Who’s watching who?

Many customers I speak to haven’t considered the potential of connected devices to compromise the privacy of our homes.  Indeed I’ve been urged not to write this blog post so as not to draw attention to the issue.  I believe though that the smart home industry must confront the issue head on highlighting not just the problem but the solutions.

Security vendors are compromising privacy

Recently a website published 73,000 live streams from security cameras accessible using their manufacturer’s default password.  Many streams were from cameras made by Foscam, a vendor in the news earlier in the year when a man accessed a Foscam baby monitor and screamed at the sleeping child through it.  This is not a new issue, Forbes showed how traditional alarm vendor ADT’s security systems allow anyone to monitor what’s happening inside your home but the problem is greater when devices are Internet connected.

At Cocoon we take privacy seriously – we don’t expect our customers to invest time configuring security settings and our founding team have a rich information security pedigree.  This is an industry issue though – consumer confidence in the whole smart home market will be affected by security scares so all vendors must play their part.

Privacy requires more than best practice

Avoiding basic lapses is a start but the Snowden revelations showed that even competent companies cannot guarantee to protect their customers’ data from a state intent on accessing it.

Since we launched our crowd funding campaign, we’ve been approached by a number of investment funds.  One approach came (via email) from In-Q-Tel.  We’d not heard of them but their site explains:

“We identify, adapt, and deliver innovative technology solutions to support the missions of the Central Intelligence Agency and broader U.S. Intelligence Community.”

We’re confident our customers wouldn’t want a Cocoon in their home were we associated with an organisation known for covert monitoring.  We didn’t and won’t pursue the matter but customers need a stronger guarantee of privacy if connected devices are to be at the heart of their most personal space.

Data must stay under the customer’s control

It’s not sufficient to ensure only that hackers cannot access data but that sovereign governments acting within the laws of the host state cannot force a smart home vendor to facilitate widespread covert monitoring.  Smart home vendors that care about privacy must design into products technical guarantees that assure customer data stays under the control of the customer.  If the data never passes to the vendor, they cannot leak it.  Contrary to some commentators, we believe this can be achieved whilst enjoying the benefits and ease of use the cloud has to offer.

Cocoon uses public-key cryptography to encrypt video and other sensor data before it leaves the home.  The key to decrypt the data resides only on our customers’ smartphone – they control the phone and with it access to their data.  The data stream passing through our cloud is unreadable to us and the decryption key needed to make sense of it resides only on the owner’s smart phone.  Since we cannot view or access data from customers’ homes, not only can we not leak customer data to hackers, we cannot pass it to anyone – even governments.

Deafening Whispers: How Cocoon communicates with your phone

One ear, many mouths

Here’s a thought. Imagine someone talking to you. Now imagine the noise of 10 people talking at the same time (those of you with a number of small children in the house may not have to tax your imaginations too much). Now 100, now 1000…

As you add more and more people talking to you at the same time, the loudness increases, unless you get them to each talk more quietly.

A similar problem occurs when you have many users on the internet talking to your cloud service.

Communication on the Internet

We’re all used to the idea that computers can use the internet to talk to each other. A typical broadband connection in the UK might have a bandwidth from 3Mbits/second to 100Mbits/second. This is an upper limit on the amount of data which can be transferred at any one time along that link.

Similar limits apply to our server systems, “in the cloud”. These servers are located in specially designed data centres, which ensure they are well cared for – with physical security, a reliable power supply and cooling systems. They are also given high speed connections to the core of the internet. The speed of these connections can be increased up to and beyond Gigabytes per second, but for many cloud systems the connection speed is not the first concern for someone deciding how to grow their service to handle large numbers of users.

Handling requests

Most internet services are built on top of a request system called ‘HTTP’. This one of several agreed-upon ways for computers to talk to each other. Broadly speaking, HTTP allows computers to “take turns” talking to each other. The home computer makes a ‘request’ and the cloud computer sends a ‘response’ in reply. An example of a request might be “please give me the web page for https://cocoon.life” and the response might be the contents of the web page.

For simple web sites, this can be handled fairly simply on the server side. For more complex sites, the server has to do more “thinking” about each request before it can send back the response. For example, it may have to decide if the reply contains any sensitive information, and if so, if the request came from someone who is permitted to see it. To answer these questions, the server computer may have to talk to several other systems and perhaps perform a number of cryptographic operations. These crypto operations are basically “lots of hard sums” and increase the amount of work needed.

If a server has to do a lot of thinking for each request and/or is given a lot of requests at the same time, it can have too much to do and end up doing everything too slowly.

What this means is that for some web sites, the speed of their internet connection becomes less important than the amount of work they have to do for each request. When we’re designing the systems to make internet services work, we talk about how many “requests per second” a server can handle without slowing down.


One way to handle more requests per second is to simply use a faster computer. This can work well for smaller systems, but it isn’t a good approach if you are planning for large numbers of users. Very high end computers can be expensive and give you less “bang for your buck” and ultimately, really popular services will require more resources than even the biggest servers can provide. Google and Facebook don’t run on a single big server.

