Mastodawn

Dan Fixes Coin-Ops

I got a bunch more motion sensors and I've been putting them around the house so I can program Home Assistant to do stuff like turn off lights in rooms that aren't being used, turn on lights when we're going downstairs with hands full of laundry, obviously just flipping a switch is easy but in some rooms the switch is on the opposite side of the wall and if I put a button on the entry-side then I don't trip over the cat, telling the water heater to get hot before we shower, having a $10 smart plug tell me when my 80's washing machine has finished, having a button to make the lights go cosy, y'know just nice helpful stuff that I do because I like making the house better for my spouse and kid and as I was putting up all these motion sensors I was thinking,

man,

there's NOTHING in this program to detect when it's being used for evil

And like there really should be? Like someone could legit fucking torment their family with this, this could be used as a tool of manipulation and control and fostering the abusive sort of dependence

And then I think of how me and spouse are moving away from google and onto like self-hosted stuff, nextcloud and searxng and xmpp and shit like that, and I can't help but think, *know* really, that right now there's someone controlling their intimate partner with those same technologies, like something that's supposed to be liberating you from corporate-style General Abuse is being leveraged towards a form of very focused abuse against you specifically by someone on whom you depend

I don't think enough software devs spend enough time thinking about how their projects can be used to hurt people

Has anyone smarter than me written any long posts thinking about this and what we can do about it

Dan Fixes Coin-Ops 2d ago

there are some very horrible people who are very eager to make social problems out of your technical solutions

Alaric Snell-Pym 2d ago

@ifixcoinops I once had am ex girlfriend of mine ask me for help because a later ex of hers was (a) evil and controlling and still doing all he could to control her life and (b) he had had unsupervised access to her phone and laptop, and she suspected he had Done Something to them because he seemed to know stuff about her life he shouldn't unless he was reading her messages (he was in IT) :-(

Dan Fixes Coin-Ops 2d ago

@kitten_tech when I worked in phone tech support I watched a guy get escorted off the premises because he'd phoned someone back to ask her out

Alaric Snell-Pym 2d ago

@ifixcoinops 🤦

Alaric Snell-Pym 2d ago

@ifixcoinops not quite tue scenario you describe, but... it makes it clear yours will absolutely happen because there are millions of guys like him.

@ifixcoinops The reason I haven't is because if something goes wrong, I don't want my family to have to try to troubleshoot my hardware or software in the dark while I'm at a conference.

Dan Fixes Coin-Ops 2d ago

@timjclevenger very first decision I made wrt home assistant is setting the bulbs to come on at 100% brightness after losing power, so if the computer's not working they revert to being Normal Lightbulbs

@ifixcoinops Good call.

Neil Brown 2d ago

Excellent post.

I don't think that I have blogged about this but I have definitely written about it before, in the context of our (my wife and my) personal situation.

Essentially, similar thoughts to you, given that I run email, telephony, DNS, and loads of other stuff for my wife and me. Plus, how we consensually share real time granular location.

The focus was on transparency and consent, and how we talk about the risks of the access that I have.

Matt Brunt 2d ago

@neil @ifixcoinops it's definitely a conversation that's happened in the past with @foxshaped - might be time to re-visit it and check-in actually!

Tyrone Slothrop 2d ago

@ifixcoinops One of the first people that come to my mind on this is @evacide who has worked quite a lot on how technology enables abuse in relationships, though I don’t know if she’s covered the self-hosting angle specifically.

And yes, this tech concentrates even more power in the hands of the person controlling it. Lots of scope for abuse.

@ifixcoinops This is the definition of gaslighting, just with more modern technology.

Andrew Drake 2d ago

@ifixcoinops I think a lot of developers in open-source projects talk themselves out of it because they're acutely aware that any limits they put in place can just as easily be removed. If you had an open-source AirTag, for example, it would be easy to flash a version of the firmware without the functionality that enables finding a stalker's tag.

Of course this misses the fact that a relatively small percentage of bad actors are also skilled enough developers to do that, and so those safeguards could still have a lot of positive impact!

Andrew Drake 2d ago

@ifixcoinops I'm definitely prone to that line of thinking. My instinctive reaction was "what's the point of adding safeguards when the abuser can just comment them out". But I've been programming for nearly as long as I have memories, and it's been nearly 20 years since the last time I saw a piece of open-source software as something I couldn't just change to do what I wanted. It takes some conscious effort to remember that isn't how it is for everyone!

