to distant cities. One consequence of this is that anyone who spent time looking at your account could see where you have been and what you have done.
Scene 3. Beginning in 2007, employees of the UK-based News Corp. regularly hack into celebrities’ voicemail accounts. They are sued and eventually pay various fines. Eventually, things come to boil in 2011 and others are charged, and one staffer is actually jailed. Testimony reveals that thousands of phones were involved and dozens of staffers had access to the collected information.
Scene 4. In the neighborhood where I live in St. Louis, the community monitors nearly 100 cameras that continuously capture video imagery to aid in solving crimes. Several dozen people have been arrested as a result of investigations using these images, which are available to law enforcement personnel. While they don’t have facial recognition software yet, it is only a matter of time. But what if anyone could access the video feeds online and monitor what is going on?
Scene 5. Your online activities are being tracked. One of the stories that I wrote about tracking online fraud recently was how security researchers were able to use machine learning to predict when an endpoint device could be considered compromised. They found a series of common characteristics that were easy to discover, without any sophisticated software. These included freshly made cookies (fraudsters clear their cookies often while regular users almost never do), erased browser histories, 32-bit Windows running on 64-bit CPUs and using few browser plug-ins. While any of these factors taken alone might be from a legit user, combined together they almost always indicated a machine used by an attacker.
Still think you have nothing to hide? Maybe so, but it is a bit creepy to know that your digital footprints are so obvious, and show up in so many places.
Some vendors, such as email encryption software Mailpile, have gone to great lengths to document how they address their users’ privacy. Given their market focus, it isn’t surprising. But still the level of detail in that document is impressive. “People should be able to communicate privately,” as they state in their document. That means no eavesdropping on email content, supporting authentic messages and privacy when it comes to the message metadata and storage too. What I liked about the Mailpile manifesto was their non-goals: “Mailpile is not attempting to enable anonymous communication. Most people consider e-mail from anonymous strangers to be spam, and we have no particular interest in making it easier to send spam.”
So as you can see, there is a difference between being anonymous online and maintaining your privacy. Like anything else, it is a balance and everyone has their own trade-offs as to what is acceptable, what isn’t, and what is just creepy. And expect new technologies to upset this balance and make these choices more difficult in the future.
As more of our users start literally wearing their own gear to work, the number of threats from these devices, such as Fitbits and Apple Watches, increases. After all, they are just another remote wireless computer that can be compromised to gain access to your enterprise network. I talk about the potential threats and ways to mitigate them, along with other factors. You can read my post here on iBoss’ blog.