I found that Home Assistant was constantly sending substantial data about my smart home to Google. Moreover, this data is sent over an unprotected protocol, which (1) is a direct violation of my privacy and (2) is a hole through which third-party attackers can collect information about my system.
I ask the creators of Home Assistant to post detailed instructions on how to disable this surveillance (and all others, if any).
It will also be extremely correct if the users is explicitly notified of the fact of such surveillance, with the need to explicitly give permission for it. As all self-respecting developers of other programs do.
As an option, I propose to enter a special mandatory binary checkbox in the common settings for this.
Only one question : a bare homeassistant installation, or are you using custom components? And if a bare homeassistant installation, any components that are not local push or local poll?
Ah, that are two questions.
My browsers block google-analytics ( and Facebook pixels and the rest of this shit), so not directly a problem with it. Canât check right now ( not on a computer), but tomorrow Iâll check with Firefox developer tools where and how.
Well⌠Itâs also a story about breach of my privacy âon the slyâ. But thatâs a different story. In the description is clearly states that the data will be stored on the update server. Not in Google Analytics.
At the moment, I could not find in the Home Assistant code where the Goggle Analytics is inserted. However, there is a fact of tracking. I suppose this happens through the background loading of some page from a third-party site, where this code is already located. But given that the Home Assistant parameters were by default, I think this is a serious violation of the privacy and security of users.
I have studied the issue in detail and have to admit that I was wrong. It turned out that monitoring via Google Analitics is not done by Home Assistant, but by a third-party plugin of my browser.
I publicly apologize to the authors of Home Assistant.
At the same time, please make changes to the updater module code and cancel the default setting for the reporting parameter. I believe that users should give informed consent to such actions.
Wait, does that mean they actually knew what type of install everyone was running (who had not set opt out) and still went to try and remove that supported way of installation anyway ?
(Or do I need more sleep ?)
Much more apparently. This was added after the furore about the deprecation of Supervised (now reversed) because they had no idea so many people were using it. To opt out you just disable the updater. The docs are pretty clear about this.
Why is everyone so afraid of Google analytics?
I donât see why you need to hide your actions online from Google analytics, nothing that is shared with the website owner is personal.
What is the concern?
I donât like anything that tracks my online activity. Whether it is google analytics, facebook pixel, doubleclick.net or anything else. Just a matter of principle.
I have nothing to hide but I will not permit any corporation using my browsing habits to allow them to better develop their bottom line by reselling that data.
We all know that marketing has a better result if the target market is clearly (read narrowly) defined. These great corporations must find their profits from somewhere so why not sell convenience. It is after all the enemy of security!
I for one would rather NOT be a minion of ANY corporation and so block my telemetric info to all corporations.
Besides it is the main reason that I support open-source software and community driven projects.
I am a great advocate of open-source software and where possible will re-flash proprietary software every time!
Nothing to me is âoff-the-shelf-perfectâ One must either block the node from accessing the Internet or flash/hack it to own your own requirements
You may ask if I donate to open source? - YES! Every time I do a fresh install on a new node!
What do you do?
