Lutron FTW
This is immensely frustrating. Feels like a rug pull for anyone that cares about their data, privacy and (ironically) security.
They’re light bulbs. What data can they possibly hold on the users beyond how bright they like their bulbs.
What times your lights are on or off can expose more than you might think over time. It reveals when you’re gone for work, your sleep schedule, how many days a year you spend at home vs traveling/elsewhere, when you stay up late, etc.
But it gets worse. If you give Hue your email or install the app then now you can be uniquely id’d across other products. Hue will sell that data to some advertising agency, who also buys data from Google, Facebook, etc. Now your usage data from other systems can be combined with the Hue data and used to more even more accurately track your day and behaviors.
Also when the keys are inevitably discovered on an unsecured S3 bucket, everyone will have it! In addition to your billing information and other PII.
Big data is a fascinating field, if not completely horrifying.
I’m not sure how do Hue lights work, but if they have any Wi-Fi component they’re essentially a device in your network. If compromised (by a hacker or by Philips themselves) they’re no different than a device next to yours on public Wi-Fi. Someone will definitely have a desktop PC with vPro with default credentials, or once in a while someone will log into something using HTTP without the S and leak plaintext credentials.
People more well versed in networking often put their IoT devices in a separate network/VLAN so that they are all lumped together and away from personal PCs.
Hell, I even block my ISP-issued modem/router/AP from ever getting an IP address on my network, and that way I can’t even receive tech support from them lmao
In addition to what the other commenters have said: They don’t just sell light bulbs but also motion sensors that can even measure temperature.
So they wouldn’t just be able to tell which room you’re in at any given time but may also be able to tell when and for how long you shower or how often you cook food in the kitchen based on slight temperature changes.
And if you wanna get really paranoid: Hue Sync analyzes what’s on your screen and synchronizes lights accordingly. Who knows what is really going on there if they pull this kinda shit lol
It’s also not about what data they hold, but what data they have access to.
To you, it’s a light bulb, but internally, it’s a network-connected microcontroller, meaning it’s also connected to everything else in your network.
It theoretically could scan and exploit any number of security holes in other devices, including but not limited to phones and desktops.
Even if the manufacturer is ethical with it, other nefarious actors can use it as an attack point to try to gain deeper access. Some of these devices run a full Linux install internally, and if you know how, you can even get a shell session open on them.
Companies these days: “help us think of products we can sell to procure data. No, we don’t care what the product is; we just want the data.”
I often wonder are we in some sort of “data bubble”? all this obsession over collecting it but not actually providing stuff people will pay for surely has an endgame
I think the endgame is to speedrun getting filthy rich and buying up a chunk of the earth before it’s completely destroyed.
reason: "your data isnt secure in your home, we need to control it. trust us. "
uh huh.
5 months later: “We had a data breach, but we believe they didn’t get all personal data”
Home assistant should shield me from this right?
Man fuck this. I use my lights in sync with my Philips tv when I watch movies so I can’t even switch to a zigbee thing or anything.
I bough a TP-Link smart bulb once. It was very nice - I could just download a “tp link bulb client” written for everyone by some third-party dude. If I wanted to, I could add a desktop shortcut to turn on/off the bulb.
Then TP-Link decided to automatically update the firmware of the bulb without my knowledge. The update turned off the REST API that made the third-party client to work. I could only use the shitty MOBILE app from then on.
The update was impossible to revert (though TP-Link said “Ok write to our support and we’ll give you the downgrade file” no fuck you).
Ever since I’ve vowed to heavily think whether I want to buy a non-open-source firmware smart device ever again. Recently I bought a smart bulb and two smart sockets that come pre-flashed with “Tasmota” and “WLED” firmware out of the factory and they work great.
And I OWN them too
Many years ago i bought an RGB LED and naively thought the remote signal must have some standard protocol, because it is so simple commands that would allow for some cool shit if automated. Oh boy was i wrong. Proprietary smart home software is the most insane. How on earth should your home become “smart” when it is locked into some ideology (manufacturer) or worse yet you have multiple “parties” fighting over the government causing a shutdown.
