Announcement

Collapse
No announcement yet.

Tigo/SMA - Non intrusive panel monitoring?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Tigo/SMA - Non intrusive panel monitoring?

    I hope someone has good news on this front.

    I am just about done installing a 40 panel 13 kW array using two SMA 6.0 inverters. Every single panel has a Tigo TS4R-O optimizer installed to deal with shade as well as to provide panel level monitoring.

    When I purchased the system both the reseller and SMA tech support told me I would be able to monitor and manage all the hardware locally from my network WITHOUT having to have data go out to the Internet.

    That was six months ago. For various reasons the build (ground mount) got delayed and we just completed the structure and panel installation. Now I am focusing on getting it all wired-up and commissioned. And this is when I discovered that I may have been deceived.

    I can't find any way to monitor this hardware without creating one of more accounts with Tigo/SMA and have my system upload usage and status data to their cloud servers for me to access via their portal.

    In other words, the data I expected to be private will be stored in a database and, I am sure, sold for profit. Having panel level production and usage data for millions of homes around the world is probably very valuable.

    I am astounded by the audacity these companies have to think it is OK to pry into your private affairs just because you want solar power. We have enough personal data compromised these days through so many channels. And now solar? Think about it, they can look at usage patterns and know when you are home or not, when you might be watching TV, when your air conditioner is on, or if you are charging an electric car, etc. Lots of useful information can be found in energy usage patterns.

    Anyhow, I know I am not alone in being concerned about privacy. I am looking for a solution to this problem if one exists. If it does not I am also looking to create my own. Doing the research on that right now.


    Thanks,

    -Martin

  • #2
    Do you have a consumption monitor? Optimizer data does not have any personal data on it. They can not tell when you are home, when you use a tv or anything like that. The can tell when the sun is up and how much it is producing.
    Now if you have a consumption monitor tied into the system they might be able to tell some personal info ...
    OutBack FP1 w/ CS6P-250P http://bit.ly/1Sg5VNH

    Comment


    • #3
      That's not quite right.

      When you setup an account to access the portal they gather information on you. It goes into a database and that serves to identify you. These days if I have your name, email and IP address I can more than likely get your address, phone and other data. They don't even need to ask for everything.

      Second, on the ability to deduce specific usage. This comes from data analysis and patterns. If I know minute by minute power usage at your home I can, for example, have a pretty good idea, at a basic level, of when you are home. An average, say, 65 inch TV might draw about 200 to 300 W. If I see patterns of 200 to 300 W bumps in energy usage I know you might be turning on/off your TV. An air conditioning system is far more dramatic of a change. Same with electric cars, etc.

      I happen to be an engineer working on, among other things, machine learning and AI. Believe me when I say that a tremendous amount of information can be deduced from the aggregation of a bunch of seemingly innocent bits of data. Letting a company peer into your home to measure and store energy usage patterns is a very intrusive thing.

      The other thing that often comes up is something along the lines of "Don't worry, nobody has access to this data but you". Which is BS, of course. And with all the data breaches (Equifax, Yahoo, etc.) it is pretty fair to say that these entire databases could end-up in the wild any time without anyone knowing it.

      Privacy aside, this isn't necessary. There is no reason or justification for this. There is no technical reason for which a panel monitoring system needs to have any connection whatsoever to the Internet. None.

      I am assuming there is no off the shelf alternative. Because of this I am already in the process of building my own hardware and writing my own software to access the information privately and without using their portal or internet connectivity at all. I'd rather pay for a solution than waste my time doing this, that's why I came here to ask.

      Comment


      • #4
        Originally posted by robomartin View Post
        Privacy aside, this isn't necessary. There is no reason or justification for this. There is no technical reason for which a panel monitoring system needs to have any connection whatsoever to the Internet. None.
        Amen. It's ridiculous.

        And if you really do want to monitor via the Internet when you're not home, there are smart ways to do that. I can look at the local LAN-only web servers of my Morningstar charge controllers and my Outback Radian inverter wherever I am by making a SSH connection to a Raspberry Pi that I have hooked up to them. It's just a simple matter of doing some port forwarding with the "-L" options available for the SSH command. The info goes over the Internet to me, but encrypted and directly to me, with no middleman making empty security and privacy promises (and those middlemen increasingly don't bother even doing that anymore).

        Comment


        • #5
          This setup will require a bit more work. It's an RS485 interface talking MODBUS. So, a RaspberryPI, a USB-485 converter, some Python, Django and a weekend or two and I should be able to read all I need and do as I wish, privately.

          Comment


          • #6
            Originally posted by robomartin View Post
            That's not quite right.

