In this review we will go over Nanoleaf Elements ecosystem according to the Unwanted Cloud methodology to determine whether it is usable without giving away your data, and whether it respects your privacy.
Although our review will use the Nanoleaf Elements, this review also applies to most other light panels that Nanoleaf sells.
While the Nanoleaf is not perfect from a privacy perspective, it strikes a good balance between convenience and usability.
B
Overall rating
Cloud requirements
The Nanoleaf app is available on the Android and Apple play store. When launching the app for the first time, we are guided through the initial pairing process. While the app puts a big emphasis on creating a Nanoleaf account and logging in, it is possible to skip this step. The app does not force you to create any account to fully use the device, earning it an A grade.
The device only works connected to your WiFi network. Once the device is configured, you can control it locally, but not remotely (eg. when you’re on your 4G mobile connection), which is expected. Multiple users can have access to the same Nanoleaf device – each user has to go through the pairing procedure, however it is very fast since you don’t have to set up the WiFi every time. A big bonus is that you can pair via NFC, which is very convenient.
A
Cloud requirements
Data portability
The app or website does not allow you to export your data. If you have a cloud account you can enable “Cloud sync” which syncs your rooms and light preset data, however if you do not use a cloud account you will have to set this up again if you ever reset your device.
E
Data portability
Ecosystem openness
The Nanoleaf can be controlled locally using a REST API without any cloud connection. See this thread and this Postman collection for information.
A
Ecosystem openness
Data privacy
Nanoleaf provides a well-written privacy policy. Although they are a Canadian company they claim their privacy policy is in the “spirit” of GDPR and that they will honor the rights that the GDPR provides users. While the privacy policy is not overreaching, there is no way to opt out of data collection from inside the app. There is also no way to get an automated GDPR export.
We observed that the Nanoleaf device does attempt to continuously communicate with online servers when it is running, but we did not check the contents of the communications. This is not possible to turn off. Considering that many devices in the Nanoleaf product line have a microphone and that WiFi is the only setup option, it is advised that you block the device from communicating with the internet. We confirmed that it was still possible to use the device locally even when it was blocked from communicating with the internet.
C
Data privacy
Tested on Android using version 1.0 of the Unwanted Cloud methodology.
Leave a Reply