Details of your private habits within your own home could be sold on to advertisers by broadband providers, a shocking new study warns.
Experts discovered that increasingly popular internet connected smart devices may give our broadband providers intrusive insights into our personal lives.
Information transmitted by products ranging from home security cameras, toasters and sleep monitors could be sold to third parties to help them target their products.
Data revealed by more personal smart items, from medical equipment to vibrators, could represent a significant breach of our privacy.
Details of your private habits could be sold on to advertisers, a shocking new study warns. Experts discovered that increasingly popular internet connected smart devices may provide our broadband providers with intrusive insights into our personal lives (stock image)
Researchers from Princeton University set up their own test smart home, fitted with seven Internet of Things (IoT) devices.
They hoped to examine the kind of data they might reveal about their users, by looking at metadata.
This includes how and when someone accesses their internet connection, but not what they have sent and received.
This information is relatively unprotected and can reveal private information about our personal habits.
This could range from when we access an internet connected baby monitor to our use of smart sex toys.
The Princeton team found that ISPs could identify four of the devices, including an Amazon Echo, by characteristic features of how they connect to the internet alone.
This information could be passed on to advertisers and other third-parties under US law, according to reports in New Scientist, although the EU and the UK are bringing in protections.
Speaking to the site Brent Mittelstadt, at the Oxford Internet Institute, said: ‘ISPs are in the most powerful position in terms of having data that they could sell on.’
As well as the Echo, other devices looked at by Princeton were the Sense sleep monitor, Nest Cam indoor security camera, Amcrest wifi IP security camera, Belkin WeMo switch, Orvibo Smart Socket and TP-Link wifi smart plug.
They found that ISPs could track a user’s sleep patterns by analysing when the Sense device connected to the internet.
Similarly, the Amcrest camera could alert providers when movement is detected within the home as well as when users are monitoring their live stream.
One defence to this intrusion, suggested by the team, involves flooding your home network with lots of connections which send small packages of data.
As well as the Amazon Echo, other devices looked at by Princeton were the Sense sleep monitor, Nest Cam indoor security camera, Amcrest wifi IP security camera, Belkin WeMo switch, Orvibo Smart Socket and TP-Link wifi smart plug. This graph shows their activity
The Princeton team found that ISPs could track a user’s sleep patterns by analysing when the Sense sleep monitor device connected to the internet (pictured)
One way of achieving this could be to run your internet traffic through a Virtual Private Network.
You can then request that it records and plays back your traffic history when there is no activity.
This would make it difficult for a broadband provider to work out when the device is in use and mask your habits.
A likely downside to this approach would be to slow down your network speed.
Writing in their paper, its authors said: ‘The privacy threat of traffic metadata analysis will continue to grow along with the market for IoT smart home devices.
‘In this paper, we demonstrate that a passive network adversary can infer private in-home user activities from smart home traffic rates and packet headers even when devices use encryption.
‘We find that many commercially-available smart home devices do not function without network connectivity.
‘This makes the smart home network metadata privacy problem unavoidable because these smart devices necessarily connect to the Internet.’
The full results of the study were published in a journal article published on the Arxiv e-print repository.