Enlarge / A group of Black Friday online shopping purchases photographed in delivery boxes filled with polystyrene packing pellets, taken on September 13, 2019. (Photo by Neil Godwin/Future Publishing via Getty Images) (credit: Getty Images)

If you build a gadget that connects to the Internet and sell it in the United Kingdom, you can no longer make the default password "password." In fact, you're not supposed to have default passwords at all.

A new version of the 2022 Product Security and Telecommunications Infrastructure Act (PTSI) is now in effect, covering just about everything that a consumer can buy that connects to the web. Under the guidelines , even the tiniest Wi-Fi board must either have a randomized password or else generate a password upon initialization (through a smartphone app or other means). This password can't be incremental ("password1," "password54"), and it can't be "related in an obvious way to public information," such as MAC addresses or Wi-Fi network names. A device should be sufficiently strong against brute-force access attacks, including credential stuffing , and should have a "simple mechanism" for changing the password.

There's more, and it's just as head-noddingly obvious. Software components, where reasonable, "should be securely updateable," should actually check for updates, and should update either automatically or in a way  "simple for the user to apply." Perhaps most importantly, device owners can report security issues and expect to hear back about how that report is being handled.

Enlarge (credit: Open Home Foundation)

Home Assistant, until recently, has been a wide-ranging and hard-to-define project.

The open smart home platform is an open source OS you can run anywhere that aims to connect all your devices together. But it's also bespoke Raspberry Pi hardware, in Yellow and Green . It's entirely free, but it also receives funding through a private cloud services company, Nabu Casa . It contains tiny board project ESPHome and other inter-connected bits. It has wide-ranging voice assistant ambitions , but it doesn't want to be Alexa or Google Assistant. Home Assistant is a lot.

After an announcement this weekend, however, Home Assistant's shape is a bit easier to draw out. All of the project's ambitions now fall under the Open Home Foundation , a non-profit organization that now contains Home Assistant and more than 240 related bits. Its mission statement is refreshing, and refreshingly honest about the state of modern open source projects.

Enlarge (credit: Liudmila Chernetska/Getty )

Airbnb, like hotels and rival vacation rental site Vrbo , will no longer allow hosts to record guests while they're inside the property. Airbnb previously allowed hosts to have disclosed cameras outside the property and in "common areas" inside, but Airbnb's enforcement of the policy and the rules' lack of specificity made camera use troubling for renters.

Airbnb announced today that as of April 30, it's "banning the use of indoor security cameras in listings globally as part of efforts to simplify our policy on security cameras and other devices" and to prioritize privacy.

Cameras that are turned off but inside the property will also be banned, as are indoor recording devices. Airbnb's updated policy defines cameras and recording devices as "any device that records or transmits video, images, or audio, such as a baby monitor, doorbell camera, or other camera."

Enlarge / Wyze's Cam V3 Pro indoor/outdoor smart camera. (credit: Wyze )

Wyze cameras experienced a glitch on Friday that gave 13,000 customers access to images and, in some cases, video, from Wyze cameras that didn't belong to them. The company claims 99.75 percent of accounts weren't affected, but for some, that revelation doesn't eradicate feelings of "disgust" and concern.

Wyze claims that an outage on Friday left customers unable to view camera footage for hours. Wyze has blamed the outage on a problem with an undisclosed Amazon Web Services (AWS) partner but hasn't provided details.

Monday morning, Wyze sent emails to customers, including those Wyze says weren't affected, informing them that the outage led to 13,000 people being able to access data from strangers' cameras, as reported by The Verge .

Enlarge (credit: Getty Images)

Wyze cameras have been unreliable for many users for more than nine hours today, with cameras disappearing from the Wyze app or simply reporting errors when owners try to view them.

Users started reporting issues on Down Detector just before 4 am Eastern time, and the company issued a service advisory at 9:30 am. As of 1 pm, the company stated that its "metrics show that devices are starting to recover," and later that there was "continued improvement," but it was still investigating history viewing issues. At 1:15 pm, an Ars writer was able to view his Wyze v3 camera feed and update its firmware.

Wyze attributed the issue to an "AWS partner" in an earlier update. Amazon Web Services' dashboard showed no issues or outages as of 1:30 pm Eastern. Ars reached out to Wyze for comment and will update this post with new information.

