Philips Hue will force users to upload their data to Hue cloud

Today’s story is about Philips Hue by Signify. They will soon start forcing accounts on all users and upload user data to their cloud. For now, Signify says you’ll still be able to control your Hue lights locally as you’re currently used to, but we don’t know if this may change in the future. The privacy policy allows them to store the data and share it with partners.

Last week I wrote how toying with the first Philips Hue hub and their local API led me to start Home Assistant back in 2013. They have played an important role in my smart home and they were a role model for our Open Home vision. Sure, they are expensive but they work reliably, have a local API, can be used completely offline, and you don’t have to share your data with the cloud.

But things are changing, for the worse. When you open the Philips Hue app you will now be prompted with a new message: Starting soon, you’ll need to be signed in.

Left: A new tip informs users that they soon need to login. Right: the screen shown when clicking learn more

When you create an account with Hue, you get the ability to control your lights while away from home using their mobile app. This feature works by uploading your data to the Hue cloud such that the mobile app can reach it. Their privacy policy allows them to store this data and share it with their partners.

Creating a Hue account has been an option for a long time, but it was always an option. Many Home Assistant users preferred not to create an account and remain private, and purchased Hue devices because it allowed this.

So today, you can choose to not share your information with Signify by not creating an account. But this choice will soon be taken away and all users need to share their data with Philips Hue.

Confirming the news

I didn’t want to cry wolf, so I decided to verify the above statement with Signify. They sadly confirmed:

Twitter conversation with Philips Hue (source: Twitter)

The policy they are referring to is their privacy policy (April 2023 edition, download version). It shows that user data will be stored for as long as the account remains active, and that it will be shared with partners. I was unable to find an inactive user policy.

WHAT TYPES OF DATA DO WE COLLECT ABOUT YOU?

[…]

If you connect a product, this will form part of your Philips Hue Account.

[…]

HOW LONG DO WE KEEP YOUR DATA?

[…]

Do you have an account with us? In this case, we will keep your data while your account is active or for as long as needed to provide the product functionalities to you.

When asked what drove this change, the answer is the usual: security. Well Signify, you know what keeps user data even more secure? Not uploading it all to your cloud. Just allow a smart home to talk to Hue using the local API or Matter.

Source: Twitter

It’s not too late

Currently Philips Hue is announcing this change in their app and users are not forced yet to turn over all their data. We have contacted Signify privately to bring this issue to their attention but they have not responded.

As a user, we encourage you to reach out to Signify support and voice your concern.

Dear Signify, please reconsider your decision and do not move forward with it. You’ve reversed bad decisions before. People care about privacy and forcing accounts will hurt the brand in the long term. The pain caused by this is not worth the gain.


This is a companion discussion topic for the original entry at https://www.home-assistant.io/blog/2023/09/22/philips-hue-force-users-upload-data-to-cloud/
14 Likes

I don’t have any Hue devices, and decisions like this ensure that I won’t. When I clicked the link to report as much to them, I am greeted with: " This functionality is not available due to your cookie consent choice. We make use of reCaptcha, an analytics cookie, to ensure the quality and security of this form. If you do not wish to change your cookie preference, you can always reach out to us in an equally effective manner via Email or Phone." So yet another “we are tracking you for your protection” kind of cop-out.

I am not sure what cookie preference is blocking this; I have never seen another site complain like this, but further solidifies I’m just not messing with Hue at all :slight_smile:

2 Likes

I’ve had 3 hubs with 3 accounts for years, and have always understood that wanting to control when away from the home network would imply Cloud. Just like any other cloud service required when not at home.

Signify is adding security functionality (have a few of these sensors already and they work very nicely indeed, hope HA soon will integrate them) which obviously needs distant connection over the cloud. How else would we be able to get signaled of intrusion were to be detected (without HA that is).

Not sure if they change anything in handling our data itself? That would indeed need to be scrutinized…

Having said all of that, we shouldn’t be forced to use Cloud. If it would come at a cost of functionality loss, so be it, but no obligation.

Just compare Shelly: cloud is available, but we can use it without and all functionality remains.

Reason number 123 that I moved my hue bulbs to Z2M a long time ago

8 Likes

Thankfully Hue is built on Zigbee so anyone concerned about their existing investment can simply chuck the hub and directly pair bulbs through Zigbee. Has worked perfectly for me for years.

Cheers!

5 Likes

The whole thing is FUBAR

  • They removed the support email from their website, making it impossible to reach them other than through the website form or via facebook / X
  • I cannot get access to the form unless I disable all uBlock, privacy badger and accept ALL their cookies.

Either some crazy lawyers have taken over or they went full dark side. I am obviously running every Zigbee I have with the skyConnect but one has to wonder if they will stop short of trying to mandate the use of their hub with their device again.

