 And now can we have a round of applause for Terence Edwards and his talk, The Connected House of Horrors. Good afternoon, EMF. Thank you so much for coming here. My name is Terence Eden. I need to tell you three things about this talk. So the first thing is that this does contain some mention of sex and death. If that's not for you, that's all right. Please go to one of the other talks. That's absolutely fine. For everyone else, I assume you have parental permission to be here. The second thing is this is a personal talk. It doesn't reflect the views of my employer's past, present or future. And the third thing to say is this is all absolutely true. Everything that I'm going to tell you today is true. I've not exaggerated it for comic effect. A lot of this comes from my life and citations are available on request. So I've been building smart home things for, I guess, about 10 years now. From automated plug sockets to really quite complex interplays with different things within my house. And let me tell you, it is an absolute nightmare. It is one of the worst things that I have ever done and I encourage you not to go into the field of smart homes. It will ruin your life. I'm going to start talking you through some of the kit that I've got and why it is so terrible. So the first thing, which I think most of us here will have, give me a cheer if you've got a smart TV. Of course. Give me a cheer if you read the end user license agreement which came with your TV. Liar. No wonder. No one does. I'm sorry. No wonder. Now this is interesting. Smart TVs offer something really quite cool. So if you've got iPlayer or YouTube or 4OD, whatever it is, you're making a trade-off. You're getting the convenience of watching whatever you want, whenever you want. But the privacy trade-off is someone now actually knows what it is you watch, when you watch it, which bits you rewind and watch again and again, which bits you fast forward through. Now maybe that's an OK trade-off. You know, you get hopefully better quality TV and in exchange you give away your demographic data because what you're watching says a lot about you. But things start getting slightly dicey. And the reason I know that so few people read the end user license agreements of their TVs is a few years ago, Samsung released a smart TV which had a microphone in it and you can bark at your TV, you can say, volume up! Turn to Channel 7, whatever it is. But buried deep in the end user license agreement was this wonderful sentence. Please be aware that if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party through your voice, through your sub-voice recognition. Anything you say in front of your TV can and will be used against you. And this is not sort of a theoretical concern. And Samsung, I think, put out a press release saying, people should just try to avoid having sensitive conversations in front of their TV. I mean, can you imagine, do not argue with your spouse in front of the TV, otherwise you will start seeing adverts for divorce lawyers. I mean, that's basically what they're saying. And we just blindly put these things in our homes with microphones and all sorts of things and they listen to us, but oh my goodness, they do so much more. And it is quite dreadful. There is a company called Visio who didn't just look at, you know, what iPlayer stuff you were looking at. They analyzed the video feed of everything that you put through your TV. So from the HDMI, they could tell what DVD you were watching by sampling the video feed and could then sell that to advertisers. And they would find $2.2 million for this sort of gross privacy violation. Because, you know, you think, oh, if I'm getting a DVD or a Blu-ray, putting it in, no one's going to know. Well, it turns out they do. And again, you can extract an awful lot of data about someone, about their tastes, their habits, their sexuality, their age, all sorts of things from what videos they watch. And then this is just being sent back to advertisers and who knows where. I think that's a really weird privacy trade-off. I mean, we joke, you know, in Soviet Russia, you don't watch TV. TV watches you. It's now a reality. And your smart TV is probably doing that. These aren't a toy that I have, but I love these. These are cloud pets. They're just $39.99 plus $6.99 shipping and handling. And they're magical. So you're a high-powered business executive and you can't be bothered to see your kid. So you give them a cloud pet, and while you're out on the road at a Hilton hotel or wherever, you speak into the cloud pet app and you say, oh, I love you very much or whatever it is people say to their kids. And the kid hugs the toy and your voice comes out of the toy. Oh, my God, they're so cute. They're so cool. But the people who design cloud pets just, I mean, the only way I can put it is they just didn't know that security was a thing. And it turns out that if you could go onto an unsecured website that they had and just look at all the recordings that people had left for their kids. That's not creepy at all, is it? Or all the recordings kids had left for their parents. Or you could inject your own recordings into someone else's cloud pet. Send me Bitcoin, send me Bitcoin. It's just awful. And, you know, this company sort of said, oh, the security fears are over, blah, blah, blah, blah. Oh, my goodness. I don't think these are on sale anymore, which is probably a good thing. But lots of people are training their kids to be complicit in their own privacy violations. And I think that's a bad lesson to teach kids. I don't know. So I used to drive a BMW, but