Taking Control of Household IoT Device Privacy

Household IoT devices are intended to collect information in the home, and interact with each other, to create powerful new applications that support our day-to-day activities. For example, a smart fridge detects when certain groceries are running out, and triggers a shopping console to order fresh supplies. Technical solutions can ascertain that the data used for such functionality are minimized [13, 20, 24], but arguably, any functionality requires at least some amount of personal data. Therefore, users will have to trade off privacy and functionality: a solution that is fully privacy preserving will be limited in functionality, while a fully functional IoT solution may require far-reaching data collection and communication. Each user may have a different personal preference on this privacy-functionality tradeoff continuum; the challenge is to have them pick a setting that is pareto-optimal, i.e., one that provides the highest level of privacy for a given level of functionality (and vice versa). This is a different data minimization challenge: not on the system side, but on the user side.