Nest X Yale Lock
"Hey Google, let me in!" Get this WiFi smart lock (well, you have to get a Nest Connect or Nest Guard too) and you can unlock your door, check to see if you door is locked, and know if someone has come or gone, from anywhere. Create passcodes to share with the plumber or that friend from high school so they can come and go until you don't want them to anymore. This lock is WiFi only, which means you don't need to worry about a Bluetooth vulnerability leaving you, well, vulnerable. How does this smart lock do when it comes to privacy? Well, Google is gonna Google, so your data won't be sold but it will be used to target you with lots of ads.
What could happen if something goes wrong?
Smart locks are one of those connected devices that seem to worry lots of people. The pros: They offer a lot of convenience with multiple ways to unlock the door to your home, a way to track who comes and goes from your home, they can allow you to give out a keypad number to people like a babysitter and then revoke that when they no longer need access, and they can help you make sure you locked your front door when your anxiety kicks in on vacation. The cons: They can be vulnerable to any number of things such as power outages, lost or compromised phones, ransomware attacks on the company who made your lock, product security vulnerabilities, WiFi and/or Bluetooth vulnerabilities, home hub vulnerabilities, bad software updates, data leaks, and more.
With all that said, how does Google’s Nest x Yale smart lock stack up? This smart lock doesn’t come with WiFi built-in, meaning it doesn’t connect directly with the internet. Users will need Nest Connect or Nest Guard to connect it to their WiFi and the Nest app. Without that WiFi connection, users can still open the lock using the keypad. We found no known security breaches of Google's smart lock. Overall, Google seems to do a good job with security, with very few security breaches reported over the past three years, but they also aren’t perfect. It’s always good to take precautions like changing pre-existing passcodes and setting up two-factor authentication.
“OK, Google.” That’s pretty much exactly how we think Google does when it comes to privacy. They are OK, if you consider the fact that they are a ginormous data collecting advertising company that makes billions of dollars off your personal information. This is the world we live in now, though, and there are other Big Tech companies doing a worse job than Google at protecting and respecting your privacy (looking at you Meta/Facebook). It’s really unfortunate just how low the bar has gotten when it comes to privacy these days.
That said, you should be aware Google is a huge ad company that needs lots and lots of your data to sell ads. What sorts of data does Google collect on you? Well, there are those voice recordings when you go, “Hey Google, unlock my door for the pizza delivery?” And while Google promises that your voice recordings won’t be used to send you personalized ads, they do say the transcripts of your voice interactions with your Google smart speaker may. Google also collects things like your location, information about things near your devices like wi-fi access points and bluetooth enabled devices, people you communicate with, purchase activity, voice and audio information, your favorite songs on Spotify, what things you search for, what things you ask Google, when you turn your lights on if you have smart lights, when you use it to run your robot vacuum, and so much more.
Of course, Google uses your personal information to sell those targeted, personalized ads you see all over the place like in your Gmail, in your favorite Solitaire app, on partner websites, and on YouTube. Yup, the ads are everywhere. Google does say they won’t use things like your sexual orientation, race, and health to show you ads…although we just have to trust them on that. I’m sure we’ve all seen ads based on sensitive things about us that felt pretty creepy. And Google says they won’t use content from your Google Drive, Email, or Photos to personalize ads. We sure hope not.
We do like that people who use Google’s AI voice assistant are now automatically opted out of Google's human review of voice recordings, because that was super creepy. We also like that Google does try to communicate with users how they collect and use data in their Safety Center. Google does collect a ton of data on you, especially if you don't take the time to adjust your privacy settings to lock down just how much info they can gather. You should absolutely take the time to adjust these privacy settings. Just beware, you will get notifications that some things might not work right if you change settings. That’s annoying, and probably worth it for a little more privacy.
As for Google’s track record at protecting and respecting your privacy, well, it’s a mixed bag. Google does pretty good at the security side of protecting all that heaps of data they collect on your. It is their money making business asset, after all. Unfortunately, Google also has a spotty track record at respecting privacy, as seen in the multitude of fines and lawsuits that have been thrown at them all around the world for violating privacy laws and protections. South Korea fined Google (and Meta) millions of dollars recently for privacy violations. So did France and Spain. And in the US, Google has faced a host of lawsuits and settlements from Texas, California, DC, Illinois, Arizona, the Federal Trade Commission, and more. All this makes it pretty hard to trust what a company says they do with that massive amount of personal information they collect on you.
