• /home/pineapplelover@lemm.ee
    link
    fedilink
    English
    arrow-up
    127
    arrow-down
    2
    ·
    1 year ago

    Ah yes to make your lights work, we need all your data. Stuff like this is why I don’t have “smart” anything.

    • maxprime@lemmy.ml
      link
      fedilink
      English
      arrow-up
      85
      arrow-down
      1
      ·
      1 year ago

      It’s perfectly possible to have a smart home that does not call home. Home Assistant is an amazing piece of software that can allow smart devices from different manufacturers talk to each other without connecting to a cloud service — all done locally.

      • /home/pineapplelover@lemm.ee
        link
        fedilink
        English
        arrow-up
        14
        arrow-down
        1
        ·
        1 year ago

        This is the only way I would go about it. Maybe in the future if I really want it but really, the more tech, the more vulnerabilities. I’m fine with manually turning things on and off even if it’s self hosted.

        • cosmic_slate@dmv.social
          link
          fedilink
          English
          arrow-up
          2
          arrow-down
          7
          ·
          1 year ago

          Ultimately, it’s just a light bulb. If it gets breached for whatever reason then it’ll a minor annoyance with someone blinking lights until you flip the physical switch off….unless you have a light-sensitive condition I guess.

          • LrdThndr@lemmy.world
            link
            fedilink
            English
            arrow-up
            16
            arrow-down
            1
            ·
            1 year ago

            Unfortunately, no. Ultimately it’s a tiny computer that happens to produce light when a certain gpio pin is enabled. The light bulb is the portion you see, but inside, it’s an internet-connected microcontroller. I’ve even seen smart devices that internally run a full Linux distro complete with a shell session you can access if you know what you’re doing.

            The problem is that some of these firmwares and/or exploits for these firmwares actively scan your local network and report things. Further, they can be used as a jumping off point for attacks deeper in your network.

            • cosmic_slate@dmv.social
              link
              fedilink
              English
              arrow-up
              3
              arrow-down
              1
              ·
              1 year ago

              At some point you have to define which threat vectors you’re willing to accept. Yes, in theory you’re correct. A device could ship with exploits for wifi targeting most access points or Bluetooth cards I guess.

              So this device hops on my network, downloads a payload to break into my computer and finds…. PDFs of my tax returns, where most of the important data is already exposed and associated with my name? Worst case, tries to log into my bank accounts but is stopped by 2FA requiring a hardware token?

              The bigger threat is the device wanting on my wifi or wired network, not some Zigbee bulb that has to conceal a wifi radio.

              • LrdThndr@lemmy.world
                link
                fedilink
                English
                arrow-up
                4
                ·
                1 year ago

                And what about the zigbee hub, assuming you didn’t know enough to use homeassistant or some such?

                Or a wifi bulb?

                Point is, consumer smart electronics don’t have the same attention to security paid to them.

                Fwiw, I’m not anti-smart device. I run HA and have all kinds of smart crap, so clearly I accept at least part of the risk.

                But saying “it’s just a light bulb” is disingenuous as best.

                • cosmic_slate@dmv.social
                  link
                  fedilink
                  English
                  arrow-up
                  2
                  ·
                  1 year ago

                  I’d be far more worried about a personal computer getting compromised before believing a Philips (or other mainstream hub) was popped.

                  Is it possible? Absolutely. We don’t know how secure these place’s software supply chain is.

                  I’m confident keeping it at “it’s just a lightbulb”, at least Zigbee bulbs, because the attack vector for this would take so much effort for it to be effective.

                  Sure, if you’re in a high-risk category, like if you live in an authoritarian state and you’re the popular candidate espousing democracy, I’d completely agree and say trash all of your wireless devices.

          • anlumo@lemmy.world
            link
            fedilink
            English
            arrow-up
            5
            arrow-down
            1
            ·
            1 year ago

            The LIFX bulbs announced your WiFi password to anyone who asked. This is not a breach of the bulb itself, it’s a gateway to your LAN.

