> upgradability and configuration is difficult due to the small form factor and awkward interface, hence why many IoT providers are going cloud first which makes sense from consumer level while it does not make sense from privacy point of view.
Remotely pushing updates and configuration doesn't necessarily imply loss of privacy in practice. I think that's a red herring. I work for Resin.io - we do automated deployments and updates and configuration management for fleets of IoT devices, but that's totally independent of how the device's data is stored and shared (or not).
Remote updatability does open up the _possibility_ that somebody could remote connect in to read that data out, or push an update to get to it, but that's quite a different gambit to devices that automatically scoop all your data, analyse everything you do and resell that to marketers. It's also essentially unavoidable if you want to have IoT that can accept remote updates, which given the IoT security situation to date is sadly clearly necessary.
This move to cloud-focused IoT architecture isn't about upgradability at all. It's a separate decision, with sometimes (often?) dubious motives, and that's where the privacy concerns come in for me. We shouldn't let the necessity of keeping devices up to date lead us to sacrificing the privacy of all our data, they're not that closely related. Windows automatic update is not really a privacy concern, Windows 10's ad tracking and cloud integration is.
I believe that we should look at this in a very different way. I frankly have no issues with remote updates and I don't think most people will have issue with the core of the idea as well. Why would they? This is more convenient than doing upgrade via USB and it is more secure in the long run.
But what I have issues with (and I think everyone else) is that I do not know if the upgrade is either not compromised or if it adheres to the same contact that I signed for - i.e. not to sniff my data and do other things I did not buy into.
Hence why, it will be a huge innovation if somebody can come up with a way of proving that software work as intended. Then the contact is the software and not the the TOS and I can use other software to verify that the software adheres to the contact I bought into.
I am sure we will reach to that level of sophistication one day.
There is something else that I would like to add as well. The idea of having your camera hooked on a cloud solution only works today because frankly we have a technology problem. Most people will not run their own data caters and the only convenient way of hook up your iPhone to have a continuous data stream is by signing up for a cloud service.
However, I think that will change soon as well. The first company (probably Amazon) which makes cloud technology seamless, i.e. consumers do not think about it, will revolutionise the market for IoT because you no longer have to rely on someone else's infrastructure that you would not trust - obviously you need to trust your cloud provider :) but cloud could be much as ISP - something that most people will sign up for.
Remotely pushing updates and configuration doesn't necessarily imply loss of privacy in practice. I think that's a red herring. I work for Resin.io - we do automated deployments and updates and configuration management for fleets of IoT devices, but that's totally independent of how the device's data is stored and shared (or not).
Remote updatability does open up the _possibility_ that somebody could remote connect in to read that data out, or push an update to get to it, but that's quite a different gambit to devices that automatically scoop all your data, analyse everything you do and resell that to marketers. It's also essentially unavoidable if you want to have IoT that can accept remote updates, which given the IoT security situation to date is sadly clearly necessary.
This move to cloud-focused IoT architecture isn't about upgradability at all. It's a separate decision, with sometimes (often?) dubious motives, and that's where the privacy concerns come in for me. We shouldn't let the necessity of keeping devices up to date lead us to sacrificing the privacy of all our data, they're not that closely related. Windows automatic update is not really a privacy concern, Windows 10's ad tracking and cloud integration is.