Category: Consumer Protection

Anti-stalking features part of major Bluetooth item-location platforms

Apple AirTag press image courtesy of Apple

Apple AirTag – one of the main item-location platforms that are supporting anti-stalking measures

Apple and Tile implement item-location platforms that are based around Bluetooth-driven locator tags that can be attached to the items that need to be located. They also work with software that “pings” these tags in order to locate them on a map or make them sound an audible signal so you can locate the object attached to them.

But some people use these tags for nefarious purposes. Typically this is about tracking people who don’t want to be tracked, typically as part of stalking or as part of abusive one-sided relationships.

But Apple and Tile have answered this problem through adding logic to their first-party mobile-platform to detect unknown or unrecognised Bluetooth trackers. It is based around the idea of a tracking device or tag that is not associatedd with your “universe” of mobile computing devices moving in the same direction as you or your mobile computing device.

In the case of Apple, this is built in to the iOS operating system and in to a first-party mobile-platform app for Android. This software identifies if the AirTag or other “Find My” device is moving with you that isn’t registered to your device or Apple ID and is separate from the registered user. As well, the AirTag makes a sound if it isn’t with its owner for a significant amount of time. It also has NFC to allow a person to use a suitably-equipped mobile platform device to identify whether the AirTag is lost, including how to contact the device’s owner and return it. This also yields instruction on how to disable the device by removing the coin-size battery.

With Tile, the software is part of their first-party companion mobile-platform app and identifies if the unknown Tile device is moving with you and separate from the registered user. But it requires that you use the mobile-platform app to instigate a “scan” process.

As well, Google has baked in to their Google Services update package for Android 6.0+ the necessary software code to detect unknown tracker devices that are following you. This includes the necessary user interface to warn you against unknown tracker devices following you and help you identify or disable these devices.

This is part of an Apple and Google initiative to establish an Internet Engineering Task Force draft specification that mandates particular anti-surveillance features in Bluetooth-driven item-location platforms that work with iOS or Android smartphones. It avoids the need for companies who want to build item-location platforms to design them responsibly without needing to reinvent the wheel.

What needs to happen to prevent covert surveillance with item-location platforms

Once the IETF specification regarding anti-surveillance features for item-location platforms is set in stone. there has to be some form of legal mandate regarding its implementation in computing platforms and computer-assisted item-location platforms. This could be through other international standards regarding radiocommunications and telecommunications devices or customs and other legislation and regulation regarding the trade in goods.

The anti-surveillance features in these item-location platform would need to be able to perform well within a crowded location especially where multiple devices of the same platform and owned by different owners are likely to be there. Think of, say a busy bar or nightclub where many people are likely to be moving around the venue.

Similarly, these features would need to work properly with situations where a passenger’s luggage is transported in the baggage hold of the same transport as its owner. This is because some passengers may use an AirTag or luggage with integrated item-finding technology in order to avoid losing their baggage.

The devices need to support universal platform-independent NFC “touch-and-go” technology to allow someone to identify lost tracking devices. This would then show up contact details about who own the device or how to return it to its owner. This is more so where a computing device that has or is connected to an NFC sensor but doesn’t run iOS or Android is used to identify the tracking device’s owner, something that would be common with laptop or 2-in-1 computers. Such a situation would come in to its own with a lost-and-found office who uses regular computers running desktop operating systems as their main office computer equipment.

As well, item-location devices should be easy to disable like removing the battery or enforcing a factory reset on the device. This would come in to its own if the device was being used to track someone and such a device was discovered by its target or someone assisting the target.

Let’s not forget that wearables like smartwatches and fitness trackers, along with headphones and similar personal-audio devices are being equipped with location-tracking functionality. This is to allow people to locate lost smartwatches or earbuds or premises owners, lost-and-found offices and the like to return abandoned devices to their owners. Here, they would have to be part of an established platform and be subject to the same conditions as tag-style devices.

There could also be one or more innovation challenges for manufacturers of various third-party devices in one or more sectors that work to detect covert surveillance of people using item-location devices. Such devices like, perhaps, turnstile-type devices could be designed to provide augmented signalling of tracker devices unrelated to a user’s smartphone but moving with the user or their possessions.

Add to this education programs for third parties like IT support, the security sector, the social-work sector and similar groups to help staff work against covert surveillance of people they work with using item-location devices. This could be about assisting with locating and defeating unwanted devices or configuring users’ personal technology for privacy.

Similarly there has to be action taken about the sale of devices that are modified to avoid detection by the person who is being tailed. This is more so where there have been AirTags sold through online marketplaces like Etsy that have their speaker removed or disconnected to avoid audible “pinging” and detection by the stalking victim. Such action could be in the form of statutory action like radiocommunications regulations regarding such devices sold on the secondary market or customs regulation regarding devices that are imported or exported.

Conclusion

What I see of this effort by Apple and Google is a significant step towards responsible secure design of item-location platforms and an example of what responsible design is about.

Legal attempts to pry open app stores have come to fruition

Articles

Google Play Android app store

There is action taking place that is prying open the app-store marketplace for mobile platform devices

Spotify and Google Give You Choice in Paying Them (droid-life.com)

Apple will allow third-party app stores, because the EU mandates it | Mashable

Apple is reportedly preparing to allow third-party app stores on iOS | Engadget

Previous Coverage on HomeNetworking01.info

USA to pry open mobile-app-store market

My Comments

Thanks to the “Fortnite” saga where Google and Apple were accused of slugging Epic Games with commissions for selling in-app commodities via their mobile-platform app stores, there has been a shake-up regarding how these app stores are run.

