Last month, Google discontinued remote control capabilities for the first- and second-generation Nest Learning Thermostats. Many users speculated that the removal of smart features would cut off communication between their devices and Google.
However, recent findings reveal that these older Nest devices are still sending detailed logs to Google, despite no longer being officially supported.
Researchers find surprising data uploads from older Nest devices
Security researcher Cody Kociemba stumbled upon this unexpected data transfer while exploring the backend for a project related to the Repair Bounty Challenge initiated by FULU, a repair rights organization co-founded by Louis Rothman, an expert in electronics repair. This challenge encouraged developers to restore lost functionalities in unsupported Nest devices. Kociemba collaborated with the open source community to create No Longer Evil, software designed to reinstate smart features to these aging thermostats.
During a process of replicating Google’s API, a large influx of logs from customer devices came in. This led to a deeper investigation into what data Google is still collecting.
What your Nest thermostat continues to share with Google
Kociemba found that early Nest Learning Thermostats are still transmitting various sensor data, including:
- Manual temperature adjustments
- Whether a person is present in the room
- Sunlight exposure on the device
- Current temperature readings
- Humidity levels
- Motion activities
- Ambient light data
The volume of logs was surprisingly substantial. Kociemba hadn’t anticipated the device would remain linked to Google after it was shut down, prompting him to disable incoming data.
Previously, Google stated that unsupported models would “continue to report logs to help diagnose issues.” Yet, with support now fully terminated, Kociemba notes that the data cannot be used for customer assistance, which adds a layer of mystery to the ongoing data sharing.
CyberGuy reached out to Google for their response, and a spokesperson said: “Nest Learning Thermostats (1st and 2nd generation) are no longer supported in the Nest and Home apps, but adjustments can be made directly on the unit. These devices will soon be unassociated and removed from all user accounts. Diagnostic logs that aren’t linked to any user account will continue to be sent to Google for service tracking purposes. Users wishing to stop these logs can disconnect from Wi-Fi in the device’s settings.”
Why is this discovery significant?
Google has blocked access to remote controls, updates, and diagnostics through the Nest and Google Home apps, effectively stripping the devices of vital smart functions. Yet, the thermostat persists in transmitting data, establishing a one-sided connection that benefits Google more than the users.
With support ended, users no longer gain from the ongoing logging, raising questions about transparency and user autonomy for those who thought their devices were no longer connected.
FULU’s bounty that led to this breakthrough
FULU’s bounty program urged developers to create tools to revive functionality in neglected devices. After assessing the submissions, Kociemba and another developer, Team Dinosaur, were awarded $14,772 for successfully restoring smart features to older Nest models.
This triumph underscores how community-driven repair initiatives can sustain the life of useful gadgets and highlights corporate practices regarding data management after support expires.
Tips for safeguarding your privacy with old Nest thermostats
If you still have one of these unsupported Nest thermostats, here are some steps to enhance your privacy and minimize the data it sends to Google:
1) Review your Google Account activity
Visit myactivity.google.com to view your thermostat logs and any unexpected activities.
2) Connect your device to a separate Wi-Fi network
Move it to a guest network to restrict its range and prevent broad access.
3) Block outbound traffic if possible
Some routers enable you to prevent specific devices from sending outbound data while they still control heating and cooling.
4) Turn off remaining cloud features
If your device menu still shows cloud settings, disable those linked to remote access or online diagnostics.
5) Remove the device associations from your Google Account
Check your Google settings and delete outdated Nest entries to stop any lingering data connections.
6) Adjust router settings to report device analytics
Disable cloud diagnostics on your router to minimize the data footprint from unsupported devices.
7) Plan for replacement
Considering unsupported devices will miss out on security updates, upgrading to a newer model capable of receiving them would be wise.
Pro tip: Consider a data removal service
Using data deletion services can help limit personal information accessible to data brokers, enhancing your smart home security. While no service guarantees complete data removal, they are effective in monitoring and systematically deleting personal information from multiple sites. This proactive approach can reduce the risk stemming from data breaches.
For free scans of your personal data’s online presence, consider visiting cyberguy.com.
Key takeaways
With older Nest thermostats still sending data to Google post-feature loss, owners need to reassess their connected home setups. Unsupported devices can communicate even if the advantageous functionality has ceased. Being aware of what your devices are sharing can inform your decisions regarding their continued use.
Do you want to maintain a device that continues transmitting data to its manufacturer after you’ve lost the features you originally valued? Email us at cyberguy.com.
