Nanoleaf: Difference between revisions

(2 intermediate revisions by one other user not shown)

Line 1:

Nanoleaf is a company that specializes in LED lighting, it was founded in 2012 and launched its first products with Kickstarter funding.<ref>https://www.crowdfundinsider.com/2014/09/48447-nanoleaf-bloom-dimming-bulbs-over-160000-during-final-days-on-kickstarter/</ref> Nanoleaf products are highly popular with many YouTubers using them in their backdrop.

{{InfoboxCompany

Line 12:

Line 10:

}}

~~==Anti-consumer practices==~~

{{Wplink|Nanoleaf|'''Nanoleaf'''}} is a company that specializes in {{Wplink|Light-emitting diode|LED}} lighting. It was founded in 2012 and launched its first products with {{Wplink|Kickstarter}} funding.<ref>https://www.crowdfundinsider.com/2014/09/48447-nanoleaf-bloom-dimming-bulbs-over-160000-during-final-days-on-kickstarter/</ref> Nanoleaf products are highly popular with many YouTubers using them in their backdrop.{{Citation needed}}

Nanoleaf is ~~using GPL software~~ in ~~their smart home~~ products ~~based on OpenWrt and do not contribute back the GPL source code, or allow users to run their own software on their hardware~~.<ref>https://~~forum~~.~~nanoleaf~~.me/~~forum~~/~~community~~-~~support/usage~~-of-~~openwrt~~-~~and~~-~~its~~-~~copyright~~-~~license</ref><ref>https://www.reddit.com/r/Nanoleaf/comments/mbhudb/nanoleaf_aurora_run_linux_openwrt_and_nanoleaf_is/</ref><ref>https://forum.openwrt.org/t/nanoleaf~~-~~light~~-~~panels~~/~~81748~~</ref>

~~=== Additional stub information ===~~

Nanoleaf ~~devices collect information about the network environment they~~ are in and submit this data to the manufacturer. This is never disclosed upon setting up the device and since the device has its own network connection via WiFi, it will stay on all the time and very aggressively send metrics. This was noted by many members of the Pi-Hole community because their nanoleaf devices would be the top consumers of DNS traffic on their ~~network with one Nanoleaf bridge creating 100,000-300,000 DNS requests per day, attempting to reach endpoints like:~~

* collector.nanoleaf.com

* apollo.nanoleaf.com

* iaso.nanoleaf.~~com~~

~~This traffic does not cease when the user configures their light panels to operate~~ in ~~LAN mode~~. ~~Offlining~~ the ~~light panels entirely does~~ not ~~impede~~ the ~~operation~~ of the ~~device in any way, since control is done locally via~~ the ~~network over the HomeKit protocol, which does not go through Nanoleafs servers and it also does not depend~~ on ~~whether~~ the ~~user has set up or uses cloud integrations~~. ~~Furthermore, these requests are made regardless~~ of ~~whether automatic firmware updates are enabled or not~~.

==Anti-consumer practices==

===GPL violation===

Nanoleaf is using GPL-licensed software in its smart home products, which are based on [https://openwrt.org/ OpenWrt]. However, the company is not complying with the terms of the {{Wplink|GNU General Public License}} (GPL)<ref>https://www.gnu.org/licenses/gpl-3.0.html</ref> by failing to contribute back the modified source code or allowing users to run their own software on the hardware.<ref>https://forum.nanoleaf.me/forum/community-support/usage-of-openwrt-and-its-copyright-license</ref><ref>https://www.reddit.com/r/Nanoleaf/comments/mbhudb/nanoleaf_aurora_run_linux_openwrt_and_nanoleaf_is/</ref><ref>https://forum.openwrt.org/t/nanoleaf-light-panels/81748</ref>

Nanoleaf ~~have responded~~ to ~~an inquiry~~ by ~~a customer saying~~ that the ~~communication that takes place every few seconds is for "communicating~~ to ~~our [Nanoleaf's] cloud for various functionalities including firmware upgrade~~, ~~integrating with third party services~~ such as ~~Google Assistant, Alexa etc."~~

===Aggressive data collection===

Nanoleaf devices collect information about the network environment they are connected to and transmit this data to the manufacturer. This data collection is not disclosed during the device setup process. Since the device maintains a constant network connection via {{Wplink|Wi-Fi}}, it operates continuously and sends metrics aggressively. This behavior was highlighted by members of the {{Wplink|Pi-Hole}} community, who observed that Nanoleaf devices were among the top consumers of {{Wplink|Domain Name System|DNS}} traffic on their networks.<ref>https://www.reddit.com/r/Nanoleaf/comments/m35bv5/collectornanoleafme_top_talker_on_network/</ref><ref>https://www.reddit.com/r/Nanoleaf/comments/m8g50y/my_4_aurora_are_creating_a_total_of_137000_dns/</ref> For example, a single Nanoleaf bridge was found to generate 100,000 to 300,000 DNS requests per day, attempting to reach endpoints such as:

~~Nanoleaf have since issued a firmware update seemingly disabling this data collection as of firmware update 5~~.2.~~1 for the original Nanoleaf Aurora panels after they were discontinued for two years~~. ~~It is unconfirmed whether newer, currently sold models also had this telemetry removed~~.

