this post was submitted on 12 Nov 2023
1480 points (96.1% liked)

tumblr

3365 readers
5 users here now

Welcome to /c/tumblr, a place for all your tumblr screenshots and news.

Our Rules:

  1. Keep it civil. We're all people here. Be respectful to one another.

  2. No sexism, racism, homophobia, transphobia or any other flavor of bigotry. I should not need to explain this one.

  3. Must be tumblr related. This one is kind of a given.

  4. Try not to repost anything posted within the past month. Beyond that, go for it. Not everyone is on every site all the time.

  5. No unnecessary negativity. Just because you don't like a thing doesn't mean that you need to spend the entire comment section complaining about said thing. Just downvote and move on.


Sister Communities:

founded 1 year ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[–] LemmyIsFantastic@lemmy.world 42 points 11 months ago* (last edited 11 months ago) (5 children)

Nah, I have a bunch of stuff and couldn't care less. If someone wants in my home they'll take out a window. Nobody is zero daying their way past a lock 🀣

[–] lseif@sopuli.xyz 32 points 11 months ago (2 children)

"im not actually too worried about my privacy and data being misused, im worried about everyone's being misused, and that it's being normalized"

[–] CaptKoala@lemmy.ml 4 points 11 months ago

And folks wonder why I'm in a constant state of existential dread, we all know it won't stop there if the corpocunts have anything to say about it.

[–] milicent_bystandr@lemm.ee 2 points 11 months ago

One of the most draining things about trying to look after privacy is the number of ways other people's choices undermine that.

I don't mean to dump on other people for those choices ... usually... but it's hard that the conveniences they take compromise the privacy that I like and that some others need more.

[–] jol@discuss.tchncs.de 28 points 11 months ago (1 children)
[–] GiveOver@feddit.uk 5 points 11 months ago (1 children)

Fun that "crypto nerd" has changed meaning since then

[–] jol@discuss.tchncs.de 2 points 11 months ago

Not to be confused with crypto bro.

[–] CosmicCleric@lemmy.world 9 points 11 months ago (1 children)

Nobody is zero daying their way past a lock 🀣

It would be a cheap way of creating onlyfans content though.

[–] LemmyIsFantastic@lemmy.world 1 points 11 months ago (1 children)

If I found out my convulsing into my partner would make money idk do it in a heart beat 🀣

[–] CosmicCleric@lemmy.world 4 points 11 months ago* (last edited 11 months ago) (1 children)

If I found out my convulsing into my partner would make money idk do it in a heart beat 🀣

Who said you'd get the money though. That fine print you always agree to would say any content from the security cameras would be owned by them.

[–] LemmyIsFantastic@lemmy.world -2 points 11 months ago

I would easily undercut with direct to consumer via OF after I understood the true value of my cock.

[–] dlok@lemmy.world 3 points 11 months ago (4 children)

And what's the worst an internet connected thermostat could do, discomfort you to death? If someone got into my Google account past 2fa etc id have bigger worries.

[–] TheWiz@lemm.ee 21 points 11 months ago (2 children)

For me it's more the privacy aspect. IOT devices tend to be network weak points. Things like Alexa constantly listening. I could see myself self hosting home assistant maybe in the future but not of the things smart devices enable are really a value add for me personally.

[–] CosmicCleric@lemmy.world 5 points 11 months ago* (last edited 11 months ago) (1 children)

You don't need home devices to lose your privacy like that. Your phone's themselves are constantly listening in.

Was talking to the wife in the car one time about buying a new pair of tennis shoes, and when I got home that evening and watched YouTube videos and such, I was getting so many tennis shoe ads it was actually quite spooky.

[–] TheWiz@lemm.ee 6 points 11 months ago

Oh definitely, I go to a lot of effort to try and mitigate it (graphene OS, no Facebook, social media, pihole for network wide ad blocking, simplelogin for email aliasing, no smart devices) but there's always plenty of invasive apps/services even you're privacy conscious.