            When you setup an account to access the portal they gather information on you. It goes into a database and that serves to identify you. These days if I have your name, email and IP address I can more than likely get your address, phone and other data. They don't even need to ask for everything.

            Second, on the ability to deduce specific usage. This comes from data analysis and patterns. If I know minute by minute power usage at your home I can, for example, have a pretty good idea, at a basic level, of when you are home. An average, say, 65 inch TV might draw about 200 to 300 W. If I see patterns of 200 to 300 W bumps in energy usage I know you might be turning on/off your TV. An air conditioning system is far more dramatic of a change. Same with electric cars, etc.

            I happen to be an engineer working on, among other things, machine learning and AI. Believe me when I say that a tremendous amount of information can be deduced from the aggregation of a bunch of seemingly innocent bits of data. Letting a company peer into your home to measure and store energy usage patterns is a very intrusive thing.

            The other thing that often comes up is something along the lines of "Don't worry, nobody has access to this data but you". Which is BS, of course. And with all the data breaches (Equifax, Yahoo, etc.) it is pretty fair to say that these entire databases could end-up in the wild any time without anyone knowing it.

            Privacy aside, this isn't necessary. There is no reason or justification for this. There is no technical reason for which a panel monitoring system needs to have any connection whatsoever to the Internet. None.

            I am assuming there is no off the shelf alternative. Because of this I am already in the process of building my own hardware and writing my own software to access the information privately and without using their portal or internet connectivity at all. I'd rather pay for a solution than waste my time doing this, that's why I came here to ask.
            While I agree that looking at usage can help deduce whether or not you are home, that kind of data isn't going to be available. The only data they would get is production data. The inverter doesn't know how much power you are using, it only knows how much it is producing. That really can only be used to determine whether the sun is out, and maybe if you're really good, an idea of what the weather is like.

            Comment


            • #7
              Originally posted by robomartin View Post
              That's not quite right.

              When you setup an account to access the portal they gather information on you. It goes into a database and that serves to identify you. These days if I have your name, email and IP address I can more than likely get your address, phone and other data. They don't even need to ask for everything.

              Second, on the ability to deduce specific usage. This comes from data analysis and patterns. If I know minute by minute power usage at your home I can, for example, have a pretty good idea, at a basic level, of when you are home. An average, say, 65 inch TV might draw about 200 to 300 W. If I see patterns of 200 to 300 W bumps in energy usage I know you might be turning on/off your TV. An air conditioning system is far more dramatic of a change. Same with electric cars, etc.

              I happen to be an engineer working on, among other things, machine learning and AI. Believe me when I say that a tremendous amount of information can be deduced from the aggregation of a bunch of seemingly innocent bits of data. Letting a company peer into your home to measure and store energy usage patterns is a very intrusive thing.

              The other thing that often comes up is something along the lines of "Don't worry, nobody has access to this data but you". Which is BS, of course. And with all the data breaches (Equifax, Yahoo, etc.) it is pretty fair to say that these entire databases could end-up in the wild any time without anyone knowing it.

              Privacy aside, this isn't necessary. There is no reason or justification for this. There is no technical reason for which a panel monitoring system needs to have any connection whatsoever to the Internet. None.

              I am assuming there is no off the shelf alternative. Because of this I am already in the process of building my own hardware and writing my own software to access the information privately and without using their portal or internet connectivity at all. I'd rather pay for a solution than waste my time doing this, that's why I came here to ask.
              I happen to be a computer scientist that worked on AI and computer learning for over 25 years. You can not use AI to determin consumption if you do not have a consumption measuring device.
              Optimizers only give you production... no consumption so no way to tell any energy usage info.
              now if you have a consumption meter it is a different story...

              btw there are many companies trying to get when you turn things on and off from consumption info and for the most part they fail for a modern home with energy star equipment as they all have variable loads. Scroll compressors make heatpumps confusing to the system, etc.
              Last edited by ButchDeal; 05-23-2018, 07:01 PM.
              OutBack FP1 w/ CS6P-250P http://bit.ly/1Sg5VNH

              Comment


              • #8
                Originally posted by ButchDeal View Post

                I happen to be a computer scientist that worked on AI and computer learning for over 25 years. You can not use AI to determin consumption if you do not have a consumption measuring device.
                Optimizers only give you production... no consumption so no way to tell any energy usage info.
                now if you have a consumption meter it is a different story...
                Excellent. You should read-up on how the Tigo hardware works.

                The optimizers, as you correctly stated, can only provide panel information. That is correct. However, the "Cloud Connect Advanced" box they all talk to is the piece of hardware that talks to the optimizers and the inverter.