What’s the worst that could happen? Well, it’s entirely possible you are always asking Google to unlock your door at 8pm, right after you’ve asked Google to order you a ham and pineapple pizza. Based on that, Google decides you don’t have a life and keeps showing you ads for dating apps. You get depressed because you’re actually happily married and those ads remind you of the horrors of dating. Absolutely nobody needs that!
What can be used to sign up?
What data does the company collect?
Name, email, phone number, address
Voice recordings (if you use Google Assistant)
How does the company use this data?
How can you control your data?
What is the company’s known track record of protecting users’ data?
Google received plenty of fines from European, American, and Korean authorities in the last few years. The biggest was the $170M fine from New York Attorney General for mishandling the children consent. The other cases include the fine of $100M for violating the Biometric Information Privacy Act in Illinois, $71.8M fine for mishandling consent in South Korea, $57M fine for violating GDPR in France, as well as other fines from local Data Protection Authorities in Ireland, Italy, Spain.
In 2022 Google agreed to a nearly $392 million dollar legal settlement with 40 US states "for charges that it misled users into thinking they had turned off location tracking in their account settings even as the company continued collecting that information".
In August 2019, the company admitted that partners who work to analyze voice snippets from the Assistant leaked the voice snippets of some Dutch users. More than 1,000 private conversations were sent to a Belgian news outlet, some of the messages reportedly revealed sensitive information such as medical conditions and customer addresses.
In December 2018, a bug exposed exposed the data of 52.5 million Google+ users.
Nest Security Bulletin contains details of security vulnerabilities that previously affected Google Nest's devices.
Child Privacy Information
Can this product be used offline?
User-friendly privacy information?
Google provides a page with privacy information about Nest.
Links to privacy information
Does this product meet our Minimum Security Standards?
Encryption in transit and at rest.
Google has a Security Rewards program. Link: https://www.google.com/about/appsecurity/programs-home/
Google publishes academic papers about its AI research (https://ai.google/) and makes several tools available via open source. https://ai.google/tools/
Is this AI untrustworthy?
What kind of decisions does the AI make about you or for you?
If you use Google Assistant, Google uses natural language processing to understand you and to generate answers to your requests.
Is the company transparent about how the AI works?
Does the user have control over the AI features?
7 Google Assistant settings you should disable or adjustDigital Trends
All the Ways Google Is Coming Under Fire Over Privacy: QuickTakeBloomberg
Google Finally Lets You Turn off Targeted Ads Without Breaking Its AppsGizmodo
Google settles lawsuit with Illinois residents for $100M after photo app privacy concernsUSA Today
Google, Meta fined $71.8M for violating privacy law in South KoreaTechCrunch
France fines Google $57 million for European privacy rule breachReuters
Google Is Fined $170 Million for Violating Children’s Privacy on YouTubeThe New York Times
Google Agrees to $392 Million Privacy Settlement With 40 StatesThe New York Times
Google and YouTube Will Pay Record $170 Million for Alleged Violations of Children’s Privacy LawFederal Trade Commission
Data privacy alert: Spanish DPA fines Google €10 millionSC Media
Texas Sues Google for Collecting Biometric Data Without ConsentThe New York Times
Google Data Breaches: Full Timeline Through 2022Firewall Times
Alexa records you more often than you thinkVox
Lawsuit claims Google knew its ‘Incognito mode’ doesn't protect users’ privacyThe Washington Post
Can The Nest Yale Lock Be Hacked Easily?Smarthome Globe
How to use Privacy Mode on the Nest × Yale LockGoogle Nest Help
Can Smart Locks Be Hacked? And How to Prevent ItDIY Smart Home Solutions
Use A Smart Lock? Get In The Sea, 73% Of Security Professionals SayForbes
Best Smart Locks of 2021Consumer Reports
Should I get a smart lock? The pros and cons of going digital on your doorUSA Today
Got a comment? Let us hear it.