I'm unhappy with the removal of GPIO

You gonna navigate approval for all those devices in every country?

" a journey begins with a single step " :wink:

Just curious, how many Home Assistant users have analytics turned off?
Isn’t turning off analytics counter productive? I mean, if analytics revels that no one is using an integration, why would anyone be surprised that it is being removed from core?

I know that has nothing to do with the current discussion, but why would anyone not want the devs to know which integrations are used by the community?

2 Likes

To quote The Doors “People Are Strange”.

But really it is a privacy issue in many people’s eyes. (not mine)

1 Like

TBH, there are so many shady things happening with your data that it’s probably good practice to share nothing if you have the choice, unless you absolutely trust the 3rd party or you’re absolutely sure no personal data is shared, as is the case here, afaict.

2 Likes

Oh my friend, please slap your face a few times :stuck_out_tongue_winking_eye:

Do you honestly think because you are running HA on your system you are immune from your system being compromised?

( quote from someone wiser than me my friend )

You can add a +1 for ZERO analytics here thanks.

:-1: No way for me.

Governments and Billion dollar companies have been in the news being hacked.

There where/are possible more we don’t hear about being held/paid a ransom?

What insurance do the HA DEVS provide me/you coughing up OUR details? None whatsoever in my eyes.

Why would you do something so stupid?

HA, apperantly has nearly 2000 integrations.

So be very careful where you leave crumbs? :wink:

@jkk has your issue been solved ?

1 Like

Please do not truncate quotes to change the meaning

My point was that you have to do an educated choice.

According to

There is zero personal data shared, so even if the database is compromised, there is zero privacy risk.
I honestly didn’t check the code but I trust Nabu Casa enough to take their word for it.

But yeah, if users are lazy to check the above, or do not take NC’s word, their best course of action is to refuse, indeed.

2 Likes

Really doesn’t matter if you trust the party or not. If they get hacked, and you have given some/all (hopefully not your PIN/Account or other personal details) you are pretty much screwed ? No ?

1 Like

If you’re worried that sharing analytical data to HA increases the chance of having your banking details stolen, you should unplug your router right now!

2 Likes

I agree, but in this specific case of HA analytics, we don’t give any personal details, so the point is moot.

1 Like

Your examples above are all cloud related. The whole idea of a local only system is to avoid these because they can break at any time (amongst other reasons). The GPIO integration was a part of making things local and hopefully less prone to (unavoidable) breakage. Then it got deprecated.

There’s a significant difference between breaking changes due to third party interference you can’t control, like a cloud service provider changing or removing their API, and breaking changes as a direct consequence from internal decisions by the HA devs. This GPIO thing here is part of the latter.

I had a quick glance over the code. Nothing shocking in there. Nothing that could directly correlate your actions to create a behavioral profile about you, like actual database contents or sensor data. But it still contains data that tells things about you and the type of user you are, simply by listing the type of HA infrastructure you have. Are you a user who is very much into wifi/cloud based systems, are you a major Google/AMZN/Tuya user, are you more a DIY tinkerer or do you interface with expensive pro systems, what kind of alarm system do you have, do you have security cameras, etc. No location data is transferred, but all that is tied together with a unique ID of your system.

Do I trust NC with this? I don’t know to be honest. The whole am I pwnd thing back then, where they sent our password hashes to an external site without our consent, because it was ‘for our own good’, did a lot of damage to my trust of them, even if I wasn’t directly affected as a HA core user. What keeps them from cooperating with say Tuya (with whom there already was a kind of we’re-partnering-with-them-but-not-really thing going on) to send them data about users using Tuya hardware ? Where is the limit, where’s the red line ? The fact that there’s a commercial entity (NabuCasa) behind HA doesn’t make it better. A company must make money to pay their employees. And data can be a very valuable asset. Not saying that they’re doing it now - but who knows what the future brings.

My analytics are off. Not only on HA, but anywhere I can turn them off, I do.

5 Likes

That’s the whole point of Analytics. As long as “type of user” doesn’t translate into “koying”, I don’t care.

Then again, just enabling “basic” would at least allow to have precise numbers regarding the reach of HA without any correlation possibilities. I guess this “tiering” of collected data was made to ease this kind of fears.

That’s probably not the best example, as Tuya users opened an account with them with all personal details including the devices they use, ip, serial, …
HA couldn’t even dream obtaining so much personal details :rofl:

Well in the end, it’s a personal choice. We live in a data driven world. People have different levels of acceptability on data footprint minimization.

Indeed.

Yeah well that was the point really. Tuya is a very data hungry company with very little respect for privacy. They will do whatever they can to get your data. They might be interested in what competing products their users have on HA. And NC has this data. Slippery slope, etc etc.

It would be foolish to send any data that is sensitive just for analytics.
My guess is that the IP is translated to country through a lookup and not real data.
There is no reason to send passwords and usernames, nor API keys or anything like that.
Whatever data is sent feels like (haven’t looked) it’s nothing important.

(But it perhaps could be useful to share the data that is sent as an example JSON so that people who are unsure can see what is sent)

And as I have said many times, why would they hack Nabu casa with just a few thousand users when the crime is the same to hack Google or Amazon where you can get payment details.
I don’t see a reason why someone would do such a thing for nothing.

I’m more worried about buying stuff online than using analytics on Nabu casa.

There are examples in the Analytics documentation :arrow_up:

I have seen that but I was thinking of an example of your own data.

Something like:

If you enable analytics today, basic will send:

Some JSON

And then if you select a higher level of analytics the JSON is updated.

here’s an example

{
   "version":"2022.3.0.dev20220212",
   "installation_type":"Home Assistant Supervised",
   "supervisor":{
      "healthy":true,
      "supported":true,
      "arch":"amd64"
   },
   "integrations":[
      "yamaha",
      ... etc...
   ],
   "custom_integrations":[
      {
         "domain":"multizone_controller",
         "version":"<AwesomeVersion SimpleVer""1.2"">"
      },
      ...etc...
   ],
   "addons":[
      {
         "slug":"15ef4d2f_esphome",
         "protected":true,
         "version":"2022.1.2",
         "auto_update":false
      }, 
      ...etc...
   ],
   "energy":{
      "configured":true
   },
   "state_count":1150,
   "automation_count":33,
   "integration_count":102,
   "addon_count":12,
   "user_count":4
}

basically, the only non-private information is all your custom integrations, integrations, addons, and counts.

Great to see that you made a custom integration for the gpio’s in HACS.
I am also in need of the mcp23017 integration, the whole control of lights and sensors in my house is depending on that. I have knowledge of programming, but not in that specific direction.
Perhaps I can somehow support (at least with testing :wink: ) or learn how to maintain such thing.

I have a little concern about maintaining code I can’t test myself, I am thinking of adding it as it was requested by few others. I might order an mcp23017 for testing and add it.
If you have a suggestion for a simple addon that can fit a PI3/4 send me a link in private message.

1 Like

One thing you could consider if you are familiar with node-red is this: mcp23017chip (node) - Node-RED. Node-red interfaces easily with HA, but there is a learning curve if not familiar.