If you are a glass-half-empty person, you’ll view Charter’s announcement that they will shutter their home security and smart home service on February 5th as another reason not to buy into closed-source IoT devices. If you are a glass-half-full person though, you’ll see the cable company’s announcement as a sign that a lot of Zigbee hardware will soon flood the surplus market. Ars Technica reports that after investigation it appears that some of the devices may connect to a standard Zigbee hub after a factory reset, but many others will definitely not.
As you might expect, users were less than thrilled. Especially those that shelled out thousands of dollars on sensors and cameras. This sort of thing might be expected if a company goes out of business, but Charter just doesn’t want to be in the home security business anymore.
Continue reading “Another IoT Debacle: Charter Offers Home Insecurity”
Charter Communications has announced that it will no longer be attempting to target advertising based on user actions. The original strategy would have involved inspecting the contents of every packet sent or received by the customer. This usage pattern is associated with a specific IP and relevant ads are displayed on sites using NebuAd when that IP visits. NebuAd doesn’t directly share the IP, but we’ve seen in the past, even with obfuscation, a user’s search patterns alone have been known to give away their identity. The majority of all internet traffic is plaintext, but endusers have an expectation of privacy. User backlash is what eventually caused Charter to back down, but that doesn’t mean companies like NebuAd are going to be any less common.
Charter Communications seems to be pulling some sort of crap with their DNS servers. While working on a new project our friend Billy Hoffman, discovered that Charter was reporting absolutely every domain as resolving. They do offer a solution by providing an opt-out cookie, which isn’t useful at all if you’re not using a web browser… and I’m guessing most of Charter’s subscribers aren’t looking for a bastardized version of the net. We’ve seen recently that messing with DNS like this can actually open up new security holes.