This would really give me second thoughts before opening my wallet again

I have started moving off the Hue bulbs in my house off the bridge, but the one thing that stops me is that some of the rooms have enocean switches which are connected to a Beckhoff SPS which controls the Hue lights over the bridge, and its a unacceptable, irreversible decrease in acceptance for my system if I take down that feature by moving it off, even if it brings direct connection of HUE dimmer switches and bulbs.

Also, the lights should retain the Wake-Up light feature and Alexa integration and that shouldn’t depend on my HA because it’s really critical and again, acceptance drops to -1 if the wake-up light fails because I screwed up my HA system again…

I would also have to reproduce the behaviour of the dimmer switches so they work exactly as before, with all the scenes needing to be reprogrammed and the switches would then need multi-press (up to 8 times in some rooms) scene cycling again…

These are the last things that stop me from taking down the bridge, otherwise I would immediately do so

I watched this conversation happen in real time on twitter. I also seen all of their canned responses to everyone. F’ em. The festiva lights I ordered arrived the day before this announcement, I’m going to return them for a refund. Hundreds of dollars worth of light purchases will be lost right there because of their dips*** decision.

Hello,
I raise a question…If I block now the internet access to the hue bridge, It would keep the local API and, I would be able to continue using it the way I do through HA. Am I right?
Don’t mind about updates for my bulbs as they work as expected for me and they won’t see internet anymore…right that the vector attack for zigbee maybe, it is not internet so my bulbs could be vulnerable to future attacks but, there’s always Z2M to update.
In the meantime, I blocked internet to HUE bridge no new features for me, really won’t miss them.

1 Like

I blocked internet access to the bridge as well, but I don’t think the change is going to happen on the bridge. I think it might be the app that will be forced to be logged in. From what signify has stated the hub will continue to work offline.

Thanks for this info. I’m in the process of adding a number of bulbs to my setup and was considering Hue for some locations. No more.

1 Like

based on what they replied me on twitter, it seems that their decision is irreversible, so the only way out now seems move the bulbs fully on HA either using ZHA or zigbee2mqtt

1 Like

The social media people have a script to follow, that does not mean the company won’t change course if the public outrage is loud enough.

3 Likes

they said that, but also made mandatory a first time account login to configure the bridge, and this is still sketchy

well since the app is required to setup the bridge it would follow that you would need to login with an account at initial setup…

If you block the bridge from connecting to the internet at the firewall and disable the app on your phone it should not be able to transmit any data to their servers. In fact it wont even be able to update. My guess is that they will force the app to use the cloud connection and remove its ability to access the local api of the hub. whether they remove the local API from the hub or not is to be seen.

I was lucky that when we started a more seriously “smart home” attempt that esphome was already around the corner:

So as of today like 98% of our devices are esphome nodes (full control & ownership) and a stunning of 100% of new devices are esphome compatible - otherwise it’s just not possible to have assurance that in 1, 5 or 10 years I can still use my own hardware (beside being able to update, change or fix things :warning:).

It needs to be repeated again and again: If you only buy hardware (without having control over the software part) you are not really owning the thing and with it you don’t have things like the right to repair :hammer_and_wrench:

Fun Fact: It was over 10 years ago when the Philips Hue bridge with it’s API actually gave @balloob the initial idea building a software known as Home Assistant. :trophy:

2 Likes

Wow, this is truly disturbing. They always try to tell you that they do these things for “security” when really they want the revenue model that comes with selling your data to others, particularly the likes of Google.

I’ve been a loyal Hue customer for many years and that stops today. I actually have been working out a plan to deploy a bunch of their outdoor lights in a spring project that is now off the table (~$1,000 worth of Hue).

I’m curious about how to move Hue bulbs from the hub and into generic Zigbee, what’s the process and what do you give up by doing this? If I lose the cool effects it’s a real bummer as I use them all the time but it’s not the end of the world. What happens if I block the Hue hub from being able to access the Internet but leave things on there?

Perhaps we can use this topic to talk about how to change our use of Hue since we all know that writing to the company is not likely to do anything since we represent a fraction of the revenue they will get from the masses who put in a Hue hub and that is the extent of their automated home.

1 Like

well their hardware is solid, even if a bit pricey, and most important follows the lightlink standard so it can be used with an open controller

Same here: playing with philips hue made me look for an open, local only solution. And on zigbee, using a conbee2 it works flawlessly. I’ve also successfully converted a few friends to HA and open + no phone home is the one thing they all were asking for.

You should consider changing the slogan for HA >

Home Assistant: You don’t need an app for that, but we have one too if you want that :grin:

This would be a great time for someone to post a really simplified “How to” guide for first-time setup of Home Assistant and converting Hue Bulbs from the Hub hub to direct Zigbee control.

Make it non-nerdy, non-techie, and don’t assume the user has much understanding of HA.

If done right, would be a great first time experience for a lot of consumers concerned about privacy and the heavy-handed Hue policy and bring them into the HA arena with a nice soft landing.

7 Likes