Anyone else get this email from Leviton about their decora light switches and their changes to ToS expressly permitting them to collect and use behavioral data from your devices?
FUCK Leviton, long live Zigbee and Zwave and all open-sourced standards
My Leviton
At Leviton, we’re committed to providing an excellent smart home experience. Today, we wanted to share a few updates to our Privacy Policy and Terms of Service. Below is a quick look at key changes:
We’ve updated our privacy policy to provide more information about how we collect, use, and share certain data, and to add more information about our users’ privacy under various US and Canadian laws. For instance, Leviton works with third-party companies to collect necessary and legal data to utilize with affiliate marketing programs that provide appropriate recommendations. As well, users can easily withdraw consent at any time by clicking the links below.
The updates take effect March 11th, 2024. Leviton will periodically send information regarding promotions, discounts, new products, and services. If you would like to unsubscribe from communications from Leviton, please click here. If you do not agree with the privacy policy/terms of service, you may request removal of your account by clicking this link.
For additional information or any questions, please contact us at [email protected].
Traduction française de cet email Leviton
Copyright © 2024 Leviton Manufacturing Co., Inc., All rights reserved. 201 North Service Rd. • Melville, NY 11747
Unsubscribe | Manage your email preferences
It’s why I only buy their ZigBee/Z-Wave devices. Safer than any WiFi-connected alternative.
This is why I buy TpLink Kasa switches and plugs and use the hs100 code on github to activate them only to local server, so they never phone home to tplink servers.
Does that work for devices not listed? I’ve got 2 KP125 and a few other things. It works fine but would be nice to decouple.
It does work for many not listed, but no guarantees from the dev. And there are some sold where the firmware version blocks this path. But I have had success with six separate plugs and a dimmer. None were listed in the supported product numbers
This also looks promising https://github.com/python-kasa/python-kasa
Oh interesting. I have a few kasa items
I been using TP-Link Matter junk with Home Assistant.
Im using homeassistant also, just used the git code to change their built in server lookup, and associate them to wifi
Did you really expect them to not collect your usage patterns?
I’m not defending them, I’m saying stop supporting these companies.
I have exactly zero of these automation devices in my house. Wait, that’s a lie, I have one, a temp monitoring device for a freezer - and only because I needed it in a hurry.
I’m currently working on self-hosted solutions with no web-based account.
Simply don’t use these automation devices, it’s very clear they collect your data - why else would they host a web service for it for free, when it could just was easily be self-hosted today.
I found this on github to activate tplink kasa plugs and switches to a local IP and never phone home. It swaps the internal server lookup, and allows you to Activate to your wifi SSID with no app https://github.com/jkbenaim/hs100
Couple things:
- Most people aren’t aware of these terms when purchasing, installing, or acquiring a home with these products. Removing and replacing devices throughout a home is expensive and time consuming, and they assume (rightfully) that most people won’t go to the trouble
- Even if you are aware of products that may require internet access or poll home to work, it’s still difficult not to end up with them in your house anyway. Try buying a tv or bluetooth speaker without smart features today - it’s not as easy as it should be. And there’s no guarantee that even locally hosted products will stay air-gapped in the future. Why should we normalize the practice now?
- most of these products start out as cheap and noninvasive options when they hit the market, and switch their ToS and brick their products through firmware updates without internet connections (e.g. Hue bulbs)
That said: of course i advocate against these brands. I have several zigbee dimmer switches ready to swap out with leviton already. But that doesn’t mean this information shouldn’t be widely circulated when it surfaces, so that other people know the landscape better when they go to purchase.
Hue Bulbs are zigbee. They weren’t bricked. You can use them with any zigbee adapter plugged into home assistant, hubitat, etc. I believe you are thinking of the hue hub that began requiring a hue account for “security reasons”
I use Lutron Caseta which has a local hub and no cloud control. It’s the same company and I didn’t get that notice.
Wonder what’s different about the Decora switches?
Are Lutron and Leviton the same company? I’ve always wondered but never found any definitive confirmation one way or another.
Edit: see, two replies, two answers… shrouded in mystery haha
They’re competitors.
They’re like the Lincoln & Ford (or Acura & Honda, if you prefer a less ambiguous simile) of the electrical components world
The problem with all Home tech I’ve scene you control none of it. Only when you get a full copy of the source code which you are allowed to control and modify to your hearts content will I even consider one of these devices.
While not quite “copy of source code” there are many, many zigbee/zwave devices that literally do not have the capability to phone home. They work fully within their respective networks and only talk to each other/the hub.
Now, the hub can phone home. But that’s when you use something like Home Assistant, which is open source.
The fact that they can’t connect to the internet is no consequence to me and could even be considered a inconvenience. I want something that I can control the entire system. I should be able flash my own software based on the original code.
That’s the ideal, but it’s difficult to do that with every single machine. Like even with a computer not every motherboard can be flashed with Coreboot. The closest you can get right now is probably building devices with the ESP32 chips.
You also can use ARM boards
I use some of their switches using Home Assistant’s Homekit integration. Set them up on wifi in their app, add to HA, then block internet access in my router’s firewall. Kind of the best of both worlds at that point.
