- cross-posted to:
- technology@lemmy.world
- cross-posted to:
- technology@lemmy.world
Ah yes to make your lights work, we need all your data. Stuff like this is why I don’t have “smart” anything.
It’s perfectly possible to have a smart home that does not call home. Home Assistant is an amazing piece of software that can allow smart devices from different manufacturers talk to each other without connecting to a cloud service — all done locally.
This is the only way I would go about it. Maybe in the future if I really want it but really, the more tech, the more vulnerabilities. I’m fine with manually turning things on and off even if it’s self hosted.
deleted by creator
Unfortunately, no. Ultimately it’s a tiny computer that happens to produce light when a certain gpio pin is enabled. The light bulb is the portion you see, but inside, it’s an internet-connected microcontroller. I’ve even seen smart devices that internally run a full Linux distro complete with a shell session you can access if you know what you’re doing.
The problem is that some of these firmwares and/or exploits for these firmwares actively scan your local network and report things. Further, they can be used as a jumping off point for attacks deeper in your network.
deleted by creator
And what about the zigbee hub, assuming you didn’t know enough to use homeassistant or some such?
Or a wifi bulb?
Point is, consumer smart electronics don’t have the same attention to security paid to them.
Fwiw, I’m not anti-smart device. I run HA and have all kinds of smart crap, so clearly I accept at least part of the risk.
But saying “it’s just a light bulb” is disingenuous as best.
deleted by creator
The LIFX bulbs announced your WiFi password to anyone who asked. This is not a breach of the bulb itself, it’s a gateway to your LAN.
deleted by creator
-
I don’t want to be annoyed
-
It opens up another vector for attacking other sensitive devices on my network. I haven’t segregated my network so I don’t feel safe doing this.
-
How
Put home assistant on a raspberry pi, plug a Zigbee dongle to it, and start connecting smart gadgets to it. Or better yet buy a home assistant Green. You can check the home assistant docs to see if a smart device requires cloud connectivity to work — in general if it connects through Zigbee (or ZWave or Matter) then you’re good, but if it connects through WiFi then it probably is cloud based.
https://www.home-assistant.io/
https://www.seeedstudio.com/Home-Assistant-Green-p-5792.html
Can confirm. I run Home Assistant and Rhasspy with Sengled bulbs and none of transmits info. The devices themselves aren’t generally the issue, it’s the hub that operates them that would be collecting and sending the info. Remove that, and you don’t have to worry.
wow so Rhasspy is local voice assistant! do you have microphones places throughout your pad or do you go to a website first to speak or what?
You can use microphones wherever with HA and Rhasspy. Rhasspy is just the local voice and intent recognition portion, and HA executes the commands. This means you can have one Rpi in your place managing devices, and then have many different microphone-attached Rpi all over your house forwarding voice recognition intents to do whatever you want it to do. Whatever the mic is attached to will send to the HA instance and tell it what to do. No cloud.
Why do I need a RaspberryPi? I can’t use my regular Linux PC? What is a Zigbee dongle and why is it mandatory? What do I do if he device is cloud based?
You can use your regular PC if you want, but having an always-on server (the pi) makes it more convenient to use from, say, your phone.
Zigbee is a popular wireless communication protocol used by iot devices. Without the dongle you won’t have any way to talk to them.
If it’s cloud based, buy something else that isn’t.
Your Zigbee light switches won’t do anything unless the machine running Home Assistant is on. Being able to control your lights while the computer isn’t running is really convenient.
Perfectly valid to ask how to protect your data using the tools the other user mentioned. Not sure why you were downvoted for asking simply how.
deleted by creator
@tjhart85 care to explain?
Sure! Click the link at the very top of the page! You know, what this entire conversation is theoretically talking about? It takes you to a Home Assistant page and even has some details on their philosophy and links to even more details about their privacy focused philosophy! I thought saying essentially “read the fucking article” would be pretty asshole-ish and wouldn’t contribute anything to the conversation, but I also thought that your question contributed nothing, so I downvoted.
