TIME smart home

Everything You Need to Know About Smart Home Networking

Smart Home
George Frey—Getty Images In this photo illustration, a Nest thermostat is being adjusted in a home on January 16, 2014 in Provo, Utah.

Learn the difference between Wi-Fi, Bluetooth, Zigbee and Z-Wave

Right now, as you kick back on your couch and daydream about your next smart home upgrade, you may not realize it, but you’re awash in data. From Wi-Fi-enabled thermostats to Bluetooth-accessible door locks to Z-Wave-connected alarm sensors to Zigbee-networked lightbulbs, there could be an array or wireless signals criss-crossing your house.

Why do we need so many different technologies that essentially do the same thing?

On the face of it, that’s a reasonable question, but it’s also analogous to asking the difference between a ball-peen and a sledge hammer — both are used to bang on things, but you wouldn’t drive a fencepost with a mallet. Likewise, the various wireless networks that make up a smart home each have their own use.

And just as those networks are invisible in the real world, solutions like Logitech’s Harmony Home Hub, which can talk to a database of more than 270,000 connected devices, are trying to make them invisible to smart home owners by controlling all these separately-networked smart home products — everything from connected coffee makers to smart window shades — through one interface. But until you get a home hub solution like the Harmony, it’s worth knowing why smart home product designers choose the networks that they do:

Wi-Fi: “Wi-Fi is a whole-home network,” says Chris Coley, principle engineer and architect with Logitech. Primarily used for media streaming, browsing the web, and other data-heavy activities, it’s a high-bandwidth network that’s power-intensive — just watch how fast your laptop battery dies when you’re watching a video on Netflix.

Many smart home products eschew Wi-Fi-connectivity because it would require their devices to have a dedicated power source or a long-lasting battery. This is why most Wi-Fi webcams aren’t actually wireless — they need to be plugged in to an electrical outlet. It’s also a reason why the Nest Learning Thermostat is such an ingenious device: its developers created a method of power-sipping from the low-voltage electrical cable that has historically powered home temperature controllers.

Until recently, says Coley, Wi-Fi chips have also been relatively expensive, another reason why tech companies seeking cheaper alternatives have turned to other wireless technologies for their products.

Bluetooth: In linking the smartphone in your pocket with the computer on your desktop and the headphones on your ears, Bluetooth makes secure connections between nearby devices. “It was originally developed to be what people call a personal area network,” says Coley.

But in the smart home, Bluetooth appears on products that require a person to have a close physical proximity to the device, like the Kwikset Kevo smart door lock. And because Bluetooth uses frequency hopping and government-grade encryption to help ensure no one can intercept or unscramble your interaction with your smart home gear, Bluetooth is also very secure. It also has higher data bandwidth than Zigbee and Z-Wave (though lower than Wi-Fi), allowing Bluetooth-enabled products to do more than simply flip a switch or report movement.

The newest version of the protocol, Bluetooth LE, which stands for “low energy,” uses very little power in comparison to Wi-Fi. The developers behind it also recently announced it will be able to form “mesh networks,” a capability that puts it in further competition with Zigbee and Z-Wave. Mesh networking is where a device has the ability to receive a networked signal and also send out the same signal, extending the range of that network. For these reasons, Bluetooth is not only increasingly popular in smart homes, but many smart phone accessory makers are tapping it for their products.

Zigbee and Z-Wave: “A lot of home control devices that are primarily Zigbee/Z-Wave are primarily driven from a range and power consumption perspective by using a mesh network,” says Coley. Both very low-powered wireless networks (their devices can run for years on a little watch battery), Zigbee’s and Z-Wave’s ability to mesh network have made them great for reaching far-flung sensors in the smart home — and they’ve been doing it for years already, making them the incumbent technology against Bluetooth’s inroads.

