Hueblog: George Yianni explains: This is why the account will become mandatory

George Yianni explains: This is why the account will become mandatory

From next year

In den letzten Jahren habe ich mich zu einem echten Experten in Sachen Hue & HomeKit entwickelt. Mittlerweile habe ich über 50 Lampen und zahlreiche Schalter im Einsatz. In meinem kleinen Blog teile ich meine Erfahrungen gerne mit euch.

Comments 8 replies

  1. Such bollocks and lies! What he is saying is, ‘Your house is not safe; we don’t trust that you can be a responsible customer, and because of this, we will take all your personal data and put it in the cloud, where it will be more secure.’
    F*** this bullshit! Please could someone explain me exactly why storing my personal data, metrics, log statistics in the cloud is more secure. They are concern that someone could just push a button.
    I’ve lost respect for this company.
    Another shameless money grab, I’m pretty confident that in a few years, we gonna find out that this was done to sell personal data to advertiser, etc…

  2. I can understand the Bridge might not be safe if the user has Hue Cameras because someone could brake in and connect their phone to the Bridge and then delete footage of their brake in. However, there is no reason to require an account to control lights. I intend to file a GDPR complaint about this with the data protection authority in my country and I encourage others to do the same.

  3. You don’t need a cloud account to solve this.

    Just ask the user for some admin defined bridge “credentials” (*) to be allowed to connect, right after the “button push” (**), before enabling a new apps features.

    Let the user of the first app connecting – after a factory reset – set up / define the “admin credentials” (or not, to leave the bridge the way it works today, i.e. w/o requiring “credentials” / “local account” at all.

    Any credentials (admin [, user]…), set up by the admin, should be accepted by the bridge for allowing a new app to connect.

    *) E.g. user, pass phrase, OTP, etc.

    **) Maybe only needed for setting up / defining the “admin credentials”?

    1. …And remote access could preferably be implemented with end-to-end encryption (* á la Signal) – app to bridge(s) – with the “cloud” only acting as a relay between an “app on the run” (i.e. off the bridge LAN), and the bridge(s). This way the user can interact with the system in the same way, whether being at home, or on the run (remotely).

      *) To protect data in transit, and give peace of mind to the integrity conscious costumer.

  4. What a comlete bullshit from Signify. There are lots of existing technologies and methods available to create secure offline physical access to the brigde. I am deeply disappointed by Signify.

    To be honest, i would expect a higher level of journalism from It is quite simple to debust all the nonense arguments from Signify, but that is not done in the article.

  5. What I’m more interested in is, yes, you can have one account for multiple bridges but will that mean that the two bridges can then interact with themselves?
    Motion sensor on hub 1 can turn on a light from hub 2?

    Will remote connection work in both bridges?

    Will it mean that user/family management will finally be available? (Admin versus user, kids can only control lights in their room etc)

    Also Will they enhance the hub experience with the cloud account:
    E.g. Backup hub settings to the cloud & restore to a new hub?

  6. Pressing a physical button is much more secure than having a username / password account on someone elses server. It’s an extra attack vector. If Amazon, Microsoft, etc etc etc can’t secure their servers, then why would Hue be able to do better? Especially considering most people use the same password again and again. And better, this username / password combination is paired with an IP address that is most definitely their house address! In order to log in, you will need to authenticate through the server – which means that yes, actually, you will need internet to log in. And if you don’t (eg your phone keeps some kind of cookie indefinitely) then it becomes even easier to take over your system: you simply steal or craft the cookie and there is no real way to get rid of it aside from logging everyone off and logging all your apps in again. Over internet. Where it can be stolen in transit again.

  7. If they’re gonna force an account, they need to update the system so that you can change your email address.

Leave a Reply

Your email address will not be published. Required fields are marked *

Copyright © 2024