PraxisMapper 2d ago

@ifixcoinops I definitely put some work on my game trying to keep the server owner from being able to stalk players. It's not perfect, especially if the owner is also writing plugins or editing the core server code, but I tried to keep the really bad use cases in mind and put up all the roadblocks I can to ward that off.

@ifixcoinops I've read a post or article a few years back, but can't remember the exact author, sorry. But since then I often feel uneasy about what I'm setting up at home. I try to be very open with my husband about the implications ... Like "if we're using this app, I might be seeing wherever you park our car", or "this means that I can see when you are switching the light on in the restroom". Making it very clear that both of us have every right to veto each piece of tech, without having to give a reason.

pandabutter 2d ago

@ifixcoinops I had never thought of this before, but holy shit. Abusers have been handed an ability to remotely flicker lights that hasn't been seen since the age of literal gas lighting.

64 Islands Aroha Cooperative 2d ago

@ifixcoinops maybe somebody will put together a guide for non-techies on how to detect and document abusive use of home assistant? surely the sensors and switches are obvious if you know what to look for

"are you really going crazy, or are your gaslights plugged into a box secretly controlled by your husband? what you need to know"

Dave Rahardja 2d ago

@ifixcoinops What are some things manufacturers can do to mitigate abuse?

I’m asking honestly. I don’t really have any ideas beyond a kill switch that basically disconnects the system from network access.

Dan Fixes Coin-Ops 2d ago

@drahardja yeah that's the question I was asking

Andrew Drake 2d ago

@ifixcoinops @drahardja on the hardware side, some locally-visible indication that the device is being controlled remotely (e.g. blinking for a few seconds after a command) + some way to easily disable that remote control + local controls so you still have the basic non-smart functionality?

Though it's cheaper not to add all that stuff so the cheapest option at the big box hardware store will probably also be the most abuser-friendly :/

Dave Rahardja 2d ago

@ifixcoinops Oh I see. I think at a minimum having local control of everything, and having an ability to one-push disconnect network control is a prerequisite. It doesn’t have to be on every switch or device, only at some designated hub.

@ifixcoinops even something like a pihole is immediately "track which websites everyone in the house has visited, and see every device on the network" unless you choose to turn off the logging

Ranja ١٣١٢ 2d ago

@ifixcoinops
Not specifically about this but about tech and power. What you are doing is using your skills to create an environment for your family that you control. Implementinf a system of material power over them.
I know they still don't teach ethics to engineers but just don't implemement syatems that give you power over ppls lives. No matter if you intend to misuse it.

Dan Fixes Coin-Ops 2d ago

@ranja I mean this system in my house specifically, there aren't any non-admin accounts and my spouse works in tech so there's less of a power imbalance than there would be in honestly probably the majority of home assistant setups. Stuff like having physical buttons on the wall to do most things goes a long way too, the whole point of this is that it's supposed to be liberatory for all involved, but looking at like the home assistant forums it's pretty obvious that this is Not how the majority of systems are set up, there's a lot of white middle-aged tech blokes making posts about Wife Appreciation Factor and when you install this thing there isn't so much as a popup saying "Yo make sure everyone in the house is on board with this"

Ranja ١٣١٢ 2d ago

@ifixcoinops
There should also be no option to log things without putting it into some maintanance mode that makes your lights flicker every hour or so.

Dan Fixes Coin-Ops 2d ago

@ranja I think you and I are thinking about different problems, but that's not a bad idea regardless

emily, blinkenlight witch 2d ago

@ifixcoinops I'm... not sure you *can* do anything about it without compromising usefulness for people who aren't assholes?

like, I've been on both sides of this, I had an abusive parent as a teenager, and now I'm an adult with a partner who does a lot less touching-the-house-computers than I do, so I am acutely aware of how much of a terrible person I theoretically *could* be in this situation

if home-assistant started removing features because some people are using them nefariously, I expect they will quickly be readded as third party plugins, and now it's the same situation except that if I need that feature for something I have to increment the download count on some code maintained by an abusive asshole

emily, blinkenlight witch 2d ago

@ifixcoinops imo the one thing we can do here is make single-user stuff the default (and easy for normal people to set up)

I don't know my partner's passwords and don't want to. I cannot read any of my friends' fedi DMs because they're not stored in my single user instance's database, why the hell would they be

idk what that even looks like for home automation though

@emily @ifixcoinops

Another approach that mitigates the issue is sharing infrastructure with friends, but not ones you live with. Then the potential for abuse is split, and potential for abuse of infrastructure you use by people you live with is even lower than for single-user instances, because of lack of physical access.

