undefined | Better HN

0 pointsPerseids1mo ago0 comments

All of their issues are self-inflicted. What benefit is there to their cloud backend except getting around the home NAT? If you want to build your IoT product privacy-friendly, your cloud offering can be reduced to a STUN/rendezvous server and a proxy server as fallback [1]. Ship your devices with individual tokens to rate limit the proxy, have the STUN/rendezvous/proxy server address configurable and publish their source code for users to not be dependent on your continuous operation.

You can even go so far and have a public sub domain for each devices ( serialnumber.manufacturer.com ) which you only operate as a dumb proxy so that even the TLS certificates are negotiated end-to-end between the IoT device and Let's Encrypt. (The devices connect to your backend via Wireguard and you rate limit with their device individual key, whose public key you read out during the end-of-line production step.)

Hell, with today's browser heavy applications you can even run the whole slicer in the browser. Let the app be distributed via CDN so the code does not need to go through the proxy.

[1] In the case of non-battery operated and always or mostly on devices, like 3d printers at least.

0 comments

1 comments · 1 top-level

odo12421mo ago

Honestly, a lot of devices that use cloud apps for things could be improved both for the customer and manufacturer by using a "STUN/TURN" style proxy for the cloud service rather than forcing all data to go through a cloud service (to add to the other advantages, you don't need as many developers on the cloud side). But nobody in the engineering departments of these companies seem to be willing to touch WebRTC with a nine-foot pole lol

j / k navigate · click thread line to collapse