Get ready to spend. The way we buy home improvement is changing

How did you buy your last thermostat? What about your last door lock? If you don’t know, the odds are that’s about to change. If you do know, the odds are you purchased a connected device in the not too distant past. And as more people embrace the smart home, spending patterns on a whole new class of products is about to shift.

Consumers used to buy a new lock when their old one broke, when they moved into a new place, or maybe during an overall remodel. A new water heater or light switch was the same kind of purchase; not often. A thermostat was likely bought from an HVAC technician as part of a repair or picked up after a repair or energy audit at a home improvement store. But as devices get smarter, consumers are buying them differently.

“The new features we’re adding to traditional home devices changes the way the consumer shops and that changes where they buy it,” said Stuart Lombard, the Co-CEO of Ecobee, a smart thermostat maker. Lombard was in Austin, Texas on Tuesday at an event where we chatted about the company’s new retail shift. He said since the launch of Ecobee’s retail channel in November about 30 percent of its sales are from stores such as Apple, Amazon or other places outside of the traditional HVAC retailers that used to be the primary way consumers purchased the company’s devices.

The new Home Depot thermostat aisle (Ecobee is on the far right.)

The new Home Depot thermostat aisle (Ecobee is on the far right.)

As of Monday, Ecobee is part of the newly revamped thermostat aisle in 70 Home Depot stores, and it expanding its devices to all 800 Best Buy stores by the end of April. This is a pretty big opportunity for the thermostat, which had been sold in Apple stores and on Amazon since November. Lombard isn’t the only executive I’ve spoken to that is noticing the shift.

In a conversation with Mike Watson, the VP of Product Strategy with Cree, a maker of LED light bulbs, after the company had just launched a connected $15 light bulb, I asked about the longevity of LED bulbs and whether or not that would be a problem for consumers wanting to replace them with newer connected versions. He didn’t foresee an issue, saying that he expected people to upgrade when they saw new features worth upgrading for.

As someone who actually has a box of used incandescent bulbs from my various LED upgrades that I use to replace my dumb lights when they burn out, and who views forced obsolescence as both an insult to my budget and the environment, the idea of changing the way we purchase and possibly upgrade our home’s fixtures worries me a bit. By making them smart we may possibly be making them less fixed.

When it comes to smart home security, cameras are the worst

Don’t freak out, but the products inside your smart home have some serious security flaws, according to a new report out from enterprise security research firm Synack. The company tested 16 popular devices over the holidays and determined that connected cameras were the least secure. Products ranging from the SmartThings hub to the Nest and Lyric thermostats also had some problems.

Colby Moore, a security research analyst who compiled the report, said it took him about 20 minutes to break into each of the assorted devices and he only found one — the Kidde smoke detector — that didn’t have any significant flaws. But the Kidde isn’t actually connected. Before we break down each device’s big problems, the macro picture from the report was that there are no real standards in the connected home security space, and perhaps we should come up with some.

“Right now the internet of things is like computer security was in the nineties, when everything was new and no one had any security standards or any way to monitor their devices for security,” said Moore.

The Withings Home camera

The Withings Home camera

In general Moore suggests the following as basic best practices, even though he concedes that some users won’t like them:

  • Hardwire as many devices as possible. And when devices are wireless, make sure they have push notifications to the user when they are kicked offline.
  • Firmware updates should happen automatically, especially those dealing with security flaws and vulnerabilities. Don’t wait for the user to push them through.
  • Require strong passwords. Make sure they have combinations of numbers, special characters and letters and are more than 12 characters.
  • Send all the data to the cloud using a secured connection. Don’t store it on the device, which can be hacked.
  • If you are going to use SSL, check certificates at both ends. Apparently, some devices do not.
  • Use SSL pinning so your device is authenticated, as opposed to the network the device is on.

Some of these may be controversial. For example, stronger passwords can be a pain to enter on devices with tiny screens and no keyboards. Another issue is hardwiring everything. Wireless devices are simply more convenient and wireless connectivity is often a reason people buy a certain product over another. Finally, storing all of your data in the cloud might be more secure, but it’s only as secure as your cloud vendor. If the vendor get hacked, there go your data and your camera images.

Moore concedes these points, but says that even understanding these tradeoffs would help. I agree. It’s one thing to trust my camera data to Nest or Amazon, but another to trust it to a startup that just launched three months ago (although it’s highly likely that its cloud back-end is Amazon Web Services). So what about the specific devices?

