Privacy Leakage in Smart Homes and Its Mitigation: IFTTT as a Case Study

The combination of smart home platforms and automation apps introduce many conveniences to smart home users. However, this also brings the potential of privacy leakage. If a smart home platform is permitted to collect all the events of a user day and night, then the platform will learn the behavior patterns of this user before long. In this paper, we investigate how IFTTT, one of the most popular smart home platforms, has the capability of monitoring the daily life of a user in a variety of ways that are hardly noticeable. Moreover, we propose multiple ideas for mitigating privacy leakages, which all together form a Filter-and-Fuzz (F&F) process: first, it filters out events unneeded by the IFTTT platform. Then, it fuzzifies the values and frequencies of the remaining events. We evaluate the F&F process and the results show that the proposed solution makes the IFTTT unable to recognize any of the user's behavior patterns.