The potential retail profit from connected devices—currently priced at a premium because it's the hot new thing—is nice, but the real payday comes in the form of data.

Dropcam gave the world Web-enabled cameras, and Nest brought the smart thermostat to homes; both companies were swallowed by Google. SmartThings, a company that got its start with $1.2 million of backing on Kickstarter, was bought by Samsung despite fairly dismal sales in its first year of operation.

Both companies forked over a premium for products that they believe will eventually net them new information about their customers. With Internet-enabled thermostats and outlets, Google and Samsung can track energy consumption and provide the data to energy companies who might want to advertise their services; they can feed ads from local retailers based off usage data from a smart refrigerator or coffeemaker; they can tell insurance agencies about unreported incidents caught by a connected smoke detector or home security system.

These are billion-dollar industries that would love to be able to better target potential customers, and the data is floating around inside everyone's homes. Google and Samsung, among others, are trying to capture it—and as interested as they are in selling it, they aren't all that into the idea of sharing it.

According to Valentin Heun, a Ph.D. student and member of the MIT Media Lab's Fluid Interfaces Group, companies' tight grip on user data is fracturing the market. "You generate a proprietary data silo with a trusted/dependent user base and then you either sell their data and/or you show them advertisements," he explained. "As long as we follow the Web 2.0 business model we will not be able to unleash the real potential of IoT."

As a remedy, Heun developed Reality Editor and Open Hybrid, an app and open-source platform respectively, which work together to decentralize IoT and embrace open Internet standards by putting the data back in the hands of the device owners rather than the device makers. Three years in the making, the system communicates directly with objects instead of translating commands through the cloud.

Gerd Leonhard, CEO of the Futures Agency, believes companies chasing user information "will never want less data from us, and they will find it impossible to resist the mantra of 'yes we can and so we will,'" describing it as a "huge issue looming right in front of us." In his estimation, it's an issue that will need to be addressed both on individual and regulatory levels.

Currently, protections for IoT consumers are too often absent. A 2014 study of connected devices and services found that 52 percent didn't even provide a privacy policy to inform users what can be collected and how it can be used. It's already difficult for companies to avoid the temptation of overreaching when it comes to data; it's even harder to prevent them from crossing the line when there is no line drawn in the first place.

"The problem is similar to why oil companies were and are heavily regulated," Leonhard says. "Data is the new oil but we have very few regulations as to who, where, when and why."

Not everyone sees things this way, including Ashton, the man who first envisioned IoT. He views the Internet reliance of devices not as a hindrance but as the whole point in the first place.

"The beauty of the Internet of Things is the Internet," he says. "IoT devices don't really need to communicate with each other; they just need to get their data online—after that, everything takes care of itself."

The future of home vulnerability