Synack looked at four classes: cameras, thermostats, smart hubs and smoke detectors. It found the most flaws in the camera class, with Dropcam being the most secure.
camerassynack

In thermostats, Nest once again was the most secure, but most were dinged for their password policies. This is understandable, because most thermostats don’t have keyboards, making it tough to enter a password on the device itself.

thermostastssynack

When it comes to smoke detectors we see Kidde, the only device that got a perfect score from a security perspective, in part because it’s not connected. Why it’s on this report, I don’t know. There’s also the first mention of a supply chain–based attack, which is worth noting, because it means that someone would have to intercept the device and change a component. This isn’t specific to just smoke detectors, but any connected product. I thought this was tenuous, but Moore pointed out that we could see more of it in the future and that it really just took a bit more long-range planning. It could also be seen more in returned or second-hand devices.

co2synack

Finally we see his results from testing home automation hubs. While the Revolv isn’t sold anymore because Nest purchased the company for the engineers, the others are on the market.

hubsynack

While this report covers the devices themselves, I’d like more insight into how we secure the future, when we start linking these devices together. I tie many services together via Works with Nest, If This Then That and many other services, and suspect others will soon do the same. And while individual devices may get more secure, once they start sharing data between clouds, that introduces new weaknesses that this report doesn’t even get into. When asked about security in the smart home today, Moore said, “Security is abysmal.”

So, let’s work on that, but let’s think about how we’re planning for tomorrow, too.

Updated: This story was updated at 3:06pm PT to clarify that the Kidde smoke detector isn’t connected.

Surveys say: It takes two years to recoup the cost of a Nest

If you’re thinking about paying $250 for the Nest thermostat, know that the resplendent regulator saves customers average of $131-$145 a year, according to a series of studies done by Nest and two other organizations. The studies were performed by Nest in 41 states with 1,500 users, by the Energy Trust of Oregon and by Vectren, a utility company based in Indiana covering 600 homes.

Each study was a bit different, but in general they found that customers saved 10 percent to 12 percent on their heating bills and 15 percent on their cooling bills. Previously Nest has gone with the standard guesstimate published by many thermostat providers and the EPA, which was that a properly programmed thermostat could save a consumer 20 percent on their energy bills.

As someone who works from home and thus doesn’t get to take advantage of the away setting, I can certainly say that installing a Nest (nor an Ecobee) has not let to huge savings, so I have long been suspicious of that 20 percent number. I also tend to keep my home “near boiling” in the summer according to the HVAC folks I speak to, which also means that my savings don’t come in anywhere near the higher range.

But it’s precisely those variables that make it hard to know how much you can expect to save from installing a pricey connected thermostat. In the case of Nest, the value comes from the learning algorithms and proximity sensors that figure out what temperature you like your home at and your schedule, which then start crafting the appropriate schedule that saves energy and keeps you comfortable.

So if you leave your home on a regular basis and your thermostat can take advantage of that to learn and adapt a schedule that cuts the heating or cooling during the day and at night, you may find yourself on the higher end of those savings — or even surpassing them. Or if you’re like me, you might find yourself not even hitting the low end of that average.

However, what’s nice is that as these connected thermostats become integrated with other devices in the home, it becomes about not just saving money on HVAC, but also about convenience from tying the messages from your thermostat to your other appliances. For example, because my Nest knows I’m away, it also can tell my lights. And if I’m away for multiple days, it tells my lights to randomly start going on and off to mimic me being home as a security feature.

If I had a connected appliance, it might also tell it when my utility was charging higher rates for energy, thus stopping me from doing laundry when it costs more. For many, those savings are a bit further in the future, but the nice thing about a connected device is that further savings may be just a software update away.

With exec departures and reorg, Nest is growing up

About a year ago, Google said it would pay $3.2 billion for Nest, a company that had sold fewer than a million connected thermostats and fewer than 440,000 connected smoke detectors — which it would later have to stop selling because its most innovative feature might also prove deadly in a fire. That was a lot of money for a company that had a lot of potential, but was still facing a lawsuit from a giant in the thermostat world, and was trying to sell a pricey product that the mainstream market wasn’t quite sure it understood.

Now, as it reorganizes in the wake of what looks to be the surprise departure of two executives, the company is doing what it has to do to prove that $3.2 billion price tag. Google didn’t buy Nest for its beautiful thermostat — it bought into Tony Fadell’s vision of a connected home full of better products that would learn from users and improve their lives. Along the way, if it helped Google get into hardware and collect vast amounts of data that might one day help solve energy crises or improve computer vision, that’s all to the good.

Greg Duffy DropCam Mobilize 2013

Greg Duffy, CEO, DropCam Mobilize 2013 (c) 2013 Pinar Ozger [email protected]

But to do that, Nest has to get big — moving beyond thermostats, smoke detectors and cameras. That requires a lot of discipline. So when I saw reports of a culture clash leading to the departure of Greg Duffy, the former CEO of Dropcam on Friday evening, it didn’t surprise me. The report alleged a “culture of meetings,” and Duffy appeared to confirm his departure via a tweet. Duffy wasn’t the only one who left: Nest’s VP of Technology Yoky Matsuoka also left, reportedly heading for a role at Twitter.