This has also been intensified with various jurisdictions instigating work on or passing legislation and regulation regarding a competitive market for online app stores. One of these is the European Union with the Digital Markets Act which targets large online services that have a gatekeeper role, along with the USA with its Open App Markets Act which targets app stores appearing on mobile and desktop computing platforms and other devices like games consoles or smart TVs.

The Europeans see their effort not just to pry open app stores but also search engines, social networks, video-sharing sites, digital ad platforms, public cloud platforms, even so-called intermediary services like AirBnB, Uber, Uber Eats and Booking.com. There are similar efforts also taking place within UK and Australia with this effort resulting in codes of practice being established for online services.

What has happened so far

Google has taken steps to enable user-choice billing for in-app purchases normally made through their Play Store.

Firstly, they allowed people who use Bumble online-dating apps to subscribe directly with Bumble or via the app store. Now they have enabled Spotify subscribers to pay for their subscription either through the Play Store or direct with Spotify. Of course, some online services like Netflix and Britbox allow for direct payment for their subscriptions by requiring you to manage your account through the service provider’s Website.

But Google will implement this feature at the checkout point in your purchase by allowing you to select payment via Google Play or directly with the software developer. When you pay directly, you will see the online service payment user-experience provided by the developer including the ability to redeem their service’s gift vouchers, pay using PayPal or pay using a payment card platform they have business relations with. Or you pay using Google Play Store’s payment user interface that you would be familiar with.

When your payment-card statement arrives, you will see a reference to Google if you paid for the online commodity through them or a reference to the software developer / online service if you paid directly.

Paying directly would mean that software developer or online service gets your money without having to pay a “cut” to Google for accepting payment via the Google Play Store. As well, the software developer or online service is at liberty to sign up with other payment means like PayPal, other credit cards like AMEX or Discover / Diners Club, or national account-linked payment platforms like EFTPOS, Carte Bleue or EC-Karte. There is also the ability for them to offer gift vouchers that go towards their offerings.

Another benefit that will come about if you pay for a subscription directly is that if you change to a different mobile platform, your subscription is kept alive rather than you having to reinstigate your subscription with the new platform’s app store and payment mechanism.

It also positions the Google Play Store’s online payment arrangement in competition with the software developer or online service thus improving the terms of business for accepting payment from customers. An example of this is both service providers providing a link with payment-anchored loyalty programs as a way to incentivise customers towards payment through their platforms.

Another direction being taken towards prying open the app stores is Apple baking  support for third-party app stores into iOS 17 which is the next major feature release of iOS. This is in addition to offering newer versions of the iPhone with USB-C ports rather than MFi Lightning ports for external connectivity. Here, this is due to intense European pressure to open themselves up to open markets by the European Union. But the support for third-party app stores would also come down to the Open App Markets Act that is being pushed through the US Congress.

Issues to be resolved

One issue that will have to be resolved is how the average smartphone or tablet user can install a competing app store to their device.

This is more about where a smartphone manufacturer or mobile operating system developer can get away with burying this option behind a “developer mode” or “advanced-user mode”. Or it could be about onerous requirements placed on software developers by mobile platforms when it comes to creating or publishing their software such as access to application-programming interfaces or software development kits.

The app stores will also have to be about selling good-quality compelling software and games. This is so they don’t end up as the equivalent of bulletin boards, download sites and optical discs attached to computer magazines where these resources were full of poor-quality software, known as “shovelware”.

Then there is the appeal of competing app stores to consumers and software developers. Personally I see these stores have initial appeal in the gaming sector with the likes of Steam or GOG existing on mobile platforms. Also I would see some software developers operate their own app stores as a way to maintain end-to-end control of their apps.

Conclusion

There are steps being taken by Google and Apple to liberate their mobile-platform software ecosystem even though it is under pressure from competition authorities in significant jurisdictions.

The Sonos debacle has raised questions about our personal tech’s life cycle

Article Sonos multiroom system press picture courtesy of Sonos

Sonos extend support for legacy products after backlash | PC World

From the horse’s mouth

Sonos

A letter from our CEO (Blog Post)

My Comments

Recently, Sonos sent some shivers around the Internet regarding their multiroom audio products’ life cycle.

This started with them installing a “Recycle” mode in their speakers and other devices, which would effectively take the devices out of action, with it being tied in to a rebate on new devices if the old equipment was returned to them for e-waste recycling.

It worried some social media users because they want to keep the extant equipment that functioned properly going for as long as possible, including “pushing down” older equipment to secondary areas, selling it in to the second-hand market and giving to friends, relatives and community organisations while they upgrade to newer Sonos gear. Here, they really wanted the Sonos device to be detached from the user’s Sonos account and prepared as if ready to set up within a new system for whenever it is given away or sold.

Then this past week, Sonos raised the prospect that multiroom-audio equipment made prior to model-year 2015 won’t get software updates after May 2020. This wasn’t conveyed properly in that the affected equipment won’t benefit from feature updates but will benefit from bug-fixes, security updates and anything else to do with software quality.