I'm much better now. This is the electric BMW, because I'm a cool eco hippie. So this is the BMW i3. This is not a car. This is a computer that you put your body inside. This has a permanent 3G connection. Now, BMW used to have an API for their cars, so you could do cool things like unlock them and sound the horn from their app. But they sort of locked that down. But what do hackers do when we're told that we're not allowed to do something? Hack the mainframe! So I decompiled the app. Now, BMW engineers obviously didn't feel that security was a thing, so it didn't do any certificate pinning or any checking like that. So I was able to extract the certificate from the app, and now I could control my car from my Raspberry Pi. That's probably secure. That's probably fine. Now, the other thing, so I said, you know, you're putting your body in a computer. Let me refine that, because it gets worse. You're putting your body in an unpatched Linux box. Now, I know what you're thinking. How do I know that it is an unpatched Linux box? Well, in the infotainment system, if you press the right buttons, people will say parts of this system are licensed under the GPL. So I wrote an email to BMW and said, yo, my car's got GPL and stuff. Can I have your source codes? And they went, oh, no one's ever asked for that. Here is a DVD with the source code to our car on it, which I've uploaded to GitHub, so you can take a look at that. And it's... It's not good. It's really not good. I mean, you know, I love Linux. Some of my best friends run Linux, so I'm not sure I want to put my body in an unpatched Linux machine. And it gets worse. If you want to update your car's phone, the 3G connection isn't strong enough or fast enough or whatever, don't worry, BMW will just mail you out a USB stick to just plug into your car to update it. So they're now teaching people that, hey, if you get a random USB stick in the mail, it's fine to just plug into your car. Nothing could possibly... It must be official. It's got the word BMW stenciled on it. It gets worse. It just gets worse and worse. So having lots of IoT stuff in my house is quite expensive, so I thought I need some security cameras. So I got these. These are sort of cheap Chinese security cameras, and they're basically fine. They display an image, and I can see it on my phone. But the company that I bought them through who sort of managed a platform for viewing them went bust. So I can't... I've paid good money for these, and they didn't go bust. I stopped offering the services, and so I couldn't use them anymore, which was really unfortunate, and so I ended up with these sort of lumps of plastic which I can't do. So I'm going to teach you now how to hack almost any security camera. Now, this is really technical, so if you want to take notes, that's absolutely fine. So what you are going to need is a paper clip. You're going to unbend the paper clip by exactly 90 degrees and just shove it in that reset hole in the bag, just hold it down for 30 seconds, and boom, these cameras unlock. So once I did that, they were unlocked from the manufacturer, and we're going to do a little quiz. So the default username for all of these cameras was administrator. Can anyone guess what the default password was? Shout it out. Password... It was... 1, 2, 3... That, of course, was a trick question. There was no passwords. So I've reset the cameras, and I can then do a firmware dump, and I can see that these are running an outdated version of Linux, and I write to the company and say, hey, there's Linux in my cameras. Can I have your source? And they went, no. But that's all right, because I downloaded it, I stuck it online, someone else decompiled it, and they went, oh, I found the default telnet password in here. So now I have root over my cameras, which is really handy because the only way to configure them is using IE7, which is... I'm not joking. It just gets worse and worse. You know, you can reset more or less any security cameras. The one on the left there, that's an external security camera, and that has a pin on it. So if you see someone's security camera, there is a good chance there is a little hole which just says reset. You know, I mean... It's not good, is it? And it gets worse. It just gets worse and worse. So Matthew Garrett gave a brilliant talk about Wi-Fi light bulbs the other day. I'm going to talk about Wi-Fi light switches, which are infinitely worse. So the thing about light switches is, so I've got one of these complicated things in my kitchen where it's like a bank of four bulbs and a bank of four, and I can't afford to replace all eight bulbs with, like, LIFX. I mean, I can because I found some bugs in the LIFX firmware, and they just mailed me a bunch for free. But, assuming I hadn't, a light switch is actually really good. This is a land-bond one. They sold this on Amazon. It's sort of interesting. You wire it in, you connect it to your Wi-Fi, and I thought, well, I wonder how it works. How does this Wi-Fi light switch work? So, again, there's no real security on it. There's no certificate pinning. So I stuck up a little proxy and found out what it does. And so once you've installed this onto your network, it makes a permanent connection to an IP address in China. That's probably fine. Who among us doesn't have a... And I thought, well, what's this server running? So I did a sort of net stat on it, and the server that my light switch connects to runs Microsoft Windows. Vista. I'm sure it's secure. I'm sure it is secure. And the way that the app works, again, I sort of decompiled the app. There's no