xkcd #3109: Dehumidifier

Title text:

It’s important for devices to have internet connectivity so the manufacturer can patch remote exploits.

Transcript:

[A store salesman, Hairy, is showing Cueball a dehumidifier, with a “SALE” label on it. Several other unidentified devices, possibly other dehumidifier models, are shown in the store as well.]

Salesman: This dehumidifier model features built-in WiFi for remote updates.
Cueball: Great! That will be really useful if they discover a new kind of water.

Source: https://xkcd.com/3109/

explainxkcd for #3109

  • dfyx@lemmy.helios42.de
    link
    fedilink
    English
    arrow-up
    7
    ·
    edit-2
    16 hours ago

    This can be done with something like Zigbee. Or even simpler: you hook a non-connected device up to a “smart” power socket. No need for the device itself to talk to the outside world.

      • dfyx@lemmy.helios42.de
        link
        fedilink
        English
        arrow-up
        4
        arrow-down
        1
        ·
        edit-2
        16 hours ago

        The solution is not more but different connected devices so I can decide for myself what needs to be connected and by which protocol. Get the dumbest device on the market, no wifi, no internal clock, maybe not even a humidity sensor and then, if and only if I need to remote control it, for example to put it on a schedule, I can use the cheapest “smart” device on the market to connect it to an in-house machine that can turn it on and off.

      • Ecco the dolphin@lemmy.ml
        link
        fedilink
        English
        arrow-up
        1
        arrow-down
        1
        ·
        edit-2
        10 hours ago

        ZigBee is Bluetooth, so controls can be done entirely locally.

        We have Aqara (ZigBee) water leak detectors for our sink and basement, a 3rd party USB ZigBee dongle and a raspberry pi running home assistant. This gives me a discount on our home insurance that is more than the devices. Everything runs only locally.

        (Admittedly I am not including the cost of the pi, but you could salvage an old laptop or something instead. My pi has other things on it other than HA, its multipurpose)

        I also have some WiFi RGB bulbs/led. Using home assistant I can swap their colors for the holidays and I never have to decorate again. I’m lazy, and I hate Christmas.

    • Hawke@lemmy.world
      link
      fedilink
      English
      arrow-up
      3
      ·
      edit-2
      17 hours ago

      You still have to have some device connected to the internet. This just transfers the problem from the humidifier to the outlet.

      • ThePantser@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        8
        ·
        17 hours ago

        Zigbee is local and if you really wanted to you can use Home Assistant 100% offline it will be just neutered and basic.

        • originalucifer@moist.catsweat.com
          link
          fedilink
          arrow-up
          6
          ·
          17 hours ago

          im not sure why all these people jumped from ‘wifi’ to ‘internet’ as if they were the same thing. no one should be exposing their automation devices directly to the interwebs

          • Cocodapuf@lemmy.world
            link
            fedilink
            English
            arrow-up
            1
            ·
            edit-2
            6 hours ago

            Honestly, having any of these vulnerable devices on your network is exposing your whole network, assuming the network is connected to the web.

            Your best off using either a separate network for your smart devices with its own router, or setting up a vlan to keep your smart appliances and actual computers separate.

          • dfyx@lemmy.helios42.de
            link
            fedilink
            English
            arrow-up
            3
            ·
            16 hours ago

            Sadly, many wifi-enabled devices only work with some proprietary cloud-service and even if not, they’re only one configuration error (or intentional backdoor) away from talking to the outside. Better have something that isn’t physically able to talk to the internet no matter how badly I fuck up its configuration and my firewall.

            • Norah (pup/it/she)@lemmy.blahaj.zone
              link
              fedilink
              English
              arrow-up
              1
              ·
              11 hours ago

              Clearly I just trust my abilities to disable a devices internet access in my router more than you. I also know that my risk factor is really low, because I’m not a journalist or a politician.

              As well, I only buy smart devices that I can lock down, brands like LIFX & Shelly that have cloud services, but don’t require you to connect to them for the device to function over LAN.

      • dfyx@lemmy.helios42.de
        link
        fedilink
        English
        arrow-up
        7
        ·
        17 hours ago

        I run home automation with lights, switches, outlets, heaters and some more and not a single device has internet access. They all use Zigbee (a simple radio protocol) to talk to homeassistant which is open source and hosted on a machine that lives under my desk.

        Separating tasks between the dehumidifier and outlet has the advantage that each individual device can be a lot simpler, leaving less attack surface. My power outlet can’t read the humidity sensor, it doesn’t need to talk to an external server, it doesn’t even need to know that the thing connected to it is a dehumidifier. It’s just a chip that receives a radio signal and toggles a relay on or off. That’s it.

        Separating the two concerns also lets me replace the devices separately if one breaks or my requirements change. If I suddenly need wifi or bluetooth instead of Zigbee or if it’s for some reason no longer supported by homeassistant, I can just replace a 9€ outlet instead of the whole dehumidifier that could get bricked by the proprietary app losing support.

        • ThePantser@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          5
          ·
          16 hours ago

          Home automation is still a dark art as far as the common person is concerned. Full of fear mongering from the media.

          Much like 3D printing was very mystical and full of “oh no 3d printed guns!” We have gone full appliance with 3d printing and it’s no longer gatekeeped by geeks in their basements.

          I’m glad I still have at least one hobby that hasn’t gone mainstream and I can still geek out on ESPHome.