Nest Thermostats Leak Location Data Over WiFi

HardOCP News

[H] News
Joined
Dec 31, 1969
Messages
0
I don't understand why a Nest Thermostat would be broadcasting anything unencrypted over WiFi, especially your location. That's pretty damn creepy. :eek:

The Nest thermostat is a popular smart device that supposedly helps users to save money on heating and cooling, and also have a cool-looking round electronic device on their walls. Yet two researchers at Princeton University pointed out a problem that should terrify most Nest users: their thermostats were broadcasting their location, unencrypted, over WiFi.
 
Leaking ZIP Codes Over WiFi... Arguably, someone physically close enough to your home to intercept a WiFi signal knows what the local ZIP code is

Seems legit
 
Talk about click-bait language. So Nest users should be terrified that their neighbors know their zipcode? Yes, it's a minor security issue but it was patched in October. Oohh but scary scary language, "what about the next bug?" What about the next bug in any piece of software/hardware?

I don't own a Nest and really have no intention of picking one up, but this all comes off as a bit ridiculous.
 
All WiFi devices leak location data. With the right tool you can track down a WiFi device to a few feet of space (you don't even need to be authenticated on the network) so I can't see how this is more information than normal.
 
Talk about click-bait language. So Nest users should be terrified that their neighbors know their zipcode? Yes, it's a minor security issue but it was patched in October. Oohh but scary scary language, "what about the next bug?" What about the next bug in any piece of software/hardware?

I don't own a Nest and really have no intention of picking one up, but this all comes off as a bit ridiculous.

Yea, I myself am interested in trying one but it is priced a bit too high for me to justify. Leaking zip code, yup we should definitely go after them for this severe breach of privacy :rolleyes:
 
There is a small lesson here though. Companies producing SMART devices probably should test their products for unencrypted data leakage prior to every version and update release just because it's an understandable best practice to do it.

This instince is only remarkable at all in this context, you guys covered it well enough and I agree, no real threat, just click bait and hyped statements from another terrible news source.
 
So you need to be in range of my WIFI and then you can figure out my location? I just realized my mailbox post is leaking my location data too. It even identifies my location right down to the house number of the street.
 
The original problem as reported is indeed rather trivial. I consider the 2nd bug mentioned in the article as far more important. Any bug that could result in the device failing to do its primary function, control a house's climate control, is rather huge. Imagine the damage that could result if the heat fails during a cold snap and the pipes freeze then start leaking. And Nest is a subsidiary of Google so money for code QA shouldn't be an issue. How many similar bugs are being released in IOT stuff made by companies jumping on the 'next hot thing' that have little clue on code QA and figure they can just use some of that free open source stuff downloaded from the Internet? What can go wrong?
 
I don't understand the need for one of these. Anybody care to explain.

They are pretty nifty devices. It knows when you're home, and estimates based on your average arrival and departure times. So in the morning before you wake for work it starts adjusting temp. When you leave, it sets for energy savings. Before you come home from work, it starts running again, and when you go to bed, it lowers temperature for better sleep. You can manually set these times wuth the phone app, or it can learn on its own. You set a target temp, and it learns how your house warms and cools. It also is accurate to .1°F compared to +/- 7 of your old mercury switch setup. It's cheaper to keep temp in a spot with smaller run times instead of heating/cooling a 7° difference.
I bought my dad one for Christmas 2014. He said it dropped over $200 off his electricity bill last year.
I'll be picking one up in the next couple months
 
A guy at work was using them and seemed very happy with the performance.
 
They are pretty nifty devices. It knows when you're home, and estimates based on your average arrival and departure times. So in the morning before you wake for work it starts adjusting temp. When you leave, it sets for energy savings. Before you come home from work, it starts running again, and when you go to bed, it lowers temperature for better sleep. You can manually set these times wuth the phone app, or it can learn on its own. You set a target temp, and it learns how your house warms and cools. It also is accurate to .1°F compared to +/- 7 of your old mercury switch setup. It's cheaper to keep temp in a spot with smaller run times instead of heating/cooling a 7° difference.
I bought my dad one for Christmas 2014. He said it dropped over $200 off his electricity bill last year.
I'll be picking one up in the next couple months

Thanks for the explanation. Seems very interesting. Some questions though. What kind of winters does he have? (snow?) How old is your dad's house? What type of material are the interior walls made of?
 
