How the CIA, Comcast can snoop on your sleep patterns, sex toy usage

The smart home may need to get a whole lot smarter, researchers warn


Basically, rather than seeing clear flows and peaks of data, the system spread that data out over time and ran the same amount of data constantly – making it almost impossible to figure out what was really going on.

This brings its own problems however:

  • Latency
  • Greater data usage
  • Complexity

The system is much simpler when only very low-traffic devices such as smart plugs were in use. But when audio and video devices were used, the sheer amount of data meant that the effort to disguise it caused latency.

The worst impact was a 10‑15 second delay in getting video from the smartcam to a mobile device – which can be incredibly annoying – and a few seconds delay in the Amazon Echo answering a question (also annoying). With high latency, the Echo cut off its reply mid-sentence, the team found.

Although the researchers acknowledge that the ILP approach is often written off for creating too much unnecessary data, by their calculations, simple smart devices only added 2.5GB of data a month. However, with audio and video devices added in, that jumps to 104GB a month. They claim this is still far below a common cap of 1TB for many ISPs. However, that is still a hefty data cost for additional privacy.

What are other possible variations on this approach?

A random or variable data pattern – rather than a flat, constant data stream – could help disguise traffic while also helping bring down data usage and latency.

Device manufacturers could also rethink how their devices send information. It is not necessary, for example, for a sleep device to send information instantly – it could delay the sending of data for several hours with no discernible impact.

People could also combine the use of a VPN with a less-aggressive form of ILP to add privacy at a lower cost. Or router manufacturers could give people the option to select different levels of privacy on a dial-like setup to get the right level of performance combined with privacy. Or allow some devices to respond unimpeded but pull others into a privacy mix.

Ultimately the paper does a good job at identifying something that is going to become an ever-greater concern: people's personal habits effectively becoming visible – and saleable – through traffic analysis.

We could easily see a router manufacturer figuring out a way to disguise such traffic and use a new privacy setting as a unique selling point, or to differentiate themselves in the market. But as this paper demonstrates, such packet manipulation can become complex quite quickly and would likely come with some compromises over speed and quality. ®

Biting the hand that feeds IT © 1998–2018