Nanoleaf: Difference between revisions
Bythmusters (talk | contribs) m Added Cargo template in place of Infobox |
Added archive URLs for 8 citation(s) using CRWCitationBot |
||
| Line 9: | Line 9: | ||
|Website=https://nanoleaf.me/ | |Website=https://nanoleaf.me/ | ||
}} | }} | ||
{{Wplink|Nanoleaf|'''Nanoleaf'''}} is a company that specializes in {{Wplink|Light-emitting diode|LED}} lighting. It was founded in 2012 and launched its first products with {{Wplink|Kickstarter}} funding.<ref>https://www.crowdfundinsider.com/2014/09/48447-nanoleaf-bloom-dimming-bulbs-over-160000-during-final-days-on-kickstarter/</ref> | {{Wplink|Nanoleaf|'''Nanoleaf'''}} is a company that specializes in {{Wplink|Light-emitting diode|LED}} lighting. It was founded in 2012 and launched its first products with {{Wplink|Kickstarter}} funding.<ref>https://www.crowdfundinsider.com/2014/09/48447-nanoleaf-bloom-dimming-bulbs-over-160000-during-final-days-on-kickstarter/ ([http://web.archive.org/web/20250226155807/https://www.crowdfundinsider.com/2014/09/48447-nanoleaf-bloom-dimming-bulbs-over-160000-during-final-days-on-kickstarter/ Archived])</ref> | ||
==Consumer impact summary== | ==Consumer impact summary== | ||
===GPL violation=== | ===GPL violation=== | ||
Nanoleaf is using GPL-licensed software in its smart home products, which are based on [https://openwrt.org/ OpenWrt]. However, the company is not complying with the terms of the {{Wplink|GNU General Public License}} (GPL)<ref>https://www.gnu.org/licenses/gpl-3.0.html</ref> by failing to contribute back the modified source code or allowing users to run their own software on the hardware.<ref>https://forum.nanoleaf.me/forum/community-support/usage-of-openwrt-and-its-copyright-license</ref><ref>https://www.reddit.com/r/Nanoleaf/comments/mbhudb/nanoleaf_aurora_run_linux_openwrt_and_nanoleaf_is/</ref><ref>https://forum.openwrt.org/t/nanoleaf-light-panels/81748</ref> | Nanoleaf is using GPL-licensed software in its smart home products, which are based on [https://openwrt.org/ OpenWrt]. However, the company is not complying with the terms of the {{Wplink|GNU General Public License}} (GPL)<ref>https://www.gnu.org/licenses/gpl-3.0.html ([http://web.archive.org/web/20260128220745/http://www.gnu.org/licenses/gpl-3.0.html Archived])</ref> by failing to contribute back the modified source code or allowing users to run their own software on the hardware.<ref>https://forum.nanoleaf.me/forum/community-support/usage-of-openwrt-and-its-copyright-license ([http://web.archive.org/web/20250708203100/https://forum.nanoleaf.me/forum/community-support/usage-of-openwrt-and-its-copyright-license Archived])</ref><ref>https://www.reddit.com/r/Nanoleaf/comments/mbhudb/nanoleaf_aurora_run_linux_openwrt_and_nanoleaf_is/ ([http://web.archive.org/web/20250118190432/https://old.reddit.com/r/Nanoleaf/comments/mbhudb/nanoleaf_aurora_run_linux_openwrt_and_nanoleaf_is/ Archived])</ref><ref>https://forum.openwrt.org/t/nanoleaf-light-panels/81748</ref> | ||
===Aggressive data collection=== | ===Aggressive data collection=== | ||
Nanoleaf devices collect information about the network environment they are connected to and transmit this data to the manufacturer. This data collection is not disclosed during the device setup process. Since the device maintains a constant network connection via {{Wplink|Wi-Fi}}, it operates continuously and sends metrics aggressively. This behavior was highlighted by members of the {{Wplink|Pi-Hole}} community, who observed that Nanoleaf devices were among the top consumers of {{Wplink|Domain Name System|DNS}} traffic on their networks.