The Hidden World of Corporate IoT Spying

In the first two posts of this series, we explored the risks of corporate-controlled IoT—from devices being turned into ‘bricks’ to the sustainability challenges facing ‘open-source alternatives’. But what if the bigger danger isn’t just that your smart device will stop working, but that it’s working all too well—just not for you? This post dives into the pervasive, built-in surveillance that has become a standard feature in so-called ‘smart’ devices.

Welcome to the dark side of the Internet of Things, where the products you pay for and bring into your home are secretly harvesting your data, mapping your life, and reporting it all back to corporate servers for profit. These are not bugs; they are features.

One developer had a particularly jarring experience, which he documented in a post titled “The Day My Smart Vacuum Turned Against Me{target="_blank”}". He discovered his robot vacuum wasn’t just cleaning his floors; it was meticulously mapping his home’s Wi-Fi network and sending that data, along with a detailed floor plan and device MAC addresses, back to servers in China every few minutes. His personal space had been turned into a data collection node for a foreign entity.

This is not an isolated incident. The business model for many IoT companies, it turns out, is not just selling hardware, but selling you. Here are a couple of other egregious examples.

The American TV That Sold Your Secrets (Vizio)

Vizio, a major American TV manufacturer, was caught red-handed in 2017 doing exactly what many users feared. The Federal Trade Commission (FTC) found that the company had installed software on 11 million of its smart TVs to track what users were watching, second-by-second. This wasn’t just limited to what you watched on streaming apps; it captured data from your cable box, DVDs, and anything else connected to the screen.

This incredibly detailed viewing history was then linked with demographic data—your age, sex, income, and more—and sold to third-party advertisers. Vizio agreed to a $2.2 million settlement, but the damage was done. The very screen in your living room was, by design, a corporate spy.

The Vizio story is also a great example why we need organisations like the Software Freedom Conservancy{target="_blank"} to protect our privacy and rights. These organisations work tirelessly to ensure that our data is not misused or sold without our consent. Without SFC funding the Vizio lawsuit a lot of this would have never seen the light of day.

The Chinese “Local-Only” Camera That Wasn’t (Eufy)

Anker, a well-known Chinese electronics company, built its “Eufy” security camera brand on a single, powerful promise: privacy. Marketing materials hammered home the idea of “local storage for your eyes only,” assuring customers that their sensitive video footage would never leave their homes.

But in late 2022, security researchers discovered this was a lie. Eufy cameras were found to be sending thumbnail images of detected motion, detailed facial recognition data, and user identifiers to their cloud servers, even when users had explicitly disabled all cloud features. Worse, it was found that live video streams could be accessed without authentication. The company that sold peace of mind was quietly uploading the faces of its users and their children to the cloud, breaking the foundational promise of its brand.

Your Home, Their Data Center

From robot vacuums mapping your Wi-Fi to TVs selling your viewing habits and security cameras uploading your face, the pattern is clear. With corporate-controlled IoT, you are not the customer; you are the product. Your home is not a private sanctuary; it is a data center.

The lack of control we’ve discussed isn’t just a risk that your device will become a brick or that it will spy on you; it’s a guarantee that it will work against your interests. The only path to a trustworthy smart home is through community-driven, open-source alternatives that we must all work to support.

• Iot
• Privacy
• Security
• Smart Home
• Surveillance