[SOLVED] New Installation of Home Assistant sends data to internet without consent

You don’t intend to use home assistant. That is fine, but the best part is that we hopefully won’t see you round here anymore.

Perhaps you have blocked me, and won’t even see this. I’ll just wait and see if I get any likes.

2 Likes

May I ask what response you’ve got?

I agree, that (some) people value privacy. But also only some people use it for security-related tasks. It might be naive of me to think this, but I don’t believe Home Assistant telling a user (without smart locks etc.) when the dishwasher is done has a great impact on security. :man_shrugging:

I don’t know about your ISP, but the GeoIP information for the IP addresses I receive fall into a radius of around 20km. And I live in a pretty densly populated area. So the only thing the weather service knows is, that 1 of ~750.000 population in a ~250km² area has queried their API. Sometimes I’m paranoid about privacy myself. But those numbers don’t prevent me from sleeping well.

For sure I won’t claim public APIs don’t get attacked / hacked. If it is the case, then yes, they’s know I operate my machine in that area. If it is not the case, then there’s nothing to worry about. Except if the honeypot is actually within my network. But if my network has been compromised there much bigger issues than a service service that polls weather data. At least in my opinion. Oh, and the sudoer-issue actually depends on how HASS is installed. If the operater is lacking brain.exe, then of course other issues may arise. But that’s not the fault of HASS. You can’t sue your car manufacturer when you crash and don’t wear your seatbelt. Or maybe in the US you can? I recall US customers suing McD because they’ve burnt their tounge while sipping on their coffee. I’m unsure what to think about the cognitive abilities of such people. At least I wouldn’t let them set up my HASS. :man_shrugging:

If you were taking that argument serious yourself, you wouldn’t expose any service within your network. After all also popular software like Apache, NGINX, OpenVPN - you name it - has it’s fair share of vulnerabilities. If you only use bug-free software, tell me about it. I see a great opportunity for becoming ridiculously rich. I could really use that right now.

As said before: only a single component, which can be disabled right away. The second sentence I probably fail to translate to my native language because I can’t believe you mean what I understand.

In that case pretty much every vendor on the market should label their software as dangerous. :thinking:

Have you gotten any likes yet?