Thanks for the explanation. Seems very interesting. Some questions though. What kind of winters does he have? (snow?) How old is your dad's house? What type of material are the interior walls made of?

We both live in central Kentucky. A quick Google search should yield what you're looking on that. He has natural gas for hot water, stove, and heating. The house was built in 1998, and has not had new windows. Still has standard double pane. The interior walls are standard drywall. Nest is located in entrance foyer, two story house, ~2200 sqft
 
I had a first generation Nest, but I upgraded to an Ecobee with multiple room sensors. The sensors keep my home at an "average" while occupants are in the house; I have a multi-story home. The Nest is nice, and looks much prettier, but the Ecobee can do so much more. Also, I like the Ecobee application better. It's basically a mirror of the thermostat UI.
 
I guess I'm wondering if anybody has any experience with these thermostats & concrete walls. Wondering how the heatsink effect would effect them.
 
I have two 2nd Gen Nests, and they are great. Being able to control my nests remotely is really the best part - otherwise I don't think they are any better or worse than other high end thermostats.
 
This is no different than using WiFi to access a non-https weather website (like most of them were before Google relatively recently started upranking https sites) and typing in your zip code to get local weather data

Speaking of which, this is what the Nest is actually doing. It accesses an outside weather service to see the outside temperature, and uses that to judge if a change in heating use is due to a change in weather or something else.

So there is nothing to see here. All the thermostat is going is visiting a weather website for you and "typing" in your zip code for you, while not using HTTPS, some thing most of us were doing, rather recently.
 
I guess I'm wondering if anybody has any experience with these thermostats & concrete walls. Wondering how the heatsink effect would effect them.

I have a nest in our house.

When you first start using it, for the first week or so (if in heating season) it "learns" on average how long it takes your heating system to kick in, after it calls for heat, and how long it takes to heat the house, given the indoor and outdoor temperature.

This factors in heating system capacity, any delay after it turns on, insulation, and any heatsinks in the home and it does it really quite well.

After an initial learning period, it can even estimate how long it will take for your home to hit the target temperature given current conditions, with reasonable accuracy.

It can even figure out if it is under direct sunlight and compensate for that.

The only trouble would be location selection. If you have a single zone system, you'll need to install the thermostat in an area where the temperature is reflective of the house as a whole (but that's probably where your existing thermostat is anyway)

When I first got my second gen Nest, it was a little wonky in detecting auto away. It uses a combination of infrared sesors and other techniques to tell if anyone is home and learns your patterns, but being in just one room of a multi-room house it was rather unreliable. Last winter I actually turned auto-away off for this reason, and just set away mode manually.

This winter I must have accidentally turned it back on again, and it has been amazingly accurate at telling when we are home and not. I wonder if they took the recommendations of people in their forums, and have the Nest detect if people are home based on if the mobile devices with the Nest app on them are connected to the house WiFi or not. This could explain how they have become so much more accurate here.

I love my Nest. I wish I had another one for my second zone in the kitchen.
 
Does the 2nd Nest communicate with the first through Wi-Fi? I would like to have a multi-zone setup but my home is only wired for one.
 
Does the 2nd Nest communicate with the first through Wi-Fi? I would like to have a multi-zone setup but my home is only wired for one.

I'm not sure if you can add a second remote temperature probe somehow. That would be a good idea though.

My understanding of how it works now though, is while the two nests would share data for optimization purposes, they still each expect to be hard wired to the heating (or cooling) system.
 
I have a Nest 2nd Gen. It's fun to watch the data, although it really is limited. It sends a monthly email with total system run time (as compared to the previous month), and there is a menu to look at the previous 10 days run time.

There are no current options to have a remote temperature sensor, although supposedly a zigbee radio is built into the unit. Theoretically, this may allow for expansion with future firmware updates.

I got mine on sale on Black Friday a couple years back. I don't care what google does with my thermostat data. If anyone is that concerned, a programmable thermostat can basically do the same job with a little more user effort to program it up front.
 