                And while it is true that the inverter might not be able to provide full consumption information there is no data whatsoever as to how the load applied to the system might be reflected in the data that might be available. These systems are very much closed.

                Then there's the issue of having a two devices on my network that actively talk to unknown servers on the internet constantly. Now I have to do some network trickery to have them exist outside my firewall, which means either tunneling or buying more hardware and ...

                Anyhow, my greater point, minutia aside, is that there is no justification whatsoever for forcing a cloud based solution that logs whatever --I don't care what it is-- into a database. This is the proverbial slippery slope. Each little privacy breach is shrugged off as not significant until the day we discover someone used data aggregation to extract valuable information with nefarious intent.

                There is no reason for a solar system monitoring system to require a cloud + database based system for basic monitoring. And, in my case at least, the idea that I was told I would be able to access an interface locally pre purchase only to learn that was not the case once the system is being wired. Based on that I would not recommend SMA/Tigo setups for boat anchors.

                Comment


                • #9
                  Originally posted by robomartin View Post
                  Excellent. You should read-up on how the Tigo hardware works.
                  I know how they work ( or are supposed to work as they often work poorly).

                  Originally posted by robomartin View Post
                  The optimizers, as you correctly stated, can only provide panel information. That is correct. .
                  yes

                  Originally posted by robomartin View Post
                  However, the "Cloud Connect Advanced" box they all talk to is the piece of hardware that talks to the optimizers and the inverter.
                  yes it is the gateway

                  Originally posted by robomartin View Post
                  And while it is true that the inverter might not be able to provide full consumption information there is no data whatsoever as to how the load applied to the system might be reflected in the data that might be available. These systems are very much closed.
                  If you do NOT have a consumption monitor there is NO data on your consumption.
                  you need to read how a grid tie system works. It is not feeding your load. It has no idea what your load is.
                  It just inverters the DC power it gets (all of it) and sends it out.
                  Without the consumption monitor equipment there is ZERO feedback to the inverter so it is completely unaffected by your load.

                  Originally posted by robomartin View Post
                  Then there's the issue of having a two devices on my network that actively talk to unknown servers on the internet constantly. Now I have to do some network trickery to have them exist outside my firewall, which means either tunneling or buying more hardware and ...
                  This is different from all the stuff you mentioned about privacy so far. and for any smart engineer should be relatively easy.

                  Originally posted by robomartin View Post
                  Anyhow, my greater point, minutia aside, is that there is no justification whatsoever for forcing a cloud based solution that logs whatever --I don't care what it is-- into a database. This is the proverbial slippery slope. Each little privacy breach is shrugged off as not significant until the day we discover someone used data aggregation to extract valuable information with nefarious intent.
                  They would need a more powerful computer to handle the monitoring and web services locally instead of simply sending the data to the cloud.

                  Originally posted by robomartin View Post
                  There is no reason for a solar system monitoring system to require a cloud + database based system for basic monitoring. And, in my case at least, the idea that I was told I would be able to access an interface locally pre purchase only to learn that was not the case once the system is being wired. Based on that I would not recommend SMA/Tigo setups for boat anchors.
                  SMA used to have a system where you could get some basic information locally. Tigo did not. the SMA system is not capable of handling the added data and historical data that the system uses and weather predictions for problems.
                  OutBack FP1 w/ CS6P-250P http://bit.ly/1Sg5VNH

                  Comment


                  • #10
                    Tinfoil hats aside, I agree SMA inverter monitoring is not very robust. I have an SMA inverter, so have had to address this limitation.

                    I've used a combination of Rainforest Eagle for consumption data from my smart meter and a Raspberry PI running SBFspot to collect production data from the SMA inverter. All my data gets uploaded to PVoutput.org to provide a nicely formatted monitoring solution. The other benefit of PVoutput.org is that I can compare my data to other systems. NOTE: You can hide your consumption data from public view if desired (I do).

                    My PVoutput system: Free Energy!


                    If you don't want the information going out of your local network, you'll have to find (or write) a program to format your SMA data (SQL database) into a useable form.

                    SBFSpot Link
                    5.775 kW System: 21 SolarWorld SW275 x 1 SMA 5000

                    Comment


                    • #11
                      Well, I found a solution I am somewhat comfortable with to get started until I write my own code. This will also allow me to observe network traffic and understand what goes in and out. I created an account with Tigo full of false information. False name, address, etc. The only accurate data is the array size and other required technical parameters. I've also isolated their hardware's network traffic from my network. So no access to anything internal. Given the nature of my work this is very important.

