You’re very welcome! I’m glad that I could help make it a bit easier to understand :D

I’m dumb.

Please do not insult yourself. Not having knowledge in a technical discipline does not mean anything about your intelligence.

So, I think that that OP explained pretty well but, I will try to provide some additional info and context, because I’m a neurospicy Linux nerd who has worked with Linux-based tech for over a decade:

There are a couple of terms and topics that need to be explained for this to make sense:

• Private vs Public network (and common home networks)
• Virtual Private Network (VPN)
• Secure SHell (SSH)

First, public vs private networks. I’m not going to do a full CCNA course but a high-level here. I’m going to simplify while trying to remain accurate.

What is a network? A group of devices (PCs, printers, phones, etc.) that can all talk to each other, without needing a router to connect them. Generally, everything goes through a device called a switch.

What is a router? A device that connects two or more networks.

What is a switch? A device that passes traffic between devices on a network.

What is a public network? Effectively, this is interchangeable with “the Internet”. Every server and device that is directly connected to the Internet has an IP address.

What is a private network then? It is a network in which only local devices are able to connect. The IPv4 addresses will generally be 192.168.x.x or 10.x.x.x (172.16-18.x.x is also reserved for this purpose). These addresses are special in that they are, by the IP protocol specification reserved for this purpose and not allowed for use or routing on the Internet.

How does this relate to home networks? First of all, most common home networks use a “gateway” device that is a combination of a router, switch, and wireless access point. This device generally is dynamically assigned a public IP address by the ISP and handles routing traffic between the private network of customer devices and devices on the Internet. This is, intentionally, one way (private network -> public network), both to improve customer security and to allow upcharging those that wish to self-host their own websites, etc.

Generally, all local traffic is on one private network (occasionally with a separate “guest” network). What this means is that any device on the home network is able to talk to any other device on it.

TL;DR #1 - Private network is your home network. Public network is the Internet.

What is a VPN? First, let me say what it is NOT, because there is a lot of misinformation and disinformation on the topic. A VPN is NOT a privacy/anonymization tool. A Virtual Private Network is simply a way to securely connect two or more private networks, using public network endpoints. The traffic routes through pubic network nodes, just like any other traffic, but is encrypted, so that the data is not readily known but, the origin and destination are basically plain text.

TL;DR #2 - VPNs connect two or more private networks, using encryption over the Internet.

What is SSH? Secure SHell is a protocol that allows one to securely connect to a Linux or other unix-like device for command-line access. Frequently, a piece of SSH functionality called reverse tunnels is used by tech companies to remotely support Linux-based appliances. This effectively provides the same functionality as a VPN but with access specifically to the Linux host.

How does this relate to backdoor, etc? This means that the smart bed company can log into the Linux computer in the bed and do anything that a device on the customer’s private network is allowed to do.

This could include things like:

• Logging into any device (PC, printer, smart oven, etc) that has default or weak credentials.

• Causing network congestion.

• Compromising the customer’s gateway device to act as a Man-in-the-Middle to spy on network traffic.

• Pulling known illegal content from the Internet to act as incriminating evidence against a political dissident to justify their arrest.

It means that they can effectively use it as a VPN to access your private network, if like most, it is on the same network as other devices.

Really though, that’s of little concern compared to their sale of sensitive customer data

I just looked at their Privacy Policy/ToS.

EDIT: Accidentally hit post.

Anyway, based on their terms, the customer data is definitely the actual product. In addition, the wording makes it seem likely that the de-identification is pretty weak.

Further details that should give anyone pause.

Admitting to not respecting “Do Not Track” signals, because they are not legally required to:

Mention of collecting data about gender at birth, whether one regularly sleeps with a partner, and menstrual cycle regularity:

These guys are creepy as fuck, without even getting to the possible backdoor. They are selling customer data with a contractual pinky-swear to not re-identify the data (this being mentioned, to me, means that there is a plausible means to do so). So.

What kind of creepiness could this data be used for?

• Potential for blackmail/kompromat. (using sensors to detect patterns of sexual activity that could be infidelity or “sexual deviancy”)

• Targeting people who may have had abortions.

• Signs of not following religious doctrine (premarital sex, sex for purpose other than procreation, etc)

• Checking whether the person is home and likely sleeping.

• Spying on employees during their off-work hours (not that it’s ok during work hours) and/or scrutinizing sick leave.

There are a lot more possibilities. Way too dystopian and creepy.

Not sure if reddit gives you all that power

It does not. Was one of the reasons that I abandoned it when they blocked third party clients. I resent being forced to view right-wing propaganda, rage-bait, and ads as well as being forced to short by opaque algorithms that are clearly intended to manipulate.

Ah. Can’t really complain too much about them wanting people who are putting load on their servers to pay for it. Ideally, that should mean that the end user is not the actual product. Good to see more options joining Inkplate.

I’ve had trans reports in the past when I was a supervisor (TBF, the world was a lot different). Two things that I’d recommend:

• Continue being a good lead and treating them with respect, using their preferred pronouns, etc. Intervene gently but firmly if there is inappropriate derogatory stuff going on in the workplace.

• If possible, I’d get a 1:1 meeting with them and outright ask “Do you want to talk with me about how current events are impacting you and anything that I can do to ensure that you feel supported?”. If they say “no” or aren’t comfortable, ensure that they know that that’s ok and that the offer is there.

As a disclaimer, I am neurospicy so, there may be gentler ways to approach but I have found that clearly and directly communicating that genuine support is there, if they need it want it and giving them a way to ask is generally well-received.