security. All it does is the app sends the serial number of your light switch to this server in China, and the server in China goes this. And the serial number is only like seven digits long. So you could just enumerate through all of them and just turn on and off random people's light switches. No, no, I mean, you shouldn't do that. That's bad and naughty, but you could. And that's terrifying. And it just gets worse and worse. So there was an Android app that comes with these light switches. And for some reason, it wasn't allowed on the Google Play Store. So I had to download it from a sort of non-SSL site in China. And these are the permissions that my light switch app asked me for. Oh, it's just too many. Why does my light switch need to make premium-rate phone calls? I mean, so some of them are locations. So if I move out of a geofenced area, I can turn the lights on and off, but record audio, modify the contents of my story. It's a light switch. It doesn't need to do these things. And yeah, these were sold for, I think, 20 or 30 quid on Amazon. And I think this is part of the problem, is that a lot of the IoT stuff, a lot of the home automation stuff we buy is cheap. And there's no business model in supporting it once you've bought it. You know, you've paid the 30 quid. And that's it. They don't really care about you anymore. And I'd like to say it's because it's cheap. But, you know, the BMW i3 is an expensive car. And BMW are not doing regular firmware updates for it. Although maybe that's a good thing. I want to be driving around in something which has only just been tested. I don't know. But it gets worse. So this is the Nest smoke alarm. And it is, without a doubt, one of the worst smart home things that I've got. So the first thing is, it just eats batteries. And I sort of put in a bunch of AA batteries. And it started complaining that I had given it the wrong brand of batteries. And it's like, I have never met something which was so fussy. It needed to be Energizer, lithium, something or other. But again, lots of these smart home things are designed for single people living solitary lives. So when I started this, you know, I had an account on my phone and I could see what my smoke alarm was doing. But there was no way to give any of my other family members an account on my smoke alarm so that they could know when the house is burning down, which they might want to know. The only way I could do it was by giving them the same username and password. There's a whole thing. And I do kind of think that lots of these IoT things are designed by bros in Silicon Valley who just live by themselves because no one likes them. And so, you know, it is, you know, unlike with light switch apps, it's quite often, you know, there is one app and, you know, no one else in the house can have it. There's also some really dodgy stuff with this home automation stuff where it starts to get used for domestic abuse as well. So, you know, you can say, well, I'm not going to tell you what the password to the light is. I control the lights in the house and you don't. And that can get very abusive. And I find that very weird and strange. But the thing about the Nest, the reason why I hated it, I was on holiday and I thought I'm just a little paranoid. I'm going to check and see whether my house is burnt down. I don't know what I'm going to do. You know, I'm 100 miles away. Well, am I going to do my house burnt down? So I opened up the app and this is what I saw. To continue using your Nest, you must agree to the terms of service, read the website privacy policy, the cookie policy and the privacy statement. I agree. And, you know, I have bought this stuff. This is my product. I've paid money for it. It's all in my house. And I'm now being told you cannot use this unless you read four legal documents and agree to them. Well, what if I don't agree to them? This thing that I've bought is no longer under my control. And I find that a bit troubling and strange that, you know, we're now trusting companies who may go bust. They may change their privacy policy. I mean, I'll be quite honest. I couldn't be bothered to read four different privacy policies. I just clicked. I agree. I have no idea what I've agreed to. Maybe this now means that Nest can come in and wallpaper my house. I don't know. It would be lovely if they did, but I don't think they will. And it just troubles me and it gets worse and worse. So just give me a cheer if you've got an Alexa or similar smart speaker thing. You fools. Fools. So let's just stick a listening device in our living rooms. Why? Oh, we can order nachos quicker. Hi. We're now entering this really weird phase of human existence where, you know, society hasn't quite caught up with the 20th century. And some of us are living in the 21st century with gadgets. So those of you who've got a smart speaker like this, when you have friends, assuming you have friends, when you have friends who come over to your house, do you say, oh, by the way, there's something which might always be listening to you? Should you? Should you assume that they understand what it is? Do you need a privacy policy when someone comes around for biscuits? Maybe you should. Just click here. I agree on the doorbell to come in. I'm going to build an IoT doorbell, which does that by pressing, yeah. A million-dollar idea. So things like the Echo. One of the reasons I find them a bit troubling. There's many reasons. So one is we are teaching kids that they don't need to say please and thank you to this disembodied robotic female voice. And this robot woman will always do what you