IoT Monitoring 23Jun19

I am participating in a study by Princeton CSci of the performance & security implications of IoT devices communicating from my network with other computers. I set up a constant monitor on my network which analyzes traffic by watching devices on my network as they communicate with computers not on my network. There's some revealing, but not completely unexpected, stuff. Here's the overview from 12 hours of operation... yep, somebody talked to nodes in Canada, Japan, France, Germany, Ireland, UK and even Czechia... though most of that is NNTP traffic, unless it's masquerading.

Roku is continually offering my viewing statistics to advertising, marketing and viewing companies. The list of them is >50. The traffic in MB is not large but the number of interactions is great and there is no encryption end-to-end on most of this traffic.

Google devices are the chattiest and constantly checking in with someone... good, bad or indifferent, they check in with US google sites and assets, not others.

My other IoT devises like thermostats, sprinkler systems, remote controls, etc. are so far benign and talking to suppliers' sites directly or AWS (where their cloud services reside). There is too much unencrypted traffic in these conversations however. I am a fan and user of products with apps allowing me to easily control systems in my house... there is strong time & place utility in these for me but we need to ensure there's also safety & security in their use.