Your Smart-Home is Not Secure

The future of technology is about respect, diligence, and community.

Your Smart-Home is Not Secure
“Unsafe to Enter” by LOLren is licensed under CC BY 2.0.

Maybe it’s a hunting trip with the family, or that weekend away at Disneyland your kids have been begging you for, but either way — it’s time for vacation. You pack, spend the morning stressing about all the things you forgot, and finally leave the house — making certain to lock the door behind you.

Not long after you’ve left, something moves across the lawn. A figure slips over the grass, up the front steps, and they’re at your door. The security system beeps once, confused, as the figure fiddles with the lock. But wait! A police car rolls up the road on patrol. The figure at your door turns quickly, lifts a hand, and… waves?

They finish with your lock as the police car drives on by. Your front door pops open. The alarm does not trigger. The figure slips inside.

The intruder is inside your house. They’re walking around, looking at your things, touching your possessions. They spend some time rifling through drawers, taking odds and ends. Maybe, all they do is snap photographs — but there are things you wouldn’t want photographed, aren’t there?

Finally, they’re done. But they don’t leave. They’ve found the day planner, the tickets to the Disneyland rides, the season pass for your favorite park; they know exactly where you went and for exactly how long you’re going to be away.

So, the intruder settles in. Feet up on the couch, they watch TV, sleep in your bed, they even order pizza in. Then, the day before you get back… they clean up their tracks, slip back through the house, removing any sign of their presence. They’re gone in a flash, out the door, back down the street, just another figure going for a stroll. Your security system beeps happily to itself: everything is under control.

We give away our keys too easily. (Image by author)

You probably don’t treat your cybersecurity with the same care you would with your house, and that means you are at risk.

The information that can be gathered from your digital life is just as personal, just as intimate, as something poking through your old family photos and your underwear drawer.

First: cyber education is woefully poor in the United States, with students of all ages unable to understand the fundamentals of either the hardware or the software that they rely upon every single day.

The second: when you leave your home you can be reasonably certain that locking your door, maybe setting a security system, will be enough… why? Why, because breaking into someone’s home is a serious criminal offense.

But, with the cyberworld, there are no systems in place at the society-wide level keeping your data and your family safe — none with teeth, anyway.

And the “cops” of this digital world? More often than not, they’re the big companies that are actually responsible for the lax security standards… as well as being some of the worst break-in offenders themselves!

If a photo gets stolen… that sucks. But, it’s the data hidden inside the photo that makes it dangerous to you (like when and where it was taken, and even detailed tags for the people in the image), this affects you and your family directly.

It’s also not just a matter of safety, either — it’s a matter of respect.

Do we respect each other enough to keep one another safe?

Chances are, even if we disagree with a neighbor about something, we can probably rely upon them to look out for our home when we’re away.

But in the digital world it’s a free-for-all, and the “people” who say they’re looking out for us — the companies to which we entrust our information — are anything but neighborly.

A safer, more interoperable internet is a matter of honor. (Image by author)

If there’s a problem of this scale, something that so deeply impacts our society, isn’t it our duty to stop it?

Isn’t it our duty to stand up and do what’s right for the good of our friends and neighbors? Don’t we have the responsibility to keep our neighborhood safe?

I believe we do. I believe that we need to take a stand. And, I think there are two simple and powerful ways we can, right here, right now.

Step one: Personal Responsibility

These are our keys, let’s keep them safe! (Image by author)

It’s not your fault that you’re caught up in this mess, but that doesn’t mean it’s not your responsibility to do something to keep yourself safe.

You probably know that all of your devices should have some sort of security available to them, and that’s a good place to start.

If you own an Apple device, it comes with a giant range of built-in protective measures to keep you safe from threats… but it doesn’t stop everything, and there are more threats out there than simple viruses.

Get yourself a VPN

A Virtual Private Network (VPN) can keep you safe from prying eyes when you connect your mobile device to free and unsecured Internet (like at an airport). It can also help protect you from your cellular carrier, who is certainly spying on you.