*collector.nanoleaf.com

*apollo.nanoleaf.com

*iaso.nanoleaf.com

~~https://forum~~.~~nanoleaf~~.~~me/forum/community-support/homecalls~~

This traffic persists even when users configure their light panels to operate in {{Wplink|Local area network|LAN}} mode. Additionally, completely disconnecting the light panels from the internet does not hinder their functionality, as control is managed locally via the HomeKit protocol, which does not rely on Nanoleaf's servers. This local control remains unaffected regardless of whether cloud integrations are set up or used. Notably, these DNS requests occur even when automatic firmware updates are disabled.

https://~~www~~.~~reddit~~.~~com/r/Nanoleaf~~/~~comments~~/~~m35bv5~~/~~collectornanoleafme_top_talker_on_network~~/

In response to a customer inquiry, Nanoleaf stated that the frequent communication (occurring every few seconds) is for "communicating with our cloud for various functionalities, including firmware upgrades and integration with third-party services such as {{Wplink|Google Assistant}} and {{Wplink|Amazon Alexa|Alexa}}.<ref>https://forum.nanoleaf.me/forum/community-support/homecalls</ref>

https://~~www~~.~~reddit~~.~~com~~/r/Nanoleaf~~/comments/m8g50y/my_4_aurora_are_creating_a_total_of_137000_dns/~~

Following public scrutiny, Nanoleaf released a firmware update (version 5.2.1)<ref>https://helpdesk.nanoleaf.me/en-US/light-panels-firmware-release-notes-15633</ref> for the original Nanoleaf Aurora panels, which were discontinued two years prior. This update appears to disable the data collection behavior, however it remains unconfirmed whether newer, currently sold models have also had this telemetry removed.

https://nanoleaf.me/en-EU/about-us/privacy-policy/

==See also==

*[https://nanoleaf.me/en-EU/about-us/privacy-policy/#introduction Nanoleaf Privacy Policy]

==References==

~~<references />~~

[[Category:Nanoleaf]]