<ref>https://www.reddit.com/r/Nanoleaf/comments/m35bv5/collectornanoleafme_top_talker_on_network/</ref><ref>https://www.reddit.com/r/Nanoleaf/comments/m8g50y/my_4_aurora_are_creating_a_total_of_137000_dns/</ref> For example, a single Nanoleaf bridge was found to generate 100,000 to 300,000 DNS requests per day, attempting to reach endpoints such as: | Nanoleaf devices collect information about the network environment they are connected to and transmit this data to the manufacturer. This data collection is not disclosed during the device setup process. Since the device maintains a constant network connection via {{Wplink|Wi-Fi}}, it operates continuously and sends metrics aggressively. This behavior was highlighted by members of the {{Wplink|Pi-Hole}} community, who observed that Nanoleaf devices were among the top consumers of {{Wplink|Domain Name System|DNS}} traffic on their networks.<ref>https://www.reddit.com/r/Nanoleaf/comments/m35bv5/collectornanoleafme_top_talker_on_network/ ([http://web.archive.org/web/20210322050252/https://old.reddit.com/r/Nanoleaf/comments/m35bv5/collectornanoleafme_top_talker_on_network/ Archived])</ref><ref>https://www.reddit.com/r/Nanoleaf/comments/m8g50y/my_4_aurora_are_creating_a_total_of_137000_dns/ ([http://web.archive.org/web/20210321224033/https://old.reddit.com/r/Nanoleaf/comments/m8g50y/my_4_aurora_are_creating_a_total_of_137000_dns/ Archived])</ref> For example, a single Nanoleaf bridge was found to generate 100,000 to 300,000 DNS requests per day, attempting to reach endpoints such as: | ||
*collector.nanoleaf.com | *collector.nanoleaf.com | ||
| Line 24: | Line 24: | ||
This traffic persists even when users configure their light panels to operate in {{Wplink|Local area network|LAN}} mode. Additionally, completely disconnecting the light panels from the internet does not hinder their functionality, as control is managed locally via the HomeKit protocol, which does not rely on Nanoleaf's servers. This local control remains unaffected regardless of whether cloud integrations are set up or used. Notably, these DNS requests occur even when automatic firmware updates are disabled. | This traffic persists even when users configure their light panels to operate in {{Wplink|Local area network|LAN}} mode. Additionally, completely disconnecting the light panels from the internet does not hinder their functionality, as control is managed locally via the HomeKit protocol, which does not rely on Nanoleaf's servers. This local control remains unaffected regardless of whether cloud integrations are set up or used. Notably, these DNS requests occur even when automatic firmware updates are disabled. | ||
In response to a customer inquiry, Nanoleaf stated that the frequent communication (occurring every few seconds) is for "communicating with our cloud for various functionalities, including firmware upgrades and integration with third-party services such as {{Wplink|Google Assistant}} and {{Wplink|Amazon Alexa|Alexa}}.<ref>https://forum.nanoleaf.me/forum/community-support/homecalls</ref> | In response to a customer inquiry, Nanoleaf stated that the frequent communication (occurring every few seconds) is for "communicating with our cloud for various functionalities, including firmware upgrades and integration with third-party services such as {{Wplink|Google Assistant}} and {{Wplink|Amazon Alexa|Alexa}}.<ref>https://forum.nanoleaf.me/forum/community-support/homecalls ([http://web.archive.org/web/20250708203103/https://forum.nanoleaf.me/forum/community-support/homecalls Archived])</ref> | ||
Following public scrutiny, Nanoleaf released a firmware update (version 5.2.1)<ref>https://helpdesk.nanoleaf.me/en-US/light-panels-firmware-release-notes-15633</ref> for the original Nanoleaf Aurora panels, which were discontinued two years prior. This update appears to disable the data collection behavior, however it remains unconfirmed whether newer, currently sold models have also had this telemetry removed. | Following public scrutiny, Nanoleaf released a firmware update (version 5.2.1)<ref>https://helpdesk.nanoleaf.me/en-US/light-panels-firmware-release-notes-15633 ([http://web.archive.org/web/20250419175710/https://helpdesk.nanoleaf.me/en-US/light-panels-firmware-release-notes-15633 Archived])</ref> for the original Nanoleaf Aurora panels, which were discontinued two years prior. This update appears to disable the data collection behavior, however it remains unconfirmed whether newer, currently sold models have also had this telemetry removed. | ||
