I don’t see it that way at all, “Works with Nest” didn’t make the thermostat the central controller of your home, or else you would have been able to controll everything from the thermostat, or at least Nest app. “Works with Nest” program made interoperability possible and was a brilliant way to have massive free advertising for a rather obscure thermostat that is no smarter than other thermostats that sell for far less money. Nest was able to charge premium price because everything was “working” with Nest. Very smart strategy.
False pretenses. Let me worry about my own security. You cannot sell me a gun and the bullets, then ask me to give you the bullets back because I might hurt myself.
I’m sure a very small proportion of consumers chose the Nest thermostat because of its implied promise of integrations / interoperability.
The thermostat looks good, fairly easy to install and use, self-programming, energy savings, etc…
“Works With Nest” came about later when Google decided they now had a foot-in-the-door to sell other smart home products (smoke detector, alarm system, cameras, …), and that “interoperability” with other platforms (Alexa, IFTTT, … SmartThings (?)) was trendy.
They’ve now changed their minds and realized the “foot-in-the-door” is really the Google Assistant - not the thermostat.
And also they decided that interoperability has more risks and support issues than they originally foresaw.
Speaking of brilliant strategies, consider Wyze, which now sells a sensor kit (contact, motion) that uses their cameras for connectivity. The cameras were the foot-in-the-door.
Absolutely brilliant decision.
No API except IFTTT.
Throw back Friday, shall we, from the mouth of Mr. Rogers, the other Mr. Rogers
“Today [a year after launching Works with Nest] we have over 11,000 developers working with Nest. And 1 in 8 Nest homes have Works with Nest connections up and running. Lights automatically turn off when no one’s home. Stereos quiet down when a Nest Protect alarm goes off. And washing machines know not to run when energy is in high demand. All without any programming.”
I call bullshit.
SmartThings’s ex-CEO repeatedly used to claim 10,000 (or more?) “SmartThings Community Developers” without any definition of the number.
Turns out he was just referring to anyone who had ever pasted a SmartApp or DH into the IDE. Not developers by any reasonable definition.
As for the “1 in 8 Works with Nest homes” - similarly: Where’s the exact definition and proof?
And, if the program is that successful, why would Google kill it?
Marketing is very different from reality. Google’s new strategy is somewhat understandable, but also mysterious and confounding.
But so is SmartThings’s.
Speaking of that announcement, that reminds me of a still unanswered question regarding the closure (slow death?) of Works with Nest:
What will happen to Nest’s Weave communication protocol moving forward?
Weave, which works on a Thread mesh network, is incorporated into Nest products.
In 2015, the same year as Nest announced their Weave protocol being opened up to developers, Google confusingly announced their own Weave standard as part of their IoT plans:
At the moment, Google still seems to have a web site dedicated to Nest Weave-based product development (though the home page line produces a 404 error).
So is Google going to let Nest’s Weave wither along with the Works with Nest developer program in deference to its own Weave? And is Google’s Weave their planned in-the-home IoT product “glue” that allows devices to communicate locally with Google Assistant as the coordinator and cloud-based connector?
It’s Google, they can do what ever they want and still make money. Just because they upset people who made Nest popular, that doesn’t mean the people who say: “ok Google, what’s on my calendar” really care. Different market, different strategy, bigger fish to fry.
The beauty of backpedaling… and the realization that Works with Google Assistant is not the same as Works with Nest.
I have 4 Nest Thermostats and heavily relied on NST Manager to control all of my temperatures within the house. Nest’s implementation of remote sensors is flawed and I’ve been wanting to switch to Ecobees to use their remote sensors. I snagged 4 Ecobees 4’s on sale for $119.99, but unfortunately I realized none of my thermostats have C wires and I would have had to hire a professional to help me re-do wiring at air handler and boilers as I have a pretty complicated setup. Wasn’t worth spending 1k to switch at that point. I returned them back to Best Buy.
For now, I am using Nest’s Home/Away Assist and Smart Scheduling to prepare for this summer to see how well it works for me.
Smarthome.com primarily sells Insteon devices. ( I don’t know if there’s a formal relationship, but I think so.) But they also sell some other platforms.
The following article from their blog is much more informed than many of the recent bloggers and has some interesting points. I disagree with their idea that privacy is only an afterthought for Google, as I’ve mentioned: I think they’re running to stay ahead of some coming regulations. And I think it’s the nestcams, not the nest thermostat, which is the biggest focus for that issue.
