I read that changes have been made if upgrading to firmware 2.2.9 to prevent external access from the hub, unless using a private VPN or Hubitat Remote Admin.
Does this mean that when using the Hubitat app outside of my network, I can no longer control my devices when outside of my local network, unless I configure the above? Essentially meaning, no more "cloud control?"
They made changes so that the hub itself (the webserver running on it that serves as its admin interface) is harder to reach directly from the internet through methods like port forwarding from the user’s router.
Some users were opening their hubs up to being accessible by literally any stranger on the internet. Not a good idea, and probably not something anyone did intentionally.
The method by which they locked down this access created some issues for a small number of very advanced users with home LAN topologies that the average home user probably never has to worry about.
Hubitat helped those users restore the functionality they lost with some subsequent updates.
The Hubitat app, your dashboards, geolocation etc. are unaffected by all this.
I have seen this. A month or so ago, I did a Google search on an error I was seeing in my logs. Not a Shodan search, but just a simple text string search. To my surprise, some user’s hub appeared in the search result, and was fully accessible from the internet. I didn’t poke around on his hub or change anything (that would produce criminal exposure), but reported the IP to Hubitat support in a PM, and they said they would notify the user.