IoT Refine: Making Smart Home Devices Accountable for Their Data Harvesting Practices

Abstract

While smart home devices have the potential to improve people’s lives by providing increased safety, security, and comfort, they also pose unprecedented privacy risks by having access to highly privileged aspects of people's lives. Already a complex concept, privacy is made more challenging in the smart home because devices are often designed to channel data to ad networks and other third parties unbeknownst to their users. In this paper, we propose a way to start to make smart home IoT devices accountable for their data collection, disclosure, and use practices by introducing the concept of a privacy-empowering network disaggregator. This disaggregator actively monitors and analyses all network traffic passing into and out of the home, helping to build a visual atlas that helps end-users understand such practices. We then describe the design and implementation of the first such privacy disaggregator, IoT Refine, demonstrating the feasibility and the potential for this approach towards addressing the privacy problem.