There was also issues raised about a Sonos-based multiroom-audio system that consists of the legacy equipment as well as newer equipment, which is a result of someone effectively “building-out” their system by purchasing newer gear. An example I referred to in an article about the IKEA SYMFONISK speakers which work on the Sonos platform is to use the SYMFONISK speakers as a low-cost way of adding extra speakers for another room like the kitchen while you maintain the Sonos speakers in the areas that matter.

The concern that was raised is the availability of software-quality updates including incremental support for new or revised API “hooks” offered by online-audio services; along with the ability for the devices to stay functioning as expected.

Then there was the issue of logically segmenting a Sonos multiroom audio system so that newer devices gain newer functionality available to them while older devices keep the status quo. At the moment, a Sonos multiroom system which works across the same logical network is divided in to logical rooms to allow speakers in one room to play the same source at the same volume level. Here, it may be about determining the upgradeability based on the existence of newer speakers in a room, where older speakers in the same logical room work as “slave” speakers to the newer speaker.

What is being called out here is how long a manufacturer should keep new software available for the equipment and what kind of updates should be available for equipment that is long in the tooth. It focuses especially on keeping the older devices function at an expected level while running secure bug-free firmware. Let’s not forget how older and newer devices can coexist in a system of devices based on a particular platform while providing consistent functionality.

This is more so where the equipment can enjoy a long service life, something that is expected of kit that costs a significant amount of money. It applies also to the fact that people build out these systems to suit their ever-changing needs.

Companies that observe the Sonos debacle could look at the mistakes Sonos made in properly conveying the issue of feature-update cessation for older products to their customer base. As well, they would have to look at how Sonos is tackling the issue of maintaining software quality, stability and security in their devices’ firmware along with catering to the reality of platform-based systems that have a mix of older and newer devices.

Litigation about broadband service expectations takes place in the UK

Article

A UK court case is taking place regarding the standard of Internet service available in an apartment block

Owner of Multi-Million Pound UK Flat Sues Over Poor Broadband | ISP Review

Millionaire travel tycoon sues luxury flat owner for £100k over lack of broadband | Evening Standard

My Comments

In the UK, a person who bought a London apartment worth multiple millions of pounds is litigating the owners of the apartment building it is in because of substandard Internet service within the building.

They took up the lease on the apartment after being sold on the fact that there was to be proper Internet coverage to all rooms therein along with proper service within the building. But the service was below par before Hyperoptic ran fibre-optic Internet connectivity through the building in 2016. This led to him using public-access Wi-Fi at a local library and cafe as well as the home network and Internet service at his brother’s home before that installation.

This case, although litigated within the UK, touches on contract-law issues especially when it comes to the description of a premises that is subject to a lease or sale agreement. Here, it is pointing to the expected standard of broadband Internet service and network wiring that is provided within the premises. It is also of importance concerning what is being provided within high-density developments like apartment blocks that based around multiple premises being integrated in few buildings.

But the court case held at the Central London County Court is part of a larger conversation regarding access to multiple-premises developments like apartment blocks by communications infrastructure providers within the UK. This is no matter whether the development is at the budget or premium end of the price scale.

Concurrently, the UK Government are working on regulations regarding the provision of this infrastructure, whether to provide communications and Internet service to the premises in the development or to establish a mobile-telecommunications base station especially where a landlord or building committee who has oversight regarding the building won’t respond.

I see this case bring in to scope issues regarding how the standard of telecommunications services available to a premises is represented in its sale or lease contract. This will have a stronger affect on apartments and similar premises that are integrated within a larger building. It will also be part of the question about infrastructure providers’ access to these buildings and the premises therein.

NewsGuard to indicate online news sources’ trustworthiness

Articles

Untrustworthy news sites could be flagged automatically in UK | The Guardian

From the horse’s mouth

NewsGuard

Home Page

My Comments

Google News screenshot

Google News – one of the way we are reading our news nowadays

Since 2016 with the Brexit referendum and the US Presidential Election that caused outcomes that were “off the beaten track”, a strong conversation has risen up about the quality of news sources, especially online sources.

This is because most of us are gaining our news through online resources like online-news aggregators like Google News, search engines like Google or Bing, or social networks like Facebook or Twitter. It is while traditional media like the newspapers, radio or TV are being seen by younger generations as irrelevant which is leading to these outlets reducing the staff numbers in their newsrooms or even shutting down newsrooms completely.

What has been found is that this reliance on online news and information has had us become more susceptible to fake news, disinformation and propaganda which has been found to distort election outcomes and draw in populist political outcomes.

Increasingly we are seeing the rise of fact-checking groups that are operated by newsrooms and universities who verify the kind of information that is being run as news. We are also seeing the electoral authorities like the Australian Electoral Commission engage in public-education campaigns regarding what we pass around on social media. This is while the Silicon-Valley platforms are taking steps to deal with fake news and propaganda by maintaining robust account management and system-security policies, sustaining strong end-user feedback loops, engaging with the abovementioned fact-check organisations and disallowing monetisation for sites and apps that spread misinformation.

Let’s not forget that libraries and the education sector are taking action to encourage media literacy amongst students and library patrons. With this site, I even wrote articles about being aware of fake news and misinformation during the run-up to the UK general election and the critical general elections in Australia i.e. the NSW and Victoria state elections and the Federal election which were running consecutively over six months.