          • /home/pineapplelover@lemm.ee
            link
            fedilink
            English
            arrow-up
            2
            ·
            1 year ago
            1. I don’t want to be annoyed

            2. It opens up another vector for attacking other sensitive devices on my network. I haven’t segregated my network so I don’t feel safe doing this.

        • maxprime@lemmy.ml
          link
          fedilink
          English
          arrow-up
          39
          ·
          1 year ago

          Put home assistant on a raspberry pi, plug a Zigbee dongle to it, and start connecting smart gadgets to it. Or better yet buy a home assistant Green. You can check the home assistant docs to see if a smart device requires cloud connectivity to work — in general if it connects through Zigbee (or ZWave or Matter) then you’re good, but if it connects through WiFi then it probably is cloud based.

          https://www.home-assistant.io/

          https://www.seeedstudio.com/Home-Assistant-Green-p-5792.html

          https://www.home-assistant.io/integrations/

          • just_another_person@lemmy.world
            link
            fedilink
            English
            arrow-up
            12
            ·
            1 year ago

            Can confirm. I run Home Assistant and Rhasspy with Sengled bulbs and none of transmits info. The devices themselves aren’t generally the issue, it’s the hub that operates them that would be collecting and sending the info. Remove that, and you don’t have to worry.

            • Num10ck@lemmy.world
              link
              fedilink
              English
              arrow-up
              2
              ·
              1 year ago

              wow so Rhasspy is local voice assistant! do you have microphones places throughout your pad or do you go to a website first to speak or what?

              • just_another_person@lemmy.world
                link
                fedilink
                English
                arrow-up
                2
                ·
                edit-2
                1 year ago

                You can use microphones wherever with HA and Rhasspy. Rhasspy is just the local voice and intent recognition portion, and HA executes the commands. This means you can have one Rpi in your place managing devices, and then have many different microphone-attached Rpi all over your house forwarding voice recognition intents to do whatever you want it to do. Whatever the mic is attached to will send to the HA instance and tell it what to do. No cloud.

          • BaroqueInMind@kbin.social
            link
            fedilink
            arrow-up
            9
            arrow-down
            5
            ·
            edit-2
            1 year ago

            Why do I need a RaspberryPi? I can’t use my regular Linux PC? What is a Zigbee dongle and why is it mandatory? What do I do if he device is cloud based?

            • AbidanYre@lemmy.world
              link
              fedilink
              English
              arrow-up
              29
              ·
              edit-2
              1 year ago

              You can use your regular PC if you want, but having an always-on server (the pi) makes it more convenient to use from, say, your phone.

              Zigbee is a popular wireless communication protocol used by iot devices. Without the dongle you won’t have any way to talk to them.

              If it’s cloud based, buy something else that isn’t.

            • anlumo@lemmy.world
              link
              fedilink
              English
              arrow-up
              2
              arrow-down
              1
              ·
              1 year ago

              Your Zigbee light switches won’t do anything unless the machine running Home Assistant is on. Being able to control your lights while the computer isn’t running is really convenient.

        • bean@lemmy.world
          link
          fedilink
          English
          arrow-up
          4
          ·
          1 year ago

          Perfectly valid to ask how to protect your data using the tools the other user mentioned. Not sure why you were downvoted for asking simply how.

      • Josie@lemmy.blahaj.zone
        link
        fedilink
        English
        arrow-up
        3
        ·
        1 year ago

        If i understand correctly this is Home Assistant saying that Hue is taking away that ability on devices people have already bought and installed.

        • maxprime@lemmy.ml
          link
          fedilink
          English
          arrow-up
          2
          ·
          1 year ago

          That’s about the hue hub. The bulbs are still Zigbee and can be controlled 100% remotely with HA and a Zigbee dongle.

    • CmdrShepard@lemmy.one
      link
      fedilink
      English
      arrow-up
      5
      ·
      1 year ago

      You can have plenty of smart home stuff without this junk using stuff like home assistant and keeping devices like this from phoning home. Some products won’t work at all without an internet connection but plenty still do.

  • SatanicNotMessianic@lemmy.ml
    link
    fedilink
    English
    arrow-up
    97
    ·
    edit-2
    1 year ago

    Edit: If this is actionable, I would be interested in participating in a class action suit against Philips for materially altering a product’s functionality after purchase. This is like buying a normal car and being told a year later it was given a remote update and now can only use Ford ™ brand gasoline which costs $10/gallon.

