"Need to know" to defend one's home, or should one buy a wifi enabled thermostat?

A recent DDoS attack has shown the limited security of Internet of Things. In this paper we show that Internet of Things are being designed without taking privacy issues into account. We propose the policy "the Need to Know" as an approach to tackle the issue.