Privacy

I was sitting in a cafe in Larnaca last year, waiting for a coffee and idly poking around in packet captures from my home network. I’d just installed a new ISP connection, and I wanted to see what the default DNS behaviour looked like before I started messing with it.

Every single query. In plain text. To my ISP’s resolver.

Every website I visited. Every API endpoint my code called during development. Every smart bulb that phoned home. Every NTP sync, every certificate revocation check, every background update from every device in my house. All of it, neatly logged by my ISP, correlated with my account, timestamped to the millisecond.

I bought some lightbulbs. Nice ones. Wiz colour-changing LEDs that can do 16 million colours, warm whites, cool whites, animated scenes, the lot. I screwed them in, downloaded the app, and watched my phone send a request to an AWS server, probably in Frankfurt, so that the server could send a command back to my house, through my router, to a lightbulb that was three metres away from me.

To turn on a light. In my own house. Via Germany.