Did that answer your question sufficiently?
deleted by creator
deleted by creator
deleted by creator
If i understand correctly this is Home Assistant saying that Hue is taking away that ability on devices people have already bought and installed.
That’s about the hue hub. The bulbs are still Zigbee and can be controlled 100% remotely with HA and a Zigbee dongle.
deleted by creator
You can have plenty of smart home stuff without this junk using stuff like home assistant and keeping devices like this from phoning home. Some products won’t work at all without an internet connection but plenty still do.
Edit: If this is actionable, I would be interested in participating in a class action suit against Philips for materially altering a product’s functionality after purchase. This is like buying a normal car and being told a year later it was given a remote update and now can only use Ford ™ brand gasoline which costs $10/gallon.
If you do have an existing investment in Hue products, I suggest reaching out to them to request a refund because your purchase was made under a different policy, and this policy change is going to render your products useless without consent on your part. If they’re going to force a significant change that compromises the functionality of what might be hundreds of dollars worth of equipment without permitting recourse for legacy users, they should have to accept returns on what essentially is now a product you did not purchase and would not have purchased.
Or just get a ZigBee hub and keep using the bulbs without the Hue hub
Indeed I’ve never even installed the hue app, always assumed it was just a zigbee thing anyway. The hardware is just a basic zigbee bulb.
Mostly I’ve been moving to using the ikea ones though as they’re much cheaper.
Any recommendations for a Zigbee hub to use with HomeAssistant? I’m planning to make the switch now that Hue is doing this
If you have home assistant, you don’t need a zigbee hub, just a ZigBee USB stick. There’s a whole bunch of them, I think they’re all pretty similar, a few have Z-Wave also. I’m 100% Z-Wave so I can’t say personally what is the best stick to use… Just check the forums and whatnot.
hundreds of dollars worth of equipment
More like thousands, Hue is way overpriced
If someone does this let me know. Every bulb in my house is hue.
I started the email thread with them on Friday. So far I’ve only received canned messages like they told the HA folks.
Guess I can sell that Hue hub after I move my Hue devices over to my HA/Zigbee config — what wasn’t broke and didn’t need fixing… will now finally be fixed and finished.
After they make the change, someone with an old Hue bulb should go to the Consumer Financial Protection Bureau.
Making this decision retroactive is clearly false advertising and anti-consumer. I don’t really give a shit what their terms of use were.
They can do what they want with their future bulbs. The old ones need to be grandfathered in.
I bough a TP-Link smart bulb once. It was very nice - I could just download a “tp link bulb client” written for everyone by some third-party dude. If I wanted to, I could add a desktop shortcut to turn on/off the bulb.
Then TP-Link decided to automatically update the firmware of the bulb without my knowledge. The update turned off the REST API that made the third-party client to work. I could only use the shitty MOBILE app from then on.
The update was impossible to revert (though TP-Link said “Ok write to our support and we’ll give you the downgrade file” no fuck you).
Ever since I’ve vowed to heavily think whether I want to buy a non-open-source firmware smart device ever again. Recently I bought a smart bulb and two smart sockets that come pre-flashed with “Tasmota” and “WLED” firmware out of the factory and they work great.
And I OWN them too
Many years ago i bought an RGB LED and naively thought the remote signal must have some standard protocol, because it is so simple commands that would allow for some cool shit if automated. Oh boy was i wrong. Proprietary smart home software is the most insane. How on earth should your home become “smart” when it is locked into some ideology (manufacturer) or worse yet you have multiple “parties” fighting over the government causing a shutdown.
NGL you kinda went into left field at the end there, but I still agree.
i wanted to compare the issue with the principles of government and the structures needed,because that what smart home should be, organizing your home to certain effect.
And like with state government that requires transparent and consistent rules, cooperation of the different branches and accountability.
The update was impossible to revert (though TP-Link said “Ok write to our support and we’ll give you the downgrade file” no fuck you).
That doesn’t sound like it was impossible, it sounds like you just didn’t want to do it.