There are no current options to have a remote temperature sensor, although supposedly a zigbee radio is built into the unit. Theoretically, this may allow for expansion with future firmware updates.

While there isn't an off the shelf option for remote sensors with nest, it should be possible to make a custom solution using other smart devices... I wouldn't be surprised if we didn't see something soon, though -- it's a feature that many people want, and probably the only thing available on other devices that isn't available on the nest.
 
I have a Nest 2nd Gen. It's fun to watch the data, although it really is limited. It sends a monthly email with total system run time (as compared to the previous month), and there is a menu to look at the previous 10 days run time.

Yeah, this is probably my biggest gripe with it. There is no advanced data dump capability.

I would love to grab the data in csv form and analyze it in excel or minitab, either day by day, hour by hour, or even minute by minute, but hat isn't possible with the Nest, at least not right now.

They have made the device a little TOO user friendly, in not providing any "advanced" options like this.
 
He said it dropped over $200 off his electricity bill last year.

Did you take the time to factor in outdoor temperature and price of electricity compare to the previous year as well?

Several studies have shown that if you didn't have a "smart thermostat" before...any smart thermostat would help. However...if you already have a smart thermostat with even "basic programming" in it...getting a smarter thermostat has negligible benefit compare to the cost of it. The only real perk of "nest" is being able to turn up the temp before you get home and that doesn't save you money. ;)
 
Did you take the time to factor in outdoor temperature and price of electricity compare to the previous year as well?

Several studies have shown that if you didn't have a "smart thermostat" before...any smart thermostat would help. However...if you already have a smart thermostat with even "basic programming" in it...getting a smarter thermostat has negligible benefit compare to the cost of it. The only real perk of "nest" is being able to turn up the temp before you get home and that doesn't save you money. ;)

Yea I would be curious of that. I have just a 7day programmable tstat controlling a pellet stove. I am thinking of a smart one mostly because of days where I may not be home for 4hrs later than normal, I could remotely command it to just maintain minimum temp (which the 7day itself has saved a ton of pellet fuel).

Anyone have experience with a pellet stove and a nest or ecobee? I googled before but I have a higher respect for the opinions of this community here than some random forum ive never heard of lol.
 
I have a 7 day thermostat with 4 zones each day. I have it setup like this for Monday through Friday...

8AM to 9AM = 57F
9AM to 6PM = 57F
6PM to to 11:30PM = 57F
11:30PM to 8AM = 57F

57F seems fine for the fish tanks (which have their own heaters) and the cat. And if I walk around in a 57F house it doesn't feel like my balls are ice or anything.

But wait you say, that doesn't save me any money if the temp is constant? The trick is this keeps turning down the temp for me when I leave for work or go to bed. I've saved a shit ton with this setup because I just adjust the temp up when I feel cold, and it will turn the temp down for me when I leave the house or sleep. The time I get home is extremely variable, so I don't need anything trying to guess when I might be coming home and adjusting the heat ahead of time.
 
57F seems fine for the fish tanks (which have their own heaters) and the cat. And if I walk around in a 57F house it doesn't feel like my balls are ice or anything.

I wouldn't say I miss being single, but it did have its benefits.

If I were living alone, I - too - would probably keep the thermostat down at 55-58F somewhere.

Besides, if I close the door to the office, my workstation helps heat it up nicely :p
 
Zarathustra[H];1042097998 said:
I wouldn't say I miss being single, but it did have its benefits.

If I were living alone, I - too - would probably keep the thermostat down at 55-58F somewhere.

Besides, if I close the door to the office, my workstation helps heat it up nicely :p

Ha, I have friendly visitors and a kid. They just turn the heat up when I want and I don't have to worry about it being at 74F forever :p
 
Did you take the time to factor in outdoor temperature and price of electricity compare to the previous year as well?

Several studies have shown that if you didn't have a "smart thermostat" before...any smart thermostat would help. However...if you already have a smart thermostat with even "basic programming" in it...getting a smarter thermostat has negligible benefit compare to the cost of it. The only real perk of "nest" is being able to turn up the temp before you get home and that doesn't save you money. ;)

Looking through the average temperatures through the two years, they seem to be very very close.
He had an old dumb mercury switch thermostat prior to the Nest.
 
Back
Top