Rendered at 17:36:52 GMT+0000 (Coordinated Universal Time) with Cloudflare Workers.
Chu4eeno 2 days ago [-]
Based on the source country distribution I'd say it's more likely the standard Android residential VPN SDKs embedded in free apps.
Havoc 2 days ago [-]
The data and project looks cool but I don’t really see the link between the bulk of what’s presented and smart appliances conclusion?
unitindex 2 days ago [-]
This made me realize how many devices I buy once, set up once, and then never think about again. Smart TVs are probably one of the biggest examples of that. It would be interesting if manufacturers had to make software support periods much more obvious before people bought them.
Incipient 2 days ago [-]
I wish I never thought of it. Just had a recent Samsung TV update, and now it has to sign in EVERY TIME it turns on. I'm considering how to frame it as a warranty job.
gnopgnip 2 days ago [-]
Factory reset it then never connect to the internet. Use another device you can control for streaming
duskdozer 1 days ago [-]
I'd be surprised if they didn't have anti-downgrade fuses or something and force you to connect and update. Or just overwrite the reset image.
account42 1 days ago [-]
> Use another device you can control for streaming
Streaming and "device you can control" are mutually exclusive.
dpoloncsak 1 days ago [-]
Something as simple as Raspberry Pi is capable of streaming from the main services while being a device you are root on. I don't think anyone's looking to control the Stream box
derwiki 1 days ago [-]
Jellyfin?
Rygian 1 days ago [-]
In Europe, the Cyber Resilience Act mandates the manufacturer to:
* Report any security breaches within 72 hours to a public body (country's CSIRT + ENISA).
* for "all products with digital elements [...] including those already placed on the market before 11 December 2027"
Products must be sold with a "secure by default" config, with automated security patching enabled by default (opt-out), with reporting on possible unauthorised access, with data collection minimization (tie-in to GDPR), with an SBOM, with dedicated security testing, with public disclosure of vulnerabilities, …
I try to avoid "smart" appliances and if the manufacturer forces the "smart" stuff, I never enable it. Even my induction hob would like to connect to wifi (no idea what that would be useful for), but that's just not happening.
Macha 1 days ago [-]
My washing machine advertises its remote start feature to try get people to use the app and it’s like… I need to physically load laundry into the machine so I’m already going to be standing there when I want to start it.
knolan 1 days ago [-]
We don’t have smart appliances but I’ve recently switched to an electricity plan with a really cheap night rate for charging my EV (1 cent per km!). We often fill and then schedule our Bosch washing machine and dryer to come on at 2am. No app required.
rogerrogerr 1 days ago [-]
Do you have wet clothes sitting in the dryer until 2am? Curious how you deal with that.
yencabulator 1 days ago [-]
They said "Bosch washing machine and dryer". It's a combo unit that dries after washing.
Macha 1 days ago [-]
Mine is a Bosch (but I guess a few generations newer?). Definitely requires an app for scheduling.
fl0ki 1 days ago [-]
Exactly. That said, it's nice to get a notification when it's done.
SoftTalker 2 days ago [-]
I cannot imagine ever connecting a TV or appliance to my home network. I even worry about my printer and Roku.
wccrawford 1 days ago [-]
It's worse than that. If you don't add it, what's to stop someone else from adding it? A lot of them are just "press okay and it's added". There's no security and nothing to stop people from adding unclaimed applicances, except distance.
vharuck 2 days ago [-]
I vaguely remember a saying I read here once:
A tech lover has a home full of smart appliances and systems. A tech expert has a computer, a modem, a printer, and a revolver lying next to the printer in case it makes a sound they don't recognize.
m463 2 days ago [-]
Don't leave the revolver too close to the printer. It might start saying "low toner" when you go to use it.
timbit42 1 days ago [-]
The revolver or the printer might start saying that?
StilesCrisis 21 hours ago [-]
Why would your Roku be any more or less safe than a TV? It's the exact same idea.
tekno45 2 days ago [-]
better than it connecting to one you don't own.
mschild 1 days ago [-]
Or just keep it turned off entirely? Every "smart" device I have has the option to disable WiFi/bluetooth entirely so it doesn't even show up.
inigyou 1 days ago [-]
One party made certain IP addresses valuable, the other party responded by totally randomising their IP addresses, and the world is worse off for it. Who's responsible? They weren't using random IP address proxies when IP addresses weren't treated as a status symbol.
VladVladikoff 2 days ago [-]
What gets me is how honestly horribly written most of these scrapers are. I found one ip in my logs recently that had 50,000 attempts at the same 404, over and over every few seconds.
Glandalf 16 hours ago [-]
I never bought any, it seemed like a really Really REALLY REALLY stupid idea this whole time.
stego-tech 2 days ago [-]
“Is your refrigerator running - on a botnet for AI companies?
Stainless Steel Scrapers - tonight, on Sick Sad World.”
zahlman 1 days ago [-]
> If I had to guess where most of this traffic is coming from, it's from compromised smart appliances contributing traffic to proxy networks.