[–] LemmyIsFantastic@lemmy.world -5 points 11 months ago (2 children)

Jesus Christ "always listing".

No they aren't. Not in any sense that even explained in common sense language to normal people.

They are listening to what amounts to be a key pair(s) voice imprint. That's done at a hardware level. And despite it be career making and be worth millions nobody has reported any large scale beach of trust in many years.

The major players have an excellent track record of being secure.

[–] milicent_bystandr@lemm.ee 3 points 11 months ago

The major players have an excellent track record of being secure.

Facebook doesn't.

[–] calavera@lemm.ee 1 points 11 months ago (1 children)
[–] LemmyIsFantastic@lemmy.world 1 points 11 months ago (1 children)

Whatever you say. Still not a single person who can list consumer devices using this tech.

[–] calavera@lemm.ee 1 points 11 months ago* (last edited 11 months ago) (1 children)

Whatever you say astroturfer.

But it does not look like like they are secure at all

Hey, we even have leaks... .

Tell your boss to update your script

[–] LemmyIsFantastic@lemmy.world 0 points 11 months ago* (last edited 11 months ago) (1 children)

First, the attacker needs to be within wireless proximity of the device, and listen to MAC addresses with prefixes associated with Google. After that, they can send deauth packets, to disconnect the device from the network and trigger the setup mode. In the setup mode, they request device info, and use that information to link their account to the device and - voila! - they can now spy on the device owners over the internet, and can move away from the WiFi.

Congrats, you found a single instance. It was patched via the security program. It relied on physical proximity.

Then you link another scenario where an utterly insignificant portion of users data was shared with partners.

It's grasping at straws and both those incidents are unrelated to always on recording. None of that shit you linked is related in the least bit. It's slippery slope bullshit you're trying to pull.

Astroturfing 🀣🀣🀣 good lord I wish I could get paid arguing with uninformed privacy zealots.

[–] calavera@lemm.ee 1 points 11 months ago (1 children)

So much so for your "excellent track record of being secure." right? Specially this taking almost a year to be patched. Now image the exploits that were found not by researchers, but malicious parts...

I mean, if you were a paid astroturfer I could understand, because people have to make ends meet right. But doing that for free? What a dystopian world we live in

[–] LemmyIsFantastic@lemmy.world 0 points 11 months ago* (last edited 11 months ago)

Holy shit, you really are stuck on this 100% unrelated local access hack 🀣

I guess you'll never use tls again cause of its history right?

[–] bitwolf@lemmy.one 20 points 11 months ago (3 children)

The issue is that the thermostat can be used as a jump box into your network.

That's when/where all the nefarious things happen.

[–] frezik@midwest.social 6 points 11 months ago

This is why I like boarderless security, and did even before all these smart devices came around. Every device should be responsible for its own security. It meant your laptop is still protected when you're on some random wifi network. Networks shouldn't be built like eggs; hard on the outside, soft on the inside.

It does take more technical skill to setup, though.

[–] groucho@lemmy.sdf.org 5 points 11 months ago (1 children)

Or they could just dime out the heat/AC and give you a huge energy bill. Or kill the furnace in the winter, while you're on vacation, and let your pipes burst.

[–] RGB3x3@lemmy.world 2 points 11 months ago* (last edited 11 months ago) (1 children)

Nobody is doing that. A hacker doesn't cause chaos just for the fun of it. They have nothing to gain by playing with your thermostat when they can spend less man-power exploiting corporations for money and data.

[–] groucho@lemmy.sdf.org 1 points 11 months ago (1 children)
[–] RGB3x3@lemmy.world 1 points 11 months ago

Yeah, but:

The downside, though, is that installing the ransomware, currently, requires the hackers to either have physical access to the thermostat or trick the victim into loading malicious files on the device on his own.

And if a hacker is in your home, they're not a hacker. They're just a burglar.