Google News on Chrome with NewsGuard in place

NewsGuard highlighting the credibility of online news sources it knows about on Google News

But a group of journalists recently worked on an online resource to make it easy for end-users to verify the authenticity and trustworthiness of online news resources. NewsGuard, by which this resource is named, assesses the online news resources on factors like the frequency it runs with false content; responsible gathering and presentation of information; distinguishing between news and opinion / commentary; use of deceptive headlines and proper error handling. Even factors that affect transparency like ownership and financing of the resource including ideological or political leanings of those in effective control; who has effective control and any possible conflicts of interest; distinction between editorial and advertising / paid content; and the names of the content creators and their contact or biographical information.

NewsGuard in action on Google Chrome - detail with the Guardian

The NewsGuard “pilot light” on Chrome’s address bar indicating the trustworthiness of a news site

End-users can use a plug-in or extension for the popular desktop browsers which will insert a “shield” behind a Weblink to a news resource indicating whether it is credible or not, including whether you are simply dealing with a platform or general-info site or a satire page. They can click on the shield icon to see more about the resource and this resource is even described in an analogous form to a nutrition label on packaged foodstuffs.

For the Google Chrome extension, there is also the shield which appears on the address bar and changes colour according to how the Web resource you are reading has been assessed by NewsGuard. It is effectively like a “pilot light” on a piece of equipment that indicates the equipment’s status such as when a sandwich toaster is on or has heated up fully.

NewsGuard basic details screen about the news site you are viewing

Basic details being shown about the trrustworthiness of online news site if you click on NewsGuard “pilot light”

It is also part of the package for the iOS and Android versions of Microsoft Edge but it will take time for other mobile browsers to provide this as an option.

NewsGuard is a free service with it gaining a significant amount of funding from the Microsoft’s Defending Democracy program. This is a program that is about protecting democratic values like honest and fair elections.

It is also being pitched towards the online advertising industry as a tool to achieve a brand-safe environment for brands and advertisers who don’t want anything to do with fake news and disinformation. This will be positioned as a licensable data source and application-programming interface for this user group to benefit from. Libraries, educational facilities, students and parents are also being encouraged to benefit from the NewsGuard browser add-ons as part of their media-literacy program and curriculum resources.

Detailed "Nutrition Label" report from NewsGuard about The Guardian

Click further to see a detailed “nutrition label” report about the quality and trustworthiness of that online news resource

But I see it also of benefit towards small newsrooms like music radio stations who want to maintain some credibility in their national or international news coverage. Here, they can make sure that they use news from trusted media resources for their news output like the “top-of-the-hour” newscast. Students, researchers, bloggers and similar users may find this of use to make sure that any media coverage that they cite are from trustworthy sources.

The UK government are even considering this tool as a “must-have” for Internet service providers to provide so that British citizens are easily warned about fake news and propaganda. It is in the same approach to how users there can have their ISPs provide a family-friendly “clean feed” free of pornography or hate speech.

It is now being rolled out around the rest of Europe with France and Italy already on board with this service for their mastheads. Germany is yet to come on board but it could be a feasible way to have other countries speaking the same language climbing on board very quickly such as having Germany, Austria and Switzerland come on board very quickly once German presence is established.

As NewsGuard rolls out around the world, it could effectively become one of the main “go-to” points to perform due-diligence research on that news outlet or its content. It will also become very relevant as our news and information is delivered through podcasts and Internet-delivered radio and TV broadcasts or we use Internet-connected devices to receive our news and information.

European Union’s data security actions come closer

Article

Map of Europe By User:mjchael by using preliminary work of maix¿? [CC-BY-SA-2.5 (http://creativecommons.org/licenses/by-sa/2.5)], via Wikimedia Commons

The European Union will make steps towards a secure-by-design approach for hardware, software and services

EU Cybersecurity Act Agreed – “Traffic Light” Labelling Creeps Closer | Computer Business Review

Smarthome: EU führt Sicherheitszertifikate für vernetzte Geräte ein | Computer Bild (German Language / Deutschen Sprache)

From the horse’s mouth

European Commission

EU negotiators agree on strengthening Europe’s cybersecurity (Press Release)

My Comments

After the GDPR effort for data protection and end-user privacy with our online life, the European Union want to take further action regarding data security. But this time it is about achieving a “secure by design” approach for connected devices, software and online services.

This is driven by the recent Wannacry and NotPetya cyberattacks and is being achieved through the Cybersecurity Act which is being passed through the European Parliament. It follows after the German Federal Government’s effort to specify a design standard for routers that we use as the network-Internet “edge” for our home networks.

There will be a wider remit for EU Agency for Cybersecurity (ENSA) concerning cybersecurity issues that affect the European Union. But the key issue here is to have a European-Union-based framework for cybersecurity certification, which will affect online services and consumer devices with this certification valid through the EU. It is an internal-market legislation that affects the security of connected products including the Internet Of Things, as well as critical infrastructure and online services.

The certification framework will be about having the products being “secure-by-design” which is an analogy to a similar concept in building and urban design where there is a goal to harden a development or neighbourhood against crime as part of the design process. In the IT case, this involves using various logic processes and cyberdefences to make it harder to penetrate computer networks, endpoints and data.

It will also be about making it easier for people and businesses to choose equipment and services that are secure. The computer press were making an analogy to the “traffic-light” coding on food and drink packaging to encourage customers to choose healthier options.

-VP Andrus Ansip (Digital Single Market) – “In the digital environment, people as well as companies need to feel secure; it is the only way for them to take full advantage of Europe’s digital economy. Trust and security are fundamental for our Digital Single Market to work properly. This evening’s agreement on comprehensive certification for cybersecurity products and a stronger EU Cybersecurity Agency is another step on the path to its completion.”