@@ Line 1: / Line 1: @@
 {{StubNotice}}
-Nanoleaf is a company that specializes in LED lighting, it was founded in 2012 and launched its first products with Kickstarter funding.<ref>https://www.crowdfundinsider.com/2014/09/48447-nanoleaf-bloom-dimming-bulbs-over-160000-during-final-days-on-kickstarter/</ref> Nanoleaf products are highly popular with many YouTubers using them in their backdrop.
 {{InfoboxCompany
@@ Line 12: / Line 10: @@
 }}
-==Anti-consumer practices==
+{{Wplink|Nanoleaf|'''Nanoleaf'''}} is a company that specializes in {{Wplink|Light-emitting diode|LED}} lighting. It was founded in 2012 and launched its first products with {{Wplink|Kickstarter}} funding.<ref>https://www.crowdfundinsider.com/2014/09/48447-nanoleaf-bloom-dimming-bulbs-over-160000-during-final-days-on-kickstarter/</ref> Nanoleaf products are highly popular with many YouTubers using them in their backdrop.{{Citation needed}}
-Nanoleaf is using GPL software in their smart home products based on OpenWrt and do not contribute back the GPL source code, or allow users to run their own software on their hardware.<ref>https://forum.nanoleaf.me/forum/community-support/usage-of-openwrt-and-its-copyright-license</ref><ref>https://www.reddit.com/r/Nanoleaf/comments/mbhudb/nanoleaf_aurora_run_linux_openwrt_and_nanoleaf_is/</ref><ref>https://forum.openwrt.org/t/nanoleaf-light-panels/81748</ref>
-=== Additional stub information ===
-Nanoleaf devices collect information about the network environment they are in and submit this data to the manufacturer. This is never disclosed upon setting up the device and since the device has its own network connection via WiFi, it will stay on all the time and very aggressively send metrics. This was noted by many members of the Pi-Hole community because their nanoleaf devices would be the top consumers of DNS traffic on their network with one Nanoleaf bridge creating 100,000-300,000 DNS requests per day, attempting to reach endpoints like:
-* collector.nanoleaf.com
-* apollo.nanoleaf.com
-* iaso.nanoleaf.com
-This traffic does not cease when the user configures their light panels to operate in LAN mode. Offlining the light panels entirely does not impede the operation of the device in any way, since control is done locally via the network over the HomeKit protocol, which does not go through Nanoleafs servers and it also does not depend on whether the user has set up or uses cloud integrations. Furthermore, these requests are made regardless of whether automatic firmware updates are enabled or not.
+==Anti-consumer practices==
+===GPL violation===
+Nanoleaf is using GPL-licensed software in its smart home products, which are based on [https://openwrt.org/ OpenWrt]. However, the company is not complying with the terms of the {{Wplink|GNU General Public License}} (GPL)<ref>https://www.gnu.org/licenses/gpl-3.0.html</ref> by failing to contribute back the modified source code or allowing users to run their own software on the hardware.<ref>https://forum.nanoleaf.me/forum/community-support/usage-of-openwrt-and-its-copyright-license</ref><ref>https://www.reddit.com/r/Nanoleaf/comments/mbhudb/nanoleaf_aurora_run_linux_openwrt_and_nanoleaf_is/</ref><ref>https://forum.openwrt.org/t/nanoleaf-light-panels/81748</ref>
-Nanoleaf have responded to an inquiry by a customer saying that the communication that takes place every few seconds is for "communicating to our [Nanoleaf's] cloud for various functionalities including firmware upgrade, integrating with third party services such as Google Assistant, Alexa etc."
+===Aggressive data collection===
+Nanoleaf devices collect information about the network environment they are connected to and transmit this data to the manufacturer. This data collection is not disclosed during the device setup process. Since the device maintains a constant network connection via {{Wplink|Wi-Fi}}, it operates continuously and sends metrics aggressively. This behavior was highlighted by members of the {{Wplink|Pi-Hole}} community, who observed that Nanoleaf devices were among the top consumers of {{Wplink|Domain Name System|DNS}} traffic on their networks.<ref>https://www.reddit.com/r/Nanoleaf/comments/m35bv5/collectornanoleafme_top_talker_on_network/</ref><ref>https://www.reddit.com/r/Nanoleaf/comments/m8g50y/my_4_aurora_are_creating_a_total_of_137000_dns/</ref> For example, a single Nanoleaf bridge was found to generate 100,000 to 300,000 DNS requests per day, attempting to reach endpoints such as:
-Nanoleaf have since issued a firmware update seemingly disabling this data collection as of firmware update 5.2.1 for the original Nanoleaf Aurora panels after they were discontinued for two years. It is unconfirmed whether newer, currently sold models also had this telemetry removed.
+*collector.nanoleaf.com
+*apollo.nanoleaf.com
+*iaso.nanoleaf.com
-https://forum.nanoleaf.me/forum/community-support/homecalls
+This traffic persists even when users configure their light panels to operate in {{Wplink|Local area network|LAN}} mode. Additionally, completely disconnecting the light panels from the internet does not hinder their functionality, as control is managed locally via the HomeKit protocol, which does not rely on Nanoleaf's servers. This local control remains unaffected regardless of whether cloud integrations are set up or used. Notably, these DNS requests occur even when automatic firmware updates are disabled.
-https://www.reddit.com/r/Nanoleaf/comments/m35bv5/collectornanoleafme_top_talker_on_network/
+In response to a customer inquiry, Nanoleaf stated that the frequent communication (occurring every few seconds) is for "communicating with our cloud for various functionalities, including firmware upgrades and integration with third-party services such as {{Wplink|Google Assistant}} and {{Wplink|Amazon Alexa|Alexa}}.<ref>https://forum.nanoleaf.me/forum/community-support/homecalls</ref>
-https://www.reddit.com/r/Nanoleaf/comments/m8g50y/my_4_aurora_are_creating_a_total_of_137000_dns/
+Following public scrutiny, Nanoleaf released a firmware update (version 5.2.1)<ref>https://helpdesk.nanoleaf.me/en-US/light-panels-firmware-release-notes-15633</ref> for the original Nanoleaf Aurora panels, which were discontinued two years prior. This update appears to disable the data collection behavior, however it remains unconfirmed whether newer, currently sold models have also had this telemetry removed.
-https://nanoleaf.me/en-EU/about-us/privacy-policy/
+==See also==
+*[https://nanoleaf.me/en-EU/about-us/privacy-policy/#introduction Nanoleaf Privacy Policy]
 ==References==
+{{Reflist}}
-<references />
+[[Category:Nanoleaf]]