Additional details for IoT Transparency study conducted by Ben Weinshel (PhD student) and Professors Yuvraj Agarwal, Lujo Bauer, and Lorrie Cranor at Carnegie Mellon University (reviewed by Carnegie Mellon University IRB as STUDY2025_00000001).

What does IoT Transparency do?

IoT Transparency will scan your network and show you details about your devices’ privacy:

• The network activity of the devices, including domains and companies the devices are contacting (note that this monitoring happens on your local network and your network traffic is not shared with us)
  
• Summaries of the manufacturers’ privacy policies

Data stored on-device

IoT Transparency will monitor network traffic for the only the IoT devices you enable it with (and not e.g. laptop). We do not send this data off device, inspect or store the content of traffic.

We use a technique called ARP spoofing to intercept network traffic intended for your smart-home devices. This causes the monitored devices to route their network traffic through your Home Assistant server. IoT Transparency inspects that traffic and records information about the time of the activity, the IP address and internet domain being contacted and the amount of data. IoT Transparency does not not inspect or store any content of communications. This data is stored locally on your device and is not sent to the researchers.

The following data is collected by the tool and stored locally:

• Discovered devices: list of devices found on the network, including the device brand, device name, and identifiers (IP and MAC addresses)
  
• Network connections: for the devices the user selects to monitor, we capture the network traffic for that device using a technique called “ARP spoofing.” For each connection the device makes, we store:
  • The IP address the device contacts
    
  • Time of the connection
    
  • Amount of data sent
    
  • The name of the domain and company that owns the server, if we are able to identify it

Metrics data

Metrics data will be collected automatically by the IoT Transparency tool. We use a self-hosted database that will be hosted on a server at CMU. The participant’s IP address is not stored.

Installation ping (reported hourly, used to validate that participant keeps the tool running and also evaluate the reliability of device identification and network monitoring):

• Participant ID
  
• Timestamp of event
  
• Device manufacturer, model, and name of each device. We collect this data to evaluate how accurate our detection of device manufacturer/model is. This may include names such as “Ben’s iPhone”
  
• Memory, disk, and CPU capacity and usage by the tool
  
• The amount of data forwarded, and the number of errors detected in the network that may indicate that our network monitoring technique is not working

UI interaction metrics (used to measure engagement with the tool):

• Participant ID
  
• Timestamp of each page load
  
• Name of the page (e.g. “device details”)

Interview

In the interview, participants don’t need to share video. We record audio so we can analyze the transcripts, and also will ask participants to share their screen as well which would be in the recording (and may include data like recent network connections from a device if that is shown on screen).

Source code

A copy of the source code of the add-on is available for review by potential participants here. After the study is complete, we plan on releasing the add-on as open source and making a more widely-available release with data collection disabled by default.