Is nabu Casa gdpr compliant?
Isn’t it strange that humans typically “allow” (or expect) companies to lie but when fellow humans do this it’s not really appreciated? 
Even Signify / Philips Hue is LYING directly into our faces by telling us our private data is safer in the WWW than in our homes it still was a fellow human writing these lines… 
There is actually no need to share my camera streams with companies and other users like happened in the past with amazon, eufy or wyze cameras more than once 
If YOU want acces to YOUR cameras just use some VPN like wireguard or tailscale to acces your private network - allowing the manufacture (and potentially the rest of the world) access to YOUR cameras is probably most interesting for people with some fetish.
4 Likes
Wrong thread @Stefan_U?
Privacy Policy
Your privacy is critically important to us. At Nabu Casa, Inc., we have a few fundamental principles:
- We don’t ask you for personal information unless we truly need it. (We can’t stand services that ask you for things like your gender or income level for no apparent reason.)
- We don’t share your personal information with anyone except to comply with the law, develop our products, or protect our rights.
- We don’t store personal information on our servers unless required for the ongoing operation of one of our services.
well, not quite actually…
since in this topic people speak of moving all Hue devices to HA + ZHA only, that question is quite relevant.
given the 2 bottom bullets, one could argue HA has a policy rather comparable with what Hue is now implementing.
Users require an account to safely login, but other than that, the company assures the user security is priority nr 1.
No storing or sharing user data, unless …
Neither Signify nor HA ask for my gender or income level .
just saying
if this:
turns out to be the correct final implementation, all is well after all I suppose. We need the account to signup and register the devices for operation when away from home, but can cut the external internet connection when at home and still have full operational power.
Or cut it permanently and have HA do the job if you want.Only connect upon updates if must be.
Seems the correct way of handling things, considering most Hue users wont have HA to be the man I the middle, and they need to be able to offer that service as standalone company
If security really would be the priority of Philips Hue / Signify they would not force you to upload your data to their computers computers in the very beginning. 
Sad to see gaslightning or marketing bullshit in general still works a treat for companies even in the year 2023 - people (would) have easy access to literally all information like never before still they fall easily for lies just nicley presented 
We all know customers (and voters) have a very short 
memory which obviously helps companies (and political parties) to continuously screw them over - again and again 
Any one remembering the (later reversed) decisions of Philips Hue from 2015? No? That’s good! So go and buy some more signify products PLEASE 
3 Likes
I created an account a long time ago for remote access (I think) and it drives me nuts how often I have to sign back into the iConnectHue app for remote access.
I only have 3 devices left…
At this point I think I’ll just try to get them to work on my regular Zigbee network.
Maybe somebody will create an animation builder like I’ve always wanted, maybe I could figure out how to code it myself.
you might have failed to read my sarcasm… when comparing the 2 companies Signify and Hue…
btw why wouldn’t they both be sincere?
1 Like
Not really. HA does not require any sort of Nabu Casa account. A Nabu Casa account is optional.
true.
but for external operation you need some account anywhere, and need to login.
Until I have verification otherwise, I’m just assuming that Signify/Hue is going to just collect everything it can on me and sell it to third parties. This is why I, in general, immediately block ALL internet access for any IP device on my network unless there is a reason to have it talk to the cloud. I don’t have a single camera that can reach the Internet, yes this is a bummer sometimes because I might want a firmware update and, at least for now, you can generally download the bin file and upgrade it yourself so I schedule this once a quarter.
I never bothered blocking Hue because I wanted auto updates and all the scenes, but it’s now been blocked since this thread was started and everything is working just fine. When that stops being the case I’ll just link them up as Zigbee devices, ditch the hub and wash my hands of their hub.
The thing that really bugs me about companies like this is that they SAY they will only collect data on THEIR devices (technically they are mine now but whatever), however they can easily ARP out my network to see what other types of devices I use based on MAC address (not all resolve but the big ones do), get a count of how many IP devices I run and much more - without needing to hack my system to do this. Of course they all claim they wouldn’t dare do this but how many times have major manufacturers been caught with their hand in the cookie jar? It’s risk assessment, they will illegally (and against their TOS) collect everything they possibly can until the lawsuits force them to stop because they cost more than the sale of this private data.
I’ve sniffed many devices on my network, there’s not a single camera I own that doesn’t make very regular calls to Chinese sites - some are probably legitimate, but I have watched Foscam call Chinese servers 300+ times an hour!
So, just block them all and if you lose functionality then return them. Heck, I have full control over my ESP devices yet I still won’t allow them to the Internet for any reason.
Only for convenience.
My external access is account free and secure
It’s an offer, I pay through an account to support the devs. But I have my own setup that enables remote access. Plenty of guides around to get started if you’re interested.
No, Philips is gdpr compliant.
Nabu casa? Since it’s delivering services to European customers, it needs to be gdpr compliant too.
I’m with them this time. 
Technically you don’t own them despite you payed for the hardware
Well, guess their is no need anymore for that really as most likely more operating systems than only iOS probably suck data like that already by default and might share them for the right incentiv too.
Mobile Handset Privacy: Measuring The Data iOS and Android Send to Apple And Google
Abstract — We investigate what data iOS on an iPhone shares
with Apple and what data Google Android on a Pixel phone
shares with Google. We find that even when minimally configured
and the handset is idle both iOS and Google Android share
data with Apple/Google on average every 4.5 mins. The phone
IMEI, hardware serial number, SIM serial number and IMSI,
handset phone number etc are shared with Apple and Google.
Both iOS and Google Android transmit telemetry, despite the
user explicitly opting out of this. When a SIM is inserted both
iOS and Google Android send details to Apple/Google. iOS sends
the MAC addresses of nearby devices, e.g. other handsets and
the home gateway, to Apple together with their GPS location.
Users have no opt out from this and currently there are few, if
any, realistic options for preventing this data sharing.
To be honest, I’m surprised how many people use the hue hub. I never even set mine up, just left it in the box because 4 bulbs + hub was cheaper than 4 bulbs when I bought it.
5 Likes
The last point is pretty much the only part why i got a hue bridge still
On the other hand, if anyone in Canada wants to send me their Hue Hub I’ll pay for the postage. I’m serious. 
I’m surprised I read through this whole thread and although I understand the thought of privacy and not having accounts, we all have them and we all use them. In any case I don’t have any issues with accounts although am generally trying to move local.
As a companies who delivers services in Europe they need to be gdpr compliant.
1 Like
And who exactly ever said anything else? Obviously companies need stick to the laws 
I really don’t get the intention from your posts and I really do hope you are not an employee from Philips/Signify 
1 Like