    If you do have an existing investment in Hue products, I suggest reaching out to them to request a refund because your purchase was made under a different policy, and this policy change is going to render your products useless without consent on your part. If they’re going to force a significant change that compromises the functionality of what might be hundreds of dollars worth of equipment without permitting recourse for legacy users, they should have to accept returns on what essentially is now a product you did not purchase and would not have purchased.

      • tony@lemmy.hoyle.me.uk
        link
        fedilink
        English
        arrow-up
        6
        ·
        edit-2
        1 year ago

        Indeed I’ve never even installed the hue app, always assumed it was just a zigbee thing anyway. The hardware is just a basic zigbee bulb.

        Mostly I’ve been moving to using the ikea ones though as they’re much cheaper.

        • SirEDCaLot@lemmy.fmhy.net
          link
          fedilink
          English
          arrow-up
          3
          ·
          1 year ago

          If you have home assistant, you don’t need a zigbee hub, just a ZigBee USB stick. There’s a whole bunch of them, I think they’re all pretty similar, a few have Z-Wave also. I’m 100% Z-Wave so I can’t say personally what is the best stick to use… Just check the forums and whatnot.

    • Rootiest@lemm.ee
      link
      fedilink
      English
      arrow-up
      16
      ·
      1 year ago

      hundreds of dollars worth of equipment

      More like thousands, Hue is way overpriced

    • whynotzoidberg@lemmy.world
      link
      fedilink
      English
      arrow-up
      5
      ·
      1 year ago

      I started the email thread with them on Friday. So far I’ve only received canned messages like they told the HA folks.

      Guess I can sell that Hue hub after I move my Hue devices over to my HA/Zigbee config — what wasn’t broke and didn’t need fixing… will now finally be fixed and finished.

  • Serinus@lemmy.ml
    link
    fedilink
    English
    arrow-up
    93
    ·
    1 year ago

    After they make the change, someone with an old Hue bulb should go to the Consumer Financial Protection Bureau.

    Making this decision retroactive is clearly false advertising and anti-consumer. I don’t really give a shit what their terms of use were.

    They can do what they want with their future bulbs. The old ones need to be grandfathered in.

  • unsaid0415@szmer.info
    link
    fedilink
    English
    arrow-up
    68
    ·
    edit-2
    1 year ago

    I bough a TP-Link smart bulb once. It was very nice - I could just download a “tp link bulb client” written for everyone by some third-party dude. If I wanted to, I could add a desktop shortcut to turn on/off the bulb.

    Then TP-Link decided to automatically update the firmware of the bulb without my knowledge. The update turned off the REST API that made the third-party client to work. I could only use the shitty MOBILE app from then on.

    The update was impossible to revert (though TP-Link said “Ok write to our support and we’ll give you the downgrade file” no fuck you).

    Ever since I’ve vowed to heavily think whether I want to buy a non-open-source firmware smart device ever again. Recently I bought a smart bulb and two smart sockets that come pre-flashed with “Tasmota” and “WLED” firmware out of the factory and they work great.

    And I OWN them too

    • tryptaminev@feddit.de
      link
      fedilink
      English
      arrow-up
      21
      ·
      1 year ago

      Many years ago i bought an RGB LED and naively thought the remote signal must have some standard protocol, because it is so simple commands that would allow for some cool shit if automated. Oh boy was i wrong. Proprietary smart home software is the most insane. How on earth should your home become “smart” when it is locked into some ideology (manufacturer) or worse yet you have multiple “parties” fighting over the government causing a shutdown.

        • tryptaminev@feddit.de
          link
          fedilink
          English
          arrow-up
          2
          ·
          1 year ago

          i wanted to compare the issue with the principles of government and the structures needed,because that what smart home should be, organizing your home to certain effect.

          And like with state government that requires transparent and consistent rules, cooperation of the different branches and accountability.

    • DarienGS@lemmy.world
      link
      fedilink
      English
      arrow-up
      15
      arrow-down
      1
      ·
      1 year ago

      The update was impossible to revert (though TP-Link said “Ok write to our support and we’ll give you the downgrade file” no fuck you).

      That doesn’t sound like it was impossible, it sounds like you just didn’t want to do it.

    • topinambour_rex@lemmy.world
      link
      fedilink
      English
      arrow-up
      7
      ·
      1 year ago

      There is esphome too, it’s not used a lot by fabricant yet, but still exist and compatiblr with all devices using an esp as chip.

    • whynotzoidberg@lemmy.world
      link
      fedilink
      English
      arrow-up
      4
      ·
      1 year ago

      Pi-hole.

      My two top-blocked domains are related to TP-Link.

      While I can’t always get local-only devices, I can at least separate their traffic and block the shit out of them.

    • spaghettiwestern@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      Tasmota is great but I’ve found the number of available devices is limited. For instance Tasmota smart dimmer plugs do not exist, nor could I find a stand alone controller.

      Z-wave or Zigbee integration dramatically expand the number of available options and work with local controllers.

      • unsaid0415@szmer.info
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        I too get the feeling that the selection of devices with Tasmota pre-flashed is rather limited. Due to the nature of Tasmota, those devices will only be Wi-Fi devices, which further causes problems with battery usage (contrary to Zigbee/Z-wave etc.) 15 minutes ago I was looking at smart buttons that can run Tasmota, and I’ve only found the Shelly Button 1. And funnily enough, it’s possible to connect it with microUSB (!) so it stays charged.

        All zigbee devices’ firmware is proprietary though, no? This is why I’m willing to suffer for Tasmota

        The device list seems larger if you’re willing to flash Tasmota yourself: https://templates.blakadder.com/

        • spaghettiwestern@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          2
          ·
          1 year ago

          Zigbee does work with a generic controller on Home Assistant and other platforms, and there are >3100 devices that are compatible with zigbee2mqtt, a Zigbee to MQTT bridge that exists to bypass the need for proprietary Zigbee bridges. No proprietary app or Internet access required either, but it was not easy to set up. Here’s a list of supported devices: https://www.zigbee2mqtt.io/supported-devices/

        • spaghettiwestern@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          The list of Tasmota devices is extremely limited if you don’t want to flash it yourself, but a bit less so if you use Tuya Convert which is done via WiFi. It seems the device list is getting shorter all the time as vendors switch to other hardware implementations, but I seem to remember reading that a new Tasmota version will be coming that supports additional hardware.

          To get plug-in dimmer and smart button functionality (Shelly Button 1 didn’t exist at the time) I had to put in Z-Wave. and I’ve since added a few new devices. Z-wave works pretty well, but not flawlessly. My Tasmota stuff just works and works much better than the original firmware on my smart bulbs and plugs.

          Just getting my feet wet with Zigbee because I need yet another dimmer plug for a different location, but my understanding is most (but not all) Zigbee devices are not proprietary and work with most controllers. I’ll know next week.

    • JackbyDev@programming.dev
      link
      fedilink
      English
      arrow-up
      3
      arrow-down
      1
      ·
      1 year ago

      Why do they do this shit? Is “User A turned their lights on at 9 AM” that valuable of data that they’d disable third party shit?

      • unsaid0415@szmer.info
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        I guess it’s because it’s “insecure”. Any device on the network could control the lights. Tasmota allows setting a password for the control panel though.

  • grue@lemmy.world
    link
    fedilink
    English
    arrow-up
    57
    arrow-down
    1
    ·
    1 year ago

    IoT stuff isn’t safe to use unless it’s flashed with a third-party Free Software firmware like Tasmota or ESPHome.

      • Lhianna@feddit.de
        link
        fedilink
        English
        arrow-up
        3
        arrow-down
        3
        ·
        edit-2
        1 year ago

        But the green part of RGB only works if you’re using their app

        Edit: downvoter, please let me know what’s bothering you about this?

        • Hawk@lemmy.dbzer0.com
          link
          fedilink
          English
          arrow-up
          3
          ·
          1 year ago

          From what I read, it’s not a bug.

          Many bulbs trade on the green LED for more variation in white. Red/Blue serve a function to make whites warmer or cooler, green has no such function.

          And because most people use white, they ditched the green LED. That’s why the green it has is more yellowish than you would expect.

          It probably also means the bulb API has no dedicated green setting, which is why the remote and 3rd party apps don’t have proper green settings.

          It’s a bit of speculation though, not entirely sure. Apparently older Hue bulbs also do this.

          • Lhianna@feddit.de
            link
            fedilink
            English
            arrow-up
            2
            ·
            1 year ago

            That’s interesting. Funnily enough, we did try the one color GU10 we have today and this one does work perfectly.

          • Lhianna@feddit.de
            link
            fedilink
            English
            arrow-up
            2
            ·
            1 year ago

            Unfortunately yeah. We’ve tried the E27 and green just didn’t work. Thought it was broken and returned it, told them why. “Oh, you used the remote, right? It only works with the app, it’s been like that for years and hasn’t been fixed yet”

            • cooopsspace@infosec.pub
              link
              fedilink
              English
              arrow-up
              1
              ·
              1 year ago

              Oh so that’s just a bug rather than a feature lock.

              Im only using mine in home assistant that should act as an app anyway.

              • Lhianna@feddit.de
                link
                fedilink
                English
                arrow-up
                1
                ·
                1 year ago

                No, that’s just the problem. We only use ours in home assistant as well and it didn’t work. It’s got to be the Ikea app.

    • Zetta@mander.xyz
      link
      fedilink
      English
      arrow-up
      5
      ·
      1 year ago

      ESPhome for the win! I have like 12 smart plugs with power monitoring flashed with ESPhome

      • grue@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        I have 8! (They’re literally the only smart home devices I have so far, although Home Assistant automatically detected my Roku and my printer.)

  • NekuSoul@lemmy.nekusoul.deOP
    link
    fedilink
    English
    arrow-up
    45
    arrow-down
    1
    ·
    edit-2
    1 year ago

    Thankfully, while I have a smart plug from them, I’ve made sure that it’s a Zigbee powered one, meaning it’s directly connected to my Home Assistant server over it’s own frequency/protocol, no app required. Guess that choice is paying off now.

    Also, someone should tell whoever is managing that Twitter support account that you should never use the phrase “We’re sorry you feel that way”, even when you’re going for a non-apology.

  • dan@lemm.ee
    link
    fedilink
    English
    arrow-up
    42
    ·
    1 year ago

    Isn’t the “take it or leave it” approach to consent considered consent bundling? Didn’t google get fined for doing a similar thing?

  • Ronno@kbin.social
    link
    fedilink
    arrow-up
    37
    ·
    1 year ago

    Awesome timing, was about to add a whole lot of them to my new house, guess that ain’t happening

    • spez_@lemmy.world
      link
      fedilink
      English
      arrow-up
      4
      ·
      1 year ago

      Any recommendations for what next? I’m in the same situation? I want to avoid WiFi lights - ZigBee, Zwave or Matter only

      • Ronno@kbin.social
        link
        fedilink
        arrow-up
        3
        ·
        1 year ago

        I’m adding the ones I have to home assistant, which is what I was planning all along. Maybe add some other brand smart lights, not sure yet which

  • Gryzor@lemmyfly.org
    link
    fedilink
    English
    arrow-up
    32
    ·
    1 year ago

    Start leaving 1 star reviews in the app stores from Google and Apple complaining about this.

    They read those because stakeholders who understands nothing about tech only care for more stars.

    I’m definitely starting to find a way out of hue and freezing my plans to buy more bulbs from them.

  • Polar@lemmy.ca
    link
    fedilink
    English
    arrow-up
    31
    arrow-down
    1
    ·
    edit-2
    1 year ago

    I was forced to move (landlord sold house) and when I got to my new place, I just never got around to setting up any of my smart home devices. Thermostat, cameras, lights, assistants, sensors, monitors, etc, and weirdly enough I am somehow happier now.

    The random issues, glitches, delays between asking an assistant/pressing buttons before an action went through, fixing integrations, fixing Home Assistant, fixing random unpairs, etc. was driving me nuts. Especially when you have invested hundreds/thousands of dollars into premium devices.

    Worst was when you’d ask assistant to do something, and it somehow misheard you and does something else. Fried an aquarium thermometer that way. Turned on ALL lights when everyone was sleeping, despite me asking to turn OFF a very specific light…

    The only thing I truly miss is being able to turn off my bedroom light when I am in bed. But the stress I save is worth getting up and turning it off.

    • watcher@nopeeking.link
      link
      fedilink
      English
      arrow-up
      25
      ·
      edit-2
      1 year ago

      Huh, sounds like a very unreliable setup. Admittedly mine is much simpler and I refuse to use voice control for anything at all, but I experience zero glitches with my Shelly switches and HA integration.

      • Gargantu8@lemmy.world
        link
        fedilink
        English
        arrow-up
        8
        arrow-down
        1
        ·
        1 year ago

        Gotta admit I use hue and Google voice commands and it always works perfectly and I love it… sorry I also like Firefox if that helps!

    • Lemonparty@lemm.ee
      link
      fedilink
      English
      arrow-up
      5
      ·
      1 year ago

      Put a lamp on your nightstand, it’s a fucking game changer. We have a ceiling fan with the main lights, but lamps on both nightstands. It rules, always within arm reach, light immediately if you need it, but much softer light than the main light, and not pointed into your eyes when you lay down.

    • Jojo@lemm.ee
      link
      fedilink
      English
      arrow-up
      4
      ·
      1 year ago

      The only thing I truly miss is being able to turn off my bedroom light when I am in bed. But the stress I save is worth getting up and turning it off.

      It is possible to just install the one smart light, you know.

      • Polar@lemmy.ca
        link
        fedilink
        English
        arrow-up
        8
        ·
        1 year ago

        Asked assistant to turn off basement light and instead it turned ON “10 gallon aquarium heater”.

        However it heard that, no idea.

        My girlfriend was cleaning her tank, and the water level was below the heater. I was somewhere else in the house, and so she never noticed, and within 60 seconds the thing shattered from being turned on and not submerged.

    • Iam@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      3
      ·
      edit-2
      1 year ago

      I’m reading this thread thinking “people are jumping through hoops just to do this stuff? Why?”

      “because you can” evidently.

      No wait, someone’s going to come in and whinge about Seasonal Affected Disorder, circadian rhythms and blue light or some other shit, aren’t they.

      • Polar@lemmy.ca
        link
        fedilink
        English
        arrow-up
        3
        ·
        1 year ago

        When it works, it’s great. But no matter how much you spend, which brands you go with, how you have it set it, eventually something is going to fuck up, and you’ll spend half your day fixing it all.

  • orca@orcas.enjoying.yachts
    link
    fedilink
    English
    arrow-up
    26
    ·
    edit-2
    1 year ago

    Companies these days: “help us think of products we can sell to procure data. No, we don’t care what the product is; we just want the data.”

    • jcit878@lemmy.world
      link
      fedilink
      English
      arrow-up
      10
      ·
      1 year ago

      I often wonder are we in some sort of “data bubble”? all this obsession over collecting it but not actually providing stuff people will pay for surely has an endgame

      • orca@orcas.enjoying.yachts
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        I think the endgame is to speedrun getting filthy rich and buying up a chunk of the earth before it’s completely destroyed.

    • serratur@lemmy.wtf
      link
      fedilink
      English
      arrow-up
      13
      ·
      edit-2
      1 year ago

      5 months later: “We had a data breach, but we believe they didn’t get all personal data”

  • Obinice@lemmy.world
    link
    fedilink
    English
    arrow-up
    26
    arrow-down
    5
    ·
    1 year ago

    They’re light bulbs. What data can they possibly hold on the users beyond how bright they like their bulbs.

    • local_taxi_fix@lemmy.world
      link
      fedilink
      English
      arrow-up
      57
      ·
      1 year ago

      What times your lights are on or off can expose more than you might think over time. It reveals when you’re gone for work, your sleep schedule, how many days a year you spend at home vs traveling/elsewhere, when you stay up late, etc.

