Does anyone know the privacy invasiveness of the Hue Bridge? Or if it even is? Thanks.
How to Use Phillips Hue Lights Privately/Securely?
I don't think it is? The bridge is what the bulbs sync with since they're not "online". The Philips Hue app communicates to the Bridge so a user can control the lights remotely. The data collected by the Hue app is pretty standard for an account, it allows for non-localized location and optional categories. It also doesn't appear to ask for anything outlandish like; contact list , sensors or microphone.
If your modem allows, you can always isolate the Bridge to a guest network and LAN port. You can also run the Hue app in an isolated user on GOS. Strong passwords obviously advised for everything (network and Hue account).
There was a hack for the Bridge back in 2020 that was patched immediately. So oddly enough, Philips appears to be pretty good at staying on top of things.
c86 Thanks for your detailed response! I just went into the app and denied all Marketing/Privacy settings, apparently they still collect some diagnostics data or what. I've got a GL.iNet Flint 2 router so I'm not sure if I'd be able to connect it to a guest network, unless I buy another router? I'm pretty sure the Bridge is already connected to the LAN port behind the router.
Would it be possible to use the lights without the Hue Bridge? I saw that you could use some lights with Bluetooth maybe. Or is it just not possible, and the privacy/security risk with the Bridge is little to nothing?
Thanks again.
When the on button is pressed again on the remote the light changes color, but my light only has like 5 colors of white/yellow
- Edited
I just have family that uses the Hue lights so I'm asking them for anything they've noticed, and had a quick read through how it works etc. Marketing anonymous analytics is everywhere with services, being able to opt out is a good start for sure.
I doubt Philips is acting as a MitM for your searches, but it is proprietary so anything is possible. I think the Bridge just makes its own "network" the bulbs talk to. Your internet activity is still through your WiFi. The Bridge connected to your internet is so you can remotely tunnel in to interact with the bulbs. As long as your Philips account has strong passwords, that would help prevent unauthorized access. Obviously, strong passwords for your internet and WiFi account is also advisable for the same reasons.
I have a router that allows setting any specific LAN port to any guest network I set up. You would have to look through settings for your router to see if that's possible, I'm not familiar with the one you mentioned. It would be your decision if you need that level of isolation.
I did see Philips has another set of bulbs that work without the Hue Bridge. I have no idea how you interact with them remotely but I understand the Hue ones need the Bridge since that's what they link to.
I'm understanding this Bridge to be similar to NVR security cameras. If it was me and I had doubts, I'd just isolate the Bridge to an IoT or guest network, toss the app in it's own user and leave it at that. I'd also consider any risk with Philips Hue to be part of surveillance capitalism since someone worried of a larger threat actor would not want any sort of convenience IoT device on network.
I don't know if any of that helped, just didn't want to leave you hanging. At some point you have to trust the devices and services you're using, nobody can say for certain what proprietary devices/services do. Like I said earlier, I found one incident that Philips patched quickly. That seems positive, along with your ability to turn off marketing and noninvasive Hue app access.
I don't think this is really a GOS related concern at this point and you could try a Philips Hue related forum to see what other users say.
c86 I have a router that allows setting any specific LAN port to any guest network I set up.
That's awesome. Would you mind sharing what router it is? Is it a feature it had out of the box or did you have to flash it with e.g. OpenWRT?
@DeletedUser84 As for controling the bulbs, I have managed to find 3 FOSS solutions:
- Home Assistant (website, github, F-Droid).
- OpenHAB (website, github, F-Droid)
- Home App (website, github, F-Droid).
It seems that 1 and 2 require setting up a server. 3 is capable of communicating with Philips Hue bridge. Sadly it doesn't seem to be actively maintained.
c86 thanks for your response!
Unfortunately I've got to keep them because I use them for content and I bought them before I knew about online privacy/security. It's the one of the only IoT devices I have setup.
But so far it seems as though the its not as a big of a problem that I made it out to be. Again, appreciate the response :)
IcyScroll Thank you for these, I will check them out :)
No worries at all, glad it may have helped. Given what you recently said I'd suggest looking into threat modeling. It's specific per person and can help you decide what you want to keep private along with who you're wanting to avoid.
My take away from your post is its general privacy and maybe surveillance capitalism - big tech and all the unknown ad companies following us around the internet.
Anyway, once you decide your threat model, its easy to use isolated accounts or burner accounts (even if its google) for what you want to accomplish. You just have to taken some extra steps to keep private sometimes.
The worst you can do is think you have to avoid everything (like Google) because it's used by some agency to monitor you, or be concerned about being hit with Pegasus etc. Yes some people need that level of privacy, like whistleblowers, journalists or lawyers to name a few. But that's not what everyone needs. You don't want to get overwhelmed.
Cheers
c86 Yeah, my threat model is mostly against surveillance capitalism, and general privacy concerns.
Thank you heaps for the suggestions, you seem like a really kind and caring person. Have a blessed day and Merry Christmas.
I use phillips hue since years. I don't allow internet access to the bridge, so it's essentially offline. Never use the original app, as it forces an account now. I use the app "Hue Essentials" to control them at home if the normal smart switches aren't enough. Using a vpn, I can even control the lights when not at home. I also made a small go app to control the lights when I'm to lazy to get off my pc and don't have my phone at hand.
So yea, phillips should not know anything about my bridge and home now, except I missed something
spl4tt how do you block internet access to the Bridge? Via your router settings? Nice setup btw.
DeletedUser84 Yes, just block the bridge from internet access via parental controls or firewall
Thanks 👍
spl4tt sorry to bug you with another question, but on my router settings, I can't see the Phillips Hue Bridge as a connected device. Does it have a name, or just some random letters? (there is one with random letters for me)
DeletedUser84 i can see the IP address of the bridge in the Hue essentials app. That's the one I used. In the device list of the connected devices, you can see its unique identifier only, which makes it hard to find
spl4tt @DeletedUser84 to add to this: if your router is using DHCP, don't forget to assign it a static IP lease. That option is usually found in the "LAN" section of your router software.
spl4tt ohh thanks so much. I'll try it and update how I go.
DeletedUser87 thank you for this, will do :)
DeletedUser87 Actually, this should automatically happen if you use something like parental control for this. But you're right, once the ip changes, the wrong device would be blocked. I guess it depends on your router quality