I'm curious - what part of the sentence, "Hubitat may need to collect and share personal data that relates to the Customer's use of the Hubitat Platform, including access to information stored on the Hub", are you having difficulty comprehending?
7 Likes
I am curious what language you think would adequately explain your concern to a potential user/buyer and where it should be placed?
Also, I understand everyone else isn't doing it isn't a great excuse, but do you know of any similar situation where there is an example of a company leading the way in doing a great job covering concerns like this? I am genuinely interested, because I might reward such a company with my business, but it doesn't seem there are any and so I think this thread is about as good as anyone will find with most products.
Do you agree that now that you know about it, this is a reasonable tradeoff for what the hubitat provides or have you decided to remove it from your home?
The part that "may," is not "will," and not "without your consent" and not "without any log or audit."
Words have meanings for a reason 
2 Likes
Read the TOS for exactly what it says. And "may" is the appropriate word to use.
1 Like
We'll have to agree to disagree on how to interpret that, and how it would be interpreted by a court of competent authority in the jurisdiction where the user bought the product.
Can we get back on topic now?
1 Like
Just because you got called on interpreting the TOS in a manner inconsistent with what it actually says doesn't mean we're off topic.
3 Likes
What exactly is the topic at this point?
Just to be clear, is the topic:
- You want all remote accessing to be trackable (logged)?
- You want the ability for end user to opt in/out of all remote connectivity?
- Other? If other, what EXACTLY do you want Hubitat to do? What do you think good looks like in very explicit and tactically implementable terms?
4 Likes
This doesn't really concern me that much, but I do agree that a option that can enable and disable Hub access doesn't seem that unreasonable.
6 Likes
I actually described a solution to Bruce in my conversation with him:
I've even provided you with a screenshot from one of the most reputable "IoT" device manufacturers, Synology - QNAP and others have the same.
All you have to do is code in a simple toggle for a separate outbound SSL connection to a dedicated remote admin workload, segregate from the servers that provide other functionality. And, when a customer wants to have support, your staff can ask "please toggle this on."
And then, a log should be created LOCALLY on the hub, that says "this toggle was flipped, and this connection established," and all actions taken by your staff, what info was accessed, etc should also be logged.
Additionally, steps should be taken to ensure that access provides only log data, and no other telemetry or elevated administrative access. ie. no remote control, terminal, shell, or remote code execution. And finally, the keys for such access should be unique per-hub, and encrypted in situ (think tpm).
2 Likes
Honestly, a lot of this thread is just shouting fire in a crowded theater. If you have specific concerns you should do 1 of three things. 1: Email one of the devs about the situation and ask for clarification as to how and why and what is involved in a "back door". This is the responsible and adult thing to do. The devs give a damn about their users and will take them into consideration in resolving things. 2: Block all inbound access to the hub via firewall. This will make it difficult for some things but that can be resolved via VPN. Or 3: Stop using the product. Alot of this crap is much ado about nothing. As for me, I don't really have much concern, but if I did I would be an adult and choose #1 and see what they had to say about it. But hey, that's just me.
11 Likes
Done. Done. Done.
See original message and link to the chat log with Bruce.
1 Like
I think it is reasonable to have concerns over access to information that can potentially be stored on the hub. I don't necessarily share those concerns myself, but I also think that one person's circumstance should not be used as a reason to judge others choice about how they approach an issue like this.
I also think it is reasonable to raise it in this forum, I have found it, if nothing else enlightening. I think making people aware of the access is ok, but would feel more comfortable if it were from Hubitat themselves.
I don't mind the suggestions around choosing when to allow access, the recording of this and limited functions available for remote access. That said, I like it for the fact it would be a built in feature that does not rely on other networking infrastructure. But if people have the option and the ability to manage this through firewall rules, then that can guard against more than just malicious access by Hubitat staff (which I am also not concerned about).
Simon
4 Likes
The suggestions are fine. The imputation that Hubitat employees use your hub to dig around your LAN is not. Especially when that allegation is made sans any evidence.
11 Likes
Yes, I can't say I'm comfortable with every aspect of the conversation. It is also important to remember, like some have already talked about, prospective customers (unlike me) can read forum posts such as this as research on the product. It is important (I think) to be mindful of the tone and language used, as well as remaining as factual as possible. I'm making that more as a general statement, not in response to anything specific here.
2 Likes
I never read any comments that suggested they actually do this. Just comments that said because we have no way to disable feature or logging to know when this feature is used, a Hubitat employee COULD do this and we'd never know and not be able to stop it. It wouldn't have to be a Hubitat employee though. What if Hubitat's servers are compromised? Then the intruder would have access to at least the logs of every single Hubitat device.
Personally, I like the idea of having a way to toggle this on and off so that if someone needs to access my hub, I can let them, and I know it's being done. Then I can turn that back off once my support issue has been taken care of.
3 Likes
Follow the original thread that was linked to in the first post.
1 Like
I've been watching the Reddit thread too. I don't see anyone claiming that Hubitat employees ARE doing anything nefarious. Again, only that it COULD be used this way and that concerns people. And in my opinion it's a valid concern.
I'm also curious how this interacts with the GDPR regulations in the EU. I don't live in the EU, so my understanding of it is very limited, but here is what the official website has to say about consent.
- Consent must be “freely given, specific, informed and unambiguous.”
- Requests for consent must be “clearly distinguishable from the other matters” and presented in “clear and plain language.”
- Data subjects can withdraw previously given consent whenever they want, and you have to honor their decision. You can’t simply change the legal basis of the processing to one of the other justifications.
- Children under 13 can only give consent with permission from their parent.
- You need to keep documentary evidence of consent.
Obviously this doesn't apply to us that live outside the EU, but it wouldn't make sense to have 2 systems, one for those in the EU and one for those not in the EU, so in a roundabout way, it does apply to us too. At the moment there is no way for me to remove my consent. This, by the way, is why pretty much every website you go to now has a big banner asking you to consent to cookies being used.
5 Likes
@bravenel can you confirm what level remote access is available into our hubs?
Logs are clearly available to HE staff. does that mean HE gets the logs from our device at-will, or are the logs always uploaded to your servers and you view them there?
What else can HE staff do on our hubs? can you get inside the web gui?
3 Likes
Interesting topic with some good information. I would say however that it appears that the conversation is degrading into a "contest of words" between some. It would probably serve us all to back up take a deep breath and take it down a notch.
My two cents... I am a privacy advocate and value my choice of what data to share (intentionally or unintentionally). While I certainly am NOT too worried about the Hubitat folks getting access to my logs, I really don't think that they would intentionally misuse them. I am concerned however, about the capability of them to access the hub remotely becoming an exploit tool for a threat actor. We see all too often these days where cloud services are compromised and threat actors are exploiting data and tools intended to be used by support personnel. Allowing me to make an evaluation of how much of a threat that poses and make my decision to allow/disallow the capability would be a good thing. Perhaps an explanation by the Hubitat folks on what capabilities exist and what steps they have taken to mitigate any possible misuse (particularly from outside threat actors) would be helpful. I realize also that by giving too much detail on their part could also provide "the bad guys" some insight into how to engineer around the protections. It IS a balance... but until the Hubitat folks (@bobbyD @bravenel ) check in on this topic there really isn't much else to say.
1 Like
