What is THE CLOUD?! What does it do? Is it safe? Should you use it?December 12, 2018
Today on the hookup we’re going to take a look at “the cloud”, discuss its many uses, and determine if it is something that you should use in your smart home.
If you’re watching a video on my youtube channel you’re probably at least a little familiar with the term “The cloud”. In computing we use the term “the cloud” to describe a process that is completed on a remote computer rather than a local one. Unfortunately, the term is used to describe so many different things these days that it’s difficult to know what your device is using a remote computer for. In this video we’re going to look at the three most common uses for the cloud and figure out what problems are being solved by using a remote computer instead of a local one.
Lets start with the most common use of the cloud in smart home products: Avoiding complex networking and routing.
When you buy a smart plug like this one from Sonoff the setup process is usually quick and painless. You install the app (eWeLink in this case), setup the device by giving it your wifi credentials and following the step by step instructions in the app, and then you’re done. Now from anywhere in the world you can press the button on your eWeLink app and turn on your smart plug, magic. But it’s not magic that makes the process so simple, it’s the cloud.
When you register with the eWeLink app you create an entry on a remote eWeLink server that allows you to send commands from the phone app to the server. In this case, we would refer to this server as the eWeLink cloud. When you give the smart plug your wifi information it uses that internet connection to connect to that same eWeLink cloud.
When you press the button in the app, you send a message to the cloud telling it that you would like the plug to turn on, then the plug, which is also connected to the cloud sees that message, turns on, and then sends a message back to the cloud that it is on. That message is then relayed back to your phone and you see the updated status of the plug.
Without the cloud, this interaction would be significantly more difficult. Our home routers are designed to allow outbound traffic, but significantly limit what types of traffic can come into the house. This functionality is called a firewall, and it’s extremely important to have to protect your network from intrusion.
So to get through this firewall you would need to specify a unique port that each of your different smart devices was going to communicate on, use your routers settings to forward inbound traffic on that port to that specific device, and then configure your phone app to communicate on that specific port. Not only that, but you would also need to keep your phone app updated with the current IP address of your house that is given to you by your internet provider.
In addition to making it significantly more difficult to set up your smart plug, it is also considered bad practice to forward traffic to these devices because they could potentially allow a hacker to gain access to your home network if they contain exploitable bugs.
In this case, using the cloud comes with some significant advantages, so why do people (including me) try to avoid the cloud whenever possible?
First, by using the cloud you introduce another point of failure into your smart home system. By looking at this diagram you can see that an internet outage in my house, or at the eWeLink server location will prevent me from being able to turn on the smart plug. A locally controlled device only needs the internal home network to remain functional.
Second, since your plug is constantly communicating with a cloud server that is controlled by someone else, it is theoretically possible for a hacker to take control of that cloud server and issue the “turn on” command to any smart socket or device connected to it. For some this may cause an inconvenience, but for others it could be much more severe and could lead to a fire.
The last drawback, and one that is alarmingly common, is when these cloud services are gone, your device may not work at all. Companies go out of business all the time, when it happens to a smart home company their devices become paperweights. Occasionally, companies may decide that in order to continue to use their server, you must pay a monthly fee for a service that was previously free. This leaves you with two less than great choices: pay the fee, or lose all smart control of your product. By avoiding the cloud you remain in complete control of your devices and won’t have to worry about either of those situations.
In order to achieve local control of your devices is often possible to use a local control hub like home assistant to avoid the cloud. Some companies like shelly offer the ability to use local control instead of the cloud by simply clicking a button while other apps like kasa from TP-link and Tuya smart life require intercepting messages sent to and from the cloud to emulate a cloud server in your house. The good news is there are plenty of people who are smarter than me working on adding local control to cloud devices every day, and most of the time they do a great job with documenting how they did it so you can do it too.
Another common use of the cloud is to provide extra computing power for complex tasks that need to be handled by small inexpensive devices. Have you ever wondered why your amazon echo can understand every word you say to it, but your only options for wake words are “echo”, “amazon”,“alexa” and “computer”? This is because the speech recognition for those four words is processed on the device, but all other speech processing is handled remotely on the amazon cloud. The same thing is true for google assistant with “hey google” and “ok google”.
In order for amazon to sell these devices at such low prices, they need to reduce the cost of the components as much as possible. The echo dot only contains enough processing power to recognize those few wake words, create a recording of the command spoken after the wake word, and then upload that file to the cloud, which results in a significantly cheaper device than producing one that can handle all the voice recognition locally
Similar cloud integrations are used with smart cameras like nest, ring, and wyzecam to do things like facial recognition and motion detection.
In these cases there isn’t a great option for cutting out the cloud. You would need to either stop using the service, or buy a much more expensive device which may still give you unsatisfactory results.
Products like snips for instance aim to eliminate the cloud from voice control by running their software on a raspberry pi with a set of microphones, but it comes at the cost of only being able to recognize very specific phrases, and not natural speech recognition.
So why would you want to cut out the cloud anyways?
Well, at the heart of it, you have a device with an array of microphones who’s sole purpose is to upload audio from your home to the cloud. Amazon and google are definitely doing something with this data, but it’s hard to say what. They have been pretty adamant that they are only collecting audio after you say the wake word, and that the data isn’t shared with anyone. But it’s pretty clear by the number of patents being filed every year that this information is both powerful and valuable.
If you’re not comfortable allowing amazon or google to store audio from your voice assistant, or worse, upload video from your ring or nest camera you should avoid these products. If there’s any silver lining at all it’s that these companies are responsible for storing and securing the vast majority of data on the internet, and by this point they are pretty good at it. If your camera is made by a smaller, less reputable company you should be even more concerned about the security of your data.
The last common use of the term “the cloud” is cloud storage like dropbox, google drive, one drive, and countless others. In these cases you are backing up your files to an offsite server. The major upside to these services is that these companies are orders of magnitude better than you and I at preventing data loss, so your family photos and irreplaceable documents will be safe forever, but it comes at the cost of storing those photos on a remote server.
Unlike your voice recordings, it’s unlikely that these companies are using your files to gather data about you and sell you things other than photo printing services, but I guess anything is possible.
Hopefully this video has given you a better understanding of some of the most common types of cloud integration, and explained why there is no one good answer to the question “should I use the cloud”. This video is a primer for a video I am working on about smart home security, where I’ll be consulting with a former student and active member of the university of central florida’s hacking team to determine the largest security threats in your home and the best ways to avoid being hacked.
Thank you to all of my patrons over at patreon for supporting this channel and allowing me to make videos like this one that aren’t montized using affiliate links. That being said, if you’d like to buy your very own amazon spy device you can check out the links in the description, I personally have an amazon spy device in every room of my house, hi amazon.
If you enjoyed this video and you’d like to see more like it, please consider subscribing, and as always, thanks for watching the hookup.