But before you ask “Can’t Wi-Fi be extended?” consider the difference in how that’s done with mesh versus extending devices. Wi-Fi extenders pull in a signal but end up kicking only about half the data rate back out, meaning netowrks stretch farther but at the cost of performance. Mesh networks like Zigbee and Z-Wave don’t experience this kind of signal loss — partly because they are very low-bandwidth to begin with. And that low-bandwidth makes these two standards great for simple devices like window and door motion sensors, or smart lightbulbs that only need data connections to turn on or off.

One problem with Zigbee and Z-Wave, however, is that their signals aren’t directly compatible with any mainstream computing device, like a smartphone, tablet, or laptop. So, the bulbs and motion sensors need to communicate with a hub that is either connected to your home network via Wi-Fi or through an ethernet cable plugged into to your Internet router. This is precisely how Philips Hue smart lighting products work — the all the various bulbs and lights use Zigbee talk to the hub, which connects to an Internet router. Then, when you use the app to turn on the light or change its colors, the command runs from your phone through your router, to the hub, and ultimately to the bulb.

For purposes of this explainer, Zigbee and Z-Wave have been lumped together, but they are not the same thing. While they’re generally similar in power, range, and low price (making them attractive for product manufacturers), they’re incompatible with each other, and there are some technical differences that attract product developers to one over the other.

In the long run, which of these four wireless network standards will emerge as the clear victor? The answer to that is unclear, and it’s quite possible that none ever will. As their technologies continue to evolve, the variety of variables — from price drops to improved power usage to faster data rates — make product developers continually re-evaluate which wireless chip is the best for their needs. “It’s a horse race that’s changing all the time,” says Coley.

Read next: Everything We Know About Apple’s Smart Home

Listen to the most important stories of the day.


How to Email Like Hillary Clinton

Hillary Clinton
Adam Berry—Getty Images Hillary Rodham Clinton, former United States Secretary of State, U.S. Senator, and First Lady of the United States, speaks during the presentation of the German translation of her book 'Hard Choices' ('Entscheidungen' in German) at the Staatsoper in the Schiller Theater on July 6, 2014 in Berlin, Germany.

Many people have at least two email addresses: There’s the one you get for work, then there’s the one you use for personal business. And you might even have one to give all the companies who will send you junk mail until the world ends.

But these accounts don’t physically exist in your office, home, or city dump, respectively. They’re typically off someplace in the cloud — unless, like former Secretary of State Hillary Clinton, you decide to host your own email service in your home. While heading up Foggy Bottom, the potential presidential hopeful exclusively used an email server registered to her home in Chappaqua, New York, according to the Associated Press and New York Times.

The situation has quickly became problematic for Clinton. Public officials are supposed to be archiving their correspondence under open records rules, so the revelations have raised questions over why Clinton opted to use a private email setup rather than the State Department’s service.

While Clinton’s move to use a private email solution might seem like an unusual choice, it’s technologically easy enough for most people to set one up — check out this explainer from Ars Technica for the wonky details. But few people bother with a private email server. Why not?

“The big caveat is that you must know what you’re doing in terms of setting it up securely, and that’s a fairly difficult, non-trivial problem for most people,” says Katie Moussouris, chief policy officer for San Francisco-based HackerOne, a company that works with friendly hackers to help organizations like Yahoo, Twitter, and even government agencies detect vulnerabilities in their own technology.


An outgoing email generally follows this route: It’s stored in a server, sent by a client (software ranging from Microsoft Outlook on your computer to the Mail app on your smartphone), and traverses various networks en route to its destination, where it’s received by the recipient’s client and stored by their email server. (And vice versa for incoming email.) Setting up your own email service lets you control the two closest parts of this path — your local server and client. That can help make your data safer, especially if you encrypt the data stored on your server and the messages you send.

But doing all this still means three-fifths of your email’s path runs through areas over which you have no control. In fact, the only way that emails sent to or from Clinton’s account would remain truly secure would be if they went to or came from accounts that were similarly locked down. Then “you would have all of the infrastructure under your direct control,” says Moussouris, who has more than 15 years experience in Internet security and has also worked as a hacker-for-hire.