NGL you kinda went into left field at the end there, but I still agree.
i wanted to compare the issue with the principles of government and the structures needed,because that what smart home should be, organizing your home to certain effect.
And like with state government that requires transparent and consistent rules, cooperation of the different branches and accountability.
There is esphome too, it’s not used a lot by fabricant yet, but still exist and compatiblr with all devices using an esp as chip.
Why do they do this shit? Is “User A turned their lights on at 9 AM” that valuable of data that they’d disable third party shit?
I guess it’s because it’s “insecure”. Any device on the network could control the lights. Tasmota allows setting a password for the control panel though.
Pi-hole.
My two top-blocked domains are related to TP-Link.
While I can’t always get local-only devices, I can at least separate their traffic and block the shit out of them.
Tasmota is great but I’ve found the number of available devices is limited. For instance Tasmota smart dimmer plugs do not exist, nor could I find a stand alone controller.
Z-wave or Zigbee integration dramatically expand the number of available options and work with local controllers.
I too get the feeling that the selection of devices with Tasmota pre-flashed is rather limited. Due to the nature of Tasmota, those devices will only be Wi-Fi devices, which further causes problems with battery usage (contrary to Zigbee/Z-wave etc.) 15 minutes ago I was looking at smart buttons that can run Tasmota, and I’ve only found the Shelly Button 1. And funnily enough, it’s possible to connect it with microUSB (!) so it stays charged.
All zigbee devices’ firmware is proprietary though, no? This is why I’m willing to suffer for Tasmota
The device list seems larger if you’re willing to flash Tasmota yourself: https://templates.blakadder.com/
Zigbee does work with a generic controller on Home Assistant and other platforms, and there are >3100 devices that are compatible with zigbee2mqtt, a Zigbee to MQTT bridge that exists to bypass the need for proprietary Zigbee bridges. No proprietary app or Internet access required either, but it was not easy to set up. Here’s a list of supported devices: https://www.zigbee2mqtt.io/supported-devices/
The list of Tasmota devices is extremely limited if you don’t want to flash it yourself, but a bit less so if you use Tuya Convert which is done via WiFi. It seems the device list is getting shorter all the time as vendors switch to other hardware implementations, but I seem to remember reading that a new Tasmota version will be coming that supports additional hardware.
To get plug-in dimmer and smart button functionality (Shelly Button 1 didn’t exist at the time) I had to put in Z-Wave. and I’ve since added a few new devices. Z-wave works pretty well, but not flawlessly. My Tasmota stuff just works and works much better than the original firmware on my smart bulbs and plugs.
Just getting my feet wet with Zigbee because I need yet another dimmer plug for a different location, but my understanding is most (but not all) Zigbee devices are not proprietary and work with most controllers. I’ll know next week.
The update was impossible to revert (though TP-Link said “Ok write to our support and we’ll give you the downgrade file” no fuck you).
That doesn’t sound like it was impossible, it sounds like you just didn’t want to do it.
Factually, it was how you described. Poetically, it was making my life as a customer unnecessarily difficult to the point where the word “impossible” is a valid form of artistic expression. I didn’t want to have to beg anybody to please unlock the device I paid for.
https://community.home-assistant.io/t/tp-link-offers-way-to-add-local-api-back
We are hoping for a better solution, but for now this is what you should do: Submit a ticket to technical support 27. Make sure to include the MAC address of your plug. Go to the forums and send this user 24 a message with your ticket ID and MAC address (just to be sure).
https://community.home-assistant.io/t/tp-link-offers-way-to-add-local-api-back/248333/107
Please be advised that I intentionally cherry-picked the comments that support my point, as I was just skimming the thread.
Start leaving 1 star reviews in the app stores from Google and Apple complaining about this.
They read those because stakeholders who understands nothing about tech only care for more stars.
