Today’s story is about Philips Hue by Signify. They will soon start forcing accounts on all users and upload user data to their cloud. For now, Signify says you’ll still be able to control your Hue lights locally as you’re currently used to, but we don’t know if this may change in the future. The privacy policy allows them to store the data and share it with partners.
(more in the article)
It’s scary because there is an incredible amount of data that can be gained just by knowing when your lights are turning on and off (when people leave/return for the day and when they’re on vacation are examples). Combine that with information on what IP Address the app is reporting from and you may be able to get a decent bit of location data even without officially querying for location.
Without an account, potentially having this information is bad enough but mandating an account and then having it tied to your email address is worse (since most people aren’t going to make a per-service address).
Right now, my Hue hub is prevented from accessing the Internet and everything using the local API works without issue, except the app is trying to force a TOS agreement and without agreeing I cant do anything with the official app (add/remove devices, adjust on/off state, adjust brightness, etc…). Home Assistant control works, so, my lights still come on automatically based on my motion sensors and my light switches through HA will still turn them on and off and adjust brightness and all that … If I were relying on the official app though, I’d have no choice but to agree to their TOS or would now have to take all the bulbs out.
This really sucks because I paid a shit ton for these bulbs vs their competitors because I liked that they allowed local control natively without needing to mess around with anything to get it to work and had a quality product … Had I known this would happen I definitely would not have paid the hefty surcharge I did and would have gone with a competing product.
I personally know others who made the same decision. Sounds like a class action suit, similar to when Sony removed the ability to install linux from the PS3.