[sneak]

Reminder: The Home app requires iCloud, and most data in iCloud (such as photos and backups) is not end to end encrypted, which allows Apple and the USG to read all of the data at any time without a warrant.

It makes these sorts of systems a nonstarter for me, personally.

[rcarmo]

That is just FUD. 99% of HomeKit automation happens on the LAN (in contrast to Alexa’s “let me pop open ports on your router and call external APIs for everything” approach), and iCloud is only used for setting up keys and remote access when outside the home.

[sneak]

However enabling iCloud on a device via the standard Apple OOBE flows enables iCloud Backup which leaks ~everything on your device to Apple.

I'm talking about iCloud, not HomeKit.

[andylynch]

Have you looked at home assistant? It can control most things locally without any cloud (including HomeKit accessories)

[sneak]

I have. The Home Assistant iOS mobile app has embedded spyware.

[andylynch]

I’m surprised to hear that given that is antithetical to the project’s goals and policies. Do you have any details on this spyware?

[wrboyce]

I too am surprised to hear this. GP can you point to said spyware in the GitHub repo? https://github.com/home-assistant/iOS

If not I’ll have to go with Christopher Hitchens on this one.

[sneak]

It's right there on the privacy label in the App Store.

[wrboyce]

Data not linked to you

Identifiers:

Device ID

Usage Data:

Product Interaction

Diagnostics:

Crash Data

Performance Data

I don’t see anything untoward here. Can you provide evidence to explicitly support your claim or not?