For two months in early 2018, technology journalist Kashmir Hill let innocent household items spy on her. She had turned her one-bedroom apartment into a “smart home” and was measuring how much data was being collected by the firms that made the devices.
Her smart toothbrush betrayed when she had not brushed her teeth, her television revealed when she had spent the day bingeing on programmes, and her smart speaker spoke to the world’s largest online retailer every day.
It was like living in a “commercial, surveillance state” with “not a single hour of digital silence”, she said.
Ms. Hill, who reports for the technology news website Gizmodo, gave a TED talk describing her experience.
Her colleague Surya Mattu had built a special wi-fi router to monitor the devices listening to her life. They found that she was giving away a lot of information.
“The Amazon Echo talked to Amazon servers every three minutes and the TV was sending information about every show we watched on Hulu, which was in turn shared with data brokers.”
But perhaps more worrying than the data she could track was the vast amount that she could not.
“With the other data I don’t know ultimately where it was shared,” she said.
The lack of transparency about what happens to the huge amount of consumer data that is sucked out of smart devices and social networks every day has been in sharp focus in the last few weeks.
Facebook remains under intense scrutiny after it was revealed that up to 87 million Facebook users may have had their profile information accessed by marketing firm Cambridge Analytica without their knowledge.
But while some consumers are prepared to part with their data for the convenience of access to free services such as Facebook and Google, Ms. Hill did not feel this was true of her smart experiment.
“My smart home was not convenient. Things didn’t work, the smart coffee was horrible, Alexa didn’t understand us and my takeaway was that the privacy trade-off was not worth it.”
Facebook may currently be in the spotlight, but it is by no means the first to be caught out over the mishandling of user data.
In 2017, smart TV manufacturer Vizio agreed to pay $2.2m to settle a lawsuit brought by the US Federal Trade Commission over charges that the company installed software on 11 million of its smart TVs to collect viewing data, without informing customers or seeking their consent.
In addition, it also gathered each household’s IP address, nearby wi-fi access points and postcode, and shared that information with other companies to target advertisements at Vizio TV owners.
And in August 2016, in a particularly intimate example of data misuse, hackers at the Def Con security conference revealed that Standard Innovation’s We-Vibe smart vibrators transmitted user data – including heat level and vibration intensity – to the company in real time.
“It is interesting that the issue has coalesced around Facebook but it is a much wider issue,” said Ms. Hill.
“We use platforms on our smartphones and social networks that introduce us to third-party apps and we haven’t yet come to terms with what this means, and how much responsibility the companies have to vet these apps and keep us and our data safe.”
That is all about to change in Europe with the introduction of the General Data Protection Regulation (GDPR), which promises consumers far greater control over their data.
Currently, the situation in the US is very different. Citizens do not have the right to access the information that companies have stored on them.
However, California, which is home to most of the biggest tech giants, is currently considering a law that would give users access to their data and let them ask firms not to sell it.
For Ms. Hill, the changes in Europe cannot come soon enough.
“I absolutely hope that GDPR has a trickle-down effect on the US,” she said.
Meanwhile, she is not willing to totally abandon her smart home experiment.
“We will keep the Echo and the smart TV. I don’t love all this stuff but it is going to stay in our home.
“What I hope is that we can make better products in future – devices with privacy protections built-in.”