Internet of Things (IoT) Devices

So-called “smart” devices have become quite fashionable, as we’ve seen in previous lessons with “smart” TVs and even “smart” sex toys. However, an entire class of similar devices exists for use in the home, in the form of Internet-connected appliances, thermostats, lights, and other equipment. Collectively, these devices are known as the Internet of Things or IoT.

IoT

The term Internet of Things (IoT) refers to a broad array of network-connected devices. This term is used fairly loosely, but all sorts of “connected” and “smart” devices often get labeled as IoT devices, including smart thermostats, connected appliances, light bulbs, speakers, and so forth. While one could argue that IoT devices enable some useful capabilities, such as saving energy via a smart thermostat or monitoring a building’s condition, these devices have a significant number of downsides. For starters, it has long been known that the vendors of these devices are pretty bad at both initial security and at providing timely security updates, since IoT devices are not regulated by any government entity.¹ As a consequence, IoT is derisively called the Internet of Trash,² since the mere existence of these devices on a network can create major security vulnerabilities.

IoT devices are also a major privacy risk when used in the home. These devices are known to collect and transmit information to the device manufacturer. In addition, IoT devices have been found to send information to third parties (other than the manufacturer) at an alarmingly high rate – well over 50% in one study.³ When one considers both the security and privacy risks together, IoT quickly becomes a suspicious proposition.

Internet of Shit

But wait, there’s more! Some IoT devices require a connection to a cloud service in order to function. These devices might stop working entirely, or their operation might be degraded, if the Internet goes down or if the manufacturer simply discontinues the cloud service entirely. The result of this situation has been dubbed the Internet of Shit.⁴ People install these devices in their homes, subjecting themselves to security and privacy risks, only to have the devices stop working entirely at some future time. The device doesn’t actually break, per se. Instead, it simply loses the ability to function because it can no longer connect to its supporting cloud service.

An excellent example of an Internet of Shit device is the Bosch 500 Series dishwasher, which is recommended by Consumer Reports as a high-quality machine.⁵ In early 2025, author and developer Jeff Geerling installed one of these models in his house, only to discover that certain cycles (such as “rinse only”) are available only in Bosch’s app and not through the controls on the dishwasher itself. In order to use the Bosch app on a smartphone, the dishwasher must be connected to the home’s WiFi network – it cannot communicate directly with the app via Bluetooth or some other direct protocol. Worse, the app requires the user to register and provide personal information.⁶ While one could argue that knowing when, and on what cycle, someone does their dishes might be fairly useless information by itself, there is still the question of why Bosch needs to collect this information in the first place. In addition, there is no guarantee that Bosch will continue updating the dishwasher’s internal software or maintain the cloud service once they decide that this particular model is end-of-life. A person who still has this device on their home network will quickly wind up with an out-of-date, vulnerable appliance posing a cybersecurity risk. If the cloud service is discontinued, some of the features of the device – for which the person has already paid! – will no longer work.

Mitigation

The only way to mitigate the cybersecurity, privacy, and planned obsolescence risks of IoT devices is not to buy them in the first place! Select “dumb” appliances that do not have the capability of connecting to the Internet and that do not require some cloud service in order to function. You can get up and flip a switch to control your lights. You can turn a knob or push a button to control your appliances. You don’t need all this “smart” functionality! Device manufacturers are only selling it to you to increase both their initial profits (since these devices tend to cost more than their “dumb” counterparts) and their ongoing revenues (by selling your data in the surveillance economy). There is no legitimate need for a dishwasher, washing machine, oven, light bulb, or even a thermostat to connect to the Internet. All these things worked just fine in the 1980s and early 1990s before the commercial Internet even existed!

In the dishwasher example, Jeff Geerling could have researched the various options more carefully. Manufacturers and even some retailers provide the instruction manuals for their equipment online. It is worth reading these instructions before making a purchase, so that you know what capabilities the product has and whether or not it can be fully used without a network connection. Where possible, choose the model that doesn’t have a WiFi or Bluetooth connection. Thanks to market segmentation, this model is often the least expensive one.

For some classes of device, such as televisions, it has become nearly impossible to find a “dumb” option without paying an exorbitant price for a specialty version intended for commercial or industrial use. In these cases, reading the manual before purchase is critical, since you need to verify that the device will perform its intended function without requiring a network connection. Manufacturers vary in terms of how well their devices will work when disconnected, and there can even be differences between products made by the same manufacturer. Resist the urge to buy anything these days on impulse. Take the time to do your research first.

Notes and References