Most developers I know have locked-down laptops — password managers, 2FA everywhere, encrypted drives. Then they go home and have a robot vacuum with a cloud-synced floor plan of their apartment, a smart TV that screenshots their screen every few minutes, and a doorbell camera on default settings.
The home network is the gap. Here's a device-by-device audit you can run in 30 minutes, with the specific settings to change on each platform.
The Problem: Smart Home Defaults Are Set for Data Collection, Not Privacy
Every smart home device ships with a companion app and a terms of service most people skip. The defaults in those apps are almost universally set to maximize data collection — because that data has value to manufacturers, advertisers, and in some cases, third-party brokers.
A few concrete examples before we get into the audit:
- Smart TVs use ACR (Automatic Content Recognition) to take screenshots of whatever is on screen — including HDMI input from game consoles or set-top boxes — and send them to the manufacturer for ad targeting.
- iRobot Roomba (now owned by Amazon) floor maps can be accessed within the Amazon ecosystem. In 2022, images captured during cleaning were found to have been used in AI training datasets.
- Amazon Ring previously allowed law enforcement to request footage directly from Amazon servers, bypassing homeowners. This practice ended after a 2023 FTC settlement that resulted in a $5.8 million fine.
None of this is hidden — it's in the privacy policies. But defaults being what they are, most users never change them.
Device-by-Device Audit Checklist
Smart TV — Disable ACR
ACR is the big one. Here's where to find it by brand:
| Brand | Path |
|---|---|
| Samsung | Settings → Support → Terms & Privacy → Viewing Information Services → Off |
| LG | Settings → All Settings → General → About This TV → User Agreements → disable "Personalized Advertising" |
| Vizio | Settings → System → Reset & Admin → Viewing Data → Off |
| Sony (Google TV) | Settings → Privacy → Ads → Opt out of Ads Personalization |
While you're in there: disable the microphone if you don't use voice commands. It's usually under Settings → General → Voice or Smart Features.
Robot Vacuum — Delete Maps, Review Sharing
- Open the companion app (iRobot Home, Roborock, Ecovacs Home, etc.)
- Navigate to Privacy or Account Settings
- Delete saved maps
- Opt out of data sharing / analytics
- Check if your model supports local-only map processing — some Roborock models do
If you're using a Roomba and have it linked to Alexa, be aware that map data flows into the Amazon ecosystem. You can limit this by removing the Alexa skill and keeping accounts unlinked.
Doorbell / Security Cameras — Review Cloud Storage and Law Enforcement Policy
The two things to check:
Cloud storage scope: Most cameras upload continuously. Review whether you're on a plan that stores footage on the company's servers indefinitely, and whether you can switch to local storage (NAS, SD card) for sensitive areas.
Law enforcement policy: Ring, Nest, Arlo, and most major brands publish transparency reports. Look up your brand's policy on government data requests. Since the Ring FTC settlement, consent is nominally required — but warrant-based access still applies.
Facial recognition: If your camera offered this as a feature (Google Nest Aware had it; Ring has offered versions of it), check if it's enabled and consider disabling it.
Home Network — Isolate Your IoT Devices
This is the most impactful single change you can make from a security standpoint.
Most consumer routers support a guest network. Put all your smart home devices on it. This means:
- A compromised IoT device can't pivot to your laptops or NAS
- Cross-device data correlation between your phone and your vacuum is broken at the network layer
- You can monitor IoT traffic separately
If you want more visibility, Fing (free tier) gives you a device inventory and flags unusual traffic patterns without requiring router-level config changes.
Phone App Permissions — Revoke What Isn't Needed
Smart home apps accumulate permissions over time. Audit them:
iOS: Settings → Privacy & Security → review Microphone, Camera, Location, Contacts
Android: Settings → Privacy → Permission Manager → review by permission type
General rule: a smart bulb app has no legitimate reason to access your microphone. A robot vacuum app doesn't need your contacts. Location access should be "While Using" at most, not "Always."
The Longer-Term Fix: Matter Protocol
The industry is slowly moving toward Matter — an open smart home standard backed by Apple, Google, Amazon, and Samsung. The key privacy advantage: Matter-compatible devices can operate locally on your home network without cloud dependency for basic functions.
Local processing means less data leaving your network by default. It's not a complete privacy solution, but it's a meaningful architectural improvement over the current cloud-first model.
When you're next replacing a device, filtering for Matter compatibility is worth adding to your checklist.
Summary Table
| Device | Time | Key Action |
|---|---|---|
| Smart TV | 5 min | Disable ACR, turn off microphone |
| Robot Vacuum | 5 min | Delete maps, review data sharing |
| Cameras | 10 min | Review cloud storage, disable facial recognition |
| Home Network | 5 min | Move IoT to guest network |
| Phone Apps | 5 min | Revoke microphone, location, contacts |
The defaults on every one of these devices were chosen by the manufacturer. Spending 30 minutes changing them is the most direct form of control you have over what your home network is actually doing.
Full version with more detail on each step: lucas8.com/smart-home-privacy-audit-guide
Top comments (0)