Owners of Samsung's "smart" TVs are now reporting that apps on the TVs are inserting Pepsi ads into their own content stored locally on their PCs and NAS drives. In nearly identical stories, GigaOm and Ars Technica report that this happens for Plex and Foxtel apps running on the TVs. https://ioptconsulting.com/listening-wasnt-bad-enough/ Kind regards, -- T.Rob I have availability! For a good time (with IBM MQ) call: T.Robert Wyatt, Managing partner IoPT Consulting, LLC +1 704-443-TROB (8762) Voice/Text +44 (0) 8714 089 546 Voice From: =Drummond Reed [mailto:
] +1 to "informed dissent". T.Rob, you just might have a movement there... On Wed, Feb 11, 2015 at 7:17 PM, T.Rob <
" target="_blank">
> wrote: Maybe this is another catch phrase in the making but what we have now is better thought of as informed dissent. If you aren't dissenting, that's probably because you are not informed. -- T.Rob From:
" target="_blank">
[mailto:
" target="_blank">
] On Behalf Of Adrian Gropper
+1 T.Rob. It's not informed consent to anything if I don't have the opportunity to get the data FIRST. Adrian > Here I thought Barry White sang "Never Gonna Give You Up." The version that is the origin of the Internet "Rickroll" meme is Rick Astley's. It may be a cover of Barry White's or Barry may have covered it from someone else. However, only the Astley version qualifies as a Rickroll if and when some eavesdropper happens upon it. > Here’s my call to action: For companies that are launching “smart” devices on the Internet, be transparent about why, when and how you collect and use personal information. For individuals putting these devices to use, demand to know how you can control when and what you are revealing about yourself. If at any point you update this article, or simply in the course of writing new ones, I would love, LOVE it if the premise that the device manufacturer had any natural claim on the data disappeared entirely. To do this right, the devices must give their data *first* to the device owner. It should not blue-screen if it can't get to the Internet and it should function whether or not any data gets back to the vendor. The vendor's business model should not depend on getting data from 100% of the devices, nor probably even 50% of them. If the owner gets the data first… · We can mash up new interfaces that would not be lucrative for the vendor. · We are not locked into a specific vendor, so long as there's a device that performs that function. · Our devices do not die if the vendor ceases support or goes out of business. · We can audit exactly what data gets out the door, therefore have a reason to trust the vendor. · The vendor is obliged to compete on the quality of the product, the API, and the security, whereas today the product is not much more than a cheap, minimal platform for sensors to feed data back to the vendor. This notion that the device vendor gets any data as a precondition to operating the device has got to go. Kind regards, -- T.Rob I have availability! For a good time (with IBM MQ) call: T.Robert Wyatt, Managing partner IoPT Consulting, LLC +1 704-443-TROB (8762) Voice/Text +44 (0) 8714 089 546 Voice From: Dan Miller [
">mailto:
] T. Rob: Here I thought Barry White sang "Never Gonna Give You Up." Anyways... I just posted this: http://bit.ly/1FzD1zs while my thoughts were fresh. My livelihood is based on "intelligent assistance" first taking shape and then taking off. I see a necessary trade-off between what I disclose about myself so that a collective resource (network of friends, network of recommendation robots, whatever) can massage it and make suggestions regarding my next step or action. I like Google Now. I want Siri to have more relevant answers about more things that are important to me. That's why it's important for my virtual intelligent assistant to know me. I respect that Moore's law is in our favor and lots of things will be local. Right now that's not an option. But also right now there are all sorts of bad actors about in the world and I know I'm just being stupid to send email's on Gmail, for instance. Advertisers love it. I use no encryption for my communications. On a separate thread in this group Phil Wiindley and others are offering "keys" for a couple of services like KeyBase or OneName. On Wed, Feb 11, 2015 at 10:58 AM, Guy Higgins <
">
> wrote: Years ago, there was a terrible plane crash in Iowa City (not the destination, but an airport that was available for an emergency landing). A DC-10 lost all hydraulics — that essentially means that none of the airplane control surfaces (ailerons, rudder, elevator, flaps, etc) were available to the pilots. Thanks to the presence of an airline instructor pilot working with the exceptionally experienced pilots assigned to the flight, almost half of the passengers survived the almost-controlled crash. The reason for the loss of all hydraulics? The redundant hydraulic systems were routed through the same location in the tail of the airplane (near the third engine) and were all destroyed by the same engine failure. That is exactly the kind of disaster that will happen if control networks are not rigidly segregated from other, non-control, networks. I’m not prescient, but it doesn’t take a rocket scientist to do the probability calculations to see how quickly the probability approaches 1.0 Guy From: "T.Rob" <
">
> We are back to the whole "adding $1 to a car is expensive over a million cars" argument. The network for operational car functions such as brakes and the one for infotainment should be separate. To the extent that the operational functions need to inform the infotainment devices, one-way egress is allowed, and this can be enforced using crypto. Anyone can read the operations messages, only authorized devices can write them. Of course that means duplicating some of the physical wiring to do it right. For what it's worth the Boeing 787 Dreamliner used the same network for plane operations as it uses for passenger infotainment when it was initially sold. I don't know whether it still does but this goes to show how monumentally clueless people can be about this stuff. You think disabling the brakes on a moving car is bad, try ENabling them in a moving jet with 300+ passengers aboard. As for TVs that listen, all I have to say is "I void warranties." When I am not actually using the voice rec, the mic on the TV will be fed a continuous loop of the 1987 Rick Astley song "Never Gonna Give You Up," thus Rickrolling any would-be eavesdroppers. Kind regards, -- T.Rob I have availability! For a good time (with IBM MQ) call: T.Robert Wyatt, Managing partner IoPT Consulting, LLC +1 704-443-TROB (8762) Voice/Text +44 (0) 8714 089 546 Voice From: Dan Miller [
">mailto:
] Hi all: Great conversation! T. Rob - Yes, I do know that wake up words require a TV (or Echo, or smartphone) to be always listening. Heretofore the challenge had been battery life on a phone, but the TV is plugged in (in more ways than one). Adrian, et al. I'm not sure that there is enough diversity among solutions that are being proposed and likely to be adopted. More dramatic than the contract terms of the Samsung TV "going viral" was the 60 minutes segment showing how DARPA (or more accurately "hackers") could take control of your car. I know it was up against the Grammies but... seeing Leslie Stahl pump the brakes and say "No! No!" as she ran over a bunch of orange pylons. The segment ended by noting that Ed Markey is about to propose legislation to put a stop to it. But how? I think they said that only two of the top makers of luxury cars with electronic gew-gaws had taken formal measures to prevent hacking. Proposing diversity is one thing, but doesn't that contradict efforts to build some standards for establishing trust and preventing malicious attacks on networks? On Wed, Feb 11, 2015 at 5:55 AM, Guy Higgins <
">
> wrote: +1 Diversity here is a strong counterforce. Hackers are successful to a very large extent because the world’s OS’s share a huge common heritage. Just like biological viruses would almost certainly be incapable of harming a “life form” based on a non-RNA/DNA chemistry, hackers would find it much more difficult to create problems for truly diverse operating systems. At least that’s my assertion. Guy From: Adrian Gropper <
">
>
As with biology, there's strength in diversity. Open source home and community layers promote essential diversity. Adrian Unless the TPM is locked down and either in my control or behind a wall garden, should we really be trusting anything or one. What happens when hackers start infiltrating the software and systems that your smart home is connected through? Just thinking out loud…. sorry
Adrian Gropper MD
Adrian Gropper MD |
Archive powered by MHonArc 2.6.19.