The best out there is probably ProtonVPN, but ExpressVPN and NordVPN are also good options.

Next: Protect your passwords.

One of the biggest causes of serious leaks of your personal information comes from a lack of good password management. Truthfully, the only password you should ever try to remember is the one that secures your password manager application!

TIP: A good password for your password manager should actually be a pass-phrase, something long and memorable that you came up with yourself. Don’t just copy down your favorite line from a best-selling novel!
Something like “Unicornsdonteatsaladunlessthereisnocandy#1” is actually an incredibly strong password, and it also happens to be extremely memorable (don’t use this one, obviously, make of your own — jeesh!). But only use this for your Password Manager password. Most of your passwords should be 15–20 character strings randomly generated by your password app.

Apple users: make judicious use of iCloud Keychain. It’s safe, reliable, and automatic. But only use it if you exclusively use Apple products! A password manager is only secure if it operates across all your devices at the same time. The keychain doesn’t seem to always work for non-Safari browsers and non-native Apple apps, either, which is really unfortunate.

Windows users: Bitwarden is a free and powerful password manager that comes highly recommended by security experts. Paid plans offer additional features and large secure cloud storage, but they’re not needed.

Now, the hard part… you need to change every single password that is either too simple or is the same as (or similar to) any other password you use.

This will be a day-long project for most of us, so put on a show or your favorite podcast and get to work. Every password for every website you visit needs to be placed in your password manager and made unique. Most good password managers also have a feature that lets them check if your passwords were discovered in any breaches — if so, change right now.

The final thing: fingerprinting. Currently, you get tracked everywhere you go online, but the good news is that it’s relatively easy to put a stop to a lot of it! A VPN will help with this, somewhat. Also, if you’re an Apple user, there are already some built-in defenses helping you out. But let’s take things farther.

If you do just those few things, you’re going to be far safer online than pretty much everyone else you know. The next step is to talk to friends and family and help teach them everything you’ve learned.

The second problem, and the second solution

You should have control over your life. (Image by author)

Remember I told you that there were two things you could do?

To secure yourself against the dangers of the modern cyber landscape, you need to take the fight to the politicians.

The safety and sanctity of our private lives is too important to risk, too intimate to give up without a fight. Luckily, this is a fight we can win.

Right now, the internet is in the hands of a few large corporations, who wield incredible power over your life. They hoard your private information, and pay off politicians to write terrible laws that invade your home.

Know how Google keeps saying “we don’t sell your data?” well, they don’t need to — Google uses data about you to create intimate maps of everything you do and everything you believe. Then they just sell that map.

Worse, companies like the TurboTax are literally extorting you. Tax filing is hard in the United States because these companies have spent millions lobbying against improvements that would make your life easier.

Tax-solution monopolies like TurboTax also have access to seriously sensitive information… and these services get hacked all the time!

Corporate monopolies breed corruption. The most important thing we can do is break up the monopoly held by any major company.

If a breach happens or a company treats us with disrespect, we should be able to leave their service — without leaving our friends behind!

There are no technical reasons why Facebook, for instance, can’t be connected to another social media network, allowing us to move to Mastodon (for instance) while still receiving messages from our Facebook friends.

Your freedom is being limited by bad privacy and copyright laws put into place during the Clinton administration and strengthened ever since.

But this is reversible.

Responsibility. Accountability. Privacy. (Or “Rap”, I suppose).

It’s up to each of us. (Image by author)

Visit the Electronic Frontier Foundation Action Page. Tell your local representatives that you support a more interoperable future — a future that is safer for everyone, a future with respect firmly built into the core of everything we do online. Watch this video for a deeper appreciation of the situation.

Together, we can make a difference, but it requires you to take the first stand.

Hi there! I’m Odin Halvorson, a librarian, independent scholar, film fanatic, fiction author, and tech enthusiast. If you like my work and want to support me, please consider becoming a paid subscriber for as little as $2.50 a month!

Subscribe for my regular newsletter. No spam, just the big updates.