This is extremely similar to what I accidentally discovered and disclosed about Mysa smart thermostats last year: the same credentials could be used to access, inspect, and control all of them, anywhere in the world.

See https://news.ycombinator.com/item?id=43392991

This way, only processed vision data would be physically sent to the main board. This constituted of mostly just "line segments", almost like a sparse point cloud, to detect obstacles and edges. They argued that this was more privacy safe because there's no way for the main module to access any raw vision data. It did however make the SLAM part harder to make work.

In hindsight, a good decision. I got one as a thank you for thesis work and it's still running just fine (with battery and brushes replaced once) and good to know that with the years of software update it still can't check me walking around in underwears in my apartment

[0] https://valetudo.cloud/

I was pretty mad about it but also tried to play ball and not make too much of a fuss because I learned some pretty private things without meaning to and didn’t want to inadvertently make them public. Should have been more vocal.

It would temporarily suck for consumers, having their devices exploited and their privacy abused, but it would lead to wider awareness of the problem, shaming of the companies, financial and legal pressure, and hopefully change things in the long run.

Disclaimer: This is not a call to action to do illegal things. Your decisions are your own.

“In my house there's this light switch that doesn't do anything. Every so often I would flick it on and off just to check. Yesterday, I got a call from a woman in Germany. She said, 'Cut it out.'”

At scale, over the Internet.

Accompanying discussion on hn https://news.ycombinator.com/item?id=47047808

I specifically bought one without a camera or mic.

I remind myself of this no matter how much convenience I may be missing out on. (Getting a TV without em is kinda hard!)

Planning in advance, same for any AR stuff, not in my life, I'm sticking to it.

Like how many layers of people had to have OKed having the same password for all of them? It’s incompetence on an impressive scale.

Anyway, what's all the fuss about (those affected couldn't give a damn about their privacy)?

Unfortunately it doesn't fly.... although if it did, that would've made this even scarier.

Sorry what? Why would a vacuum cleaner even need a microphone?

Sigh

https://slate.com/culture/2012/01/stealth-mountain-the-twitt...

Obviously proper diligence wasn't followed with this product, and obviously this is going to be something we've all heard before, but why does a vacuum need to talk to a server at all?

And also, to go even further back, is there anything more leopards-ate-my-face than a compromised robo-vacuum? I have never understood the appeal of these things. Except as satire. Pushing a vacuum around takes minutes, once a month, all the more so when you live in a 3m x 3m box with 12 roommates, and is badly needed exercise for a lot of pathetic little nerd noodle-arms.

My understanding is that there is no malice or incompetence, it's usually just "who cares"

Consumidiotsm, is the term comes to mind. Eating up crap, is the analogy from non-technical contexts. The side effect is, that buying properly made not overcomplicated and tedious to maintain (update, refresh, pair, disgnose, update and configure connected harware, click away pushy self-promotions, the way it is not exposing you to the manufacturer or everyone) products is tedious (loosing saved efforts). Poor others just want simple and robust, not fragile and risky tech-crap doing the core thing are left out.

(Robotic vacuum is a great concept! The available implementations in the other hand are rubish!)

>It retails for around $2,000 and is roughly the size of a large terrier or a small fridge when docked at its base station.

So, large terriers, and small [presumably 'smart'] fridges can have docking stations?