Methodology

Unwanted Cloud uses a versioned methodology for reviewing products. We put our focus on how well the product respects your personal freedom by not forcing you into using cloud services and how well the privacy policy is designed. Each product received a score between A (best) and F (worst).

You are reading version 1.0 of the Unwanted Cloud methodology.

Cloud requirements

Storing data in the cloud has made our lives easier in many ways. But data is big business and many companies use the convenience of cloud storage as an excuse to store, mine and sell your data. We believe that cloud functionality should always be opt-in and that smart devices should have the smarts included instead of relying on remote processing on foreign servers thousands of miles away.

To receive an A grade, a device should not force users to sign up for or require the use of cloud connected services to use the device with full functionality. In addition, any data processing should happen on the device.

For lower grades, it is permissible to offload some parts of the functionality to the cloud, especially where it would be impractical to do locally.

The F grade is automatically given if a device can not be used without signing up for an account with the manufacturer.

Data portability

When you move to a new apartment or house, you can easily put all your possessions in boxes. But can you do the same with your data? Providers often lock you into their devices and services by making it impractical to take your data with you when you want to move away.

To receive an A grade, it should be possible to export all data that you generate while using the device or service in a machine-readable and human-readable format.

The F grade is automatically given if no option for data takeout exists.

Ecosystem openness

Devices work better when they are connected together. Whether you want to start your dishwasher with your voice or charge your car when electricity is cheap, devices need to be interoperate with each other.

Many device manufacturers today provide some access to device data through API:s, but often these API:s are hosted in the cloud, which means they do not work when your internet is down or when the company behind the product suffers downtime or goes out of business.

To receive an A grade, a device has to provide a local API for its full range of functionalities that either uses open technologies (like REST) or provides open-source client libraries to all users. The API should be able to function completely on your local network without access to the internet.

Providing access to API:s through a paid or freemium third party (such as Zapier) drops the grade.

Data privacy

When buying a smart device, you are often implicitly allowing the company behind the product to collect, look through and sometimes even profit off of the data you generate.

To receive an A grade, the device should provide an option to not send any data to the company behind the device in question. Even aggregated telemetry data needs to be possible to disable in full.

In the event that data needs to be stored in the cloud, all of the data subject rights under the GDPR need to be implemented, including the right to erasure, the right to limitation of processing, and the right to data portability.

Version history

2022-09-18 – Version 1.0 (Current)