You are being invited to take part in a research study. Before you decide to participate, it is important that you understand why the research is being done and what it will involve.
Please take the time to read the following information carefully, and ask the researchers if there is anything that is not clear or if you need more information.
Title of Research: IoT Inspector: Identifying Privacy, Security, and Performance Risks of Consumer IoT Devices
Nick Feamster, Professor (firstname.lastname@example.org)
Danny Yuxing Huang, PhD (email@example.com)
Principal Investigators' Department: Computer Science
Many people use smart-home devices, also known as the Internet-of-Things (IoT), in their daily lives, ranging from bulbs, plugs, and sensors, to TVs and kitchen appliances. To a large extent, these devices enrich the lives of many users. At the same time, they may bring negative impact to their owners.
Our goal is to measure and visualize these risks, both for research and for the user. To this end, we release IoT Inspector, an open-source software that you can download to inspect your home network and identify any privacy, security, and performance problems associated with your IoT devices.
IoT Inspector is a Windows/Linux/Mac application that you can run on laptops, desktops, but not tablets or smartphones. By using a technique known as “ARP spoofing,” this software monitors network activities of all IoT devices connected to the home network (e.g., your “smart” appliances). It collects and shows you the following information:
IoT Inspector collects and sends the information above to the Principal Investigators only when it is running — until the user terminates or uninstalls IoT Inspector.
Note that IoT Inspector does not collect the following information:
Also note that IoT Inspector is not intended to replace existing security software packages on the your system, such as Avast, McAfee, or Windows Defender. You are still strongly recommended to engage in secure computing practices, e.g., running regular system updates, not reusing passwords, enabling firewalls, and running well-known security software.
IoT Inspector aims to provide you with transparency into your IoT devices, e.g.,
Aside from offering the above benefits, IoT Inspector also collects confidential data that helps us with IoT research, specifically, measuring and mitigating the security, privacy, and performance problems of IoT devices. For more information about our research, visit https://iotinspector.org/.
For each IoT device on your network, IoT Inspector will collect the following information and sends it to our secure server at Princeton University:
Note that IoT Inspector will collect the traffic of all IoT devices connected to your home network while IoT Inspector is in operation. Examples of IoT devices that IoT Inspector can analyze include (but not limited to): Google Home, Amazon Echo, security cameras, smart TVs, and smart plugs. Computers, tablets, or phones will be automatically excluded. You can also manually exclude devices by either powering them down while setting up IoT Inspector, or specifying their MAC addresses.
If you do not want IoT Inspector to collect data from a particular IoT device (e.g., because it collects sensitive medical information), please disconnect it from the network now, before you start running IoT Inspector. If you are unable to disconnect it (e.g., because you need to keep the device running, or because you do not know how to disconnect it), you cannot use IoT Inspector.
As a result of our privacy and security practices, no one has access to the collected data except us. Even so, we are unable to infer what IoT devices you own, and what you do with your devices.
Performance degradation: Running IoT Inspector may reduce your network performance. If you are doing latency-sensitive activities, such as playing video games or holding video chats, we recommend that you turn off IoT Inspector. Furthermore, IoT Inspector is experimental software is provided “as is;” we have not comprehensively tested IoT Inspector on all IoT devices or with all possible configurations. As a result, it may fail to work and disconnect your home devices. In this case, simply turning off IoT Inspector and rebooting your home router would likely solve the issues. If you have any critical medical devices, for instance, we suggest you exclude such devices from IoT Inspector or withdrawl from the study.
Data breach: In the unlikely event that our secure server is compromised, an attacker will have access to this form and the collected data. However, the attacker will be unable to infer what IoT devices you own, and what you do with your devices.
Best-effort support: We will regularly maintain and update the software (e.g., fixing bugs) whenever necessary. In case of questions, we try our best to respond to email inquiries within 24 hours during weekdays. However, we do not guarantee long-terms support of the software. Also, we do not guarantee we will answer everyone’s questions if our capacity reaches a certain limit. In the event that IoT Inspector disrupts the normal functionality of your network, simply turn off IoT Inspector.
Principal Investigator: Nick Feamster, Professor
Department of Computer Science
35 Olden St, Princeton, NJ 08544
If you have questions regarding your rights as a research subject, or if problems arise which you do not feel you can discuss with the Investigator, please contact the Institutional Review Board at:
Assistant Director, Research Integrity and Assurance
Phone: +1 (609) 258-8543
I understand the information that was presented and that: