this post was submitted on 22 Sep 2023
632 points (99.2% liked)
Technology
73287 readers
4432 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Ah yes to make your lights work, we need all your data. Stuff like this is why I don't have "smart" anything.
It’s perfectly possible to have a smart home that does not call home. Home Assistant is an amazing piece of software that can allow smart devices from different manufacturers talk to each other without connecting to a cloud service — all done locally.
This is the only way I would go about it. Maybe in the future if I really want it but really, the more tech, the more vulnerabilities. I'm fine with manually turning things on and off even if it's self hosted.
Unfortunately, no. Ultimately it’s a tiny computer that happens to produce light when a certain gpio pin is enabled. The light bulb is the portion you see, but inside, it’s an internet-connected microcontroller. I’ve even seen smart devices that internally run a full Linux distro complete with a shell session you can access if you know what you’re doing.
The problem is that some of these firmwares and/or exploits for these firmwares actively scan your local network and report things. Further, they can be used as a jumping off point for attacks deeper in your network.
And what about the zigbee hub, assuming you didn’t know enough to use homeassistant or some such?
Or a wifi bulb?
Point is, consumer smart electronics don’t have the same attention to security paid to them.
Fwiw, I’m not anti-smart device. I run HA and have all kinds of smart crap, so clearly I accept at least part of the risk.
But saying “it’s just a light bulb” is disingenuous as best.
The LIFX bulbs announced your WiFi password to anyone who asked. This is not a breach of the bulb itself, it’s a gateway to your LAN.
I don't want to be annoyed
It opens up another vector for attacking other sensitive devices on my network. I haven't segregated my network so I don't feel safe doing this.
If i understand correctly this is Home Assistant saying that Hue is taking away that ability on devices people have already bought and installed.
That’s about the hue hub. The bulbs are still Zigbee and can be controlled 100% remotely with HA and a Zigbee dongle.
You can have plenty of smart home stuff without this junk using stuff like home assistant and keeping devices like this from phoning home. Some products won't work at all without an internet connection but plenty still do.