say. You don't need to say please and thank you. But there are devices. We've bought them. They're in our houses, but they're not under our control. So I present to you a very interesting case which happened last year in the States. Echo search warrant raises concerns. So this is a very sad story. A guy had some friends around, and one of them was found the next morning face-down drowned in the hot tub. And the police assumed that this was murder or foul play, and as well as searching the house. And you're doing all the normal stuff that police do. They went to Amazon and said, we've got a search warrant for this guy's Alexa. We want every single thing that he said, we want to hear what it was, what happened, any background noises, like that. Is that okay? I don't know if that's okay. I don't know whether, I don't know if that's legal, but I don't know whether it's socially acceptable. I don't know how I feel about something that's in my house and if I make a casual joke about something is now recorded and maybe the police can get to it. Now, Amazon, to their credit, turned around and went, no, no, we're not giving you, we will fight this in court. We want to protect our customers' privacy, which is nice. And it looked like it might go to courts and, you know, I object, overall. And the guy who was, who's Echo this was, who was accused, went, actually no, I'd quite like the police to have it because I believe that my Echo will exonerate me. And how do I feel about having something listening in my home which may prove that I am not guilty of a crime? Now, eventually the case was dropped. The police, I think, realized that the guy had drunk too much and then drowned, but it starts, it sort of rubs me up the wrong way that we have listening devices which may or may not be used against us. And actually it gets worse. They didn't necessarily need the search warrant for the Echo because in a statement another smart device, his water heater points to an exorbitant amount of water being used in the early morning hours what investigators believe was an attempt to cover up a crime. So, you know, if you can take a look at your, if you've got a smart meter, a smart water meter, any of these smart devices which are constantly recording every single minute by minute what's going on in your home, which of those points to you being guilty of something. And it gets worse, it just gets worse and worse. So, I talked about computers that we put our bodies inside. What about the computers we put inside our bodies? Does anyone know what this is an x-ray of? Pace maker. Excellent. Well done. So, this is a science term. It keeps your heart going, basically. And it's a little computer. And that's cool. We've got little computers inside us now. But here's the problem with these things is that they are usually built quite cheaply and the companies which build them don't pay much attention to security. And what we find is that lots of these pacemakers, if you go online, you'll be able to find out what the default password is for them. And it is not a long password. And if you've got a laptop and an antenna shoved into your USB port, you can start reading off pacemaker data from someone. And it gets worse. You can write data to the pacemaker as well. Usually what happens if the heart goes into, I'm not a medical doctor or any sort of doctor, but once the heart goes a bit funny, the pacemaker can give it a little zap of electricity and you're still alive. You could, if you know the default password and you are close enough, reprogram someone's pacemaker so it doesn't provide that jolt of electricity or that it provides too much or something else. And it's really weird that these devices which are inside us are not under our control, but not almost anyone, certainly anyone in this room would be able to go up and literally reprogram your heart. And it gets worse. This is another case. This guy said, I woke up and someone had set fire to my house so I quickly packed my bags, jumped through the window. Oh, it was awful. And the police and fire went, we think you did it. And we're going to subpoena your pacemaker data to find out whether you did it or not, whether your heart activity was consistent with the story that you told us. Now again, I don't necessarily want to get into whether this is legal in this jurisdiction or legal here because I really don't know. But there is a computer inside your body which is not only not under your control, will betray you if asked. It will give up your secrets. And that worries me, you know, because we are seeing more and more people, whether it's cochlear implants or neural implants or heart things or, you know, all sorts of, you know, crazy call. Amazing. No, we're rebuilding humanity. But there's a default password and any hacker on the internet can slurp, you know, what your heart was doing last night. It worries me. It really worries me. And it just gets worse. It gets worse and worse. So this is where we get to the sort of juicy topic of sex. Now we're going to be talking about telly dildonics. Telly from the Greek word meaning distance. Dildonics from the Greek word meaning an offensive slogan painted on the back of a camper van. It was the last one they had. I'm so sorry. So I am not here to kink-shame anyone. I'm here to security shame some people. So this is the We Vibe. This is a vibrator. And it connects to your smartphone via Bluetooth. So far so good. So you can control it from your phone. And you can also set up an account with someone else and they can control your vibrator from their phone while they're in the comfort