Smart Devices Spy on You – Two computer scientists explain how the Internet of Things can invade your privacy

Have you ever had a creepy feeling that someone is watching you? Then you turn around and see nothing out of the ordinary. Depending on where you’ve been, you probably weren’t quite imagining it. There are billions of things that make you feel every day. It’s everywhere, hidden in plain sight – inside the TV, fridge, car, and desk. They know more about you than you might imagine, and many relay this information online.

Back in 2007, it was hard to imagine the revolution of useful apps and services launched by smartphones. But it came at a cost in terms of intrusion and loss of privacy. As computer scientists who study data management and privacy, we’ve found that with internet connectivity extending to devices in homes, offices, and cities, privacy is at greater risk than ever.

The Internet of things

Your appliances, car, and home are designed to make your life easier and automate the tasks you perform every day: turn the lights on and off as you enter and exit a room, remind you that tomatoes are about to spoil, and customize the house temperature to the weather and everyone in the family’s preferences.

To do their magic, they need the internet to access help and connect data. Without internet access, your smart thermostat can collect data on you, but it doesn’t know what the weather forecast is, nor is it powerful enough to process all the information to decide what to do.

Tablet with wall-mounted display
The Nest smart thermostat keeps track of your presence and connects to the internet.
The perfect smart home / Flickr, CC BY

But it’s not just the things in your home that communicate over the Internet. Workplaces, malls, and cities are also getting smarter, and smart devices in those places have similar requirements. In fact, the Internet of Things (IoT) is already widely used in transportation, logistics, agriculture, agriculture and industry automation. There were about 22 billion internet-connected devices in use around the world in 2018, and the number is expected to rise to more than 50 billion by 2030.

What do these things know about you?

Smart devices collect a large set of data about their users. Smart security cameras and smart assistants are, after all, cameras and microphones in your home that collect video and audio information about your presence and activities. At the less obvious end of the spectrum, things like smart TVs use cameras and microphones to spy on users, smart bulbs track your sleep and heart rate, and smart vacuum cleaners learn about things in your home and map every inch of them.

Sometimes, this monitoring is marketed as a feature. For example, some Wi-Fi routers can collect information about where users are in the home and even coordinate with other smart devices to sense motion.

Manufacturers usually only promise automated decision-making systems and it’s not humans who see your data. But this is not always the case. For example, Amazon workers listen to some conversations with Alexa, jot them down and annotate them before fusing them into automated decision-making systems.

But even restricting access to personal data to automated decision-making systems can have undesirable consequences. Any private data shared over the internet may be vulnerable to hackers anywhere in the world and few consumer devices connected to the internet are very secure.

Understand your weaknesses

With some devices, such as smart speakers or cameras, users can occasionally turn them off for privacy. However, even when this is an option, disconnecting devices from the Internet can severely limit their usefulness. You also don’t have this option when you’re in workplaces, malls, or smart cities, so you may be at risk even if you don’t own smart devices.

Therefore, as a user, it is important to make an informed decision by understanding the trade-offs between privacy and convenience when purchasing, installing, and using an internet-connected device. This is not always easy. Studies have shown, for example, that owners of personal assistants in a smart home have an incomplete understanding of what data devices collect, where the data is stored and who has access to it.

A little boy touches the top of a black cylinder on a dining table while the family is eating in the background
Smart speakers are constantly listening for your commands.
Oscar Wong/Moment via Getty Images

Governments around the world have introduced laws to protect privacy and give people more control over their data. Some examples are the European General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). Thanks to this, for example, you can send a Data Subject Access Request (DSAR) to the organization that collects your data from a device connected to the Internet. Organizations must respond to requests within those jurisdictions within a month to explain what data is being collected, how it is used within the organization, and whether it is shared with any third parties.

Minimizing privacy damage

Regulations are an important step; However, its enforcement will likely take some time to keep up with the ever-increasing number of devices connected to the Internet. In the meantime, there are things you can do to take advantage of some of the benefits of being online without giving away a massive amount of personal data.

If you own a smart device, you can take steps to secure it and reduce risks to your privacy. The Federal Trade Commission makes suggestions on how to secure your devices connected to the Internet. Two main steps are to update the device’s firmware regularly, see its settings, and disable any data collection that is not related to what you want the device to do. The Online Trust Alliance provides additional advice and a consumer checklist to ensure the safe and private use of Internet-connected consumer devices.

If you’re on the fence about buying an internet-connected device, find out what data it captures and what the manufacturer’s data management policies are from independent sources like Mozilla Privacy not included. With this information, you can choose the version of the smart device you want from a manufacturer that takes the privacy of its users very seriously.

[Over 150,000 readers rely on The Conversation’s newsletters to understand the world. Sign up today.]

Last but not least, you can stop and think about whether you really need all your devices to be smart. For example, are you willing to give up information about yourself to be able to verbally command your coffee machine to make a cup of coffee?