Enlarge / The most impressive part is what Home Assistant's voice control does not do: share your voice input with a large entity aiming to sell you things. (credit: Kevin Purdy)

Last year, the leaders of Home Assistant declared 2023 the “ Year of the Voice. ” The goal was to let users of the DIY home automation platform “control Home Assistant in their own language.” It was a bold shot to call, given people’s expectations from using Alexa and the like. Further, the Home Assistant team wasn’t even sure where to start.

Did they succeed, looking in from early 2024? In a very strict sense, yes. Right now, with some off-the-shelf gear and the patience to flash and fiddle, you can ask “Nabu” or “Jarvis” or any name you want to turn off some lights, set the thermostat, or run automations. And you can ask about the weather. Narrowly defined mission: Accomplished.

In a broader, more accurate sense, Home Assistant voice control has a ways to go. Your verb set is limited to toggling, setting, and other smart home interactions. The easiest devices to use for this don’t have the best noise cancellation or pick-up range. Errors aren’t handled gracefully, and you get the best results by fine-tuning the names you call everything you control.

Enlarge / Where it all started for the author, even if he didn't know it at the time. (credit: Getty Images)

I've set up dozens of smart home gadgets across two homes and two apartments over the last five years. I have a mental list of brands I revere and brands from which nothing shall ever be purchased again. In my current abode, you can stand in one place and be subject to six different signal types bouncing around, keeping up the chatter between devices.

What can I say? I'm a sucker for a certain kind of preparedness and creativity. The kind that's completely irrelevant if the power goes out.

When I started at Ars in the summer of 2022, the next generation of smart home standards was on the way . Matter, an interoperable device setup and management system, and Thread, a radio network that would provide secure, far-reaching connectivity optimized for tiny batteries. Together, they would offer a home that, while well-connected, could also work entirely inside a home network and switch between controlling ecosystems with ease. I knew this tech wouldn't show up immediately, but I thought it was a good time to start looking to the future, to leave behind the old standards and coalesce into something new.

Enlarge / The Matter standard's illustration of how the standard should align a home and all its smart devices. (credit: CSA)

Matter, as a smart home standard , would make everything about owning a smart home better. Devices could be set up with any phone, for either remote or local control, put onto any major platform (like Alexa, Google, or HomeKit) or combinations of them, and avoid being orphaned if their device maker goes out of business. Less fragmentation, more security, fewer junked devices: win, win, win.

Matter, as it exists in late 2023, more than a year after its 1.0 specification was published and just under a year after the first devices came online, is more like the xkcd scenario that lots of people might have expected. It's another home automation standard at the moment, and one that isn't particularly better than the others, at least how it works today. I wish it was not so.

Setting up a Matter device isn't easy, nor is making it work across home systems. Lots of devices with Matter support still require you to download their maker's specific app to get full functionality. Even if you were an early adopting, Matter-T-shirt-wearing enthusiast, you're still buying devices that don't work quite as well, and still generally require a major tech company's gear to act as your bridge or router.

Enlarge / The Homey Pro, settling in for some quiet network check-ins at dusk. (credit: Kevin Purdy)

I know there are people who will want to buy the Homey Pro . I’ve seen them on social media and in various home automation forums, and I’ve even noticed them in the comments on this website. For this type of person, the Homey Pro might serve as a specialized, locally focused smart home hub, one that's well worth the cost. But you should be really, truly certain that you’re that person before you take a $400 leap with it.

Homey Pro is a smart home hub pitched primarily at someone who wants to keep things local as much as possible, forgoing phone apps, speakers, and cloud connections. That means using the Homey Pro to boost a primarily Zigbee or Z-Wave network, while also looping in local Wi-Fi, Bluetooth, and even infrared remotes. It’s for someone willing to pay $400 for a device that offers robust local or cloud backups, professional design, advanced automation, and even a custom scripting language, along with access to some “experiments” and still-in-progress tech like Matter and Thread. It’s for someone who might want to add a select cloud service or two to their home, but not because they have no other option.

But this somebody has also, somehow, not already invested in Home Assistant , Hubitat , or HomeBridge , which are more open to both add-on hardware (like new capabilities added on by USB stick or GPIO pins) and deep tinkering. It's someone who is willing to check that every device they want to control will work with Homey. While the device offers a pretty sizable range of apps and integrations , it’s far from the near-universal nature of major open-source projects or even the big smart home platforms. And you have to do a little checking further, still, to ensure that individual products are supported, not just the brand.