Now, I'm not going to say this is great, but honestly it seems pretty close to a "who cares?" situation.
We are talking about a device with no internet connection that can only be accessed by someone in the same proximity to yourself.
Perhaps don't buy this watch if you live in a crowded location and take public transport a lot. For everyone else, seems really unlikely that the people you interact with will have setup a malicious attack for your watch brand. I don't think wardriving smart watches is a thing.
I'd only suggest that if the watch supports putting a credit card on it that you rethink doing that.
GJim 29 days ago [-]
> who cares
I hear this a lot.
Yet those same people suddenly do care when their personal information (or that of their wife/girlfriend/child) ends up all over the internet.
cogman10 29 days ago [-]
The extent of the personal data is what you put on the watch.
Anonymous heart rate data simply isn't interesting to anyone. You won't find any dark net health statistics.
microtherion 29 days ago [-]
ApplePay is a major use case for my Apple Watches. Don't Android watches use the Google equivalent, however that is branded at the moment?
Another use case is using the watch to unlock other devices. That also seems security sensitive.
And some people may be uncomfortable about the health data that could be extracted from such a watch.
cogman10 29 days ago [-]
> I'd only suggest that if the watch supports putting a credit card on it that you rethink doing that.
I'm not giving these watches a ringing endorsement. I wouldn't buy or wear one.
I'm just saying the authentication system isn't super dire.
asynchronousx 30 days ago [-]
Great writeup, didn’t expect “bad authentication” to actually be zero authentication, that’s absurd.
throitallaway 30 days ago [-]
I get a little nervous about my Pixel watch. None of those watches have been updated since November and there are likely some juicy CVEs hanging out on them.
What‘s wrong with Connect from your perspective? My only concern with it is that it’s slow
cge 30 days ago [-]
One problem with it is it requires a constant network connection for everything, which is baffling for software designed for devices where major intended uses involve being in situations with poor or no network connection.
barbazoo 30 days ago [-]
Do you need Connect to use the device though? I was under the impression Connect is used for sync.
saltcured 30 days ago [-]
You can't do things like sync the watch to the phone and look at visualizations on the bigger phone screen while you're offline.
It's weird how much they still maintain a difference between a "fitness" watch and an "outdoors" watch and the supporting software.
It's the silly bifurcation between Garmin Connect and Garmin Explore software and online service worlds. It seems like an arbitrary accident of corporate history and leaky abstractions.
m463 30 days ago [-]
I would love to be able to update firmware on my garmin watch, but I think that's all tied up in connect (which I don't use) somehow.
arijun 30 days ago [-]
I wish there was a concept of paid expert reviews on Amazon/everywhere. A general review system works well (ignoring review gaming) when your concern is "Does this shirt fit?" or "What's the build quality?", but fails when one expert review of "This device is fundamentally unsound," gets drowned out by reviews on the more easily testable aspects ("The band is really comfortable!").
A great example would be when Benson Leung was testing USB-C cables on Amazon to see which were standards compliant.
michaelt 30 days ago [-]
I considered doing this once, a few years ago, but I couldn't figure out a way to make it work.
It's pretty frustrating that when you're shopping for a laptop, nobody can tell you it'll suspend properly under Linux. Or when you're shopping for a bike light nobody can tell you whether over the summer it'll self-discharge to the point it bricks itself due to cell imbalance. Or when you're shopping for a microsd card, nobody can tell you.... you get the picture.
But to produce honest reviews, I couldn't accept free review units, kickbacks or affiliate money. And people shopping for laptops and bike lights don't need a $$$-per-month subscription to my newsletter/channel/patreon, they just need a few yes-or-no answers.
And there's a huge amount of churn in products on sites like Amazon; you wouldn't just pay for 40 bike lights, review them all, and solve the problem forever. Different models and brands appear all the time.