What the European Union are doing could have implications beyond the European Economic Area. Here, the push for a “secure-by-design” approach could make things easier for people and organisations in and beyond that area to choose IT hardware, software and services satisfying these expectations thanks to reference standards or customer-facing indications that show compliance.

It will also raise the game towards higher data-security standards from hardware, software and services providers especially in the Internet-of-Things and network-infrastructure-device product classes.

Connected novelties and toys–security and useability issues that affect this product class

Giftware chook (rooster)

Connected versions of classic novelties and giftware will be subject to severe scrutiny

An issue that is rearing its ugly head is the rise in availability of connected novelties and toys. They are toys, novelties, giftware, seasonal decorations and other items that are able to connect with your computer or network. This connectivity function is often sold as one of the key marketing features with it able to work with an online service of some sort.

When I talk of toys, I don’t just talk of what children play with with but also other toys that adults end up playing with. These can include the so-called “executive toys” that live on the office desk for one to keep the other hand busy while they are on the phone.

Who typically sells these products

Toys and novelties are typically sold through a large range of online and bricks-and-mortar retailers, whether they be toy stores, gift stores, souvenir outlets or multi-facet outlets including department and discount stores. In some cases such as rural areas, a store like a newsagent’s could even sell novelties or toys.

Another factor is that novelties are given away to people and businesses as a gift or premium. This can typically happen as part of a “loot bag” offered out at conferences or tradeshows or simply used as a giveaway during a presentation to encourage audience participation.

Christmas wreath

Seasonal decorations that connect to the Internet can also be a security or setup risk

The common factor here is that most of the outlets that sell this kind of product are staffed by people who don’t have much technological know-how. This can affect the procurement process affecting whether the item exhibited at the gift fair should be stocked, or providing customer advice during and after the sale including how to get the connected novelty fully operational.

Artisans who make these gifts and novelties

Amazon Echo on kitchen bench press photo courtesy of Amazon USA

Your Amazon Echo will soon be expected to work with a wide range of toys and novelties

There is also the fact that craftspeople like to make various toys, novelties, gifts and other items and sell them directly to customers or on a wholesale basis. But they do want to add some extra functionality like musicality or flashing lights to some of their product lines.

Typically, if they want this extra functionality in these gifts that they make, they have someone else make and supply the necessary components like clockwork movements or electronic-circuit kits to fulfil the extra functionality in a pre-assembled form.  Then the artisan installs the pre-assembled mechanisms or circuits in the toy or gift as part of putting the whole thing together.

It allowed these artisans to focus on their craftwork and build the items they want to sell, while being able to offer a wide range of goods. The same comments that apply to finished goods also apply to the various components and kits that are being sold to these artisans for their projects.

In this case, the artisans have to be aware of what they procure when they are being sold a “connected functionality” kit for installation in their projects. For them, they have to be aware of customer-support issues including setup and data-security issues regarding this extra functionality.

Connected modules for construction sets and similar hobbies

The same concept also extends to construction-set platforms like Meccano, Lego and FischerTechnik where children and adults build items using the pieces that are part of the respective platforms. In this case, anyone to do with these platforms could offer connected modules or kits that have the ability to control one or more items in their platform-based project like a motor, light or solenoid using an “Internet Of Things” approach. Here, these modules have to be able to seen as equivalent to a connected toy or novelty, especially if the idea is to implement cameras, microphones or GPS sensors.

It also applies to model railways, track-based car-racing sets and the like where they can be extended with functionality modules sold by the set’s vendor or a third party catering to these hobbies. Again the modules also need to be designed for security if they are capable of being part of the Internet of Things.

Use of these items

There is the desire for people to buy these toys and novelties as gifts for others in their life. It also includes the fact that the recipient wants to get the item “up and running” as soon as possible.

This will involve having the device connected to a host device through Bluetooth or USB or to a home network for proper reliable use. It should be about a standard process that is implemented for onboarding including the installation of any extra software.

Key security issues

A key security issue concerning the connected toy, novelty or similar device is that it can be an espionage item presented in an innocuous form. It can concern us both at home and in the office because we can easily be talking about items that are confidential and sensitive in our personal and business lives.

This was highlighted in a crime-fiction form to the Germanic viewership in Europe through the Munich-based Tatort “Wir Kriegen Euch Alle” (We Get You All) episode shown there on Sunday 9 December 2018. This story was focused around a connected doll that was given by strangers to various childrens’ families in middle-class Munich and was used as a surveillance tool to facilitate crimes against the families.

It underscored that Germany has some very strict policies where the sale of surveillance devices that are disguised as innocuous items isn’t allowed in that country. But, in the story, these dolls were imported in to Munich from a location in Austria which is a short drive away and facilitated by the Schengen Agreement in the European Union.

Let’s not forget the recent cyberattacks such as the Mirai botnet that were facilitated by dedicated-purpose devices like network-infrastructure equipment and videosurveillance cameras which were running compromised software. Then there are factors regarding data-storage devices and “bag-stuffer” novelties given away during business conferences where there is the possibility of them being loaded with questionable software.