of their own bus or train seat or wherever they happen to be to control it. Which is fine. That's good. But this uses Bluetooth. And that's not terrifically secure. And what that means is if you know what the default pairing key is of this vibrator, you can just pick up your phone, scan, find them, connect and activate it. You can commit serious sexual assault from your phone via Bluetooth. That's not funny. This is a real problem. The people might be wearing these and thinking that only my trusted partner or myself can use these. But in actual fact, anyone with a Bluetooth phone or a Bluetooth laptop can do it. Now, the other problem with this is that we talked again. So give me a cheer if you've read the privacy policy on your vibrator. Liar. No one does. If people had read the privacy policy on this vibrator, they would have realized that the company which manufactures this takes diagnostic information. And so every time it's used, they get a record of where you were when you used it, how long you used it for, the intensity of the vibrations when you stopped using it. Oh, and your internal body temperature. Did anyone tick the box that says, yes, I can send to my internal body temperature being sent? I don't think so. There's been lawsuits and all sorts over this. And it's worrying. And it's scary. And it gets worse. It gets so much worse. So this is another internet-connected sex toy. And I know what some of you are thinking, mine doesn't look like that. Well, yours doesn't have a camera on the end, whereas this one does. No, listen, what people want to do in the privacy of their own internet connection is their business. But are you ready for your close-up? Now, you cannot stream HD video over Bluetooth. So they've hopefully put a Wi-Fi logo on there. Now Wi-Fi, as we know, has a fantastic range. A couple of hundred meters, if you're lucky, and with good antennas. This does attenuate somewhat if it is surrounded by a body. But you can listen in on this Wi-Fi signal. And again, the company just didn't think of setting a strong password on this. So if you find the MAC address broadcasting while you're in a hotel or in EMF or anyone else, you can take control of this. You can see what someone is doing with this. You can commit sexual voyeurism, again, that's an offence in this country, with a Wi-Fi connection. Because people don't understand what it is that they're buying. They don't understand that when you buy internet-connected things, you are sacrificing a part of your privacy. Unless you are absolutely on top of all of these things and read every single privacy policy, every time they're updated, you could open yourself up to a huge world of pain or embarrassment or blackmail or anything. And it gets worse. It just gets worse and worse. Every time we buy something with an internet connection, it sort of eats away at our privacy a little. And no normal user is reading privacy policies. No normal user is changing their default settings. No normal user is changing their password on their sex toys. It just doesn't happen. It just gets worse and worse. Everything is terrible. Everything is absolutely terrible. And I have no idea as a community how we fix it. Thank you very much. Cheers. I think, yeah, if we use the blue box. If you don't get your question answered, I will be drowning my sorrows in the bar all afternoon, so do come find me. I think there's a question there and then there. Hello? Hello? Yes. So sex toys aside, we're quickly coming to a time when no matter how much money you can spend or are willing to spend, you cannot buy a consumer product, be it a TV, a smart meter, a boiler heater, whatever, that is not horribly, laughably insecure. Do you see this changing in the near future that basically there will be a line of consumer products for people like us who care about this stuff? So for people like us, we can build our own. So I mean, I jail broke those smart cameras so that I had complete control of them. They weren't going to a server, but most people just can't be bothered to do that. There might be a case for a privacy-focused one, but I think it would either be very expensive or in the case of Amazon Echo, they realize that, I think they realize that if they breach their customers' privacy too much, people will abandon them. And I think with laws like GDPR, that's going to make things stronger. But the problem is, as I said, is that when we go to Amazon or Alibaba, we tend to sort by lowest price first, not highest privacy first. So the problem is us as much as it is the manufacturer. So I don't see it improving anytime soon. I'm sorry. Can you hear it? Oh, yeah. In a couple of weeks, it's very possible I am going to become a developer of precisely this kind of kit in a start-up organization of about 10 people where it's painfully obvious that I am the only one who has the vaguest concept of security. Any thoughts on how to educate the highly intelligent, highly motivated people who have no concept of security in the rest of the organization? Yeah. I mean, you should. And, you know, Kudos for you for telling them that. I think one of the things that you can do, especially with founders, is show them the fines which people have been given. So as I said, Vizio in the States, 2.2 million. I think Cloud Pets had a big out, of course. I can't remember. Showing people the money is good. And I think telling people the stories of privacy. And I remember talking to a developer years ago who's saying, but when people get a new app, don't they just automatically flick through all the settings and see what they like? And I had