I actually didn’t think it would be such a big deal: Philips Hue wants to make registration with an account for the in-house system mandatory. I have always used Philips Hue with an account, but many of you actually don’t want to. In a small survey, more than 60 percent of the participating readers said they would prefer to use the Hue system without an account.
In some comments I even read that the Philips Hue products would not have been purchased at all if there had been the obligation to create an account from the beginning. But why did Philips Hue decide to take this step in the first place?
Why Philips Hue makes the account compulsory
This is exactly what George Yianni, the inventor of Philips Hue, explains to The Verge. This is because until now, anyone with physical access to the Hue Bridge would have been able to gain complete access to the system with the push of a single button. “This approach is inadequate going forward, and we need a more robust way to identify the owner of the system and enable them to manage their system — the Hue account is how we will do this”, Yianni said.
Yianni also reiterated that after this, the use of the system will continue to work completely locally and without an active internet connection. You could also block the connection completely, for example via the router, but then of course you would no longer receive firmware updates.
At least: With the change, there should also be an option to use several Hue Bridges with only one account. It will then no longer be necessary to create a separate account with a separate email address for each bridge.
The manufacturer does not want to collect any data from you
In any case, it is clear that Philips Hue is thinking about the whole thing. Indeed, Hue creator Yianni also tells The Verge, “Previously creating an account was consent for usage data processing that we are in the process of decoupling and will be decoupled before accounts become essential — that makes sure it’s possible to create an account without sharing usage data.”
And at the end of the day, you have to consider what data Philips Hue asks for when you register: country, name and mail address. Getting a fresh email address on the web is not an issue. And you can get very creative with names and countries.
Such bollocks and lies! What he is saying is, ‘Your house is not safe; we don’t trust that you can be a responsible customer, and because of this, we will take all your personal data and put it in the cloud, where it will be more secure.’
F*** this bullshit! Please could someone explain me exactly why storing my personal data, metrics, log statistics in the cloud is more secure. They are concern that someone could just push a button.
I’ve lost respect for this company.
Another shameless money grab, I’m pretty confident that in a few years, we gonna find out that this was done to sell personal data to advertiser, etc…
I can understand the Bridge might not be safe if the user has Hue Cameras because someone could brake in and connect their phone to the Bridge and then delete footage of their brake in. However, there is no reason to require an account to control lights. I intend to file a GDPR complaint about this with the data protection authority in my country and I encourage others to do the same.
You don’t need a cloud account to solve this.
Just ask the user for some admin defined bridge “credentials” (*) to be allowed to connect, right after the “button push” (**), before enabling a new apps features.
Let the user of the first app connecting – after a factory reset – set up / define the “admin credentials” (or not, to leave the bridge the way it works today, i.e. w/o requiring “credentials” / “local account” at all.
Any credentials (admin [, user]…), set up by the admin, should be accepted by the bridge for allowing a new app to connect.
*) E.g. user, pass phrase, OTP, etc.
**) Maybe only needed for setting up / defining the “admin credentials”?
…And remote access could preferably be implemented with end-to-end encryption (* á la Signal) – app to bridge(s) – with the “cloud” only acting as a relay between an “app on the run” (i.e. off the bridge LAN), and the bridge(s). This way the user can interact with the system in the same way, whether being at home, or on the run (remotely).
*) To protect data in transit, and give peace of mind to the integrity conscious costumer.
What a comlete bullshit from Signify. There are lots of existing technologies and methods available to create secure offline physical access to the brigde. I am deeply disappointed by Signify.
To be honest, i would expect a higher level of journalism from hueblog.com. It is quite simple to debust all the nonense arguments from Signify, but that is not done in the article.
What I’m more interested in is, yes, you can have one account for multiple bridges but will that mean that the two bridges can then interact with themselves?
Motion sensor on hub 1 can turn on a light from hub 2?
Will remote connection work in both bridges?
Will it mean that user/family management will finally be available? (Admin versus user, kids can only control lights in their room etc)
Also Will they enhance the hub experience with the cloud account:
E.g. Backup hub settings to the cloud & restore to a new hub?
Pressing a physical button is much more secure than having a username / password account on someone elses server. It’s an extra attack vector. If Amazon, Microsoft, etc etc etc can’t secure their servers, then why would Hue be able to do better? Especially considering most people use the same password again and again. And better, this username / password combination is paired with an IP address that is most definitely their house address! In order to log in, you will need to authenticate through the server – which means that yes, actually, you will need internet to log in. And if you don’t (eg your phone keeps some kind of cookie indefinitely) then it becomes even easier to take over your system: you simply steal or craft the cookie and there is no real way to get rid of it aside from logging everyone off and logging all your apps in again. Over internet. Where it can be stolen in transit again.
If they’re gonna force an account, they need to update the system so that you can change your email address.