What would I like to see

Security

There has to be identification on the toy’s or novelty’s packaging about what kind of sensors like location sensors, microphones or cameras that the device has, as well as whether the device transmits data to online services. This includes whether the device does this directly or via intermediary software running on other computer devices such as mobile devices running companion mobile-platform apps. Even a hang tag attached ti the novelty could highlight what kind of sensors or online services it uses which would be important for those items sold without packaging.

Preferably, this can be achieved through standard graphical symbols indicating the presence of particular sensors or the use of online services and social networks. It can also identify whether the toy’s or novelty’s functionality are dependent on these sensors or online services.

App stores and other software platforms that host “connector” software have to implement stringent permissions for these kind of devices especially if they use a microphone, camera or location sensor. There could be standards on whether the software is allowed to record from these sensors over a long time or keep the recording persistent on the host device or online service.

A limitation I would also like to see for connected toys and novelties that if they work with another computing device including a smart speaker, the connection can only be effectively within the same premises. This can be tested through the use of a peripheral-grade connection like Bluetooth or USB to a computing device or limiting the range of discovery for network-based devices to that of the same logical private network or subnet. Here, it represents all the devices on the LAN side of a home-network’s router and excludes devices existing on other logical networks served by the same physical device like “guest” or “community” networks.

As far as Bluetooth is concerned, the toys should implement authentication processes during the setup phases. Then the device ceases to be able to be discovered once it is paired with a host device. It is like what we are seeing with Bluetooth headsets and similar devices that have been recently released. They may also have to work on a limited radio range to prevent successful connection from a distance.

There should also be a simple “factory-reset” process to allow the user to place the toy or novelty in to setup mode, effectively wiping data from the device. This allows a recipient to effectively “claim possession” of the device as if it is new, avoiding the situation where they may be given something that is compromised to do what someone else wants it to do. It also applies to situations where you are dealing with ex-demo stock or gift-fair samples.

This should also apply to online services associated with these toys or novelties where the user has proper account control for the device’s presence on that service and any data collected by that device.

There are devices that observe particular functions according to a particular device class supported by many platforms like a novelty nightlight or illuminated Nativity scene that works with a “smart-home” setup or a novelty Bluetooth speaker. These devices have to work according to the standards in force for that device class and its connection to the host device or network. It is more important where the device may perform further tricks while running alongside dedicated vendor-created software but is able to have basic functionality without this software.

A software-level security approach could be achieved through an open-source or peer-reviewed baseline software that ticks the necessary boxes. This would apply to the firmware installed in the device and any apps or other companion software that is required to be run on other computing devices for the novelty to operate. It also includes a requirement that this software be reviewed regularly for any bugs or weaknesses that could be exploited, along with compliance requirements.

This could be assessed according to a set of European norms because the continental-European countries are very concerned regarding privacy thanks to their prior history.

As far as modules for integration in to toys, novelties and giftware is concerned, the modules should meet the same requirements as finished products that would have the same functionality. Craftspeople should also be aware of data security and user privacy issues when it comes to choosing modules for their projects that are dependent on computer devices or networks.

Setup and Connectivity

Another area that is a sore point for connected toys and novelties is bringing these devices on board for you to use. In a lot of cases, this is exacerbated through awkwardly-written instructions that can test one’s patience and not much knowledge about what is needed for the device to work fully.

The device packaging could use Wi-Fi, Bluetooth or other standard logos to indicate what kind of connectivity it needs to operate fully. This is to be highlighted with the “app store” logos for various operating-system app stores if the device is dependent on companion apps for full functionality. Similarly, use of other official platform logos can be used to identify compatibility with platforms like smart-TVs or voice-driven home-assistants.

Simple-yet-secure setup and onboarding procedures are to be paramount in the design of these devices. For Bluetooth-based devices, they should use “simple-pairing” such as pressing a button on the device to make them discoverable. This is even made easier with a trend towards “out-of-the-box” discoverability if the device isn’t paired with any host. Then the user activates their host device in “Bluetooth Scan” mode to discover the device,  subsequently with them selecting the device through its presentation name.

Windows, Android and iOS are even implementing simplified device-discovery routines for Bluetooth devices, with the ability to lead users to visit the app store to install complementary software. This will make things easier for users to get the toy or novelty up and running.

Wi-Fi-based devices would have to use WPS-PBC push-button setup, Wi-Fi Easy Connect, or other simplified setup processes for integration with the home network. It also applies to other network connection standards where you have to enrol the device on to that network.

Smart-home devices that implement Zigbee, Z-Wave and similar standards also have to implement simplified discovery protocols implemented in these standards to bring them on-board.

In relationship to security, I underscored the need for use of device-class standards as much as possible. But it also applies to connectivity and useability where a device that honours device-class standards is also easier to use because you are operating it the same for its peers.

Conclusion

This year will become a time where security and useability will be of critical importance when toys, novelties and other similar goods that connect to the home network and the Internet are designed and sold to consumers. Here, these issues may avoid these kind of toys ending up in disuse due to security or setup issues.

How can you prove you bought it if it breaks down within the warranty period

JBL Synchros E30 headphones

Other documents can be used to prove you bought the product at issue during a warranty or insurance claim

A situation that can easily overcome us is whenever a device breaks down while it is under warranty. Here, you have to prove to the authorised repairer that you had bought the device within the warranty period so they can go ahead with the repairs. This can extend to a repair job that went wrong and you need to seek further repairs from that repairer under warranty. These situations cover both the vendor’s warranty they provide on the goods or services; along with statutory warranties that are provided for under national consumer protection laws.

