New Pebble user that just received a Time 2 here. I only purchased a pebble because of the new companies commitment to open source. While I’m grateful that almost all the functionality appears to be available without an account, the settings app requires an account to view battery usage data. I would also like to try paid apps, and develop apps myself.
I have refused to use “sign in with” ever since I had to waste many hours decoupling a dozen accounts from Facebook a decade ago. My opinion is that big tech and surveillance capitalism are both incompatible with freedom and democracy, and the only account creation options currently available utilise such companies (Apple, Google, and Microsoft).
Please implement alternative Pebble account options that do not require big tech accounts, such as email (even magic links) &/or passkeys. This will soon become a requirement for much of the global user base, as Americas democracy continues to collapse under the weight of its own political corruption.
Also, please provide clarification about what pebbledevice data is shared with Pebble or alternate stores. While I expect my Pebble Core app usage and store interactions to be logged, I do not expect the devices health data, or other user app data (notifications, notes, reminders, speech-to-text transcripts, etc), to ever leave my devices.
Some kind of explicit (and easily readable) privacy policy would be wonderful.
For what it’s worth, the stores themselves don’t get any data besides what apps you “like” and what apps you install. Health data isn’t sent anywhere except for if you sync it to Apple or Google. Audio for transcribing is sent off to Cactus if you use remote dictation. Notifications and other logs can get sent to Core Devices if you submit a bug report, though I believe the privary obfuscation option is enabled by default. Reminders are completely local, Core Devices literally doesn’t have a timeline server so they cannot send or recieve reminder/calendar timeline pins.
Not sure how it is on Android, but on the App Store, the privacy policy is a required part of any app listing and is linked to directly on the store page.
I ran into the same (no login options that I like). Then I wanted to report this (and one other, more “real” problem) as a bug - but reporting a bug requires signing in!
Gadget bridge is great! I think they might have also recently added App Store support. I’m not quite sure about that though. There’s also Micropebble, which is the app that I use. That one definitely has App Store support, both Core and Rebble App Store
It’s good enough regarding the store and phone-app specific data, but doesn’t explicitly state what Pebble device sensor data or user-specific content (if any) is shared with Core Devices LLC or third party app stores (beyond the standard location/IP, device identifiers, etc).
It’s important to hold corporations accountable and expect them to be explicit. If they’re allowed to be vague, they’re more likely to gradually (silently) add more data points to grow revenue streams, and before you know it they’re just another surveillance capitalism company where you are the product being sold; assimilated by the borg.
Awesome! Looks like all Pebble products are “highly supported” Pebble - Gadgetbridge
… but I’m on iOS due to past me’s decisions ~20 years ago, and distrust that Google won’t kill the AOSP, like they inevitably seem to be trying. Another app added to the list to try if I bite the bullet on GrapheneOS.
the Pebble operating system and mobile applications
is a covered entity, and “What Information Do We Collect?” and “How Do We Use Your Information?” clearly enumerate all possible data transmission events.
In addition, the Pebble operating system and related features are entirely open source.
With all due respect, these documents are written by lawyers and have a certain amount of prerequisite knowledge and understanding required to parse them correctly.
I don’t know how to spell this out more. I don’t particularly have fondness for Eric, or the Pebble team, or anything else – but I have given them money. I think you are placing a lot of assumptions down that have no substantiation with respect to this hardware and software. The software is literally 100% open source, and Core Devices is the reprisal of Pebble, which was already bought by Google and assimilated into the borg. You can look at the exact history of the Pebble acquisition and subsequent liberation from Google as evidence of what has happened and could happen. But I’m like pretty sure that Eric is not down for that this time, and it’s clear that the reborn Pebble products are designed with protection against this in mind.
If you don’t like the software’s promises, you can compile it yourself. With agentic coding you could probably ask Claude to audit the codebase, remove anything that sends any data to Core Devices, and recompile the firmware with zero programming experience. I’m not exaggerating.
It is worth giving companies like Core Devices the benefit of the doubt. You have no idea who I am, but I have read hundreds of privacy policies, and this privacy policy is explicitly lacking any kind of broad “send data vaguely to third-parties to do whatever” you would expect to see if they were doing something shady. I do not believe they are. The terms of service are also quite explicit in what precisely they do with what data: Terms of Service - Core Devices.
I doubt you will find any product or service more open than Core Devices right now. And I say this out of no special love or anything for Core Devices. I’m still wearing my device, but like, I’m not in love. I generally speaking believe them to be honest and respectful. You can always express your GDPR protected and California protected privacy rights to ask them for a copy of data they have on you and explore it yourself, if you believe the privacy policy, the source code, and everyone else to be hiding something.
Upvote. I created an account to find a solution to this, disappointed that there is no option to simply create an account with an email.
I’ve never encountered any device or service that restricts access to these, except Apple for Apple devices, Google for Google devices.
I don’t “Sign in with Google” or others as a rule. Why using these services’ credentials is the only option is beyond me. I don’t see any upside in this restriction, only downside.
I’d like to hear arguments for this design decision, maybe I’m missing something in the wonders of signing in with a third party account. If it’s passkeys, those don’t appear ready for mainstream due to the fragmented ecosystem and poor handling by various providers.
Why using these services’ credentials is the only option is beyond me. I don’t see any upside in this restriction, only downside.
Cyber security is hard. Outsourcing user authentication to an established major provider is the quickest, simplest, cheapest mechanism to implement. It reduces spam, increases conversion (user just clicks a button and agrees most of the time), and every web auth library has the option built in.
The reasons to have them as an option are overwhelming, and the average user prefers it, but they are ultimately anti-competitive and monopolistic. The average user simply doesn’t understand the long term implications, friction, and risks in growing dependent on them (same as big tech). Source = am software engineer.