... Is the data earlier in the article supposed to support this hypothesis? I'm not saying it doesn't, but I would really appreciate having more lines drawn and dots connected here. And what sort of checking are people supposed to do, exactly? And how?
inigyou 1 days ago [-]
It's just an assumption that residential proxying hasn't become a legitimate industry by now. Security professionals just assume it's still based on botnets.
cyberax 2 days ago [-]
My home appliances are all ZigBee/ZWave or ESP32-based WiFi devices. Good luck running botnets on them.
thaumasiotes 2 days ago [-]
> If I had to guess where most of this traffic is coming from, it's from compromised smart appliances contributing traffic to proxy networks.
I find it interesting that we have a moral panic over giving people access to their own smartphones, because if the user has access they may get a virus, with negative knock-on effects on the internet...
...but there is no push to remove the same capabilities from smart appliances. They can do what they want. The user doesn't have access, which appears to be what counts. The appliance has access, so its viruses can do all the same things that have to be forbidden on phones, but that doesn't matter.
There's an interesting potential future where personal computing is illegal, unless you buy a refrigerator for the purpose.
matheusmoreira 2 days ago [-]
That potential future is inching ever closer to reality.
It was never about users. It's all about the corporations. They want to extract rent from their digital serfs, they want to not lose money due to fraud, piracy or whatever else, they want to push unblockable ads, etc. They have "legitimate interests", also known as lobbying power. To these guys, our interest in maintaining control over our machines, sovereignty over our digital domains, is seen as active hostility.
I think one day we'll need to cryptographically attest that our computers are corporate owned in order to even get an internet connection. It's the corporation's computer, they're just generously allowing us to use it, and only on their terms.
BLKNSLVR 2 days ago [-]
Unauthorised bread.
Drink verification can.
matheusmoreira 23 hours ago [-]
Not the Doritos™ Mountain Dew™ Halo 2k19™ War Chest again.
harperlee 1 days ago [-]
Would be interesting to see a movement akin to Asahi / OpenWRT that enables me to run my side project on my fridge or tv!
2 days ago [-]
slipperybeluga 1 days ago [-]
[dead]
2 days ago [-]
senectus1 2 days ago [-]
a good reminder for me to vlan properly at home.
BLKNSLVR 2 days ago [-]
Yeah, I'm thinking along similar lines. I'm not all that heavily VLAN'd, but I have my devices grouped into IP address ranges with static DHCP assignments, and I'm thinking of restricting internet access for a number of those groupings.
simplyluke 2 days ago [-]
I redid my home network this year largely to be able to get off of cloud-based cameras and properly VLAN untrusted devices.
ifh-hn 2 days ago [-]
What are you using for this in the home?
dugite-code 1 days ago [-]
Not op but I have an opensense box and a semi managed switch and an couple of TP-Link omada controlled ap's for wifi.
It can make management a bit difficult if you're not careful, but I have wireguard listening on all the vlans so I can bypass any restrictions on any connection it can get my laptop onto if needed.
senectus1 1 days ago [-]
much like the other commenter, opnsense router, a couple of managed switches Ubiquity Wireless AP.
Streaming and "device you can control" are mutually exclusive.
* Report any security breaches within 72 hours to a public body (country's CSIRT + ENISA).
* for "all products with digital elements [...] including those already placed on the market before 11 December 2027"
Products must be sold with a "secure by default" config, with automated security patching enabled by default (opt-out), with reporting on possible unauthorised access, with data collection minimization (tie-in to GDPR), with an SBOM, with dedicated security testing, with public disclosure of vulnerabilities, …
https://digital-strategy.ec.europa.eu/en/policies/cra-summar...
A tech lover has a home full of smart appliances and systems. A tech expert has a computer, a modem, a printer, and a revolver lying next to the printer in case it makes a sound they don't recognize.
Stainless Steel Scrapers - tonight, on Sick Sad World.”
... Is the data earlier in the article supposed to support this hypothesis? I'm not saying it doesn't, but I would really appreciate having more lines drawn and dots connected here. And what sort of checking are people supposed to do, exactly? And how?
I find it interesting that we have a moral panic over giving people access to their own smartphones, because if the user has access they may get a virus, with negative knock-on effects on the internet...
...but there is no push to remove the same capabilities from smart appliances. They can do what they want. The user doesn't have access, which appears to be what counts. The appliance has access, so its viruses can do all the same things that have to be forbidden on phones, but that doesn't matter.
There's an interesting potential future where personal computing is illegal, unless you buy a refrigerator for the purpose.
It was never about users. It's all about the corporations. They want to extract rent from their digital serfs, they want to not lose money due to fraud, piracy or whatever else, they want to push unblockable ads, etc. They have "legitimate interests", also known as lobbying power. To these guys, our interest in maintaining control over our machines, sovereignty over our digital domains, is seen as active hostility.
I think one day we'll need to cryptographically attest that our computers are corporate owned in order to even get an internet connection. It's the corporation's computer, they're just generously allowing us to use it, and only on their terms.
Drink verification can.
It can make management a bit difficult if you're not careful, but I have wireguard listening on all the vlans so I can bypass any restrictions on any connection it can get my laptop onto if needed.