• corroded@lemmy.world
    link
    fedilink
    English
    arrow-up
    50
    ·
    1 year ago

    The best solution IMO is don’t let your smart devices have access to the internet. Put them on a VLAN, block them at the firewall, whatever method you prefer. Accessing your home network remotely is one thing, but your air conditioner doesn’t need to INITIATE a connection to the outside world.

    • My Password Is 1234@lemmy.world
      link
      fedilink
      English
      arrow-up
      31
      ·
      1 year ago

      That’s what I did 🙃 Unfortunately, some devices do not work at all without a connection to the manufacturer’s cloud, this also needs to be taken into account.

          • Norah - She/They@lemmy.blahaj.zone
            link
            fedilink
            English
            arrow-up
            15
            ·
            1 year ago

            Oh, I could make it worse if you’d like? That tool isn’t made for just the bulbs I got at Costco, it’s made for any device in the Tuya ecosystem. What’s Tuya? They’re a Chinese white-label manufacturer that makes smart devices that other companies can slap their brand on. They’ll throw you together an app too, but all of the API calls go through their infrastructure. Bonus, they also make security cameras that send footage to their servers, and smart locks too. They’re literally everywhere, but I’m in Australia so that’s where I’m basing this list:

            • Mirabella Genio
            • Tapo
            • Laser (Big W)
            • Anko (Kmart)
            • Feit Electric (Costco)
            • Grid Connect (Bunnings)
            • EKO (only makes security cameras)
            • Kogan SmarterHome
            • BrilliantSmart (Brilliant Lighting)

            And that is, quite literally, only to name a few.

              • Norah - She/They@lemmy.blahaj.zone
                link
                fedilink
                English
                arrow-up
                3
                ·
                1 year ago

                I mean, there are still plenty of ways to have smart things that don’t communicate with the internet. Ikea’s stuff is all zigbee, they don’t have wifi at all. You can get one of their hubs to control from your phone, or they sell remotes with zigbee you can pair directly to control a set of bulbs. They never have to see internet at all.

                  • Norah - She/They@lemmy.blahaj.zone
                    link
                    fedilink
                    English
                    arrow-up
                    3
                    ·
                    1 year ago

                    Yeah. As well, if you want to upgrade to a Home Assistant setup down the line, all you need is a $50 Zigbee USB adapter. If you’re more tech-savvy then you can also buy bulbs from somewhere like https://www.athom.tech that come pre-flashed with open source firmware. Either ESPHome, Tasmota or WLED are available. These are wifi, but everything is local, and you can block them on your router without issues. ESPHome is what I have running on the bulbs I rescued.

          • My Password Is 1234@lemmy.world
            link
            fedilink
            English
            arrow-up
            4
            ·
            1 year ago

            I have flashed all the bulbs and ceiling lights in my house and they work locally on FOSS firmware now 😉 It is not a big deal. I have very poor soldering skills, and I did this anyway.

      • Monument@lemmy.sdf.org
        link
        fedilink
        English
        arrow-up
        8
        ·
        edit-2
        1 year ago

        A long while ago, my first foray into smart home stuff was a Phillips Hue system. I used to use it exclusively offline, but I got deeper into smart home stuff and wanted to add some integration into my system. I don’t remember what anymore, but it meant setting up a Hue developer account, so I signed up. Gave them my email address. Stopped using the integration, moved, reset the hub, used it offline for years.

        This February I logged into the hub for some reason. I think an accessory wasn’t working and Hue user docs said to log in or some such nonsense.

        Five days ago, I got an email from Amazon. They told me that one of the batteries in a Hue switch was running low, and they helpfully provided me with a link to buy new ones. Their page for the device indicated that they were being updated with its battery percentage every 4-8 hours - and that I had authorized Alexa access to my Hue system in February.
        I checked the Hue app, and it indicated no apps or services connected to my account.
        Logged into the Hue website, dug into my settings, and there were a dozen app’s and services that had been “authorized” to access my account - none that showed up in the app.

        Every smart device that has been on my network - devices that I never integrated with Hue (on purpose!) were all happily showing very recent access times to my data. Systems I don’t have accounts to anymore. I revoked access, of course.

        Three days ago Amazon emailed me to let me know a different device needed a battery, and showed that Hue had shared the battery level of the device with them that day - 2 days after I revoked access.

        Yeah… all their products are getting trashed, reflashed, or used with zigbee hubs I’ve built.

      • corroded@lemmy.world
        link
        fedilink
        English
        arrow-up
        14
        ·
        1 year ago

        You should never fully trust ANY device on your network. Even if it’s not collecting your personal information and sending it off to who-knows-where, there could always be a zero-day exploit just waiting for someone to find it.

          • corroded@lemmy.world
            link
            fedilink
            English
            arrow-up
            6
            ·
            1 year ago

            You’re correct about an outside individual accessing your network, but that still doesn’t prevent a device on your network from phoning home.

            I think most people have at least some open ports, though. Isn’t port forwarding required for a lot of online games? It used to be at least.