Nest Ramble

For Christmas, my parents got a Nest mini “smart” speaker. Technophobe yells at cloud.

“Smart”

I have a prejudice that anything post-smartphones that is labelled with “smart” usually is not. And my first impressions of the Google Nest mini back that up quite well.

On the face of it, it doesn’t work out of the box, you need a smartphone first to set it up. When you eventually get it done, it kind of works, but I’ve found it still often has (the usual voice recognition) issues figuring out what you’ve actually asked it to do.

In order to actually do anything substantial, it needs to request access to lots of different data sources. Fair enough, you can’t expect it to just “know” all the information that you’d want to access, such as phone contacts, in advance. But a lot of it, from what I’ve seen (calendars), seems ingrained in the google ecosystem, so if you don’t use that then you’re out of luck.

But this data sharing, and any third party services you want to access, can’t simply be shared with the device. They have to be shared back to Google first. Be it your google account (already shared), device-local data that google doesn’t already know, or third party services like Spotify, Deezer etc. They all need to be routed via google.

Which is proof that the “smart” speaker isn’t smart. Google’s servers are, this is just a dumb microphone/speaker combo. But this is pedantry, and I have seen talk online that more recent editions of the device can handle some “local” queries better. So maybe I should be more lenient?

I won’t though.

CIA

In undergraduate computer science, you are quite quickly taught the concepts of CIA – Confidentiality, Integrity and Availability.

A device simply connected to the internet at large does not make it smart. It makes it a risk.

A Confidentiality risk – Being connected to the net means being connected to servers and leaving ports open which widens the attack surface of your “smart” home. Once an attacker gains a foothold in one compromised device, they could use that as leverage to get access to the rest of your home network. And given that “smart” devices often come with a microphone, or some other means of collecting data, your confidentiality (privacy) is at risk.

An Integrity risk – As data is routed through 3rd party servers, you have no guarantee that it will remain untouched. You have no control over encryption with these devices, relying only on what is provided to you. Admittedly, this seems like the least risky of the three CIA principles, as any company offering a “smart” device that didn’t maintain integrity of your data without would soon go out of business (I hope).

An Availability risk – If a “smart” device’s functionality is entirely reliant on being routed through a server somewhere else (in the nest’s case, google), there is no guarantee that it will continue function until the hardware’s end of life. If your ISP has an outage, there goes the device. If the internet at large has a routing problem, there goes the device. If Google brings out a new device and doesn’t want to support the old one… there goes the device.

Of the three CIA principles, the risk to availability seems the greatest to me. There have been many cases of confidentiality issues with “smart” devices, but the problem of availability is absolute. It is no mistake that a majority of “smart” devices require a random server somewhere else in order to function. That seems like a flaw, but it is entirely by design.

Ownership

In recent years, as things move to be more digital, the concept of actually “owning” what you buy continues to be eroded. In the past if you bought a Television or a Hi-Fi Music Station, you owned that device. You could use it as you please, take it without wherever you wanted, share it with others, tinker with it to your liking, repair it if a small part broke down, or finally sell it on to someone else when you were done with it.

The subscription economy taking off in the online space is a perfect example – You pay a small monthly fee, and in return get access to music files for that month. you don’t own the music, and all you can do is listen to the files on devices that particular music streaming company supports. I won’t attack that particular business strategy as it’s a perfectly viable one in the online space, particularly as long as we have the option of buying actual copies of the media if we so choose (Though you do have to run the risk of the company changing its pricing strategy at a moment’s notice).

But companies have struggled to find a way to translate this move to “subscriptions” for hardware devices. How could companies possibly make any money if people could just buy a device and use it as long as they wanted? What’s the point of bringing out a new device each year if people can just keep using the old ones? How could companies upsell new features if people could use after market tinkering to bring their devices up to spec on their own. How can companies put advertisements into their devices?

Internet connected devices solves these problem for companies because it gives them complete and final say of what their devices do, how long they live for, and the ability to update the devices to change their behaviour at a moment’s notice. Call me crazy or paranoid or whatever you want, but I don’t think this is a very good state of affairs we are heading into.

We shouldn’t be embracing “smart” internet connected devices. We should be challenging them. And we should be supporting intranet connected devices.

Intranet

Imagine hardware which worked entirely within your home network. At no point do these devices need to connect to a 3rd party server just in order to function. There’s no end user agreement you need to accept just in order to use the device you already purchased. It is guaranteed to keep working as long as the hardware works, and if part of it breaks you can just fix that one part.

If you want to connect to a third party service, like Netflix, you could do that just on your device, without needing to also share this access with the manufacturer of the device. The only time your device needs to actually contact the outside world is if you explicitly need it to. This would make it far easier to secure.

This is a big ask, as even one of the big name competitors to Google and Amazon’s smart home – Mycroft – still requires some initial setup with their own servers, and can’t do everything on-device.

This would also encourage, if not force, companies to adopt a more open policy towards networking, APIs and connectivity. At the moment, there are rumblings of this, but if we all started using intranet connected devices, which we had full control over, it would force these companies hands into doing the right thing, and not just what was best for them. And it would offer more fight back against the idea that interfaces can be controlled by a single company.

Granted, the technology we would need to pull this off isn’t quite there yet, but that’s no reason not to try. The biggest issue at the moment (as I see it) is a lack of intelligent on-device processing of voice commands. Solve that, and you remove the biggest requirement for connecting with the device manufacturer’s servers. And given that many smartphones are now being shipped with on-device intelligent processing chips, I don’t see this development being too far off.

In Summary

Don’t buy “smart” devices. No yet. Not until we have devices that we truly have full control over.

And as for the Next Mini “smart” speaker, I honestly can say that I don’t see the need for it. I have a bluetooth speaker already, so I can use apps on my phone to play music. I can do pretty much everything the smart speaker can already on my phone. At the moment, I just don’t see the point.

One of these devices is an incredibly useful speaker. The other can make fart noises if you ask it to.

Comment

Vivaldi