Despite these security holes, there are still reasons that a person would want to set up their own email service. As that Ars explainer points out, if your email is hosted in the cloud —say, by Gmail — “it’s not yours.” If you control the servers, you own the content — though governmental policies surrounding transparency and police search and seizure rules certainly weigh in here.

But most people aren’t trying to protect sensitive State Department data. Instead, one reason people run their own email services is so they can use their own domain name in their email address. If this was a reason for Clinton, it was a foolhardy one, argues Moussouris. If being a high-value target for hackers is a reason for using an (allegedly) more secure private email service, choosing an domain name like clintonemail.com, as Clinton did, only gave her a higher profile.

“Such an obvious name would make it an interesting target for a hacker,” says Moussouris. “People with that high of a profile, whether it’s a politician, celebrity, or high-level executive, they should already be operating with that in mind.”

Besides, consumer-based services not only allow users to use their own domain name while hosting their emails in the cloud, they also provide end-to-end encryption, ensuring that their messages stay safe while traveling through the web.

But if you still want to email like Hillary Clinton, Moussouris recommends relying on an expert — if you can find one. “Qualified security people are very rare,” she says. And that’s one of the problems with this setup for Clinton.

“I couldn’t imagine a top-notch security person going to work for anyone in Washington, let alone an individual in, essentially, a non-technical function,” Moussouris says. “We have a scarcity of talent in the security industry, and we see this when we try to hire good people all the time.”

As a result, Moussouris assumes whoever set up Clinton’s private email server was a staffer, unless they were very well paid. And if that’s the case, the best way to email like Hillary Clinton is to spend a lot of money.

TIME Security

Uber Data Breach Put 50,000 Drivers’ Info at Risk

Berlin's Taxis As German Court Considers Uber Technologies Inc. Ban
Bloomberg—Bloomberg via Getty Images A passenger holds a HTC Corp. smartphone displaying the Uber Technologies Inc. car service application (app) as they sit in a taxi in this arranged photograph in Berlin, Germany, on Monday, Nov. 24, 2014.

But it isn't aware of any foul play as a result

A data breach at Uber last spring put tens of thousands of drivers’ personal information at risk, the company said late Friday.

Uber said it first realized its systems may have been breached by a third party in September of last year. After an investigation, the company found an “unauthorized access” by a “third party” occurred on May 13 of last year, which resulted in the names and license numbers of 50,000 drivers being leaked.

The car-hailing company didn’t specify who the third party was. However, Uber says it has since blocked further access to the database in question as well as alerted affected drivers.

Uber isn’t yet aware of any identify theft or other foul play as a result of the breach. It’s also offering one year of fraud protection to the drivers involved.

“Uber takes seriously our responsibility to safeguard personal information, and we are sorry for any inconvenience this incident may cause,” a blog post from Uber Managing Counsel of Data Privacy Katherine Tassi said. “In addition, today we filed a lawsuit that will enable us to gather information to help identify and prosecute this unauthorized third party.”

TIME Security

U.S. Offers $3 Million Reward for Information on Russian Hacker

Bogachev Russian Hacker FBI

The FBI says it's the most ever offered in a cybercrime case

The United States announced a $3 million reward Tuesday for information that would lead to the arrest and/or conviction of a suspected Russian hacker, the largest bounty it has ever offered in a cybercrime case.

Evgeniy Mikhailovich Bogachev, one of the FBI’s most wanted cyber criminals, allegedly participated in a “major cyber racketeering enterprise,” according to the State Department, which involved using a malicious software known as “Zeus” to grab sensitive information from victims like bank account numbers, passwords and PINs.

The FBI said its investigation of the “GameOver Zeus” computer network began in September 2011 and is responsible for some 1 million computer infections, resulting in more than $100 million taken from online bank accounts. Bogachev, known as “lucky12345″ and “slavik,” was indicted by a federal grand jury in August 2012 for charges like bank fraud, conspiracy to violate the Computer Fraud and Abuse Act and aggravated identity theft. In May 2014, another federal grand jury indicted him under his real name for charges including wire fraud, money laundering and computer fraud.