==See also== | ==See also== | ||
Revision as of 06:24, 23 February 2026
❗Article Status Notice: This Article is a stub
This article is underdeveloped, and needs additional work to meet the wiki's Content Guidelines and be in line with our Mission Statement for comprehensive coverage of consumer protection issues. Learn more ▼
| Basic information | |
|---|---|
| Founded | 2012 |
| Legal Structure | Private |
| Industry | Electronics |
| Also known as | |
| Official website | https://nanoleaf.me/ |
Nanoleaf is a company that specializes in LED lighting. It was founded in 2012 and launched its first products with Kickstarter funding.[1]
Consumer impact summary
GPL violation
Nanoleaf is using GPL-licensed software in its smart home products, which are based on OpenWrt. However, the company is not complying with the terms of the GNU General Public License (GPL)[2] by failing to contribute back the modified source code or allowing users to run their own software on the hardware.[3][4][5]
Aggressive data collection
Nanoleaf devices collect information about the network environment they are connected to and transmit this data to the manufacturer. This data collection is not disclosed during the device setup process. Since the device maintains a constant network connection via Wi-Fi, it operates continuously and sends metrics aggressively. This behavior was highlighted by members of the Pi-Hole community, who observed that Nanoleaf devices were among the top consumers of DNS traffic on their networks.[6][7] For example, a single Nanoleaf bridge was found to generate 100,000 to 300,000 DNS requests per day, attempting to reach endpoints such as:
- collector.nanoleaf.com
- apollo.nanoleaf.com
- iaso.nanoleaf.com
This traffic persists even when users configure their light panels to operate in LAN mode. Additionally, completely disconnecting the light panels from the internet does not hinder their functionality, as control is managed locally via the HomeKit protocol, which does not rely on Nanoleaf's servers. This local control remains unaffected regardless of whether cloud integrations are set up or used. Notably, these DNS requests occur even when automatic firmware updates are disabled.
In response to a customer inquiry, Nanoleaf stated that the frequent communication (occurring every few seconds) is for "communicating with our cloud for various functionalities, including firmware upgrades and integration with third-party services such as Google Assistant and Alexa.[8]
Following public scrutiny, Nanoleaf released a firmware update (version 5.2.1)[9] for the original Nanoleaf Aurora panels, which were discontinued two years prior. This update appears to disable the data collection behavior, however it remains unconfirmed whether newer, currently sold models have also had this telemetry removed.
See also
References
- ↑ https://www.crowdfundinsider.com/2014/09/48447-nanoleaf-bloom-dimming-bulbs-over-160000-during-final-days-on-kickstarter/ (Archived)
- ↑ https://www.gnu.org/licenses/gpl-3.0.html (Archived)
- ↑ https://forum.nanoleaf.me/forum/community-support/usage-of-openwrt-and-its-copyright-license (Archived)
- ↑ https://www.reddit.com/r/Nanoleaf/comments/mbhudb/nanoleaf_aurora_run_linux_openwrt_and_nanoleaf_is/ (Archived)
- ↑ https://forum.openwrt.org/t/nanoleaf-light-panels/81748
- ↑ https://www.reddit.com/r/Nanoleaf/comments/m35bv5/collectornanoleafme_top_talker_on_network/ (Archived)
- ↑ https://www.reddit.com/r/Nanoleaf/comments/m8g50y/my_4_aurora_are_creating_a_total_of_137000_dns/ (Archived)
- ↑ https://forum.nanoleaf.me/forum/community-support/homecalls (Archived)
- ↑ https://helpdesk.nanoleaf.me/en-US/light-panels-firmware-release-notes-15633 (Archived)