This did surprise me, as a Nest employee and official spokeswoman offered to have Matsuoka come to my house to fix my Nest as part of a joke, on a call with me on Thursday. I doubt they would have offered that in jest if her departure was common knowledge at that time. In an article about memos acquired by Tech Crunch after the loss of the two executives, several issues stand out, but all of them point to a company trying to scale up to become a multi-billion-dollar business relatively quickly.

The first thing that jumps out is the crazy work schedule — employees were being asked to work Saturdays until April or May, tied to an ambitious product release schedule for Project Quartz and Black Quartz, which TechCrunch says are two camera updates. Nest’s competition in the smart home space is offering not just cameras, but security systems with embedded sensors and learning systems that can learn who is in your home and react accordingly. I don’t know what Project Quartz and Black Quartz are at this time, but I can look at the market and say that while easy to use, Dropcam’s products aren’t particularly noteworthy compared to other Wi-Fi cameras out there, and bigger names are getting in the game every day.

The work schedule is one thing, and something that I would imagine would prompt a lot of angst, but the second element of the memos was a reorganization dividing the hardware side of the business and the software and services side of the business. Other roles are getting reorganized as well, with what appear to be clearer reporting lines and a definitive “management” layer.

So will this help Nest build the products it needs to sell tens of millions of connected gadgets, and design dozens of devices over the years?

Ecobee gets strategic investment from Carrier

Air conditioning giant Carrier Corp. has made an undisclosed minority equity investment in Ecobee, the smart thermostat maker. The investment comes after the two had collaborated to create a new Wi-Fi-enabled thermostat for Carrier dubbed Cor. The Cor is aimed at consumer homes, where Ecobee has been selling connected thermostats since 2007. Nest currently dominates the market for smart thermostats, but I personally have been a fan of Ecobee’s products because that are more open and have been pushing the envelope on innovation. It’s latest thermostat includes sensors that give the thermostat presence and room-by-room temperature information.

The possibility of a true physical graph

As I prepare Gigaom Research’s upcoming technology roadmap for the smart home, I am increasingly considering what it will take to get us to a place where a true physical graph exists, a place where the physical world is connected, programmable and capable of communicating amongst itself.
We are, to be sure, a long ways away from this possibility. As broadband becomes ubiquitous and chipset costs continue their decline, we lay at a juncture where it’s very easy to connect devices, be it a dishwasher or a thermostat.
That connection has taken on a simple point product, singular application type model where one device is connected to the cloud and can be controlled via a desktop or mobile device. Typically this involves device specific apps, which is an intrinsic limiter of the ability of devices to communicate with one another. Imagine having an app for lighting, one for a thermostat, one for a stereo. You get the picture.
Now this model will work for a while because there still is value in being able to program and control certain home devices. The Nest learning thermostat is the most obvious example due to the energy savings, but I imagine there will be other applications like security (I could see parents wanting to be able to make sure their doors are locked even when they’re not home. Or imagine a backyard fence surrounding a pool and wanting to know whenever it’s open). Needless to say, many use case arguments will be made for application specific connected devices in the home.
But that’s an entirely different ball game to being able to:
1) Enable rules to easily control multiple devices.
2) Have a learning ecosystem where rules are suggested based on my own behavior that impact multiple devices.
3) Context awareness: Where devices themselves understand what other devices exist in a smart home and can communicate with them.
4) Have device to device communication in which devices can leverage hardware resources from other devices. For example, a connected smoke alarm that was aware of a connected media system that could leverage the speakers in the event of an alarm. Or if someone were deaf, the connected smoke alarm could use the connected lights as the alarm. The possibilities begin to become endless if you combine a true physical graph that is open, secure and where developers are able to unleash their creativity by being able to access the hardware resources of the physical graph.
Now we’re a long ways away from step 4. For starters, we’re grappling with multiple chipsets and radio protocols from Zigbee to Bluetooth to Wifi that must be corralled into being easily accessible from one controlling device like a smart phone. The hubs hitting the market, including Revolv, SmartThings and Staples Connect are all trying to solve this problem.
Some groups, like the AllSeen Alliance which employs the AllJoyn open source project and runs atop hardware protocols, wants to solve this problem. AllSeen has accumulated about 50 partners since its founding this year. The goal is to expand the open source so that functionality can be shared easily among devices.
Creating a framework that would allow the vast majority of devices to easily characterize themselves and pair with one another is a major ask, and antithetical to the way in which many companies like Apple and Samsung have historically thought about how to develop and monetize hardware.
But the past is always limited in what it can tell us about future technology value. And in a world where the true value and potential of the physical graph is in interoperability, there will be incentives for device makers, startups, semiconductor makers and platform providers to understand that realizing full value for the physical graph over the long term will require cooperation.
Because the alternative is mass fragmentation which will become unworkable.  And in that scenario the value of every device maker’s hardware will be lower.