If you’ve designed your system well, it is possible to have it handle more requests per second by simply adding more computers. It is not quite as easy as that (if it were, my job would be a lot less interesting :-), but a well-built system can work that way. So that’s one answer – simply add more and more computers until you have enough to handle the number of requests you receive.

However, even though computers continue to get cheaper, simply throwing more and more servers at a problem can be an expensive way to solve it. With enough users, it is worth spending some time and thought on how to get things to work more efficiently.

Cocoon Messages

The Cocoon systems have to be able to pass messages between your Cocoon in your home, your mobile phones and our cloud servers. These messages allow you phone to tell your Cocoon when you’re heading home and can allow your Cocoon to let you and your phone now if there’s anything going on at home you’d like to know about. We want these messages to get through reliably and quickly, because they’re important.

It’s fairly easy to send a message to the cloud server, just make a request as we described above, saying “here’s a message”. But receiving the messages requires a little more thought. It’s easy enough for your phone or Cocoon to send a request to the server to say “do you have any messages for me”? But how often should it do that? Too often, and you’ll use a lot of phone battery and use up your mobile data plan with lots and lots of conversations like “do I have any messages?” – ‘No’, “do I have any messages now?” – ‘No’….

That also means that the Cocoon cloud service would gets lots of requests, and we’ve seen that can make the service more expensive to run.

But checking too infrequently leads to the reverse problem where it can take a long time to get messages between your phone and your Cocoon, which isn’t what we want either.

Google Cloud Messaging

So what should we do? Well it’s nice when someone has already solved your problem for you…

If you’re using an android phone which has Google Play installed (which most do) then your phone is already listening for messages from Google’s systems. If you’ve ever gone to Google Play on your laptop or desktop, you may have discovered that you can select an app and ask for it to be installed on your phone. Which will then magically happen within a minute or so.

How does your phone know that you’ve done this? Because Google has designed a system to allow your phone to receive messages very efficiently from it’s servers. Usefully for us, they also allow other apps to make use of it. And lastly, it takes no more battery power or data usage for your phone to check for Cocoon messages, since they come on the same channel as the Google messages.

This even works if your phone goes offline (e.g. you go through a tunnel on a train, or use airplane mode). Your phone starts listening again when it can.

So if you’re using an Android phone with Google play installed, Cocoon will send messages to your phone using Google Cloud Messaging, which is the most efficient way possible. This is good for your phone, your data plan and our servers.

What about everyone else?

Fortunately for iPhone users, Apple have a similar service to Google Cloud Messaging called Apple Push Notifications.

Even then, our worries aren’t quite over, since we also need to get messages to your Cocoon at home, sitting safe and snug behind your home router and firewall. Getting that to work efficiently requires a different approach. But that’s the sort of thing which keeps the job interesting…

Deafening Whispers

To ensure we have efficient systems, we strive to make the communication between the different components of the Cocoon systems as light as possible. Our boxes whisper to each other, saying the minimum they need to be understood and at the right times.

This way we can ensure our server systems run quickly and reliably and without expensive waste. This allows us to get the right size systems in place to handle our first 1000 Cocoons, then the next 10,000, then the next 1,000,000…

The Internet of Things is failing

In the 1960s consumers were promised their lives would be made easier by smart domestic devices all working together. This poster from the period might seem crazy at first glance but the description has many parallels with the vision of domestic bliss being painted by proponents of the Internet of Things (IoT).

The marketing engines of the big technology brands are creating high expectations of IoT in consumer minds. Sadly, the first experience a consumer has of IoT will be a far cry from that promised. Individual products might work well with their respective mobile apps but there’s presently little chance of two purchases working well together. First impressions count and the risk is that IoT won’t get a second chance.

Seamless user experience

Programming the first generation of smart home controllers (or “brains” in 60s terminology) is like programming a VCR in the 80s – few can do it! Mass market adoption not only requires the verb “program” to drop from smart home lexicon but for interaction paradigms to be unified across products.

Apple is often held up as the epitome of great user experience. Perhaps then HomeKit could be a catalyst for the seamless experience (at least for Apple users) we all crave. It’s by no means certain though – right back in 2011, [email protected] was announced with similar goals. That died a death and ended up with Google paying $3.2Bn for Nest in 2014 to re-kindle it’s smart home efforts.

Making the connection

ZigBee and Z-Wave have been touted for years but market adoption of both is still anemic. The battle between these standards may have been a side show though. Some big names including Google and Samsung say neither has what’s required and have teamed up to launch the competing Thread networking standard. Add into the equation Bluetooth Low Energy (BLE) which though not directly comparable will be in every mobile device on the planet and the race is even more open.

There’s a few horses in the platform race too. The open source AllSeen Alliance is backed by Microsoft and Sony whilst Samsung and Intel are behind the Open Interconnect Alliance.

Navigating though the confusion

Buyers of our smart home security product often expect it to work with other things. That’s understandable, there’s huge potential to deliver a tangible benefit through Cocoon interacting with other devices.