[–] greenskye@lemm.ee 2 points 11 months ago (1 children)

Realistically speaking who targets an individual house in the hopes of accessing something important and usable when companies lose millions of customer financial and personal information basically every month?

[–] Nahdahar@lemmy.world 5 points 11 months ago (1 children)

Nobody attacks an individual house, people exploit vulnerabilities en masse.

[–] RGB3x3@lemmy.world 1 points 11 months ago (2 children)

To do what though? People are worried about their internal network being compromised, but the average person has basically nothing worth stealing on their home network given the insane amount of work it takes to compromise it.

The fears of your internal home network being compromised are way overblown.

[–] milicent_bystandr@lemm.ee 1 points 11 months ago

It's not just damage to your home network, it's using that as part of botnets do do other crime. And it's collecting data on you for sleazy purposes, that then gets leaked (sometimes) to those who want to use it for crime.

the insane amount of work it takes to compromise it.

Really?

The great thing about software is once you develop an insane trick to get into one child's internet-connected doll (oh yes, there's that too) you can roll it out to try ten million dolls across the world.

[–] Nahdahar@lemmy.world 1 points 11 months ago (1 children)

A main example that comes to mind is nanny cam or iot security cam ransoms for example. They don't target specific individuals at first, they exploit a mass vulnerability, gather sensitive footage then blackmail. Another example, while not directly affecting IoT users' lives was the Mirai botnet attack.

[–] greenskye@lemm.ee 1 points 11 months ago

This implies looking at hundreds of thousands of nanny cams, for probably lots of hours before you end up with any footage thts worthy of 'blackmail'. And I'd bet many homes would literally never have anything blackmail worthy even happen on camera. Oh no, they saw me naked!?! What am I going to do if my coworkers found out I walk around naked in my own home. I'd just tell them to take a hike and release my naked footage if they really wanted to.

[–] Obi@sopuli.xyz 12 points 11 months ago (3 children)

I think that example is probably the most serious one. If you live in regions that go to -40c you most definitely don't want your thermostat to just stop heating the house.

[–] ironeagl@sh.itjust.works 1 points 11 months ago

At the same time, it's nice to be able to check what temperature it's at while you're away. I have a zwave thermostat myself, gives "smartness" without the reliance on someone else's computer.

[–] vaultdweller013@sh.itjust.works 1 points 11 months ago (2 children)

Whats -40c I only know freedom units. Im guessing its -20f

[–] Obi@sopuli.xyz 11 points 11 months ago

Believe it or not, it's also -40f :D for once we're all happy.

[–] thewowwedeserve@feddit.de 11 points 11 months ago

Coincidentally -40c is also -40f

[–] dlok@lemmy.world 1 points 11 months ago (1 children)

Pretty extreme example, and im sure you would manually intervene at that point

[–] Obi@sopuli.xyz 8 points 11 months ago

Sure it's definitely an extreme example for the sake of argument but it's one with potentially severe consequences (what if it happens while everyone is sleeping, or while all humans are away with only pets in the house, etc etc).

It's happened before too: https://news.sophos.com/en-us/2016/01/18/nest-smart-thermostat-glitch-leaves-cold-feet-and-steaming-mad-customers/

[–] CosmicCleric@lemmy.world 5 points 11 months ago (1 children)

And what’s the worst an internet connected thermostat could do

Raise your AC and or Heating bills?

[–] dlok@lemmy.world 0 points 11 months ago (1 children)
[–] CosmicCleric@lemmy.world 5 points 11 months ago

Without you noticing though?

They'd time it for when you are on vacation.

[–] AlexWIWA@lemmy.ml 1 points 11 months ago

These iot software are usually minimum viable products with weak security. A zero day for them is fast simpler than trying to get a zero day in windows.

For example, I had a friend that worked at one of these companies, that recently lost a lot of money, and while he was there they had their master keys in the git repo on GitHub. At this point they were well past a billion dollar valuation.