Matter is a new smart home communication standard. It promises to allow smart devices to work together more easily, but it's not perfect

THE PROBLEM

Matter is intended to replace standards like Zigbee and Z-wave, but has worse privacy protection

IN A NUTSHELL

Zigbee device

Cannot talk to the internet directly

Matter device

Can talk to the internet directly!

Up until now Zigbee, Z-wave or Bluetooth devices could NOT autonomously connect to the internet. This was by design, to protect you from hacks, leaks and surveillance.


Now Google and its partners are removing this protection

HOW IT WORKS

Matter's idea is to "upgrade" all existing smart home standards so that smart devices can all speak Internet Protocol. This is what your phone, laptop and internet servers use to communicate with each other over the internet.


This allows Matter devices to directly and autonomously connect to the internet.




This introduces security and privacy concerns:

By connecting devices directly to the internet your data is at risk.


As good as Matter's security is, it will never be as good as the approach that Zigbee and Z-wave took: not allowing individual devices to access the internet in the first place.

If a (Wi-Fi based) Matter device does get hacked, that device could become a stepping stone to hacking other devices on your local network, such as your phone or laptop. Zigbee's compartmentalised and centralised design reduced this risk.

Matter makes smart homes easier to hack

Devices can autonomously send data to the cloud


Zigbee and Z-wave are compartmentalised by design, with a central hub in your home acting like a firewall for your data. If you get the right hub (see below) you can easily keep data 100% locally.

Matter devices are a double edged sword. As with Zigbee they can communicate locally without the need for a cloud, which is great. The downside is that Matter devices can upload data to the internet directly, which makes extracting data from your home easier.

In a way Matter combines the upside of Zigbee and the downside of Wi-Fi. The end result is that privacy conscious consumers will need to look more closely at what they're buying.

Matter is a bad news for privacy

CONCLUSION

When compared to Zigbee's design, Matter feels like a step backwards.


Its promise of interoperability and local operation seems to distract from the fact that Matter devices are also better able to send data to the cloud.

There are other issues too

If you believe that Matter will free you from needing individual apps for all your smart devices, then you are being fooled. Matter allows advanced features of our devices to only work with the official app. Here's an example.

Open Source smart home controllers will have a harder time to control Matter devices. Home Assistant is a member of the Matter Consortium, but most other systems are not.

IMPROVING MATTER

How could Matter be improved?

Not all hubs are bad

Allow a single point of control

Matter is designed to move away from needing special hubs. However, hubs like Home Assistant are valuable; they actively protect users. It would be great if a Matter network could be set-up in such a way that all traffic to the internet must route through a central hub. That way it becomes easier to create privacy protecting products that "tame" Matter devices that reach out to the internet. Such a 'firewall' could give consumers some level of control.

Allow compartmentalization

Few consumers will be able to set up a separate virtual network to enhance security, so Matter could give consumers the option to do this for them. For example, Thread border-routers could have the option to block connections to the rest of the network and/or the internet (while still allowing firmware updates to go through). That way Thread becomes more like Zigbee again. The Matter network could propagate this setting to any new border-router that is added to the network.

Enforce and push for cloudless setup and operation

In practice, Matter devices will often assume users have smart phones to scan QR codes. Now that its available, many vendors might become more reliant on the internet to do things like adding devices to the network. There should always be a way to add a device to the network when no or a highly restricted internet connection is available. Otherwise consumers might end up with more apps on their phone, not less.

Enforce updates

When compared with Zigbee, an out-of-date Matter device becomes more dangerous because it's so much more connected. Matter should enforce a minimal number of years that a device must be supported. Otherwise Matter will create more paperweights, not less.

It should be possible to create and run a Matter network while on a boat in the middle of the ocean

Push Thread where possible

Thread is easier to compartmentalize than Wi-Fi. When a device can work with Thread, it could be forbidden to use Wi-Fi. For example, lightbulbs could only be allowed to be Thread based.

Inform consumers

Consumers should be aided in avoiding Wi-Fi based Matter devices whenever Thread based alternatives are available. This can be done by clearly indicating on packaging and product pages which underlying communication technology a Matter devices uses.

Privacy is about more than encryption

Treat corporate surveillance as a threat

It's not just hackers that threaten consumer's trust of smart homes, it's data-driven businessmodels too. A perfectly secure Matter network could still be harming people by allowing third parties to create detailed profiles. The Matter consortium should develop a broader understanding of privacy issues and risks.

40% of consumers don't trust smart home technology. The only way to win back their trust is to guarantee data stays in their home.

Acknowledge and address coveillance

A growing problem with smart homes is how they allow for "coveillance" - surveillance between people in the home. Smart homes seduce their ocupants to spy on each other, such as when a husband starts checking what time the wife gets home. Many people use sensors to spy on hired help without their knowledge, for example to check if a cleaner was cleaning the full agreed upon time. There are increasing reports of smart homes aiding domestic abusers. How can Matter help address these problems?

HOW DO I PROTECT MY DATA?

If you want to be sure that your data stays in your home, get a smart home controller like IKEA Tradfri, Hubitat, Homey Pro, Home Asssistant (DIY), or Candle (DIY)


Then, if you purchase Zigbee or Z-wave devices, and stay away from devices using Wi-Fi as much as possible, you should have the most privacy available.

Spread the word

These are privacy-friendly sharing buttons.


COLOFON

This website was made by artist and privacy designer Tijmen Schep, who among other things works on Candle, which is an open source smart home controller with a focus on privacy protection.

Some sources:

“The key is it’s IP native.” Low-power radios in the smart home have needed a hub or bridge to talk to the internet, but that problem went away by making Thread IP native. “That is what is so powerful about it,” says Fadell.
- from: https://www.theverge.com/22787729/matter-smart-home-standard-apple-amazon-google, accessed on 26 oct 2022

"Because Matter devices can speak straight to the internet, that potentially exposes them to hacking or malware, says Klein"
- from: https://www.theverge.com/22787729/matter-smart-home-standard-apple-amazon-google, accessed on 26 oct 2022