I’m definitely starting to find a way out of hue and freezing my plans to buy more bulbs from them.
Welp, their products are completely out of the running for our setup then.
and RIP to anyone who invested thousands into them. Those lights were NOT cheap.
Hopefully this spurs someone to go to the CFPB or something and sue. These companies need to stop pulling this retroactive change bullshit, like Unity, Wizards, ad now Hue.
Edit: If this is actionable, I would be interested in participating in a class action suit against Philips for materially altering a product’s functionality after purchase. This is like buying a normal car and being told a year later it was given a remote update and now can only use Ford ™ brand gasoline which costs $10/gallon.
If you do have an existing investment in Hue products, I suggest reaching out to them to request a refund because your purchase was made under a different policy, and this policy change is going to render your products useless without consent on your part. If they’re going to force a significant change that compromises the functionality of what might be hundreds of dollars worth of equipment without permitting recourse for legacy users, they should have to accept returns on what essentially is now a product you did not purchase and would not have purchased.
I started the email thread with them on Friday. So far I’ve only received canned messages like they told the HA folks.
Guess I can sell that Hue hub after I move my Hue devices over to my HA/Zigbee config — what wasn’t broke and didn’t need fixing… will now finally be fixed and finished.
hundreds of dollars worth of equipment
More like thousands, Hue is way overpriced
Or just get a ZigBee hub and keep using the bulbs without the Hue hub
Indeed I’ve never even installed the hue app, always assumed it was just a zigbee thing anyway. The hardware is just a basic zigbee bulb.
Mostly I’ve been moving to using the ikea ones though as they’re much cheaper.
Any recommendations for a Zigbee hub to use with HomeAssistant? I’m planning to make the switch now that Hue is doing this
If you have home assistant, you don’t need a zigbee hub, just a ZigBee USB stick. There’s a whole bunch of them, I think they’re all pretty similar, a few have Z-Wave also. I’m 100% Z-Wave so I can’t say personally what is the best stick to use… Just check the forums and whatnot.
If someone does this let me know. Every bulb in my house is hue.
After they make the change, someone with an old Hue bulb should go to the Consumer Financial Protection Bureau.
Making this decision retroactive is clearly false advertising and anti-consumer. I don’t really give a shit what their terms of use were.
They can do what they want with their future bulbs. The old ones need to be grandfathered in.
Isn’t the “take it or leave it” approach to consent considered consent bundling? Didn’t google get fined for doing a similar thing?
Thankfully, while I have a smart plug from them, I’ve made sure that it’s a Zigbee powered one, meaning it’s directly connected to my Home Assistant server over it’s own frequency/protocol, no app required. Guess that choice is paying off now.
Also, someone should tell whoever is managing that Twitter support account that you should never use the phrase “We’re sorry you feel that way”, even when you’re going for a non-apology.
Anyone have a good resource for connecting existing bulbs to zigbee and moving off the hue app?
I’ve been very happy with Home Assistant. There are zigbee USB sticks such as ConBee that work well with it, and home assistant runs on many different types of computers including Raspberry pi.
To start off, you’ll want to have Home Assistant running on a local server or Raspberry Pi and a Zigbee USB dongle, like the Conbee II or SkyConnect. If you’ve never worked with Home Assistant, their Getting Started guide is pretty comprehensive.
To migrate the apps off the Hue gateway, there’s a section describing various methods to do so in the Home Assistant Zigbee guide.
I’ll mention that there’s also a whole bunch of other Zigbee gateways out there that work similar to the Hue Bridge, but these could all eventually share the same fate as Hue, if they aren’t already forced to be online.
Cool… I got a Phillips hue hub, but already have a Pi as well, Just never thought of using it this way. So I just need the Conbee II, and I should be able to make things work off the Pi. One less device to have plugged in.
Besides the stupid login stuff, I’ve noticed a lot of my stuff just isn’t as reliable as it used to be. It seems Phillips is just enshittifying things generally.
Thanks for the links!
