If your home network is like mine, it puts to shame pretty much any office LAN of 20 years ago. Just a brief glance at the Untangled DHCP assignments reveals my growing collection of laptops, a small handful of media servers, a few desktop workstations, and a regiment of mobile devices all my friends bring with them. That's dozens of devices, some of which probably have accessible folders.
Yes, you should lock down your network and any of the devices on it. But let's face it: not all my friends are as tech-savvy as me and my evil genius roommate. They won't necessarily know how to do this. And let's face it: no one wants the paranoia of wondering whether your friend's appliances are spying on him.
"The doll's trying to kill me and the toaster's been laughing at me!"
-- Homer Simpson
Let me illustrate. Years ago I worked on next-generation satellite television systems. I mostly worked on the spacecraft-integration end. But along the way we came up with the idea of using the emerging on-demand features of the medium to tailor advertising to the viewing habits of the end user. We had good motives. Most of us were single men, and had a fervent desire never to see feminine hygiene advertisements.
But that meant storing viewing preferences -- programs watched, etc. And it also meant transmitting that information to edge servers that could deliver the tailored content. Even though the association was only to the device ID, we had moral reservations. We firmly believed that one's viewing habits were a matter of individual privacy, and we had no desire to facilitate whatever nefarious purpose someone else might want to make of that information later.
(Yes, Netflix unabashedly does this now. We were angels back then.)
But let's take it a step further. You might actually be incurring legal liability by snooping on private networks and sending the data off-network. Most networks provide the concept of trust among well-defined peers. This means your desktop might provide more lenient access to other hosts on the local network, simply by virtue of their being on the network. If your embedded appliance code blindly transmits things like medical or financial records off-network to your company servers, where it suddenly becomes accessible to your data managers, then that is a clear breach of trust and ethics.
You run a terrible privacy risk covertly tracking your users' habits even for your own business purposes. You have no business intruding into other parts of their lives, or networks.
No comments:
Post a Comment