One engineer’s curiosity sent him down an unexpected rabbit hole.
In early October 2025, software architect Harishankar posted a deep dive into his iLife A11 robot vacuum. He suspected a constant trickle of data leaving his home. He traced the connections, logged the traffic, and pulled the machine apart.
A cheap helper that would not stay quiet
Harishankar calls himself a little paranoid, and he treats that as a safety feature. His suspicion grew when he saw the iLife A11 chatting online even when it sat idle. The traffic flowed to servers located thousands of kilometres away. The destination looked like an address used by the manufacturer.
The robot maintained a live connection with a remote server, sending frequent telemetry without an explicit opt-in prompt.
At first glance, that might sound routine. Many connected gadgets send logs to help with diagnostics and feature roll-outs. He says he never granted consent for such transmissions. He then blocked the specific IP that appeared to collect activity logs, while keeping update endpoints reachable.
Then the vacuum would not turn on
Days later, his cleaner refused to power on. He had not changed the battery, the dock, or the room. He restored network access, yet the unit stayed silent. The timing raised difficult questions. He did not prove intent or retaliation. A fault, a safety trip, or a cloud handshake failure could all explain the behaviour. The episode still sparked a fierce debate over what “smart” means when a device depends on distant servers to work at all.
When a household tool needs the cloud to wake up, ownership feels conditional and fragile.
What the data likely contains
Robot vacuums build maps to navigate and to improve coverage. That mapping creates a rich stream of metadata. The exact payload in this case remains under wraps, but common fields in such telemetry include:
- Device identifiers, firmware versions, and session tokens.
- Error codes, battery level, dock status, and charging cycles.
- Run history, start and stop times, and cleaning modes.
- Map fragments or compressed occupancy grids used for path planning.
- Network identifiers and signal strength.
Manufacturers argue that these data points improve navigation and support. Users often accept terms in an app during setup, sometimes with broad language. The tension emerges when logs flow constantly, or when a device becomes unreliable after network changes.
Why a home map is not just a home map
Mapping technology can reveal more than room outlines. Lidar scans show distances and obstacles. Repeated runs infer furniture positions and room sizes. Schedules expose daily routines and absences. When paired with timestamps, the map turns into a living diary of movement at home.
Combine a floor plan with a week of timestamps and you get patterns: when you cook, where you work, and how long you sleep.
Data leaks remain rare, yet the stakes are clear. In past incidents, test units from premium brands produced images that later appeared on social media. Even without images, metadata holds value. Retailers care about room sizes. Insurers care about risk proxies. Attackers care about presence signals. The lesson is simple: treat maps like sensitive documents.
How the investigation unfolded
Harishankar started with his router. He watched outbound connections and noted persistent sessions to a vendor-controlled address. He then intercepted traffic to confirm frequency and timing. Encryption hid the content. Connection patterns still told a story: frequent pings, idle-time chatter, and periodic bursts that looked like log uploads. He took the unit apart to understand the hardware stack and to check for storage inside the robot.
Signals and what they may reveal
| Signal | What it reveals |
|---|---|
| Frequent small packets while idle | Heartbeat, status pings, or telemetry keep-alives |
| Bursts after a cleaning run | Log uploads or map synchronisation |
| Requests to multiple domains | Cloud orchestration, analytics, and firmware checks |
| DNS queries during boot | Dependency on cloud to initialise services |
Cloud dependence and consumer control
Cheap robots look tempting. The true price often sits in the cloud. Vendors push frequent updates, remote diagnostics, and app features that need constant connectivity. If a device expects a server handshake, a firewall rule can break basics like starting a cycle. That flips the ownership model. You buy a machine, but a distant service decides how it behaves.
Regulators now pay attention to default settings, data minimisation, and meaningful consent. Under UK GDPR and similar regimes, users can request access to their personal data, ask for deletion, and object to certain processing. Those rights matter when a map of your bedroom may sit on a server you never visited.
What you can do now
- Place smart appliances on a separate Wi‑Fi network or VLAN with egress rules.
- Allow only update endpoints you trust; log and review denied requests weekly.
- Use DNS logging or a sinkhole to see domains your devices contact.
- Prefer models with an offline mode, on‑device maps, or a physical remote.
- Check the app’s privacy controls; switch off cloud features you do not use.
- Send a data access request to the vendor; ask about map storage and retention.
- Avoid blocking traffic during a firmware update; that can brick hardware.
Segment the network, limit outbound traffic, and treat your floor plan like a confidential file.
The bigger smart‑home trade‑off
Low prices and high convenience drive adoption. Cloud features unlock voice control, remote starts, and faster bug fixes. That same model adds points of failure and fresh privacy risk. A balanced path exists. Local processing first. Cloud features as an option, not a requirement. Clear prompts for consent. Short retention by default. Transparent update notes that list what data flows and why.
Open standards and local APIs can help. A robot that publishes status over the local network reduces cloud chatter. Power users can integrate with home hubs without routing data overseas. Vendors that sell features as paid add‑ons, rather than as data collection, shift incentives towards privacy.
Glossary and a simple home test
Telemetry means operational data a device sends back to a service. That can include health checks, usage stats, and error logs. Mapping data refers to the internal model the robot builds to navigate. An occupancy grid is a matrix that marks free space and obstacles. A heartbeat is a frequent small message that says, “I am alive and online.”
Want to check your own kit? Set your router to log outbound connections from the vacuum for 24 hours. Note domains, frequency, and spikes around cleaning runs. Then create a rule that permits only updates for a day and watch what breaks. This small test shows which functions rely on the cloud, and which ones stay local.
There are trade‑offs. Blocking telemetry can void a warranty and reduce support. Leaving everything open can expose routines and maps. Some households accept the risk for convenience. Others prefer manual remotes and offline maps. The key is to make that choice with eyes open, not after a silent outage on a busy morning.
So the vacuum refused to power on right after the IP got blocked—coincidence or soft‑brick by design? This really blurs ownership.
My mop just asked for Wi‑Fi too. Next it’ll want a Spotify account. Can we please get an offline button before the broom starts negotiating TLS? 🙂