Reports from Nest Secure customers who are unable to arm/disarm or lock/unlock (opens in new tab)

My understanding from other posters, though, is that the devices did NOT require internet access to control them, e.g. you could walk over to the Nest thermostat to change the temp, or key in a Nest lock code to unlock it. So, for a few hours, seems like the devices just turned into "dumb" devices instead of "smart" ones. Doesn't seem as drastic a loss of functionality as is being presented here.

A big advantage of HomeKit is that it works locally and mandates security in the ecosystem.

Perhaps the functionality of from-anywhere control led them to make internet the only available connectivity. If you assume the service and connection will be always available, why put multiple receivers on the device? Seems the problem here was in the assumption.

Reduced complexity and higher reliability.

Instead of your apps having to detect if they're local or remote to the device and then implementing a different protocol based on locality, they instead just always call out to a cloud based location.

They don't have to devote resources to maintaining 2 APIs for every product and can instead focus on reliability and robustness of the one interface.

> it's just a crap design from a usability standpoint.

I would argue the opposite. By having to support both cloud and local communication, you're introducing complexity and the possibility that APIs could diverge in functionality and reliability.

While it would not be technologically difficult to design most products to not require 'cloud' connectivity to provide full functionality, it would cut the companies out of data collection and they don't want that. How else will Google decide that saving the planet by manipulating everyones Nest to lie about the temperature its actually set at by a degree or two is too irresistable to pass up? One degree for an hour over 100 million people... just imagine the scale of CO2 emissions reduced, power consumption reduced, etc. Honestly surprised it hasn't happened yet.

Could they create a way to host a service at your home for direct connect from the app so connectivity doesn’t rely on a cloud service? Sure. Most consumers don’t care though. I certainly don’t care. This is the first major Nest outage I can remember. It would take continued intermittent outages for me to re-evaluate my Nest devices at my homes.

Either a cloud app is going to go out, or my home internet is going to go out. I don’t expect 100% uptime because I’m realistic, and expecting non-cloud infra devices with no time commitment is a pipe dream.

I guess you couldn't continuously support and update (terrorize?) people's smart stuff otherwise. It's not like open source, where you build it and are responsible when it breaks.

I think you can figure this out. Not about design, about determining demand/profit, data collection, and control.

But then how is Google going to collect and monetize your data - after you've already purchased its product?

i suspect it's because nest is a bit of a (niche) data play.

i don't necessarily care that much about that, but i do want such a product to work perfectly fine whether there's a connection to their servers or not.

I think it's the "most reliable" way to get them to work. When you have a centralized server, both devices know exactly how to connect to the centralized server and communicate through it.

Local connectivity seems to present all sort of silly issues that make the user experience a bit inconsistent. Heck, look at Chromecast, it works great about 90-95% of the time. That 5-10% of the time it doesn't work, it becomes a complete pain.

Soon you will be able to tell which coffee machine your coworkers own by observing which days they are grumpy after missing their coffee due to brand specific server outages.

Just wait until you are at Taco Bell, and you can't wipe the Cool Ranch Doritos Taco shell dust off your fingers because the Dixie servers are down. Yes, this is real.

THE FUTURE

EDIT! fixed URL: https://imgur.com/f5evsOe

Nest Products are not dependent on the cloud to function locally. The smoke detector, thermostat, locks, and security systems still function without an internet connect.

That being said, without the internet you do lose functions that obviously rely on the cloud like using your phone to adjust your thermostat, phone alerts that your house is burning down, unlocking your door from your phone, or disabling your alarm from your phone.

The devices didn't stop working, just the remote control features. You could still walk over to your thermostat/lock and press it's buttons. I'm not sure if there is a remote control infrastructure that doesn't use "the cloud" that is feasible for consumer products.

The two things are not mutually exclusive. Indeed, as Nest connections broke last night, Google collected, analyzed, and used more information than ever before in its quest to learn and know everything and keep it all organized.

Coming from an infosec background and having touched on physical security, just don't use a smart lock:

- Best case, even with a responsible implementation, you're introducing more variables than are necessary into a supposedly secure system. If one of your dependencies fucks up, your lock is exploitable.

- Worst case, you have a typical IoT device, where the "S" stands for "security."

- In _either_ case, you're likely still going to include a physical lock mechanism for keys as a backup -- so you're basically just increasing the attack surface (significantly, I should add) by doing this.

