> You can either press the Yale button at the top, or leave it to lock itself. If, for whatever reason, it doesn't lock, it lets you know immediately with big yellow warnings on your phone and an LED on the lock.
That LED, I hope, is on the inside right? Otherwise, your lock is sat there telling anyone passing that it failed to lock after you drove off because you were running late.
> If you are a paranoid or security-conscious person you will have already decided that the idea of a smart lock is a horrible, terrible thing.
I'm not convinced it's a sign of paranoia to point out the flaws with these things. The write-up focuses primarily on usability, and it's seldom the usability that draws the criticism.
> The Nest+Yale lock uses Google's Thread IoT protocol to communicate with its Connect bridge – or its Secure home station if you have that. This is a smart move as it puts a buffer between the lock and the internet. It's going to make hacking the door to open a much harder affair.
Or, potentially, has just increased your attack surface.
Not having it talk directly to the internet is a good move (and one I wish more would follow), but it alone doesn't automatically mean you're now much safer. The bridge/home station is now part of your attack surface, and it might still be possible (somehow) to convince the lock to communicate with the wider world. You could actually be worse off, especially in the wider market where certain manufacturers may well think "it's never going to talk directly to the internet, so don't put any effort/expense into fixing that bug"
It's good the lock works for the author, but they're definitely not for me and likely never will be. There are just too many issues that need to be addressed in the wider world of IoT. One of those issues - manufacturers actually supporting their kit for prolonged periods - is addressable, but is just the very first stage.
Even without that, I'd much rather a multi-point lock.