to say, no. Normal people don't do that. What I would recommend is doing user testing. So if you've got an app, for example, go down to a coffee shop, get real users, and, you know, buy them a coffee and say, hey, can you use this app? Tell me what you think. And see how many of them read the privacy policy and I think showing people that there is a monetary problem, there's a society problem, and that their users don't really understand or care. I think that's a good way. But I'm not sure that it's been successful yet. But yeah, do come and chat with me afterwards. Any more for any more? Hi, Terrence. Hello. Are you running a bug bounty on your house? Am I running a bug bounty on your house? A bug bounty on my house. Yes, yes, I am. And you get some delicious home-cooked cookies which unfortunately have been cooked by me and will not be very tasty. But it is very interesting. So I've got Virgin Media at home and they've got their smart hub. And there is no meaningful firewall on that. I think there's a question right at the back there. So it is really hard as a home user to secure your home without buying more and more stuff. I think there's a question there if we've got time for more, and if not, you can buy me a drink. Is this working? Is it all good? I was wondering what you think about this perhaps being a consumer rights issue that our law hasn't really caught up with and thinking back to even what we see with mobile apps where something's gone terribly wrong with the software model that we've got where users are forced to accept upgrades, as you say, to continue to get functionality. And functionality is taken away and things like, think about my Sonos speakers on a monthly basis forced to accept new software. They changed the features. And it's not possible to install an old version of the app. And a good example is the Nest Smoke Alarm. So the original Nest that I've got, it touted a feature that if the alarm was going off and it was a false alarm, you could stand under it and wave and it would switch off. And what they discovered was their firmware was unable to tell the difference between a person waving under their smoke alarm I mean, they're pretty easy to confuse. And so they disabled that functionality. Now I'm kind of glad they did, but that's something they've turned off which I've paid for. At the moment, I don't think there is a consumer rights movement for that and I don't know how we fix that. I think someone at the back had a question. Hello. Hello. Are you as worried about the recording capabilities of mobile phones as you are about Alexa? And if not, why not? So you can usually tell when your phone is recording and when it's transmitting. It's harder with an Alexa. The mode of a smart speaker is that it's always on. You don't have to do that with your phone. I don't use Google Assistant on my phone or Siri or anything like that. But yes, it is entirely possible that those things could be recording and sort of doing stuff. Just while we're getting the next question up, I would love to take a selfie with you all because you're all wonderful. Give a big EMF wave just like that. Consent. Consent? No, it's too late. It's too late. By attending this talk, you give up all rights. Sorry. Sorry. The GDPR does not cover my photos. Yeah. Hi, Zarence. I'm curious what devices you've ended up deciding you're okay with having in your own house. Oh, all of these. Because it's a trade-off. Do I really think that Nest are going to sell my... How often I burn toast to an advertiser? They might, but I run ad blocks. So what do I care? With these cameras, I have rooted them, jailbroken them. I'm confident that I am in control of them. I no longer have the i3, and my new car coming doesn't have a permanent 3G connection, but it still runs Linux. So it's a trade-off, and we all make these trade-offs. It's like, as I was saying, with iPlayer, I'm happy to give up a bit of privacy if they make more good episodes of Doctor Who, because they've seen me rewinding the good ones and watching them again and again. But your trust model, your failure model might be different, and I wouldn't blame anyone who just went, I'm having no part of this, because it can be quite scary. One more. Yeah. Isn't there necessarily a trade-off between usability and privacy or security? Yes, because some people, is there a trade-off between privacy and usability? Because you are going to have to ask users questions. Are you okay with this being stored outside of the EU? Are you okay with us doing face recognition from your smart doorbell? And every time you ask a question, that reduces usability. You shouldn't make users think too much about this, but if you give them too much privacy, maybe the utility of what they have isn't good enough. So I think there is a real tension here. The nest is great in the sense that you just stick it up onto the wall, that's it. There's no real configuration necessary. But that doesn't do much. It just sends you an alert saying your house is on fire. But if you're doing smart doorbells and you want to record people's faces and send them to seven people and talk about... I think that the more interesting a smart home device you have, the more usable it is, then it's going to necessarily be a privacy problem and trying to get people to understand the privacy trade-offs they're making for themselves, their families, for their friends coming round for the postie ringing on the doorbell. That's something that we haven't worked out how to educate people on. Thank you so much for coming to my talk and I shall see you all in the bar. Cheers.