Factually, it was how you described. Poetically, it was making my life as a customer unnecessarily difficult to the point where the word “impossible” is a valid form of artistic expression. I didn’t want to have to beg anybody to please unlock the device I paid for.
https://community.home-assistant.io/t/tp-link-offers-way-to-add-local-api-back
We are hoping for a better solution, but for now this is what you should do: Submit a ticket to technical support 27. Make sure to include the MAC address of your plug. Go to the forums and send this user 24 a message with your ticket ID and MAC address (just to be sure).
https://community.home-assistant.io/t/tp-link-offers-way-to-add-local-api-back/248333/107
Please be advised that I intentionally cherry-picked the comments that support my point, as I was just skimming the thread.
There is esphome too, it’s not used a lot by fabricant yet, but still exist and compatiblr with all devices using an esp as chip.
Pi-hole.
My two top-blocked domains are related to TP-Link.
While I can’t always get local-only devices, I can at least separate their traffic and block the shit out of them.
Why do they do this shit? Is “User A turned their lights on at 9 AM” that valuable of data that they’d disable third party shit?
I guess it’s because it’s “insecure”. Any device on the network could control the lights. Tasmota allows setting a password for the control panel though.
Tasmota is great but I’ve found the number of available devices is limited. For instance Tasmota smart dimmer plugs do not exist, nor could I find a stand alone controller.
Z-wave or Zigbee integration dramatically expand the number of available options and work with local controllers.
I too get the feeling that the selection of devices with Tasmota pre-flashed is rather limited. Due to the nature of Tasmota, those devices will only be Wi-Fi devices, which further causes problems with battery usage (contrary to Zigbee/Z-wave etc.) 15 minutes ago I was looking at smart buttons that can run Tasmota, and I’ve only found the Shelly Button 1. And funnily enough, it’s possible to connect it with microUSB (!) so it stays charged.
All zigbee devices’ firmware is proprietary though, no? This is why I’m willing to suffer for Tasmota
The device list seems larger if you’re willing to flash Tasmota yourself: https://templates.blakadder.com/
Zigbee does work with a generic controller on Home Assistant and other platforms, and there are >3100 devices that are compatible with zigbee2mqtt, a Zigbee to MQTT bridge that exists to bypass the need for proprietary Zigbee bridges. No proprietary app or Internet access required either, but it was not easy to set up. Here’s a list of supported devices: https://www.zigbee2mqtt.io/supported-devices/
The list of Tasmota devices is extremely limited if you don’t want to flash it yourself, but a bit less so if you use Tuya Convert which is done via WiFi. It seems the device list is getting shorter all the time as vendors switch to other hardware implementations, but I seem to remember reading that a new Tasmota version will be coming that supports additional hardware.
To get plug-in dimmer and smart button functionality (Shelly Button 1 didn’t exist at the time) I had to put in Z-Wave. and I’ve since added a few new devices. Z-wave works pretty well, but not flawlessly. My Tasmota stuff just works and works much better than the original firmware on my smart bulbs and plugs.
Just getting my feet wet with Zigbee because I need yet another dimmer plug for a different location, but my understanding is most (but not all) Zigbee devices are not proprietary and work with most controllers. I’ll know next week.
IoT stuff isn’t safe to use unless it’s flashed with a third-party Free Software firmware like Tasmota or ESPHome.
I mean IKEA is fine.
It’s entirely ZigBee, there’s no internet.
But the green part of RGB only works if you’re using their app
Edit: downvoter, please let me know what’s bothering you about this?
From what I read, it’s not a bug.
Many bulbs trade on the green LED for more variation in white. Red/Blue serve a function to make whites warmer or cooler, green has no such function.
And because most people use white, they ditched the green LED. That’s why the green it has is more yellowish than you would expect.
It probably also means the bulb API has no dedicated green setting, which is why the remote and 3rd party apps don’t have proper green settings.
It’s a bit of speculation though, not entirely sure. Apparently older Hue bulbs also do this.
That’s interesting. Funnily enough, we did try the one color GU10 we have today and this one does work perfectly.
Really? Huh.
