Google recently pulled the plug on smart functionality for its early Nest Learning Thermostats. This cut off remote control and customer support for the first- and second-generation devices. While users lost key features they paid for, a recent discovery reveals that Google did not cut ties completely: the nerfed Nest Learning Thermostats continue to stream extensive, detailed data back to Google’s servers, raising privacy questions.

Google collecting data from discontinued Nest Thermostats despite ending support

“ On these devices, while they [Google] turned off access to remotely control them, they did leave in the ability for the devices to upload logs ,” Kociemba noted.

A one-way street of information

The data Google is collecting is extensive , providing intimate details about users’ daily lives. These unsupported thermostats are still transmitting key sensor readings . The list includes temperature, humidity, ambient light levels, and motion detection. They also track manual temperature adjustments and whether someone is present in the room.

The security researcher highlighted that the data stream is a one-way street. While Google continues receiving this information, the company can no longer use it to assist customers. After all, they definitely discontinued these devices. The firm stated in its end-of-support announcement that devices “will continue to report logs for issue diagnostics.” However, this collection seems unnecessary if Google is no longer pushing updates or providing assistance.

This situation brings a reminder about our relationship with smart home technology . As the first generation of connected devices reaches its “end-of-life,” the industry is grappling with how to handle devices that are no longer supported or secured. The case of the downgraded Nest thermostats suggests that some companies may prioritize keeping the data pipeline open long after they stop providing functional value or customer service. In today’s tech industry, where AI reigns, this usage data is a gold mine.

Kociemba, who successfully restored smart functionality to the thermostats and was awarded the FULU bounty, ultimately shut down the log collection on his custom software. The discovery, however, raises serious questions about consumer control and privacy. It seems that privacy is not assured even when a tech company decides to abandon its smart home hardware.