Privacy protection question

I’m interested in setting up a smart home, and doing so with Samsung’s SmartThings. But, I have major concerns about privacy that I wanted to first ask.

The Samsung FAQ says that “Samsung takes consumer privacy very seriously. We always ask for a consumer’s consent before collecting information and use it to make our systems work better. We abide by industry-standard security practices to safeguard consumers’ personal information.”

I am pretty careful about my privacy, and while I know that I can’t protect it all, I also know I can do what I can (within reason) to limit its distribution.

First, could I opt out of all my data from being transmitted (or at least stored) by Samsung? That includes not allowing SmartThings to communicate usage of any connected device (e.g., TV, door, dishwasher, lights…) whether actively or passively used.

Second, if not, does SmartThings need to connect to Samsung’s servers for it to be remotely controllable, and to what extent? For instance, if I block the IP ranges to which it communicates, would it still function?

Finally, could it work without any Internet connection, as basically a local-only automation and monitoring tool? I ask because, if I can’t limit data transmission selectively, I would consider setting up the SmartHome on its own network without any access to the internet. I know, this sort of defeats a major benefit - remote access - but it would still have the benefit of allowing me to control everything centrally at the local level. I would also have the option of placing certain “critical” components on a public network, e.g., the smart locks.

To note, I have never registered my Samsung phone with Google / Android, Samsung, or any other company (all manually backed up). Therefore I could not integrate standard phone Samsung services as they don’t function on my Samsung phone.

Thanks a ton for any insight into this!

I don’t know the answer to your specific questions about data storage, but smartthings is primarily a cloud-based system. You will have a cloud account and many things will have to go through the cloud.

It sounds like you were more interested in a local system. These exist, it’s just that smartthings isn’t one of them. Some will require using the cloud to set up initially, but once you do that you can then run locally. Again, smartthings is not one of these.

I suggest you take a look at Homeseer, Apple’s HomeKit, Vera, and Hubitat. All of these run locally after initial setup. Most have an optional cloud component, and mostly the company does not collect the kind of information you were concerned about.

Even when smartthings has the option for some devices and some rules to run locally, it logs everything to your cloud account so the company does have a record of every time you turn on a light switch. It’s a good system for many people, it just doesn’t sound like it’s going to meet your requirements.

Just one example: the SmartThings app always requires a cloud connection even if your phone and hub are on the same local Wi-Fi. Everything you do in the app goes through your SmartThings cloud account and is logged there. (again, that is not true of the other companies I listed.) SmartThings didn’t have to design their platform that way, but they did.

2 Likes

You can also look at a software-only platform where you provide your own hardware. Typically a small laptop or a raspberry pi Plus a Z wave USB stick. You will have fewer choices in devices, but no privacy concerns, it just runs on your own local network.

Indigo Domotics has been around for about 15 years and works well with Z wave.

https://www.indigodomo.com/

Or you can try the open source free home assistant, which has become quite popular in the last couple of years:

Both of these require a strong technical background, but it sounds like you have that. :sunglasses:

1 Like

As I go down the Smart House path and I have similar concerns. IMHO, this is still a bit of the wild west in many ways. It is the nature of IoT, and I have limited myself to what I enable or add to my system. I have a bit of a background IT Security, so I have some ideas on what can go wrong. Anything that goes through the cloud can be hacked. The question is…what value is it to someone? Hopefully, this helps and does add to your confusion; I got rather long-winded! In the end, the privacy risks of home automation are limited.

For example, I won’t install any internal cameras or door locks. Event devices in my house with cameras (pc’s, tablets, etc.) have tape over the camera unless I have use for them. However, cameras are very hard to hack and typically require physical access to do get any control (IP cameras are easier). While I am sure others are comfortable with this, I am not. Yet we get to the point of how much value/interest does someone have over when my lights go on and off? Even then it would be difficult to tell if that was by a timed event or a sensor event. Heck, a pet could trigger a sensor and turn a light or device on!

If I had someone disabled or elderly at home, I would reconsider indoor cameras in appropriate locations. Maybe even if I had pets home alone during the day. But, there is a responsible person in my house almost 24/7, so I don’t have those concerns.

I have noticed that some connections, such as Zigbee and Z-wave are done locally and don’t go through the cloud. Yet, if you control it remotely, say through your phone, that will go through the cloud and then down to your controller. Again, what value does that have for anyone?

It’s not like my smart bulbs are storing 140,000 credit card numbers. The data has to be valuable to make it worth someone’s time.

This goes back to me not having locks or cameras inside my house. It limits the risk of what I am exposing. Do I care if someone knows I turned a light on? No. Do I care if someone knows if I unlock/lock a door? Yes. IMHO, it all comes down to how much risk are you willing to accept (I do a lot of risk management at work :slight_smile:). In risk management, things come down to two factors. First, what is the probability that someone will access my data? Second what is the impact if they do access my data?

I think you could contact Samsung/ST to get more information on their privacy protections, or any other company for that matter. Most home automation companies have put a lot of safeguards in place just to protect us from privacy issues. There are a lot of security measures in place. The result of something bad happening could be the downfall of the company or home automation as we know it.

I think about my specific concerns about privacy and if I am not willing to sacrifice that privacy, I don’t do it. I suggest considering your specific concerns and balance things out. There is risk in everything we do, it just needs to be balanced!

Just a side note here. If you browse the internet on your phone, Google can still get to your activities. Almost impossible to get around their methods of gathering data.

© 2019 SmartThings, Inc. All Rights Reserved. Terms of Use | Privacy Policy

SmartThings; SmartApps®; Physical Graph; Hello, Home; and Hello, Smart Home are all trademarks of the SmartThings, Inc.