I’m just using the PM2.5 and temperature sensors.
Unfortunately yeah. We’ve tried the E27 and green just didn’t work. Thought it was broken and returned it, told them why. “Oh, you used the remote, right? It only works with the app, it’s been like that for years and hasn’t been fixed yet”
Oh so that’s just a bug rather than a feature lock.
Im only using mine in home assistant that should act as an app anyway.
No, that’s just the problem. We only use ours in home assistant as well and it didn’t work. It’s got to be the Ikea app.
Oh okay, I’ll be sure to avoid then until they fix that.
ESPhome for the win! I have like 12 smart plugs with power monitoring flashed with ESPhome
I have 8! (They’re literally the only smart home devices I have so far, although Home Assistant automatically detected my Roku and my printer.)
Thankfully, while I have a smart plug from them, I’ve made sure that it’s a Zigbee powered one, meaning it’s directly connected to my Home Assistant server over it’s own frequency/protocol, no app required. Guess that choice is paying off now.
Also, someone should tell whoever is managing that Twitter support account that you should never use the phrase “We’re sorry you feel that way”, even when you’re going for a non-apology.
Isn’t the “take it or leave it” approach to consent considered consent bundling? Didn’t google get fined for doing a similar thing?
Awesome timing, was about to add a whole lot of them to my new house, guess that ain’t happening
Any recommendations for what next? I’m in the same situation? I want to avoid WiFi lights - ZigBee, Zwave or Matter only
I’m adding the ones I have to home assistant, which is what I was planning all along. Maybe add some other brand smart lights, not sure yet which
deleted by creator
Start leaving 1 star reviews in the app stores from Google and Apple complaining about this.
They read those because stakeholders who understands nothing about tech only care for more stars.
I’m definitely starting to find a way out of hue and freezing my plans to buy more bulbs from them.
I was forced to move (landlord sold house) and when I got to my new place, I just never got around to setting up any of my smart home devices. Thermostat, cameras, lights, assistants, sensors, monitors, etc, and weirdly enough I am somehow happier now.
The random issues, glitches, delays between asking an assistant/pressing buttons before an action went through, fixing integrations, fixing Home Assistant, fixing random unpairs, etc. was driving me nuts. Especially when you have invested hundreds/thousands of dollars into premium devices.
Worst was when you’d ask assistant to do something, and it somehow misheard you and does something else. Fried an aquarium thermometer that way. Turned on ALL lights when everyone was sleeping, despite me asking to turn OFF a very specific light…
The only thing I truly miss is being able to turn off my bedroom light when I am in bed. But the stress I save is worth getting up and turning it off.
Huh, sounds like a very unreliable setup. Admittedly mine is much simpler and I refuse to use voice control for anything at all, but I experience zero glitches with my Shelly switches and HA integration.
Gotta admit I use hue and Google voice commands and it always works perfectly and I love it… sorry I also like Firefox if that helps!
Put a lamp on your nightstand, it’s a fucking game changer. We have a ceiling fan with the main lights, but lamps on both nightstands. It rules, always within arm reach, light immediately if you need it, but much softer light than the main light, and not pointed into your eyes when you lay down.
The only thing I truly miss is being able to turn off my bedroom light when I am in bed. But the stress I save is worth getting up and turning it off.
It is possible to just install the one smart light, you know.
You can get remote controlles for lights and keep it on your bedside table
Fried an aquarium thermometer that way.
How did that happen?
Asked assistant to turn off basement light and instead it turned ON “10 gallon aquarium heater”.
However it heard that, no idea.
My girlfriend was cleaning her tank, and the water level was below the heater. I was somewhere else in the house, and so she never noticed, and within 60 seconds the thing shattered from being turned on and not submerged.
I’m reading this thread thinking “people are jumping through hoops just to do this stuff? Why?”
“because you can” evidently.
No wait, someone’s going to come in and whinge about Seasonal Affected Disorder, circadian rhythms and blue light or some other shit, aren’t they.
When it works, it’s great. But no matter how much you spend, which brands you go with, how you have it set it, eventually something is going to fuck up, and you’ll spend half your day fixing it all.