Bogachev is believed to be at large in Russia.

TIME Social Media

Facebook Unveils Its Plan to Strike Back at Hackers

Facebook ThreatExchange Hackers
Bloomberg via Getty Images

It's a new social hub for companies to share info about security threats

Facebook pushed out a social network on Wednesday to ramp up the fight against hackers.

ThreatExchange joins together several high-profile companies in a platform where they can share information about cyberattacks or hacking threats with one another, but also between select groups or specific individuals, according to ThreatExchange. Early partners for ThreatExchange include Bitly, Dropbox, Pinterest, Tumblr, Twitter and Yahoo.

“Threats like malware and phishing typically go after multiple targets, and a successful attack at one place usually makes it easier to take over systems elsewhere,” according to Facebook. “We share in each other’s fate.

TIME Security

Why This Security Researcher Just Posted Millions of Passwords

TIME.com stock photos Computer Keyboard Typing Hack
Elizabeth Renstrom for TIME

It's for your own good

A security consultant just published 10 million password and username combinations, and one of them might be yours.

The security researcher, Mark Burnett, isn’t an ill-intentioned hacker. Rather, he’s published millions of online credentials in the hopes of better researching password security. Posting the information could allow other security researchers to gain a better understanding of how we choose passwords and usernames, and ultimately make us safer.

Burnett picked up the passwords from a random sampling of dumps already dotted around the Internet, so he’s not hacking accounts and stealing credentials. Instead, these passwords are already out there. Plus, many of them are already obsolete, Burnett says.

Still, some might argue Burnett is breaking the law by publishing the credentials, and he runs the risk of running afoul of law enforcement for publishing credentials.

Here’s Burnett on his blog (hat-tip to Gizmodo):

Although researchers typically only release passwords, I am releasing usernames with the passwords. Analysis of usernames with passwords is an area that has been greatly neglected and can provide as much insight as studying passwords alone… In the case of me releasing usernames and passwords, the intent here is certainly not to defraud, facilitate unauthorized access to a computer system, steal the identity of others, to aid any crime or to harm any individual or entity. The sole intent is to further research with the goal of making authentication more secure and therefore protect from fraud and unauthorized access.

TIME Security

The World’s Most Popular Site for Pirated Downloads Is Back Online After a Long Outage

A search is performed on The Pirate Bay Web site on a comput
Adam Berry—Bloomberg/Getty Images

Pirate Bay had been offline since December

The Pirate Bay, the world’s most popular file-sharing site, came back online Saturday after Swedish authorities had shut it down in December.

The site’s relaunch, complete with a new logo of a phoenix, was expected, as a countdown clock had been displayed on the domain, VentureBeat reports. The relaunch is reportedly a slimmed-down version, not requiring several former administrators and moderators.

The Pirate Bay’s offices, based in Stockholm, were raided two months ago by Swedish officials after complaints from an anti-piracy group, resulting in the site’s longest shutdown ever. The premises were previously raided in 2006 and 2010, but the page had been brought back online within a few days.


TIME privacy

What Uber Still Won’t Say About Your Data

Travis Kalanick, chief executive officer of Uber Technologies Inc., gestures as he speaks during the Institute of Directors (IOD) annual convention at the Royal Albert Hall in London, U.K., on Oct. 3, 2014.
Chris Ratcliffe—Bloomberg/Getty Images Travis Kalanick, chief executive officer of Uber Technologies Inc., gestures as he speaks during the Institute of Directors (IOD) annual convention at the Royal Albert Hall in London, U.K., on Oct. 3, 2014.

A privacy audit left some questions unanswered

Uber, the massively popular car-hailing company, has acquired a reputation for being overly cavalier about data privacy. Last November, Uber vice president Emil Michael suggested investigating journalists critical of Uber to find dirt in their “personal lives.” A venture capitalist said his private location data was broadcast to a large audience at a Chicago Uber launch party. And a Buzzfeed reporter in November was tracked on her way to an interview with New York’s top Uber executive.

