There’s been a lot of noise in the popular technology press around the recent unfortunate hack of a Wired contributor’s digital life, which saw his iPhone wiped, his iPad wiped, his MacBook wiped, his gMail account wiped…  All to get at his Twitter account.

It all started from Apple allowing a me.com email address to be reset with practically no security required: just card billing address and the last 4 digits…  Just think how many accounts you’ve created on the web that show that information.  Amazon shows the last 4 digits of a payment card, as do the majority.

Still feeling smug?  It’s a chilling reminder to all of us that:

• We need to use better passwords, and not recycle stuff
• Social engineering renders passwords obsolete
• The cloud is not suitable to be your only storage
• Passwords are really not suitable as a security mechanism any more

On the back of this, many articles have said “TURN ON TWO FACTOR AUTHENTICATION”, sometimes in caps, for GMail.  There’s even been education as to what 2FA is, which is good.

But for clarity, 2FA is using 2 factors of security: those factors are, “what you know, what you have, what you are”.

GMail 2FA security, when using the web and when turned on, relies on you giving Google your mobile number, and them sending you an SMS when you want to log in.  You then enter the SMS, and you’re in.

SMS costs money: why are Google giving this away for free?  Could it be that they’ve now added a phone number to your profile, making you more attractive to advertisers?  Or is it out of the goodness of their heart?

And what about applications?  I collect mail from offline clients, as I’m not always connected to the net/cloud/whatever.  I also like a backup that I’m in control of.

GMail allows you to enable two factor authentication using application access (for POP/IMAP access, calendar access, Google Drive access) by setting up application specific passwords.  These are passwords that are not intended for humans so are long, complex and nigh on impossible to remember.

But it’s a password.  And if it’s compromised, it’s compromised anywhere but only for that application.

And a happy ending for Mat: he got his most precious data back… for $1700

For quite a few years, the concept of putting domestic appliances on the internet has been something talked about, and that a few have hacked at, but there was never really a big push to make consumer products internet enabled.  Sure, there’s been a few notable exceptions, especially around the PVR world, and there’s many competing, conflicting and downright difficult-to-use home automation products, but nothing has really got people’s attention in day to day life.

Nest came along in 2010, founded by 2 senior Apple engineers.  They take “the unloved products around your home and make simple, thoughtful, beautiful things”, and so far this has led to a connected smoke alarm and thermostat.  And an infrastructure to connect your home to your devices, seamlessly, simply.  And apps to control and inform.  And people, and the media, noticed.  And they have delivered product and service.  This is good.

A lot of clever people have joined Nest because of their absolute focus on making stuff better, making technology disappear and just work – like the iPod did.  This is making fairly advanced technology part of the day to day for the masses and Nest seem to be on a roll.  There’s even a beta SDK to connect your apps to Nest devices

So why did Google want to buy them, and for $3.2Bn in cash?  I’d say it’s definitely not for the products, which have shipped but in relatively low numbers.  The intellectual property is interesting, for sure, but the humans behind it are even more interesting to the big G, in my view.  What’s more, there’s the infrastructure, SDK, apps – or put another way, a total platform – which ends up in people’s pockets and people’s houses.

Think what Google knows, especially if you have a GPS enabled Android device.  Think what Google Now does, which is anticipate your needs before you realise them.  Now to that mix add a connection into your house. If you’re taking a trip, they could automatically turn down your heating.  As you approach home, and you hit the point where it’ll take as long for you to get home as it does for your house to heat up, your heating system could fire automatically.  Say you’ve got a relative visiting who has their nest set warmer, your system could automatically turn up the level.

Google already knows where you are, but it doesn’t know how much fuel you use, or how many times you burn the toast.  Arguably, that doesn’t matter.

I think it’s the platform that Google have bought, along with engineers in the Jobsian mindset of making sure something is absolutely the best it can be at achieving its purpose.  Coupled with home automation and the realisation of the internet of things, it makes sense.

But this will come at a price.  Every connected device is another little bit of privacy given up for what purpose?  Ultimately, Google is an advertising company, existing to help others sell you stuff.  I already worry about the data they have around me and my family, and adding this next level of my home into it is not a happy thought.

Even if it’s not Google, what will the Internet of Things mean to privacy?  We’re giving over data for convenience again…

I recently watched Wall-E again, where one company grew from making Yoghurts to controlling the world…  We’re going towards that world, with Google being the wannabe evil empire.  What astonishes me is that Google themselves recognise this, and appear to be quite happy with the moniker, even naming one of their shell companies “by and large“