Can you please list all the data that is sent from an installation of Home Assistant, out of the local network on the users premises, including anything sent to the internet, or to central servers or to 3rd parties ?
Please be specific in terms of the type of data ie video/voice/proprietary etc, where the data is sent, and what is done with it.
Analytics are opt-in. If you have not enabled it, nothing is sent. If you have enabled it then there are details here:
Enabling analytics gives Nabu Casa leverage when communicating with manufacturers (e.g. we have x number of users) and aids in speedy crash resolution. But it is still up to you if you want to send any of this.
Thanks for the info. Just carrying on with this thread with one more question. Is it possible at any time for remote access to be gained to the system, whereby remote control of cameras, voice etc can be obtained ? I donât mean gaining general access via taking control of a PC on my network and gaining acess to the Home Network system, I mean is it possible via the actual Home Network APIs/Code, or any of the Home Network configuration (of the actual system itself) ? This includes Nabu Casa taking control, or remotely configuring anything at all ?
I came across the explanation of the unique ID used in the data metrics
âUnique identifier for your system (to ensure each installation is counted once)â
It sounds like the relationship between an installed system and the GUID is a 1:1 mapping (âfor your systemâ), and therefore it sounds like the GUID can be used to identify all the data a system has sent in to any of the central servers. This would allow the data to be grouped for that particular system, effectively allowing long term monitoring of an installation.
Can you please confirm if the GUID of an installation can indeed be used to see all data from that system ?
If, as the explanation suggests, the GUID is only needed for ensuring data is not duplicated for a system (only counted once), then why isnât the GUID simply stored completely seperately in a different DB etc, so that it can not be used to identify all data from the system ? The GUID could still be asscociated with a particular system, but the temetry data would not be stored with the GUID.
For example, once a system sends in telemetry and the data has been parsed and stored sucessfully, the GUID that came with the data is written to a seperate table with the date, so that any subsequent received data from the same system can be checked against the GUID and date in the seperate table. If the GUID appears in the table, any data from that system is rejected.
Feel free to implement changes that you see fit. Both the system to display the analytics and the analytics logic itself is available on GitHub.
With that being said, I think you are trying to find a problem that doesnât exist. The GUID is completely anonymized, so there is no way to say e.g. I want to see @marcuo âs data, it can only be used to guarantee uniqueness when aggregating the data. How the data is stored or structured doesnât matter as the same capabilities would have to exist for analytics to function.
Respectfully, I donât think this line of questioning is productive. If you see an issue with the code, open a GitHub issue, or open a PR to fix it. If you do open an issue, please reference the code you are concerned about.
You are aware that âdata sharingâ is not only optional but also a active opt-in?
Thatâs probably quite contrary to the fast majority of other software or operating systems you use?
We find that even when minimally configured
and the handset is idle both iOS and Google Android share data with Apple/Google on average every 4.5 mins. The phone
IMEI, hardware serial number, SIM serial number and IMSI,
handset phone number etc are shared with Apple and Google.
Both iOS and Google Android transmit telemetry, despite the
user explicitly opting out of this. When a SIM is inserted both
iOS and Google Android send details to Apple/Google. iOS sends the MAC addresses of nearby devices, e.g. other handsets and
the home gateway, to Apple together with their GPS location.
Users have no opt out from this and currently there are few, if
any, realistic options for preventing this data sharing.
Beside all widely used browser share information with the mother ship by default - some canât even be deactivated and a forked browser is necessary to workâaâround this (in the past this was true for firefox and chrome)
So while your operating system (and browser) most likely shares personal identifying information (like GPS location or IMSI) even without explicit consent (opt-in) HA on the other hand doesnât share any personal identifying information even with explicit consent.
In a nutshell : Nice that you make thoughts about the data you share - luckily HA does give you the choice to share basic information or not (later is default). Sad that you think it is even remote in the same ball park as most other available (and widely used) software and operating systems that often donât even give you a choice at all and/or leeching your data by default
: Nice that you make thoughts about the data you share - luckily HA does give you the choice to share basic information or not (later is default). Sad that you think it is even remote in the same ball park as most other available (and widely used) software and operating systems that often donât even give you a choice at all and/or leeching your data by default 