Smart locks are currently high-risk appliances, and I'm fairly confident that most others with a security background will agree with me on that.

Go with zwave.

There are some gotchas (make sure you get a zwave-plus lock that incudes the AES security stuff), and you need a dedicated "hub" to communicate with it, but they are rock solid in my experience

It shouldn't scare you that much. Without the Nest servers, all you lose is the remote control/monitoring features, your devices don't become useless bricks.

The Nest thermostat would still be an attractive, interactive thermostat with a color screen and tons of features. Without an internet connection, the $250 thermostat doesn't turn into a brick, it turns into a $150 non-connected thermostat.

The Nest Protect smoke detector still alerts you to fires or carbon monoxide, with voice warnings, and a lighted path at night. Without an internet connection, the $120 detector doesn't turn into a brick, it turns into a $40 non-connected talking smoke/CO alarm.

The Nest smart deadbolt still lets you lock and unlock your door with either a key or a PIN code. Without an internet connection, the $280 smart deadbolt doesn't turn into a brick, it turns into a $100 keypad deadbolt.

People lose their internet connections for all kinds of reasons, and the majority of smart home devices you can buy continue to be premium devices in that state, better than the basic thermostat/detector/lock/light/etc they likely replaced.

I went Z-Wave with home assistant. Not the easiest in terms of setup, but everything is run locally (I started on an rPi but am now transitioning to a Intel NUC.)

Schlagg

I don't really see the appeal of smart locks. It doesn't add any convenience, since you could always just lock the door on your way out.

That being said, I think regular passcode locks without internet connectivity do add a convenience since you don't have to carry a key.

Your thermostat should does not need an internet connection to measure temperature and turn on the furnace. Indeed, an oldschool thermostat with a mercury switch can do that. No mater how awesome your "smart" product is, it needs to not fail it's primary function unless its physically broken.

I'm also looking at Alexa and the stupid plug someone got me for a gift. Sure, I use it "Alex turn on the lamp" but I know that the system is totally unnecessarily dependent on the internet and two distinct companies for that to work. I would never have purchased such nonsense for myself.

People in tech have strange ideas about what it means for something to work acceptably.

Absolutely agree with everything except

> On the other hand, it's probably no more inconvenient than locking yourself out...

It looks like local control (i.e., with physical access) wasn't affected, so the only convenience lost was remote access. Not great when you've bought the product specifically for that feature of course, but still much better than locking yourself out.

I haven't locked myself out of my house since I was about 12, and the dumb lock on my house has had 100% uptime for the 10 years since we've moved in. So I don't totally get the appeal of a "smart" lock.

Why not do it yourself over the LAN? Seriously, I dont see any point in having home data get sent to some scummy third party.

I have a few of these "smart" devices in my home, and they are assigned to an IP block that has absolutely no internet access. They have to be controlled internally, and are not allowed to phone home.

One of my next projects will be an open-source Alexa-like that runs completely in the LAN (unless you specifically ask for things like the weather).

Nest hasn't been that impressive to me, but they're better than a lot of other home automation/security providers, including the one who completely mishandled a security disclosure I made a couple of months ago. The issue was remedied, but it was very unprofessional, and I didn't bother doing digging deep. I am certain there are many other simple security issues with that platform, just waiting for someone to decide that they want to play a game with $IMPORTANT_PERSON_X's home locks.

It's definitely wise to think twice before making your home's basic functionality, like allowing the owner to unlock doors, depend on systems that require an internet connection.

Sometimes monitoring fails too.

yeh but made you click :)

Smart devices need dumb backups. It's perhaps fortunate for Nest customers that Nest knows that.

They just can't use the app to control it. The physical lock still works, so they just have to use the key.

For a night it turned into a regular lock.

As of a little over a week ago my nests (camera, thermostat) were connecting to AWS systems, not Google Cloud. Am traveling so can't tell if this has changed since then.

IP camera's are a pain to "open to the world" - hence why "cloud cameras" have been so popular. I suspect there are now modern, IP cameras that aren't cloud reliant but the avg user doesn't care.

Unable to unlock doors from the app or other automation - the keypad still worked.

Still, this is the problem with all cloud based home automation platforms.

Or access their cameras. If it's not something dumb like DNS down, it's gonna be a popcorn-level postmortem.