But setting that one quibble aside, it’s an interesting article with some points I haven’t seen brought up elsewhere.
That doesn’t negate the valid concerns about security. How Google are handling it may or may not be the best way, but they, and we, should all remember that security is an often overlooked element of these developments. To use / (torture!) your analogy, everyone in the ‘guns and bullets’ business would do well to remind everyone of the need for security.
As an IT professional, I remain shocked at just how sloppy people are with security. Not only do users share passwords, email them to each other, etc but I still see developers hard-coding passwords in plain-text, or storing passwords in databases in an unencrypted manner. I can almost guarantee that some existing ‘WWN’ developers are doing things like that. When ‘joe public’ signs up for some cool ‘integration’, I doubt they give much of a thought to the security practices of the integrator.
I did some consulting work recently for a startup working with healthcare information; we were moving them from in-house servers to AWS (Amazon) servers. Along the way I became aware of lots of passwords; user passwords, developer passwords, admin passwords, etc. All stored in simple excel docs! This company had happily signed ‘BAA’ agreements with the healthcare companies, committing them to following appropriate practices. When I asked them about this, they ‘laughed it off’, saying they’d worry about that when they ‘got bigger’.
If they fall under HIPAA regulations, not worrying about it could put them out of business. The fines can be huge on that regardless of the company’s size.
There are also potential criminal penalties. Those are rare, but if a company appears to have intentionally sidestepped privacy requirements out of their own greed because “it would cost too much”, OCR can come down hard.
That’s exactly my point - even in healthcare, where the rules are strict and penalties stiff, startups will play ‘fast and loose’ with elements of privacy. What I’ve found is, technical people tend to have a laser-focus on getting the technical aspects working. They tend to be ignorant of the rules, and when you bring it to their attention, they acknowledge the concept but explain how they have 1,000 things to do and only limited time and $, and also rely on the fact that they are small and have few customers so the ‘risk is small’. Invariably, if they are successful and grow quickly, then they have even less time to think of such things so the problem just gets worse. So if it’s like that in Healthcare, I can just imagine what it’s like in ‘home automation’, where the rules and penalties are probably non-existent!
Based on another thread in this forum, just today I gave access to my ecobee account to some random, previously unheard-of company that offers free analysis of thermostat usage. Who knows how careful they are in terms of handling my credentials. And if they are hacked, or someone steals a laptop from a developer that has all the access info on it, they now have access to my home address and my ‘away’ status. That could be a lot more valuable to a thief than my medical record!
Thanks to @Steerpike, now I understand why the annual HIPAA training keeps saying “don’t write your computer password on a sticky note and put it on your monitor”
@Steerpike in that context, indeed the security concern is valid. I’ve seen too many developers hard code passwords. That’s just laziness in most cases…
This is on the customer. If they do not specify a level of security, then the contractor is not obligated to provide more than a basic level.
Of course this never occurs in healthcare anymore, but you do have legacy systems galore out there for which replacement costs are outlandish. Many struggling provider systems just don’t have the money to replace them…
Since the OP specified “BAA agreements”, that’s a HIPAA term, in which case they would be required to meet HIPAA requirements as part of the BAA.
” BAA" is an acronym for “business associate agreement,” which is an industry term for what the HIPAA regulations call a “business associate contract.” Same thing.
BAAs are hybrid contractual and regulatory instruments, meaning they both satisfy HIPAA regulatory requirements and create liability between the parties.
Like most contracts, if one party violates the agreement, the other party may have remedies. Unlike most contracts, if a BAA isn’t in place, isn’t complete, or is violated, both parties may be in trouble with the federal government.
HIPAA is almost 20 years old. There are almost no exemptions to it anymore on the basis of difficulty or economic hardship. The assumption is that you could ruin someone’s life by releasing their information inappropriately: it’s a genie out of the bottle kind of situation. The government takes compliance very seriously now. In the first seven years you could get some budget exemptions, but not any more.
Absolutely spot on.
Q. “Why doesn’t everyone just move to the new API?“
A. Because it’s crippled and only has half the functionality of the old one.
Brilliant!!! Leave it to the Brits to spell it out.
“there is a big difference between [evil Amazon] withholding a product (Ring) from competition and [evil Google] withdrawing a product from its 30 separate partners”