Seems to be more on the web side of things for affiliate marketing, not necessarily light switch usage patterns? At least the pasted/quoted bit doesn’t suggest that it’d cover interactions with the devices.
It’s any of their products that utilize their app or web servers to work. Here’s their ToS, and below is a snippet:
Automated Processes and Artificial Intelligence This mobile app may use automated processes and artificial intelligence (AI) to provide you with personalized features and recommendations. We collect and process your data, such as your preferences, behavior, and feedback, to improve our app and deliver better services to you. We respect your privacy and we are committed to protecting your personal information. You can review our full privacy policy here: https://my.leviton.com/home/privacy. By using this app, you consent to our use of AI and data processing as described in our privacy policy.
And their privacy policy:
- INFORMATION WE COLLECT AND HOW WE USE IT
Leviton collects information you provide as users who access the App, register for accounts, use the App, or request information as well as data from Leviton Product(s) once it is registered with a valid account on the App. Information is collected on an ongoing basis and when you access information using the App, which then accesses one or more Leviton or third-party servers. Leviton works with third party analytics companies (such as Adobe Analytics) to aid and improve the App’s functionality, and who may use technology to automatically collect the types of data listed below. Such data may be collected, analyzed and used for the following purposes: i) to enable you to access and use the App and connected Leviton Products and services,(i.e. account registration and management) ii) to operate and optimize the App and the user experience, iii) to send administrative information to you (i.e. updates to this policy), iv) to identify usage trends and to evaluate and create improved and more advanced features for the Apps and connected Leviton Products and services, v) to tailor marketing efforts and the like vi) to protect our App, Leviton Products, and Services, and/or vii) to comply with legal or regulatory requirements. Your information may be shared with third parties, such as service providers, in limited circumstances, as described below.
User Data. Set-up information you provide, including email address, name, address or coordinates (the location of your Leviton Products). Biometric data, such as images, may be collected if videos or images are provided to Leviton, i.e. as required for customer service support. Usernames, phone numbers, contact preferences and authentication data. Usage Details. When you access and use the App, certain details of your access to and use of the App, including the resources that you access and use on or through the App may be automatically collected, including: direct adjustments to the Leviton products using the App, technical information from the Leviton products (to improve your experience over time and help troubleshoot issues), electricity usage, capacity, and power information (every time a Leviton Product is turned on or off, the App records the time and duration to offer features in usage history), current status of the Leviton Product, and usage schedules, among other related data necessary for the functionality of the device. Mobile Device Information. We may collect information about the mobile device from which you access the App, including the device’s unique device identifier, IP address, operating system, browser type, mobile network information, the device’s telephone number, in addition to the internet connection. Additionally, as needed from time to time, we may request access to certain features from your mobile device, including the microphone, camera, etc. Location Information. This App does not collect real-time information about the location of your mobile device, but it does collect environmental data (such as user location and Bluetooth-enabled device location) that supports certain Leviton Product features, e.g. Astronomical Clock) from the Leviton Products that are used with the App in real-time. App Usage. We collect the frequency of the App usage, frequency of individual features of the Leviton Products usage, and how features of the App and the related Leviton Products are used. Partner Data. Some of your information or data provided to third-party products and services that interface with the Leviton Products may also be provided to Leviton. We may also obtain information about you from joint partners, public databases and other third-parties. Web Server Logs. When you visit our App, we may track information through web server logs to better administer the App and analyze its usage. Examples of information we may track include but is not limited to your Internet Protocol address, the type of browser or mobile device you use, the number of links you click within the App, the geographical location from which you accessed the App, the date and time of your visit, and the name of your Internet service provider.
and section 3:
Leviton may share data with third party vendors, service providers, contractors, or agents. These may include affiliate marketing programs, cloud computing services, data analytics services, data storage service providers, performance monitoring and testing tools, web hosting service providers, and product engineering and design tools.
Cool. So don’t use their app. I’d imagine HomeAssistant usage cannot be tracked as it wouldn’t go through their app.
FWIW, I’m all in on HomeKit, so I only control over Home app for my light switches from another vendor, and I’ve got no skin in the game with Leviton, but same idea applies. No vendor apps means their app based tracking are much less relevant.
These devices are home-polling, which means commands/info is managed through WAN and their home servers.
Even if you don’t use their app, it still uses their servers.
FWIW, i also use home assistant. But some of the devices I have were not choices I made, so it’s a slow trudge replacing them all with locally-managed devices.
You can use these devices with HomeKit and firewall then off from the internet so they can no longer phone home. I have mine brought into home assistant with the HomeKit controller integration and it’s on a WiFi network with no connection to the outside world. The downside is that it can’t receive a firmware update.
Can’t wait for Matter and Thread become more mainstream. Local first (and device level egress blocked by VLAN) for the win.
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
Fewer Letters More Letters Git Popular version control system, primarily for code HA Home Assistant automation software ~ High Availability IP Internet Protocol
3 acronyms in this thread; the most compressed thread commented on today has 14 acronyms.
[Thread #599 for this sub, first seen 13th Mar 2024, 01:55] [FAQ] [Full list] [Contact] [Source code]