                      I understand most people are not as sensitive to privacy issues as others, even going to the extent of labeling it "tinfoil". I have seen the effects of what can happen first hand. This might be why I am more sensitive to this than others might be, perhaps even to the extent of appearing to be unreasonable about it. I understand that. No problem.

                      Comment


                      • #12
                        Originally posted by robomartin View Post
                        I understand most people are not as sensitive to privacy issues as others, even going to the extent of labeling it "tinfoil". I have seen the effects of what can happen first hand. This might be why I am more sensitive to this than others might be, perhaps even to the extent of appearing to be unreasonable about it. I understand that. No problem.
                        You do know of course that before you added solar the power company had all your consumption data in a DBs on their network as well as your name, address, payment method, etc. They could tell exactly how much power you were using and when and likely have almost no security on their DBs.

                        Now though with solar they can't tell how much you are consuming or generating but they still have all the other data.....
                        OutBack FP1 w/ CS6P-250P http://bit.ly/1Sg5VNH

                        Comment


                        • #13
                          @robomartin:

                          Dude, I totally get where you are coming from, invasion of privacy every time you get on the internet, all in the interest for someone making money. As you know, recently we've all been bombarded with the newly adopted European privacy rules here in the US (a good thing imo). Most people will blow it off, but some of us will painstakingly drill down into each app and try to limit the personal invasion, which in my opinion is still not good enough.

                          If it's any consolation, I think the least of our worries is data from our solar panels. I believe the main reason why companies like SMA and SolarEdge are collecting data is to keep stats on how their products are doing, but I hear you insofar as them having the ability to crawl up our shorts and possibly sell off analytics to someone else.

                          I think some company selling off our solar production/consumption is about 1 on a scale from 1 to 10 for what we should be worried about. The banks and social media are my main concern. I cancelled my FB account after I heard that I am their "product".

                          Good luck with it, My system is both on SMA and PVoutput. I'm not worried (yet).

                          -D.


                          Comment


                          • #14
                            Originally posted by ButchDeal View Post

                            You do know of course that before you added solar the power company had all your consumption data in a DBs on their network as well as your name, address, payment method, etc. They could tell exactly how much power you were using and when and likely have almost no security on their DBs.

                            Now though with solar they can't tell how much you are consuming or generating but they still have all the other data.....
                            I'll ignore what appears to be a condescending tone. I could be wrong.

                            Security and privacy are things everyone tends to be lax about until they experience an "oh ****!" moment of their own of vicariously through a family member or close friend. Things like, for example, using the same simple password on every website, not using two factor authentication, etc.

                            In this day and age you have to be extremely vigilant about who and how you open the doors to companies who want a peek at anything you do or have. It's death by a thousand cuts.

                            The point I made here is very simple:

                            There is no justification whatsoever to require and push a cloud based solution for solar system monitoring of any kind. Your observation that they would need a powerful computer doesn't hold water, a Raspberry Pi is $5 and $35 if you want to splurge. Computing resources to put up a local browser based management interface doesn't cost much at all these days in terms of hardware. There are embedded Linux solutions for myriad embedded processors at a huge range of price levels.

                            The only reason a company wants your data on their cloud servers is because they want to (a) see it, (b) sell you more stuff, (c) profit from the data or all of the above. In Tigo's case they want to charge you about $0.60 per panel per year as a starting point for their "Premium" service. They claim minute-by-minute granularity data. It will be very interesting to monitor network traffic to see just how frequently their box calls the mothership.

                            Anyhow, I appreciate all comments, good bad and ugly. No problem. I have a game plan. I urge others not to take privacy or security lightly. If it isn't absolutely necessary to do something, question it.

                            Comment


                            • #15
                              Originally posted by DaveDE2 View Post
                              Dude, I totally get where you are coming from, invasion of privacy every time you get on the internet, all in the interest for someone making money. As you know, recently we've all been bombarded with the newly adopted European privacy rules here in the US (a good thing imo). Most people will blow it off, but some of us will painstakingly drill down into each app and try to limit the personal invasion, which in my opinion is still not good enough.
                              I did a project a while back (two years ago) that required being able to extract as much identity information from someone visiting any website. For a baseline we had to first figure out how to create a 100% anonymous visitor. You would be surprised to learn just how much work it is required to actually block all identifiable information. Using a proxy, even services like "HideMyAss" (a real service, BTW) wasn't enough. With most people we could generate an identity profile you would not believe. Most people are leaking tons of information.

                              We need something like what Europe just put into play. We definitely do.

                              Comment

                              Working...
                              X