Similarly, your device may be damaged or stolen and your insurance company needs you to prove that you had purchased the device so they can fulfil the claim. It can also affect “organisational-liability” situations concerning damage to consumers’ property such as where a power utility or telco offers to repair equipment damaged due to a power spike that came over their infrastructure.

But what does the warranty repairer or insurance company need to know?

They need to know the fact that you had purchased the goods concerned and when you had purchased those goods. Typically this is represented by the sales receipt or invoice that the merchant gives us when we pay for the item we are purchasing.

But most of us aren’t really good at keeping these invoices or receipts in an easy-to-find manner unless this was to do with a business effort where we want to claim the purchase for tax or reimbursement purposes. Typically these documents end up in one of many shoeboxes, drawers or other spaces and it is hard to look for them easily when in a hurry. Even if we are reimbursed for the goods concerned or submit the receipt to our tax accountants, there is the likelihood that we don’t have it on hand should the worse come to the worse.

The situation also becomes worse when you keep in your shoebox or drawer similar material for devices you aren’t using anymore such as equipment that has hit the end of its service life or equipment you have sold or given away. Here, you may have the receipts for your new equipment muddled up with similar documentation for the prior equipment.

There are other ways you can prove your purchase of the items. If you bought a smartphone, “Mi-Fi” or similar communications device under a subsidised-equipment deal that your telco provides, the documents relating to the subsidised-equipment contract may be enough to prove this purchase. This also applies to those of us who lease IT equipment like a laptop computer for our business use.

But if you simply pay for your equipment using a credit or debit card, the transaction you made with this card provides its own record and paper trail. Here, you would need to know which card you paid for the goods with and approximately when and where you purchased those goods. Here, you can ask the merchant for a receipt or statement relating to the purchase because they could search on the first or last few digits of the card number and the time period that the transaction took place in order to verify the purchase.

This happened to a close friend of mine who had bought a new printer and the machine had broken down within the warranty period. Like most of us, he wasn’t good at keeping the receipts in a ready-to-find manner, but I made a reference to the merchant that sold him the printer and the fact that he used a credit card to pay for the item. It was similar to a situation where I bought an old friend a gift card for a bookstore but they had lost the gift card. Here, I was able to supply the bookstore the details about the card I used to purchase the gift card so that the old friend could get a replacement gift card. But this situation allowed him to continue to seek warranty repairs on the printer.

Let’s not forget that original copies of the product documentation that came with the goods concerned can be of value when it comes to filing an insurance claim for stolen or damaged goods. Here, the original documents like warranty cards or instruction manuals can be assessed as to whether they are actually what came with the device or something that was printed out after the fact. This fact can also hold true of the optical disks that come with printers, network hardware and similar IT and consumer-electronics gear and carry drivers, software and documentation in electronic form for these devices.

Another incident had happened where a camera was damaged and its owners needed to claim against their policy’s accidental-damage cover. Here, the original instruction manual that came with the camera was enough to prove the purchase and ownership of the device thus give merit to the accidental-damage claim.

What you need to remember is that it is not always just the merchant receipt that can hold its weight as a proof of purchase for your warranty or insurance claim. Rather, things like the existence of the transaction taking place, a lease or subsidised-equipment contract, the product’s documentation or something similar can exist as a substitute for these documents.

Right-to-repair for consumer electronics being pushed forward in the USA

Articles

Dell Vostro 3550 business laptop

A demand is taking place to make sure portable computers and similar equipment such as laptops that suffer a lot of damage is able to be repaired by independent technicians

Right to Repair bills introduced in five states | Engadget

Five States Are Considering Bills to Legalize the ‘Right to Repair’ Electronics | Motherboard

From the horse’s mouth

Electronic Frontier Foundation

Defend Your Right To Repair (Issue Page)

The Repair Association – representing independent repairers

Consumer Electronics (Issue Page)

My Comments

Samsung Galaxy Note Edge press image courtesy of Samsung

Even those smartphones that end up with cracked screens or are dropped in the swimming pool

An issue currently being raised in the United States Of America is the ability for us to repair our own consumer-electronics equipment or have it repaired by independent repair technicians. This is becoming more important with smartphones, tablets and laptops that often fall victim to accidental damage such as that familiar cracked screen. As well, the batteries in this portable equipment lose their performance over the years and an increasing number of this equipment is supplied with batteries that aren’t user-replaceable, which leads to this equipment being “disposable” once the batteries cease to hold their charge.

The manufacturers prefer us to have the equipment serviced by official outlets but this can be highly onerous both in cost and time without the equipment. It is something that is made worse if a manufacturer doesn’t implement an authorised-repairer network for some or all of their products or severely limits the size and scope of an authorised-repairer network.

On the other hand, independent repairers like the phone-repair kiosks in the shopping centres are able to offer value for money or perform simple repairs like replacing damaged screens or end-of-life batteries quickly but they find it hard to have access to official parts, tools and know-how to perform these jobs.  In some cases, it can lead to the equipment being fitted with “known-to-work” parts salvaged from other broken equipment or a grey-market full of generic parts being available, some of which may have a huge question mark over their quality or provenance. These generic parts have come about because the parts manufacturers have been fulfilling enough orders of them that they can sell them as a commodity.

