I’m looking to replace my current thermostat with a “smart” one. The key requirement, however, is that I don’t want my data to transit through (or be stored on) a third-party server.
This rules out neat products like the Nest, Honeywell, and Ecobee. People seem enthusiastic about the Radio Thermostat CT50 and CT80, though, and it does fit the bill… except that the API is horribly insecure (it uses unauthenticated HTTP post requests). This means that after I set it up, any website that I visit on Wifi from my phone or laptop can trivially turn my heater on or off, or change its target temperature (CVE-2013-4860 and CVE-2018-11315).
These problems haven’t be fixed in 5 years, so that option is out, too.
Do I have other options? (Safe, under $250, and can be configured through LAN without setting up an account on a remote server?)
You can try this, works for electric and gas.
Not so many clever stuff in it, but all the point is to put that in HA.
It could access Internet to be used via the application but, as with all Broadlink devices, you can just put that in a closed VLAN/SSID that doesn’t access Internet.
To check if it’s working, I connect my android phone to that same SSID while I set it up, and after that, you’ll only need the HA server to acces through port 80 to it.
At $25 each, you can have one per room if your heating is electric !
Z-wave thermostats can be had for around $70, if you don’t already have a hub, add one for $100 or get the z-stick for around $50. The thermostat will be as smart as you can make it through home assistant
I use the GC-TBZ48. Note this particular one is easier to work with if you have a third party z-wave hub rather than the z-stick, I use the VeraPlus
For $250, you should be able to pick up a zwave thermostat and a zwave usb stick to talk to it.
It sounds like you don’t have zwave now. Its very secure, the thermostat will have to be paired to the stick, and after pairing it will only talk to the stick.
I have a couple zwave trane thermostats that I picked up from the auction site.
The only issue with zwave (and wifi) thermostats is you need low voltage ac power, and the older thermostats didn’t require ac power. I was rather lucky for my thermostats there was a spare wire available that I just needed to connect to the low voltage AC at the furnace. There is something you can buy that lets you share a wire so if you don’t have a spare you don’t have to run wires.
You are right, it CAN access to a server, this is the way the native app on your phone will work when you’re away from your network.
If you don’t want that (I don’t !), just put the thermostat in a filtered VLAN, block the HTTP port, it won’t communicate with the server but will still work.
This is nothing but a Broadlink device, I have lot’s of them (MP1, SC1, RM2…), none ever talked outside, and they work great. I even have a Xiaomi gateway that I protected the same way.
Just because all options that are in the native apps (schedule, remote access) can be achieved with HA, and most of the time, way better !
I use all StelPro Ki theremostats for baseboard heating and they are great and Z-wave. There’s now a Zigbee offering that handles forced fan and cooling I believe and there’s also their Maestro line of products.
I just returned my Centralite Pearl units, because they don’t have auto-switching, and have poor support here. I was looking at the GoControl GC-TBZ48. The price is way below that of the Honeywell.
