I feel like you have a relationship with Anova since you are pushing their choice of architecture.
I have several commercial IoT devices that permit secure local and cloud services over MQTT. It’s not hard.
I don’t work for Anova. But I do work for a company that has cloud connected devices (and some local).
Yes, it’s not hard. But it does create local exposure (albeit low risk if done correctly) - and most importantly, it’s a choice that is more complicated than most users understand.
In my case specifically (which I shared elsewhere in the forum) I have to connect the oven to an older router with a different Internet connection than we use for everything else in the house - which might actually be safer - so coincidentally, a local-only implementation would actually not work for us, and so far the cloud connected functionality works OK.
But still:
-
Physically, it’s too easy to bump the oven and turn it on… hold time and/or other mitigations are very highly recommended!
-
For those who want it, there should be a way to disable remote start, ideally while still allowing remote emergency stop.
I’d personally want those, in order, before worrying about further local functionality
Are you in marketing?
Nope
I see you have changed your recent post substantially.
That’s fair especially if you worry about things. I happen to want local control over everything else. As it stands I cannot use the stages at one of my places due to no internet.
Yup! Both use cases are entirely valid IMO. Not sure Anova is big enough to do both at same time and get them right, and not sure they trust third party developers to do it for them (which seems reasonable in their position)
As it stands I cannot use the stages at one of my places due to no internet.
Do you need to be able to use the remote app for this? If so that may be a tougher challenge since you have to fool both the app and the oven, with the former being nigh impossible if done correctly
You cannot program stages on the device.
You sort of lost me there.
My assumption was that you wanted to locally control the device state, perhaps with a custom/makeshift UI - which you might be able to do in straightforward fashion if you figure out how the device gets commands and MITM it (or some other method) - or if it can accept local commands when not in the connected state.
But if you want to be able to use the regular oven app and its ability to orchestrate staged recipes, that app would also need to be hacked to not require talking through the cloud, and a successful connection between the cloud and oven.
I think you are over thinking things.
Look, they have other products that permit controlling them from an app without the internet. They are bluetooth. You can do the same with wifi. If they simply make it possible to use the product locally without internet we are farther down the path.
Bluetooth is usually considered more secure due to pairing and practical proximity requirements. I’d be fine with that actually (assuming proper authentication). WiFi is really anything connected to that network, which can include tunneling which only hackers and unfortunately bots would do.
This debate is getting way to close to my day job and I didn’t plan on my bread making hobby leading to debates about cloud vs local control and home WiFi/network security! The reality is had Anova designed the application and oven to work locally, the ‘system’ has lower risk and is less open to exploits than a permanently connected cloud-based implementation.
@mach - ask any CISSP or GICSP and they should confirm this. If they don’t then perhaps bread-making would be a better way of earning a living 
I am sure Anova didn’t take the local control application route for several reasons - the primary one being it would have required extra development effort and the application would need more support than the simpler cloud-based version with a less ‘clean’ user-experience (the application would have to do things like scan the network for ovens when opening etc.). Lastly, Anova wouldn’t be able to harvest all of that useful information on how we use these ovens without a cloud connection. Just look at other kickstarter sous vides where this cloud model actually resulted in a monthly paid subscription service for full device access.
I think everyone here is an early adopter and enjoys contributing to help improve products for the benefit of future users so healthy debate will always result. That said, if this site had moderators this would probably be a good point to lock this thread 
1 Like