And even then, just because when I reviewed that microsd card and found it had great performance, nothing stops the manufacturer substituting cheaper components later on, without changing the part number; it's not like there was a specification promising the performance I observed in my review.
mansandersson 30 days ago [-]
I get your point. But ever so often you stumble upon someone actually doing exactly that within their particular interest domain, such as the guy in Netherlands who buys and tests bike lights
In my experience too when posting a negative review it can get removed (this was about replacement batteries for lenovo laptops).
fph 30 days ago [-]
We need to use Unicode steganography to hide the message "this smartwatch sucks" into an innocent-looking review.
redleader55 30 days ago [-]
Apparently something similar is used by Chinese customers reviewing restaurants. They would make a food sign from food pieces that spells "crap food" in slang, but otherwise leave a stellar review for the restaurant.
barbazoo 30 days ago [-]
It sounds like they're hesitant to leave a bad review, why is that?
scblock 30 days ago [-]
How does this help anyone?
gr3ml1n 30 days ago [-]
The suggestion is that negative reviews are suppressed. Communicating a negative review through a facially positive review would help avoid that.
6LLvveMx2koXfwn 30 days ago [-]
But this is a negative review that is literally not hidden, to the extent that it is being discussed openly on a site about a completely unrelated topic.
30 days ago [-]
DecentShoes 30 days ago [-]
I had a review removed on Amazon for mentioning that the company bribed me for a fake positive review.
WorldMaker 30 days ago [-]
Find a business model for Consumer Reports that better fits this century and add things that should be obvious like "Search by ASIN" to their website?
Seconding this, Project Farm absolutely rules. I’m not the target demographic for probably half the stuff he reviews but I’m always impressed with his videos.
That said I’m a little curious if any kind of Gell-Mann effect is going on since he never reviews products that I already have extensive experience with. I’m wondering if anyone has watched any of his reviews and came away feeling like he did a really poor job.
HnUser12 30 days ago [-]
Isn’t amazon vine paid review?
CrazyStat 30 days ago [-]
Vine is compensated with free products to review, but I don’t think they’re paid beyond that.
We are talking about a device with no internet connection that can only be accessed by someone in the same proximity to yourself.
Perhaps don't buy this watch if you live in a crowded location and take public transport a lot. For everyone else, seems really unlikely that the people you interact with will have setup a malicious attack for your watch brand. I don't think wardriving smart watches is a thing.
I'd only suggest that if the watch supports putting a credit card on it that you rethink doing that.
I hear this a lot.
Yet those same people suddenly do care when their personal information (or that of their wife/girlfriend/child) ends up all over the internet.
Anonymous heart rate data simply isn't interesting to anyone. You won't find any dark net health statistics.
Another use case is using the watch to unlock other devices. That also seems security sensitive.
And some people may be uncomfortable about the health data that could be extracted from such a watch.
I'm not giving these watches a ringing endorsement. I wouldn't buy or wear one.
I'm just saying the authentication system isn't super dire.
https://developers.google.com/android/ota-watch
"I can't access my todo list because azure is down"
We should go back to analog. We're wasting our time.
[1] https://gadgetbridge.org/gadgets/wearables/garmin/
It's weird how much they still maintain a difference between a "fitness" watch and an "outdoors" watch and the supporting software.
It's the silly bifurcation between Garmin Connect and Garmin Explore software and online service worlds. It seems like an arbitrary accident of corporate history and leaky abstractions.
A great example would be when Benson Leung was testing USB-C cables on Amazon to see which were standards compliant.
It's pretty frustrating that when you're shopping for a laptop, nobody can tell you it'll suspend properly under Linux. Or when you're shopping for a bike light nobody can tell you whether over the summer it'll self-discharge to the point it bricks itself due to cell imbalance. Or when you're shopping for a microsd card, nobody can tell you.... you get the picture.
But to produce honest reviews, I couldn't accept free review units, kickbacks or affiliate money. And people shopping for laptops and bike lights don't need a $$$-per-month subscription to my newsletter/channel/patreon, they just need a few yes-or-no answers.
And there's a huge amount of churn in products on sites like Amazon; you wouldn't just pay for 40 bike lights, review them all, and solve the problem forever. Different models and brands appear all the time.
And even then, just because when I reviewed that microsd card and found it had great performance, nothing stops the manufacturer substituting cheaper components later on, without changing the part number; it's not like there was a specification promising the performance I observed in my review.
https://swhs.home.xs4all.nl/fiets/tests/verlichting/index_en...
That said I’m a little curious if any kind of Gell-Mann effect is going on since he never reviews products that I already have extensive experience with. I’m wondering if anyone has watched any of his reviews and came away feeling like he did a really poor job.
They are also not experts, generally.