Jump to content

Nanoleaf

From Consumer_Action_Taskforce

Article Status Notice: This Article is a stub

Notice: This Article Requires Additional Expansion

This article is underdeveloped, and needs additional work to meet the wiki's Content Guidelines and be in line with our Mission Statement for comprehensive coverage of consumer protection issues. Issues may include:

  • This article needs to be expanded to provide meaningful information
  • This article requires additional verifiable evidence to demonstrate systemic impact
  • More documentation is needed to establish how this reflects broader consumer protection concerns
  • The connection between individual incidents and company-wide practices needs to be better established
  • The article is simply too short, and lacks sufficient content

How You Can Help:

  • Add documented examples with verifiable sources
  • Provide evidence of similar incidents affecting other consumers
  • Include relevant company policies or communications that demonstrate systemic practices
  • Link to credible reporting that covers these issues
  • Flesh out the article with relevant information

This notice will be removed once the article is sufficiently developed. Once you believe the article is ready to have its notice removed, visit the Discord (join here) and post to the #appeals channel, or mention its status on the article's talk page.

Nanoleaf
Basic information
Founded 2012
Type Private
Industry Consumer Electronics
Official website https://nanoleaf.me/


Nanoleaf is a company that specializes in LED lighting, it was founded in 2012 and launched its first products with Kickstarter funding.[1] Nanoleaf products are highly popular with many YouTubers using them in their backdrop.

Anti-consumer practices[edit | edit source]

GPL violation[edit | edit source]

Nanoleaf is using GPL-licensed software in its smart home products, which are based on OpenWrt. However, the company is not complying with the terms of the GNU General Public License (GPL)[2] by failing to contribute back the modified source code or allowing users to run their own software on the hardware.[3][4][5]

Aggressive data collection[edit | edit source]

Nanoleaf devices collect information about the network environment they are connected to and transmit this data to the manufacturer. This data collection is not disclosed during the device setup process. Since the device maintains a constant network connection via Wi-Fi, it operates continuously and sends metrics aggressively. This behavior was highlighted by members of the Pi-Hole community, who observed that Nanoleaf devices were among the top consumers of DNS traffic on their networks.[6][7] For example, a single Nanoleaf bridge was found to generate 100,000 to 300,000 DNS requests per day, attempting to reach endpoints such as:

  • collector.nanoleaf.com
  • apollo.nanoleaf.com
  • iaso.nanoleaf.com

This traffic persists even when users configure their light panels to operate in LAN mode. Additionally, completely disconnecting the light panels from the internet does not hinder their functionality, as control is managed locally via the HomeKit protocol, which does not rely on Nanoleaf's servers. This local control remains unaffected regardless of whether cloud integrations are set up or used. Notably, these DNS requests occur even when automatic firmware updates are disabled.

In response to a customer inquiry, Nanoleaf stated that the frequent communication (occurring every few seconds) is for 'communicating with our [Nanoleaf's] cloud for various functionalities, including firmware upgrades and integration with third-party services such as Google Assistant and Alexa.'[8]

Following public scrutiny, Nanoleaf released a firmware update (version 5.2.1)[9] for the original Nanoleaf Aurora panels, which were discontinued two years prior. This update appears to disable the data collection behavior. However, it remains unconfirmed whether newer, currently sold models have also had this telemetry removed.

See also[edit | edit source]

References[edit | edit source]