Companies these days: “help us think of products we can sell to procure data. No, we don’t care what the product is; we just want the data.”
I often wonder are we in some sort of “data bubble”? all this obsession over collecting it but not actually providing stuff people will pay for surely has an endgame
I think the endgame is to speedrun getting filthy rich and buying up a chunk of the earth before it’s completely destroyed.
reason: "your data isnt secure in your home, we need to control it. trust us. "
uh huh.
5 months later: “We had a data breach, but we believe they didn’t get all personal data”
They’re light bulbs. What data can they possibly hold on the users beyond how bright they like their bulbs.
What times your lights are on or off can expose more than you might think over time. It reveals when you’re gone for work, your sleep schedule, how many days a year you spend at home vs traveling/elsewhere, when you stay up late, etc.
But it gets worse. If you give Hue your email or install the app then now you can be uniquely id’d across other products. Hue will sell that data to some advertising agency, who also buys data from Google, Facebook, etc. Now your usage data from other systems can be combined with the Hue data and used to more even more accurately track your day and behaviors.
Big data is a fascinating field, if not completely horrifying.
Also when the keys are inevitably discovered on an unsecured S3 bucket, everyone will have it! In addition to your billing information and other PII.
I’m not sure how do Hue lights work, but if they have any Wi-Fi component they’re essentially a device in your network. If compromised (by a hacker or by Philips themselves) they’re no different than a device next to yours on public Wi-Fi. Someone will definitely have a desktop PC with vPro with default credentials, or once in a while someone will log into something using HTTP without the S and leak plaintext credentials.
People more well versed in networking often put their IoT devices in a separate network/VLAN so that they are all lumped together and away from personal PCs.
Hell, I even block my ISP-issued modem/router/AP from ever getting an IP address on my network, and that way I can’t even receive tech support from them lmao
It’s also not about what data they hold, but what data they have access to.
To you, it’s a light bulb, but internally, it’s a network-connected microcontroller, meaning it’s also connected to everything else in your network.
It theoretically could scan and exploit any number of security holes in other devices, including but not limited to phones and desktops.
Even if the manufacturer is ethical with it, other nefarious actors can use it as an attack point to try to gain deeper access. Some of these devices run a full Linux install internally, and if you know how, you can even get a shell session open on them.
In addition to what the other commenters have said: They don’t just sell light bulbs but also motion sensors that can even measure temperature.
So they wouldn’t just be able to tell which room you’re in at any given time but may also be able to tell when and for how long you shower or how often you cook food in the kitchen based on slight temperature changes.
And if you wanna get really paranoid: Hue Sync analyzes what’s on your screen and synchronizes lights accordingly. Who knows what is really going on there if they pull this kinda shit lol
This is immensely frustrating. Feels like a rug pull for anyone that cares about their data, privacy and (ironically) security.
Anyone have a good resource for connecting existing bulbs to zigbee and moving off the hue app?
I’ve been very happy with Home Assistant. There are zigbee USB sticks such as ConBee that work well with it, and home assistant runs on many different types of computers including Raspberry pi.
To start off, you’ll want to have Home Assistant running on a local server or Raspberry Pi and a Zigbee USB dongle, like the Conbee II or SkyConnect. If you’ve never worked with Home Assistant, their Getting Started guide is pretty comprehensive.
To migrate the apps off the Hue gateway, there’s a section describing various methods to do so in the Home Assistant Zigbee guide.
I’ll mention that there’s also a whole bunch of other Zigbee gateways out there that work similar to the Hue Bridge, but these could all eventually share the same fate as Hue, if they aren’t already forced to be online.
Cool… I got a Phillips hue hub, but already have a Pi as well, Just never thought of using it this way. So I just need the Conbee II, and I should be able to make things work off the Pi. One less device to have plugged in.
Besides the stupid login stuff, I’ve noticed a lot of my stuff just isn’t as reliable as it used to be. It seems Phillips is just enshittifying things generally.
Thanks for the links!