Which abuse avenues via home automation do you think are most important? Ones where abuser uses it to spy, or ones where they command it to directly abuse and/or gaslight, or something else?

emily, blinkenlight witch 2d ago

@robryk @ifixcoinops imo there isn't a single widely applicable right answer to that. it's situational, in that the most important problems to solve in any category are the ones one actually has

J Miller 2d ago

One venue with a lot of options to learn about topics like this is RightsCon. There’s an online option and the session list is here https://www.rightscon.org/program/#list

There is also a pay what you can option for online attendance.

RightsCon Program

This page gives an overview of the program for RightsCon, including our formats and highlights of previous editions

RightsCon Summit Series

@ifixcoinops Besides having clear physical user-accessible overrides for everything?

Well you could just not use those technologies I guess.

As for detecting evil use? Detecting user intent requires (psychic) technologies we do not currently have.

With the stated constraints, that requires a social solution. Not a technical solution.

not sure if i agree, it's just another tool, usable for both good and evil

and as far as "software used for evil", as terrible as this is to admit, even among open source projects, domestic abuse is pretty tame

predator drones run linux, after all. My professional software career lasted for all of a year and i know for a fact that CPUs running my code have killed people. (router manufacturer, def did not five off obvious "we're gonna kill peeps" vibes)

I do agree that devs should absolutely think more about their impact. Far too many people dead set on the engineering, almost nobody asks if they *should*.

all of that aside, what would even be the solution? spying on HA users would just bring us back to square one (or worse).

I don't have an answer, just a bunch of frustrating parallels between this and other similar arguments

Mister Dave 2d ago

@ifixcoinops as others have mentioned, I've read things about how to identify, prevent, and escape this kind of abuse, but I've never seen anything written about making tools that don't lend themselves to abusive ends. The closest I've read to that subject is probably some guy making a thing that is a blatant opportunity for abuse and then throwing up his hands saying "it's just a tool u can't control how they use it "

@ifixcoinops I have a few thoughts, that will likely evolve as I type.

The first is that you can't fix a social problem with technology. But you can maybe prevent making it worse.

The second is that far too many "parental control" and "child safety" apps are like this. We're training kids to accept that their parents can track their locations and see their activities. It really worries me that we're normalising this kind of thing, but not expecting the necessary mutual respect and consent conversations. Maybe all setup should have "now talk to your family" type popups, with demos and important things to consider listed.

One aspect is that if someone is remotely doing something with my lights, email, location, whatever, that should be made obvious to me. Physical flashing activity LEDs on Home Assistant boxes, flags that an email has been delivered/read elsewhere, notification that someone is accessing my location, etc. This principle should be a default in everything that can be accessed by more than one person/device.

The next is the concept of easy overrides. The physical box that flashes when it's being remote controlled should have a physical "revert to manual" button. The "someone is accessing your location" notification should be a request with allow/deny. Access to a Google account triggers an email notification (to a recovery address as well as gmail), with a facility to deny it - not perfect, but something.

And then we have to tackle the social issue that bypassing or switching these things off should be socially unacceptable. Make people asking about it on forms pariahs. But that's a huge, complicated problem stepping outside what you're asking.

sport of sacred spherical cows 2d ago

"Paula is perplexed when Gregory begins to chide her supposed forgetfulness. On a visit to the Tower of London, she cannot find an heirloom brooch he gave her, although he stored it safely in her handbag. Gregory then begins to berate her for denying that she removed paintings from the wall, hiding them in odd corners of the house. Disturbed by noises coming from the boarded-up attic when Gregory is not home, Paula notices the gaslights also dim for no apparent reason."

~ Wikipedia summary of 1944 film *Gaslight*

Laura Carter 2d ago

@ifixcoinops there's a research project running out of UCL that has been looking at this for several years now (long enough that it started out looking at domestic abuse and the 'internet of things,' remember when that was the term?) https://www.genderandtech.net/study-on-tech-abuse-perpetration

Study on Tech Abuse Perpetration — Gender + Tech

How is technology-facilitated domestic abuse perpetrated and what technologies are being weaponised?

Gender + Tech

Floating Onion 1d ago

@ifixcoinops I completely agree about the risks and potential for abuse. Sadly, I don’t have any answers. It became real for The Wife after I setup Alarmo and she realised she got notifications connected to when I left the house.

In our house it’s discussions about what the tech can do and what it’s logging, and not doing. Consent is key. Not sure how that can be enforced / pushed in this scenario.