Monday, August 19, 2024

Your home WiFi network may be spying on you

 

The folks at Proton have just released a report on how your home wireless internet network may be spying on your online behavior.


When you use the internet at home, connected to everything from fitness equipment to game consoles, smartphones, and laptops, marketing companies could be watching you with a tiny piece of surveillance tech you might not even know about.

We’re talking about WiFi pods provided by companies such as Plume Design Inc., a company that has emerged as a significant player in the mesh WiFi market, with over 60 million homes running its surveillance-enabled products worldwide.

Plume has publicly claimed to champion privacy and built-in protection of user data, taking a strong stance in its messaging that it does not monetize user data. That commitment is echoed in its privacy policy, which offers users options like privacy mode and the promise of significant control over their personal information. 

But it appears Plume talks to internet users differently than it talks to internet service providers (ISPs) — its other customers:

  • To you, Plume promises enhanced connectivity and better control over your smart home network.
  • To ISPs, Plume promises marketing insights based on deep analysis of your online behaviors. What that means is Plume harvests and hoards a tremendous amount of sensitive data about its users — even tracking when they are present in their homes.


There's more at the link.

It appears that Plume's technology, and others like it, are being licensed to and included by other vendors, making such penetration of our privacy an industry-wide problem.  Fortunately, there are ways for the privacy-conscious to improve their security, but it's frustrating to have to stop others from snooping in the first place.  Clearly, such companies won't even ask forgiveness, much less permission, to intrude in that way.  When I entered the workforce, such behavior would have seen the company(ies) concerned ostracized by their competitors and driven out of the marketplace due to ethics concerns.  Today?  Everybody seems to be doing it.

I know many people no longer even think about privacy online, and it's certainly a truism that nothing one says online can be considered private or confidential.  Nevertheless, I'm old-school, and I do believe in maintaining my privacy whenever possible.  I won't necessarily use Proton's products and services to achieve that, but I'll take note of their recommendations, and try to incorporate them into my online time.

Peter


15 comments:

nono said...

Just another reason in the long list of why I will not use a router that can not have open source firmware loaded. My next router will be a repurposed PC.

Rob said...

Everyone who has a smartphone is being spied on... seems we get used to it...

Tree Mike said...

Oh yeah, way worse than "1984". I'm hoping my "crime think" is low priority, compared to the millions of normies and GWOT (globull war on terrorism) veterans that have awakened in the last few years, and earlier.

Anonymous said...

That is why I don't have security cameras inside the house.

glasslass said...

Shawn Ryan show interviewed the #1 hacker in the world. I've seen bits and pieces of clips and it made my stomach clench.

boron said...

I noticed that the address is proton.me
"me" is Montenegro even though the company is headquartered in Switzerland

Zaphod said...

@Boron:

A top level country domain name of yz doesn't necessarily mean that server x is located in country yz. In the case of proton.me they're headquartered in Switzerland and so are their encrypted email servers. Proton's VPN end points are obviously located all around the world in data centres. Proton seems to be one of the most trustworthy VPN and secure email providers although they're not totally immune to government subversion or pressure. Nobody is.

I used Proton and also Mullvad. In fact my home router runs a VPN out to a Proton or Mullvad endpoint 24/7. The purpose of this is to hide my traffic from my ISP.. Generally I still use a VPN endpoint in Hong Kong where I live.

(BTW everybody should be using Wireguard as their VPN protocol. MUCH faster. I have nothing to say about the retardedness of using popular very cheap VPNs. People should do their own research to figure out why these are foive-ois honey traps. Not rocket science.)

All the above is very nice, but if you don't run very strict ad and tracker blocking and take great care in selecting your DNS providers and how you access DNS then you're still being harvested for marketing and mass surveillance purposes. That's another story again. Recommend Pi-hole or Adguard.

TGreen said...

Uhh... Peter? If you're using your ISP's DNS (domain name server - the service turns "blogger.com" into the "2607:f8b0:4005:814::2009" that the internet actually uses) your ISP *already* knows everything you're afraid Proton might tell them.

boron said...

@ Zaphod
TNX for th e education

Old NFO said...

Always remember, NOTHING is private once it is on the /net

Anonymous said...

I don’t know about our network but when I was in a physical therapy hospital I was discussing with the PT lady how I had a stool/kneeler that I could using in the garden. My iPad was on a table near by. I got at least two adds a day for at least a week. Same things sometimes happen at home!

TCK said...

I've been assuming for many years now that any tech more advanced my than old Gameboy Color (still works fine after more than 25 years, while the new stuff seems to break after 2 or 3) is spying on me every chance it gets. I have yet to be proven wrong.

Anonymous said...

Same, 3X for me within a 7 day period. Phone not even in room.

Aesop said...

If you have and use a Smart Home Spy Network, you deserve what you get.

You might have thought serious people figured this out when it was revealed that Roomba vacuum cleaners were transmitting dimensions and floorplan layouts of users' homes back to HQ, for any-party use, and when 5M people all noticed that when they said things around their cell phones, targetted ads started popping up on their internet pages.

Faraday bags and shields are a thing, and for anything connected to the 'net, YOU are the product, not the customer, since ever.

Thus endeth the lesson.

HMS Defiant said...

Visiting our embassies in the Middle East I routinely had to take out the battery and put it in a box at the Guard Post. Oddly enough, entering a scif I only had to put the phone in a lock box outside the scif. No messing around with batteries. But then, that dates me as old since you cannot take the batteries out of modern phones at the drop of a hat. You know that the protocol originated from someone who knew what our Intel people could do with that kind of access. Our countermeasures revealed too much about our own capabilities and that's why we stopped advertising countermeasures.