Cocoon might lock your August smart lock when you retire for the night, play sounds though your Sonos HiFi to persuade a prospective intruder that someone’s home or other smart devices might respond to Cocoon noticing you retiring for the night. Perhaps they’ll even be use cases outside your house such as a social neighborhood watch scheme.

For now, our view is that the lowest common denominator is IP – everything will be connected to the Internet one way or another but likely through the router. Cocoon is no exception and we’ve committed to open APIs so that our customers can benefit from Cocoon interacting with other devices.

The smart home revolution will fail before its started if consumer experience and compatibility isn’t unified across the industry though. Its beyond us to solve that problem so we can only hope the big brands conclude their standards battles before its too late for everyone. We’ll be the first to adopt the standard as soon as there is one but the industry can’t wait forever.

Cocoon Launches Whole Home Security

LONDON, November 3rd 2014: Smart home security device Cocoon (www.cocoon.life), which learns the daily rhythms of a user’s home and uses its groundbreaking SUBSOUND™ technology to detect intruders anywhere in the home, launches today on Indiegogo.

The size of a tennis ball but packed with powerful sensors, a built in camera, night vision and an internet connection, Cocoon learns the normal patterns of your household and using SUBSOUND™ technology can detect intruders anywhere in the home. Cocoon recognises what is normal activity, and continues to learn changes over time, and can send alerts straight to your smartphone to notify you of unusual activity so you can take action and feel safe.

Cocoon can detect low frequency sounds below 20Hz (infrasound), which are undetectable to the human ear, and learn what counts as normal in your home, all as part of its unique SUBSOUND technology. This means that just one Cocoon can detect intruders even through closed doors and in other rooms in the home.

Setup is simple: just plug in Cocoon and download the app, and Cocoon learns the rest, in order to protect your whole home using just one small but incredibly smart device.

There’s no need to ever set Cocoon. It fits in with your life, always protecting your home and is smart enough to learn who should and shouldn’t be there. Your smartphone is linked to Cocoon so when you leave the house, Cocoon keeps you connected to your home and when you arrive back, Cocoon knows that the sound waves from the front door opening are caused by you and not an intruder.

Cocoon was founded by a group of serial technology entrepreneurs in the UK with a mission to make people feel safer, by putting people back at the centre of their home security. They are raising $100,000 (around £62,000) on Indiegogo to fund the production of the Cocoon devices. Cocoon is offering an early bird special of $179 (£111) for the device to the first 100 early adopters and $249 (£159) for the next 200 and $299 thereafter. The RRP is expected to be $399.

Cocoon co-founder Sanjay Parekh explained: “Cocoon means never having to remember to arm anything, being able to come and go as you please without false alarms and being able to check in with your home whether you are at the office, on holiday or just on a night out with friends. No unwelcome surprises.”

Co-founder Dan Conlon added: “Traditional security is broken, there are too many false alarms so people stop using it and nobody takes notice of a siren. Security today is about people. It’s about knowing who should and shouldn’t be there.”

“Cocoon would alert you if your teenage daughter invited people over while you were away, or even if Santa was arriving down the chimney. Cocoon is the only device to keep your whole home safe with one device.”

Cocoon’s crowdfunding campaign launches today on Indiegogo: www.cocoon.life/bepartofit

Product Details
Cocoon Device:
· HD camera with night vision & wide angle lens
· Motion detector
· High quality microphone
· Speaker
· Siren
· LED status lighting
· Built-in Wifi
· UK/Europe/North America compatibility

Mobile App Features
· Live-stream video & sensor data
· Media archive

[video, audio]

· Notifications straight to your mobile
· Automatically switches alarm on or off depending where you are
· Several family members can be set up on Cocoon

Availability & Pricing

Cocoon is available for pre-order on Indiegogo for 35 days at the introductory price of 200 units at 35% discount ($249 / £155), thereafter 25% discount ($299 / £189) from the projected retail price of $399 (£249). The campaign is to gauge consumer demand and collect feedback from early adopters. Supporters will have early access to the Cocoon device to provide feedback and help guide the app development process as the company ramps up to a wider release.

Cocoon is expected to ship in Q4, 2015.

Indiegogo Campaign
After working prototypes since the start of 2014, the Cocoon team is raising $100,000 in funds purely for tooling and production of devices in the UK. A Indiegogo campaign launches today, and Cocoon is offering an early bird special of $179 for the device to the first 100 early adopters and $249 for the next 200 and $299 thereafter. Cocoon will retail at the anticipated price of $399.

To learn more about Cocoon, visit the site https://cocoon.life

About Cocoon
Cocoon is a UK-based technology startup with a mission to make homes safer by putting people at the centre of home security. Founded by experts with experience in security, software and hardware design, the Cocoon team’s first product is a teacup sized, easy to set up, smart security device that senses activity throughout the home. Cocoon is ideal for both tenants or homeowners, needs no additional sensors and can be securely controlled via smartphone from anywhere in the world.

Cocoon launches on Indiegogo on November 3rd, 2014.

For more information, interviews or images please contact:

Ben Rose
[email protected]
0207 100 1333