It is OK for St do it but not the end-user. Hey ST take a page out of your own book.
“You acknowledge and agree that you will not connect any physical devices
or third party services to the Services (or otherwise use the Services)
in a manner that could be dangerous to you or to others, or which could
cause damage to or loss of any property (whether real, personal,
tangible or intangible).”
There may be a way of disabling this LAN devices auto update on your account.
Perhaps ST can set a flag or something to stop it.
Might be worth asking them.
EDIT: Perhaps they need to make it something you opt in for.
There are multiple reasons why someone might not want to add devices to a SmartThings account. An Airbnb suite that shares Wi-Fi with the main house. Housemates who have independent set ups. Equipment being tested for another purpose or for eventual deployment to another location.
What I understood you are saying is that a 3rd party wanting to steal your information can simply “HA-Drive near your house, attach to your ST”… which sounds like a reference to “War Driving” where hackers drive around and connect to open WIRELESS 802.11 networks in hopes of stealing data. The ST hub needs to be physically connected to a network via a cable unless you go through the trouble of using a bridge but that seems very improbable for the type of data you would get (if any as this is all conjecture)
Interestingly, they have added an option to disable “Device Health” (the other new feature added in 2.3), but there’s no option to disable “LAN Discovery”. Apparently, SmartThings does not want you to turn it off.
Pat, I’ll need to have someone email you. We are working on drafting an
official response for this issue. We’re aware that many customers
believe this to be a privacy and/or legal issue, and our management team
is working to address this. Bear with us. As soon as they have a
response shortly, someone will contact you.
A workaround that I would implement regardless of this issue is to create more than one wifi network and checkmark the “AP Isolate” feature that blocks access to the network but allows internet traffic… great for guests. For wired networks I wonder if having two subnets will essentially have the same effect… I agree we should have the option to not integrate something however in a shared network with multiple hubs, there was nothing I know of to stop the other user from installing the appropriate “Connect” smartapp and discovering the same devices configured on the other hub. This latter method requires intent while how it is now it just happens…
I’m still on 2.2.6 and it will stay there. NEVER enable ‘auto-update apps’ in the Playstore. I decide when I want to update something (after I have read reviews etc. of what has been broken!).
Thanks for the feedback! Here are a few items to note:
We looked at the devices customers first connect when setting up their Hub (and again when they add the next batch of devices). We wanted to build a simple, easy way for users to get the most number of devices connected right away.
New devices are only added when the Add New Device screen is active. The devices are discovered via SSDP - which is a standard protocol the devices are using to announce themselves on the network. We are not logging information, etc from non-connected devices (e.g., song track information from non-connected Sonos devices). Once a device is removed we immediately stop logging data from that device.
The feedback about devices automatically re-adding during the next discovery is valuable. Keep in mind, the need to delete devices following each new discovery session trends higher for the community (i.e., yall are power users and add devices more frequently than standard users). No promises - but based on the feedback, we will also evaluate the options for device level and/or a broad opt-out of the LAN discovery feature.
No doubt, making it easy for users to get started is a nice thing. But not allowing them to choose which devices to add is a privacy and security issue.
They are added as soon as Add New Device is tapped. They are immediately logging any activity. Once the discovery completes or you try to exit, there is no way to undo the devices added.
Furthermore, ANY user on my account can go into this, my daughter can…
You must go through the list of devices and remove each one auto discovered and added automatically. Removing a device does NOT remove the data ST has collected while the device was actively storing data to the ST cloud.
This is a security and privacy concern. End users need to be aware of these when using this new “feature”.
I would be fine if there was a question like the one for adding routines to Echo, “Add all available devices on this LAN to your account?” with an option for not doing so. But it should be a choice.