What is currently happening is that the manufacturers and distributors are exploiting various intellectual-property-rights legislation to prevent the sharing of repair knowledge to third-party repairers. As well, they have been reducing the number of official repair facilities along with reducing the availability of original spare parts and tools thus making it more onerous financially and time-wise to keep your device in good repair. In some cases like Apple with its iOS devices, they could limit the scope of their authorised-repair program so that it is harder for anyone but a select few to repair a particular class of device.

The issue that is being raised is the ability for an independent repair workshop to obtain proper spare parts, tools and knowledge from the products’ manufacturers or distributors so they can perform repairs on customers’ equipment at a cost-effective price. Here, they don’t need to be turning away customers because they don’t know how to fix a particular piece of equipment. This also includes the ability for independent repairers to discover solutions to common faults and share this knowledge along with the ability for us to see our devices work in an optimum manner for a longer time, thus reducing the “e-waste” which can be destined to the landfills.

This call is also about legitimising the ability for independent technicians to modify equipment to suit newer needs. Examples of these procedures may include “upsizing” the storage in a device with fixed storage like a smartphone, PVR or games console to a higher capacity, modifying equipment so it is accessible to those with special needs or simply adding an officially-supplied “optional-function” module to existing equipment. As well, it also encompasses the ability to continually provide support to equipment that has been abandoned by the manufacturers.

A similar situation that has been happening in the motor-vehicle market is that as vehicles became equipped with highly-sophisticated computerised subsystems, it became harder for independent repairers to service newer vehicles. This typically ended up with motorists taking their vehicles to the official repair workshops that were part of motor vehicle dealerships to keep their vehicles in good order. But some recent activity in the USA has made sure that independent garages could continue to repair and service the newer vehicle fleet by requiring the vehicle builders there to share this knowledge with them.

What is happening now is that five US states (Kansas, Nebraska, Minnesota, Massachusetts and New York) are pushing forward laws that allow repairers to buy the tools and documentation from manufacturers. A similar law had been pushed in Wyoming to extend the “right-to-repair” principle to farm machinery. This action follows on from the Massachusetts effort in 2013 to establish “right-to-repair” for motor vehicles, causing a de-facto federal approach by the US’s vehicle builders to share this knowledge with the independent vehicle-repair and roadside-assistance trade.

The issue of “right-to-repair” also relates to the implementation of standards-based or platform-based design for equipment along with competitive-trade and consumer-rights issue. In these cases, it could be about repairer availability whether based on locality or satisfying users’ needs; the ability to increase value for money when it comes to equipment maintenance or insurance coverage for equipment damage; along with the equipment being able to last longer and not end up as landfill.

Small businesses and community organisations are also in a position to benefit because their budget isn’t affected heavily by capital or operating expenses for the equipment they own.This is because they could seek repairs to broken-down equipment at a cost-effective price or have existing equipment overhauled more frequently so that it is highly available and helping them operate. They can also purchase a high-grade domestic-rated unit like, for example, a premium domestic “bean-to-cup” superautomatic espresso machine to be used as part of a coffee stall, without being refused repairs or servicing or having to pay a higher price because it is used in a “commercial” setting.

Nowadays, what needs to happen is that jurisdictions legislate or enforce “right-to-repair” laws that allow independent technicians access to parts and knowledge so they can keep consumer equipment lasting longer.

Buying that piece of computer hardware or software? Shop around

Most of us can easily prefer to buy a piece of computer hardware or software but may not be aware of bargains that may be of interest.

Lenovo Yoga 3 Pro convertible notebook at Rydges Hotel Melbourne

Spend a bit of time researching the equipment or software to obtain the best deal you can

In some cases, you may think that buying online is the only path to a bargain. But the bricks-and-mortar path may yield some possible bargains. For example, a friend told me how they were able to purchase a desktop-security package from an electrical retailer and were able to score a USB hard disk as part of the package. This may be because the “bricks-and-mortar” shops along with the distributors are wanting to keep people interested in purchasing packaged goods rather than a download-only deal for computer software.

Here, you may find that a game may offer multiple extras that may cost more if you buy it and the extras separately. Similarly, a piece of software may be sold as a multiple-user package and these packages may yield better value for money when you end up adding two or more computers in to the equation.

What if it breaks down?

New desktop comptuer at church

Research and bargaining has paid off in obtaining a good deal on this computer

When you are buying computer hardware, consumer electronics or similar goods, you will need to think of what kind of support do you get if the item breaks down. Here, you would need to pay attention to the warranty offered and where you can drop the goods off for repair. A multiple-year warranty is considered essential for most computer goods and consumer electronics. Similarly, you may have to be sure about being able to know where there is a service agent within reasonable transport distance from where you live or whether you can simply drop the system off at the retailer that you bought it from to seek any repairs.

You may have to present competitive offers for equipment or software of the same standard in order to have the retailers respond with better offers. This is a practice that has worked when I helped a church with getting the right deal for a computer. I had determined a minimum standard for a future-proof computer and specified a few different systems matching that standard and two other men shopped around and received better offers for a system of that standard including a system that was specified with a solid-state drive.

Another advantage of buying within your own country is that you are protected by your country’s consumer-protection laws a.k.a. “lemon laws”. Here, you have the weight of these laws behind you if you find that the goods are not up to standard. For example, there were a few times where I had suggested to people who had hard disks, DVD burners and other parts fail in their relatively-new computers to have these parts replaced at no cost to them.

The trick here is to be able to shop around through both the online and “bricks-and-mortar” channels, including independent dealers, so you can track down the best value hardware or software deals.