Uber has since refocused its attention on riders’ privacy, rewording its data policy and hiring an outside attorney to conduct an investigation.

“At Uber, protecting the personal information of riders is a core responsibility and company value,” said Uber CEO Travis Kalanick in a Friday statement. “Delivering on that value means that privacy is woven into every facet of our business, from the design of new products to how we interact with riders, drivers and the public at large.”

The results of that audit were released Friday. The investigation, led by Harriet Pearson, a Washington, D.C. attorney at Hogan Lovells with an impressive history of arbitrating privacy and security issues, agreed with Kalanick’s own assessment: Uber has a strong privacy policy. Her six-week investigation at Uber involved reviewing hundreds of documents and interviewing Uber’s leadership. It ultimately resulted in an exculpatory report that Pearson called “comprehensive.”

“In our view, Uber has dedicated significantly more resources to privacy at this point in its age as a company given its sector and size than other companies that we’ve observed,” said Pearson in an interview with TIME. Uber is about six years old, it’s valued at more than $41 billion.

The saga has raised important questions about how private companies access our personal information, from our credit card data to our precise location. A lot of Uber’s data can be really useful: The company uses it to settle internal disputes, fix bugs or help cities plan traffic patterns, as it has done in Boston, for example.

But in the age of the Snowden National Security Agency revelations, consumers are particularly sensitive about how their personal information is used. Uber has promised to follow the report’s recommendations, such as expanding employee training and making its policies more transparent. But the audit still left some questions unanswered, according to Bruce Schneier a fellow at Harvard University’s Berkman Center for Internet & Society.

“I saw nothing in their statements” to alleviate privacy concerns, says Schneier of Uber’s report. “Anytime you put this kind of surveillance power in peoples hand, they look up their enemies and friends… If the culture is not, ‘we don’t do this,’ than you do it.”

Here’s what we still want to know more about.

How many employees at Uber can see my personal data?

Uber says access is limited to employees who have a reason to need it, like those investigating fraud, answering user-driver inquiries or conducting trip analyses, said Katherine Tassi, Uber’s managing counsel for privacy, in an interview. But Tassi doesn’t have an exact figure.

“There’s no one particular number of employees that have access to user data,” she said.

How does Uber prevent its employees from looking at my data?

Uber gives employees access to customer data based on their responsibilities, while others are locked out through technical controls. “We noticed those kinds of controls at various levels” at Uber, said Pearson.

The report indicates Uber uses a combination of passwords, informal rules and employee monitoring to restrict access. In any case, according to Pearson, the company has a well-developed system for monitoring who is accessing your data and when.

So has Uber explained its recent privacy missteps?

Not fully. “We’re not going to comment on those specific instances that were in the press, but in general, we’re an organization of human beings and human beings make mistakes,” says Tassi. Pearson says her investigation only examined Uber’s privacy program and its structure, not particular incidents. So we don’t actually know how common it is for Uber employees to tap into your data, despite the company’s policy.

Do Uber employees ever get in trouble for doing fishy things with users’ data?

Uber won’t say. We know that Uber “disciplined” New York executive Josh Mohrer in November for tracking that Buzzfeed reporter’s ride, but we’re not sure how. Other than that, we don’t have any evidence Uber employees committed any other privacy violations.

Are Uber employees taught not to spy on me?

Uber talks informally with its employees about protecting customer data. Employees get “communications” from the senior team on handling riders’ data, Tassi said, and new Uber hires have to accept the company’s data access policy.

But when pressed, Uber didn’t say whether there’s a formal training program for employees, merely saying it was “in early stages of development.” That training “needs further formalization,” said Tassi.


How to Hide Anything on Your iPhone

TIME.com stock photos Social Apps iPhone
Elizabeth Renstrom for TIME

You have a right to privacy. Here’s how to protect it.

The eyes may be the window to your soul, but your iPhone is the peephole into your daily life. Who you contact, which apps you use, which selfies you snap — it’s all right there. So if you care about your privacy, it’s worth taking some simple steps to protect it. Here are seven ways to keep digital snoops at bay.

