WebThings: IoT + Privacy
Philippe Coval <purl.org/rzr> #LEE 2020
$ whois Phil Coval
- Professional OpenSource Engineer:
- Tizen (Intel), Yocto, IoTivity (Samsung OSG)
- Contributor, Mozilla Rep, Debian, Qt, NuttX…
- Contact: https://purl.org/rzr
- Currently available for cooperation
- I am based in Rennes France
- Link me on Fediverse or @RzrFreeFr
- Presentations, Videos, Social
- Interests: FLOSS Community, IoT, 3D/XR…
IoT from past…
- UX: finger coke@cs.cmu.edu
IoT to present
- From promises to reality:
- Interoperability vs Silos ?
- Security vs Privacy ?
- Home's devices are controlled
- by cloud operator
- mobile apps provided to consumers
Open questions ?
- How strategic is your:
- Home/family/health/data/life… ?
- Gain vs loss ?
- Who to trust or delegate to ?
- Data harvesting / brokers or leakage ?
- Cost and reliability of infrastructure ?
- Is regulation or "Cybersecurity" enough ?
- What about resilience or sovereignty ?
- Tech vs culture ? Choice is yours
Ethical considerations
- GDPR Article 25 conveys the key principles
- privacy by design (& by default)
- Opportunity for FLOSS projects:
- Privacy is part of community's DNA
- Challenge: IoT with privacy
- User and user's data centric
- Decentralized and resilient
Privacy By Design Principles
- Proactive not reactive; preventive not remedial
- Privacy as the default
- Privacy embedded into design
- Full functionality – positive-sum, not zero-sum
- End-to-end security – full lifecycle protection
- Visibility and transparency – keep it open
- Respect for user privacy – keep it user-centric
- https://wikipedia.org/wiki/Privacy_by_design
Web as a platform
- Designed for Interoperability
- Built on Standards and FLOSS
- Decentralized (as Internet)
- Trusted runtime (Isolation in browser)
- Hardware agnostic
- Rich UI/UX, Progressive web apps (Mobile)
- Programmable: REST API, WebSockets (RT)
Web Of Things (WoT)
- W3C's Working group
- Standards for devices on the WWW
- Reuse Web tech for IoT:
- JSON, REST, WS, Semantics
- Reuse Web tech for IoT:
- WoT Thing Description
- Recommended since 2020
- https://www.w3.org/WoT/
- FLOSS: Mozilla's WebThings
WebThings
- Smart-home platform born in Mozilla ET lab
- with privacy by design
- Simplified Things Description (W3C/WoT)
- Framework to build "native webthings"
- Gateway software
- Connect all webthings devices in LAN
- 1.0 release for EoY 2020
WebThings gateway
- Web Application + headless server
- Stay and run in LAN
- Easy to deploy on GNU/Linux
- Raspberry Pi: dump and boot SD card
- Other SBC supported, Deb/RPM or Docker
- Connect all "native webthings" together
- Gives control back to users
- UI to control/automation from browser
- More features: logs
- Support addons to connect more devices
WebThings ❤ Privacy
- Everything runs in home's network
- Discovery using mDNS
- Devices can be shared to other apps:
- using REST+WS with JSON Web Tokens
- Security is handled by gateway:
- Gateway run in user's LAN
- Data stay at the edge, no cloud!
- Remote access is possible using tunnel
WebThings REST API
git clone https://github.com/WebThingsIo/webthing-node
cd webthing-node && node install
node example/simplest-thing.js
$ curl -s http://localhost:8888/
{ ...
"@context": "https://iot.mozilla.org/schemas",
"@type": ["OnOffSwitch"] // capability
"properties": {
"on": { ...
"type": "boolean",
$ curl -s http://localhost:8888/properties/on
{"on":true}
$ curl -H "Content-Type: application/json" \
-X PUT --data '{"on":false}' \
http://localhost:8888/properties/on
Addons (130+)
- Virtual things (simulated on gateway)
- URL Adapter (Native)
- DiY devices built with webthings libs
- Other device/protocols adapters
- to map smart devices as webthings
- eg: Zigbee, ZWave, BT, ONVIF camera…
- And beyond (Local / Online Services):
- Gateway hosted things (ie: IO/Sensors)
- Social: ActivityPub, Email, OpenSenseMap
- Logic, Calendar, Voice (deepspeech)…
ActivityPub Adapter
WebThings community
- Join community:
- Over 130 Community's addons
- Devices, Services, Protocols
- + Related experiments
- WebOfTwins (XR), MicroBlocks
Sensehat webthings
Summary
- Privacy relies on trust of infrastructure
- The WWW is decentralized and extensible
- WebThings SmartHome platform
- can connect homes devices in safe way
- easy to interact with and automate
- extensible with addons (online services)
- WebThings API is simple and flexible:
- WebOfTwins, Microblocks, VR, Hubs…
Q&A or extra demos ?
- Thanks: #LEE , @MozillaReps/@WebThingsIO
- License: CC-BY-SA-4.0 @ https://purl.org/rzr/
Mozilla hubs w/ IoT
IoTivity PoC
Web Of Twins Robot
Sensor and Actuators
Resources and more:
Video Playback
More
Playlist
WebThings: IoT + Privacy Philippe Coval <purl.org/rzr> #LEE 2020