      But it gets worse. If you give Hue your email or install the app then now you can be uniquely id’d across other products. Hue will sell that data to some advertising agency, who also buys data from Google, Facebook, etc. Now your usage data from other systems can be combined with the Hue data and used to more even more accurately track your day and behaviors.

      • electromage@lemm.ee
        link
        fedilink
        English
        arrow-up
        3
        ·
        1 year ago

        Also when the keys are inevitably discovered on an unsecured S3 bucket, everyone will have it! In addition to your billing information and other PII.

      • unsaid0415@szmer.info
        link
        fedilink
        English
        arrow-up
        3
        arrow-down
        1
        ·
        edit-2
        1 year ago

        I’m not sure how do Hue lights work, but if they have any Wi-Fi component they’re essentially a device in your network. If compromised (by a hacker or by Philips themselves) they’re no different than a device next to yours on public Wi-Fi. Someone will definitely have a desktop PC with vPro with default credentials, or once in a while someone will log into something using HTTP without the S and leak plaintext credentials.

        People more well versed in networking often put their IoT devices in a separate network/VLAN so that they are all lumped together and away from personal PCs.

        Hell, I even block my ISP-issued modem/router/AP from ever getting an IP address on my network, and that way I can’t even receive tech support from them lmao

    • glimpseintotheshit@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      In addition to what the other commenters have said: They don’t just sell light bulbs but also motion sensors that can even measure temperature.

      So they wouldn’t just be able to tell which room you’re in at any given time but may also be able to tell when and for how long you shower or how often you cook food in the kitchen based on slight temperature changes.

      And if you wanna get really paranoid: Hue Sync analyzes what’s on your screen and synchronizes lights accordingly. Who knows what is really going on there if they pull this kinda shit lol

    • LrdThndr@lemmy.world
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      It’s also not about what data they hold, but what data they have access to.

      To you, it’s a light bulb, but internally, it’s a network-connected microcontroller, meaning it’s also connected to everything else in your network.

      It theoretically could scan and exploit any number of security holes in other devices, including but not limited to phones and desktops.

      Even if the manufacturer is ethical with it, other nefarious actors can use it as an attack point to try to gain deeper access. Some of these devices run a full Linux install internally, and if you know how, you can even get a shell session open on them.

  • dotnon@kbin.social
    link
    fedilink
    arrow-up
    19
    ·
    1 year ago

    This is immensely frustrating. Feels like a rug pull for anyone that cares about their data, privacy and (ironically) security.

  • Luvs2Spuj@lemmy.world
    link
    fedilink
    English
    arrow-up
    14
    ·
    1 year ago

    Anyone have a good resource for connecting existing bulbs to zigbee and moving off the hue app?

    • semi [he/him]@lemmy.ml
      link
      fedilink
      English
      arrow-up
      15
      ·
      1 year ago

      I’ve been very happy with Home Assistant. There are zigbee USB sticks such as ConBee that work well with it, and home assistant runs on many different types of computers including Raspberry pi.

    • NekuSoul@lemmy.nekusoul.deOP
      link
      fedilink
      English
      arrow-up
      10
      ·
      1 year ago

      To start off, you’ll want to have Home Assistant running on a local server or Raspberry Pi and a Zigbee USB dongle, like the Conbee II or SkyConnect. If you’ve never worked with Home Assistant, their Getting Started guide is pretty comprehensive.

      To migrate the apps off the Hue gateway, there’s a section describing various methods to do so in the Home Assistant Zigbee guide.

      I’ll mention that there’s also a whole bunch of other Zigbee gateways out there that work similar to the Hue Bridge, but these could all eventually share the same fate as Hue, if they aren’t already forced to be online.

      • SpaceCowboy@lemmy.ca
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        Cool… I got a Phillips hue hub, but already have a Pi as well, Just never thought of using it this way. So I just need the Conbee II, and I should be able to make things work off the Pi. One less device to have plugged in.

        Besides the stupid login stuff, I’ve noticed a lot of my stuff just isn’t as reliable as it used to be. It seems Phillips is just enshittifying things generally.

        Thanks for the links!