Pair Touch ID With a Complex Password

If you’re already using your fingerprint to unlock your iPhone, you’re on the right track. (If not, tap Settings >Touch ID & Passcode and add it now.) Here’s another trick: add a complex password to enter each time you power up your phone. (Tap Settings > Touch ID & Passcode, disable Simple Passcode and follow prompts). For a stronger passcode that’s quick to enter, stick to all numbers and aim for up to 12 digits. That won’t stop a dedicated hacker, but it’s tougher for an unwanted onlooker to figure out than a standard 4-digit password.

Nix the Notifications on Your Lock Screen

Hide your notifications by going to Settings > Notifications and toggling off the Show on Lock Screen slider. Alternately, you can also fine tune this setting so that only certain apps can place notifications on your lock screen using the options right below this setting. You can even block notifications from individual message threads: go into the message, tap the word Details on the upper right hand corner of your screen and slide the Do Not Disturb Button to the left. Voila.

Hide Clandestine Contacts

There’s no built-in setting for hiding individual contacts, but there are some smart workarounds. The simplest way is never to save the person’s name so only their number appears in your recent calls list. To hide all your recent and favorite contacts in the App Switcher – which appears atop your screen when you press the home button twice – tap Settings > Mail, Contacts, Calendars > Contacts > Show in App Switcher and toggle off Phone Favorites and Recents.

Deep-Six Secret Texts

This one’s easy – just delete them. Swipe left on the Messages screen to delete entire exchanges at once. If you only want to nix certain parts of a thread, hold your finger on the offending text bubble, tap More when it pops up, select each bubble you want to delete using the check marks at left, then tap the trash icon at the bottom left of your screen.

Zap Photos and Videos

Here’s one case when you’re better off using a third-party app instead of the iPhone’s built-in option. While you can hide any photo from your camera roll by holding your finger on it, then selecting Hide, the Hidden Album is not password-protected. Instead, try a free app like KYMS or Private Photo Vault, which require a password to access. Just remember to permanently delete the originals from the default iPhone photo app afterwards.

Make Apps Disappear

Don’t want anyone who borrows your phone to know you’re on Tinder or have a Private Photo Vault? There are two ways around this. First, you can hide apps inside another folder like your “Extras” by holding down the app icon until it starts shaking, then dragging it into the desired folder. Second, you can hide app icons altogether by dragging them into the dock, then using Spotlight to access it. Get a detailed explanation for how to do both tricks here.

Hide Your Search History in Safari

If you just want to browse privately for a while, open Safari, tap the page icon in the lower right corner, then tap Private. To clear your entire browser history, go back to your phone’s home screen, tap Settings > Safari > Clear History and Website Data. Pro tip: download the DuckDuckGo search engine and use it instead. Unlike Safari, it never stores your search history.

TIME Security

Taylor Swift’s Instagram and Twitter Just Got Hacked

Taylor Swift arrives at the 16th Annual Warner Bros. And InStyle Post-Golden Globe Party at The Beverly Hilton Hotel on Jan. 11, 2015 in Beverly Hills, Calif.
Jon Kopaloff—FilmMagic/Getty Images Taylor Swift arrives at the 16th Annual Warner Bros. And InStyle Post-Golden Globe Party at The Beverly Hilton Hotel on Jan. 11, 2015 in Beverly Hills, Calif.

Hackers gonna hack hack hack hack hack

Taylor Swift’s Twitter and Instagram accounts were hacked Tuesday afternoon before quickly being recovered 15 minutes later.

The hacker wrote a tweet encouraging Swift’s 51 million fans to follow someone claiming to be the leader of the hacking group “Lizard Squad.”

Swift has the fourth most popular account on Twitter. After regaining access to her account, she tweeted the following:



“Never a dull moment,” the singer wrote on her Tumblr, adding the hashtag #hackersgonnahackhackhackhackhack.

Your browser is out of date. Please update your browser at http://update.microsoft.com