Candle 2.0 takes smart home privacy to a new level

The first version of Candle that was unveiled at Dutch Design Week in 2019 explored what was possible if privacy was made the most important value of a smart home system. It allowed us to experiment with some completely new ideas.

Now, Candle 2.0 takes those ideas to the next level. Through generous support from the Dutch SIDN Fund we were able to explore how Candle might develop into a more consumer oriented product that protect privacy while also being easy to use.

A focus on consumer devices

Where Candle 1.0 recommended you build your own devices to ensure privacy, Candle 2.0 focusses on wrangling commercially available devices into behaving properly. In practice this means we recommend you buy Zigbee and Bluetooth devices which, by design, cannot autonomously transmit data to the internet. Candle works especially well with IKEA devices.

Sometimes you may want to connect a device that uses Wi-Fi. This is normally a bad idea, as Wi-Fi based devices are not only much more likely to be hacked, but more importantly they can autonomously transmit their data to the internet. We have a solution there too. The new Hotspot addon lets the Candle controller work as a Wi-Fi access point. If you connect your wifi devices to this hotspot, then you can get an overview of what servers your Wi-Fi devices are connecting to. You can even block unwanted connections, or get a warning when a device is trying to connect to a brand new server.

The Candle Appstore

Candle now comes with its own app store. As you'd expect, this allows you to add new features to Candle, and share your opinion on these features. More importantly, it also offers privacy reviews and allows you to add privacy ratings. 

You can even search based on the privacy level you want. To our knowledge this is now one of the first app stores to offer this feature.

The appstore does require a connection to the internet if you want to download new addons. But it has been designed in such a way that Candle will not connect to the internet unless necessary. For example, it won't go online until you go looking for new addons.

Similarly, you don't need a Candle account to use the appstore. You only need one if you want to rate addons. And even here your reviews are kept anonymous where possible; other users cannot see your user name.

It's even easier to get started

Thanks to newly available technology, it is now easier than ever to create your own Candle Controller. Firstly, the most affordable option became even more affordable thanks to a new 12 euro Zigbee USB stick by Sonoff. 

Secondly, Candle now also has excellent touch screen support. If you attach a (touch) display the Candle controller can double as a privacy friendly photo frame, to which you can send your photos while on your home network.

All this is made possible because Candle 2.0 comes as a ready-to-go "disk image" that you can run on a Raspberry Pi mini computer. It comes with lots of features pre-installed.

Even better at not collecting data

The first version or Candle offered specially designed devices which allowed you to restrict what data they transmitted. With Candle 2.0 this idea that been expanded and simplified. Now you can tell the Candle Controller to limit which data it is willing to receive. Take for example, the Network Presence Detection addon, which allows you to check if phones or laptops are on your local network. You can now toggle this data collection of and off for each device. 

You can also disable data collection temporarily by pressing the 'Data mute' button. Each time you press this button the phone or laptop will be ignored for an additional hour. This allows the system to turn a blind eye for a while. This could be useful if, for example, you're planning a surprise birthday party and you don't want your partner to notice that you left the house for a few hours to buy a birthday present. Or you might want to give house guests privacy during the day by not recording their coming and going, and only record this data at night or when the security system is engaged.

The "Data collection" toggle and the "Data mute" button on the Network Presence Detection addon. Here you see how each click on the Data mute button increases the length of time that the device will be ignored by another hour.

The "Data collection" toggle allows you to completely ignore the device's incoming data whenever you want. You could, for example, create automations to only record data during certain parts of the day.

The incoming data from Zigbee sensors can be "blurred". This means that at the end of a prefered period of time only one average value is recorded. In this example the temperature and humidity values are limited to updating once every 30 minutes. It can range from "off" to 60 minutes.

You can also see that values can be set to "unknown", which is represented by three dots.

Even better at deleting data

The Privacy Manager allows you to delete data from your logs. This means you can delete big chunks of data. But you can do this with an incredible amount of finesse. For example, you can delete an individual datapoint if you want.

You can also manipulate data points, or even create brand new ones. We call this "data sculpting". The idea is that, just as with a selfie, you might want your data to "look good" to others. We feel that this offers a way to protect yourself from tech-abuse and social control.

You can now connect a Peripage Bluetooth photo printer. Yes, this allows you to print your photos. But this feature was developed for a very different reason:

You can tell the Privacy Manager addon to periodically print one of your data logs to paper, and then delete the data it just printed. We love the idea that digital data, which has an inherent risk of being leaked and copied, is transformed into a paper trail instead. 

This can be useful if you want to show certain health data to your doctor, but you aren't comfortable with the idea of storing that digital data for longer periods of time.

Another example is the new Energy Use addon. This records how much energy your individual devices are using, and from there calculates a daily and weekly total.

For very recent data you will be able to see all this detail. But Candle is designed to be forgetful. After a couple of weeks the system will purposefully start to forget the details of each device, and only the daily total will remain. 

We hope that this avoids situations where such data might be used as ammunition in domestic arguments.

Detect high-tech stalking

Apple Airtags are small coin-sized devices that can report their location back to you. They were designed to help you find lost keys around the house, but increasingly we're hearing reports of stalkers using them to track people. If they manage to slip an Airtag into someone's bag or pocket, then they can follow their exact movements through the city, and find out where their target lives.

To help combat this threat Candle can now detect Airtags, and alert you if the number of airtags in the home increases. You could, for example, turn on a light and set its color to red whenever an extra airtag is detected. 

Here Candle has detected two Airtags, one nearby and one further away. It can also detect Tile trackers.

Soft to the social fabric

What all the examples above have in common is that they are an attempt to make smart homes more sensitive, and less susceptible to tech-abuse. Too often smart home systems harm our social fabric. We see smart homes turn into surveillance homes. We see technology that tracks turns into technology that stalks.

In the tech world you might hear people talk about the V's that determine if data is "good". Data must be as accurate as possible (verasity), it must be collected at quick intervals (velocity) and as much as possible should be collected (volume) from as many sources as possible (variety). While this greedy mindset is a good fit for the businessworld, it's not compatible with how homes and families function. 

Candle challenges that mindset by collecting as little data as possible. We also believe that data doesn't always need to be or remain accurate and detailed.

We believe the challenge is not to collect more data. The challenge is to collect less data while still offering a great user experience.

Hopefully Candle 2.0 is a useful step in that direction.

Made possible by the SIDN Fund

Development of Candle 2.0 was supported by the Dutch SIDN Fund, as part of their "be the boss of your data" call.