I think some legitimate concerns are popping up with so many poorly-engineereed iot devices hitting the market. I think the fears are amplified due to simple lack of understanding. I'd propose we start certifying consumer electronics for data safety the same way we certify them for electrical safety. We should start recognizing some groups like UL or ETL for software.
Except security is more of a moving target, so I'd rather see 1-3 open-source embedded distros that commit to supporting hardware for 10 years with over-the-air updates. Fly-by-night device makers have made it clear they can't be trusted with this. I'd also like to see a standard for a IoT gateway so you can easily observe your IoT traffic. Finding a way to open this up would go a long way in building trust.
> I'd rather see 1-3 open-source embedded distros that commit to supporting hardware for 10 years with over-the-air updates
I don't see this happening unless a large company boostraps the funding for a distro like this, similar to how Microsoft boostrapped an open source election machine standard. "Over the air updates" requires the ability to pay for the bandwidth.
I do think there's an interesting synergy with your IoT gateway idea and Bit Torrent distribution of the Over the air updates.
