I fully agree with his reasons to disconnect.

eom

20 years ago, you literally had to physically break into several layers of locks to get into a corporations systems, then have a great deal of IT knowledge of specific systems, their location, and their security protocol, for all practical purposes, impossible without inside knowledge - or to do it remote dial-up, still needing inside IT info to get the number to call, the password and username within the 3 try lockout

and security breaches that weren't an inside job were unheard of

If you wanted to fuck with the banking system, you needed to find the correct manhole located near a bank. Inside was a network cable. The data flowing over that cable was completely unencrypted, and completely trusted by both ends of the connection.

And that kind of thing was in use until the 1990s, when they started bothering to encrypt and authenticate the connections.

Why didn't it happen all the time? Most people just didn't know about it or have the proper tools and equipment to exploit it.

Properly-designed network security is much stronger than the system of physical locks and secret knowledge. Because it is designed to withstand an attack by that insider. Why doesn't it work all the time? It's very easy to do network security poorly. Just like it is very easy to make a physical lock that is very easy to pick.

As for returning to your model, take a look at what Stuxnet did. It went through security far more difficult than you describe, on a network that was not attached to the Internet, and still got the job done.

There really is no thing such as a "secure" connection. It's only secure until someone figures out how to break in. Often it will require inside help, but only in the most secure systems. Most systems can be hack "fairly easily" - if you know how to do it.

...or at least use more secure architectures that are "new" to the consumer market in order for security to work. Using firewalls and routers as an example, embedded devices promising "network security" (a dubious concept given the Internet's assumption of endpoint security) have become the albatrosses of IT security (and favorite targets of the NSA, for example). The vigilance for patching vulnerabilities just isn't there in most vendors, and the users will bother to do little more to these devices than dust them.

All these revolutionary new applications of computers in recent decades has been founded on the premise that you can't go wrong in taking miniaturized and tweaked versions desktop computers (perhaps with a different breed of CPU to maximize efficiency) and slap on a register till, a media kiosk, a printer, a centrifuge sensor and control array, a radar antenna, a credit card reader, or some motors and limbs in the shape of a dog, etc. DVRs and "smart" TVs are tweaked PCs. They contain variations of Unix and Windows with sprawling, complex kernels where the sandboxing/isolation code (the basis for security) occupies the same space and level of privilege as thousands of other functions; Paring them down hardly helps with security as the software still exposes enough complexity to offer a rich target.

So I think people need to step back, put on their critical thinking caps, and ask: If routers and firewalls promising security are failing at it (they can't even protect themselves), just how secure do we expect all these new networked devices to be? (My conclusion is they are snake oil: IoT is a hype storm to get people to buy more stuff, and find reasons to make refrigerators and thermostats as short-lived and replaceable as smartphones. Its the newest layer of retro-futuristic sparkle paint applied to consumerism.)

-

Your allegory about water heaters and such doesn't work, BTW, because its the remote threats that stand to increase the most from IoT.

A local attacker still needs to have a nearby physical presence, which is a huge burden and risk to him; It also leaves scaled-up attacks involving a great many residences out of the question.

Let's pretend you have some horrible secret you do not want the world to know. "Privacy" lets you keep that secret...until it leaks. Now you are under the control of a blackmailer. How free is that?

Lots and lots of secrets leaked before the Internet.

This is one of the reasons.

Bad guys hack a house to terrorize the residents. Not sure how they profit off it. Maybe to drive a guy crazy and take over his fortune or his business or to get revenge on him for stealing another guy's woman.

Because I don't read this as a "Be afraid! Be very afraid!" review of all that is/can/will go wrong with the #IOT.

The author discusses the engineering issues underlying why the #IOT as it is, doesn't work very well, and isn't very secure.

Then, he discusses some ideas on how to change that, and implement an #IOT that will be more functional and secure.

All of it in relatively simple, clear, understandable terms. And while I sigh along with him in frustration at the current state of #IOT, I neither want to take myself off the grid altogether, nor am I completely pessimistic about where this technology might go.

I think it does heighten my already-existing wariness about using off-the-shelf #IOT devices, and configuring those I can't do without already. But beyond that, it piques my interest in how what we already know (and that's a lot) might be used to steer this technology in more user-friendly, serviceable directions.

Or am I reading a different article?

bewilderedly,
Bright

I think that reading quickly, only the snips I could give, did give the impression that the was just unplugging his house...but the rest is more involved in his concerns about moving forward without a plan and thorough testing as technology swiftly advances in making changes to systems like our Power Grid or Factory System Changes. We might move too quickly with innovations that sound good a the moment but that could have serious, unplanned for, consequences. I'm not a tech person but could understand his concerns even though I couldn't understand the tech language and have no idea what #IOT devices are.

I'll edit to caution that the whole article needs to be read to understand his point.

What I got from the article is that he is saying that he is surrounded by all these things that each have an agenda driven by their own requirements and each refuses to talk with any of the others.

My premise that if everyone is in charge, no one is in charge.

We need some standards. One of the great things DARPA did was establish standards in conjunction with the IEEE. The internet would not function without those things.

And now I have a camera that decided that the best way for it to work is thru WiFi and so it has all this WiFi stuff in it that allows it to bypass the phone in my pocket. But I think the best way for it to communicate is by Bluetooth. That makes much more sense.

The author is saying we need a supreme being making rules.

Internet of things is just way more ways for your life to get hacked.