best idea at #MozAloha from @lime124:
Consumer reports like #IoT device directory with security, privacy, data ownership details, technically accurate information beyond the usual manufacturer & feature sets, like (we brainstormed a bit):
* interoperability level, from none (100% proprietary) to moderate (with a few companies) to what standards it supports
* who owns the data gathered by the device (ToS etc.)
* where is the data stored (on device, local network, cloud, etc.)
* is the data encrypted where it is stored
* when was it introduced
* any recalls or when withdrawn from the market
* date of last software update
* how to patch the device yourself, e.g. with open source
* any known compromises (theoretical, shown in a lab, in the wild)
* ever used in an attack, e.g. a DDoS
* how easily can it be disconnected from the internet
* how to physically disable its internet connectivity
* can it perform its primary function while offline
* what is its offline behavior
* additional benefits it has from being connected to the internet
* or what functionality do you lose if you disconnect it
* potential harms if it is compromised
* can it surveil you, if so, what kinds of sensors
* what data about you would be compromised
* how much energy could it consume
* any other criticisms or dangers reported in technical reviews
There is no such directory of internet of things / web of things devices like this out there as far as I can tell from a bit of searching.
It would be possible to start such a directory perhaps with a domain, MediaWiki, and some templates for the above details per device, citing specific technical review articles or security reports for each detail. Having it be crowd sourced (like Wikipedia) would help it stay up to date.
Closest thing I found was a directory of IoT manufacturers and service providers: iot-directory.com
But a directory of devices in particular is what is needed with such details per device to help users make more informed purchase decisions, assess risks better, and perhaps even know when to dispose of a device (e.g. when it has known vulnerabilities and there are no more software updates).