No Longer Evil revives old Nest thermostats with local control and open source

Google’s decision to cut cloud support for the first- and second‑generation Nest Learning Thermostats left many owners with devices that still work as local, manual controllers but lost the “smart” features that made them appealing — and an open‑source project called No Longer Evil has stepped in to restore remote control, scheduling, and integration options by replacing the Google‑dependent stack with community software and a self‑hosted service.

Background / Overview​

Google announced that the Nest Learning Thermostat Gen 1 (2011), Gen 2 (2012) and the 2014 European Gen 2 variant would stop receiving software and security updates and be removed from the Nest and Google Home ecosystems effective October 25, 2025. After that date the affected units continue to operate as local thermostats, but they are unpaired from Google’s cloud and lose app control, voice assistant integrations, remote notifications, and cloud‑based automations. For owners who invested in Nest’s original promise — automatic learning schedules, app control, and energy reporting — the move is more than an update notice: it is a forced change to how those devices can be used, and a reminder that cloud‑dependent smart devices can become feature‑stripped over time. That context is important: No Longer Evil did not arise from a vacuum. It’s a direct response to a product deprecation decision that left a long tail of functioning hardware effectively orphaned.

---

What No Longer Evil is — and what it promises​

No Longer Evil is an open‑source revival project created by security researcher and hardware hacker Cody Kociemba (associated with the Hack House collective). The project supplies custom bootloader/kernel components and a replacement cloud/api endpoint so Gen 1 and Gen 2 Nest thermostats can be flashed to talk to a non‑Google service instead of Google’s infrastructure. The project hosts a landing site and links to firmware and installation instructions; binaries and setup guides are available while source publication and backend code are being completed and iterated by the community. Key promises of No Longer Evil:

• Restore remote temperature control, modes, and scheduling through a local web interface or PWA.
• Provide a reverse‑engineered API layer so the thermostat firmware believes it’s talking to a server compatible with the original Nest protocol.
• Offer Home Assistant integration via MQTT or REST for users who want local automation and advanced dashboards.
• Publish code and encourage community contributions under an open‑source model.

The project is explicitly framed as a right‑to‑repair / anti‑planned‑obsolescence effort: the team and supporters argue that devices bought and paid for should remain under owner control rather than being turned into “dumb” hardware by corporate decisions. The FULU Foundation — a crowdfunded bounty platform that supports work restoring consumer control — backed a bounty for this exact problem; that public pot and matching funds helped motivate and partially fund the development.

---

How it works — technical architecture (high level)​

No Longer Evil is not a user‑level app; it requires flashing low‑level components and redirecting the device’s network identity and API endpoints. The high‑level technical flow is:

• Replace boot components: The installer flashes a custom bootloader image and kernel patches that alter how the Nest device initializes networking and performs server discovery.
• Intercept and emulate the Nest cloud API: The project implements a server that mimics enough of the original Nest cloud API so the thermostat accepts commands and reports state as before. The device believes it is talking to Nest, while the traffic goes to No Longer Evil’s backend (or a self‑hosted instance).
• Provide front ends and integrations: A Progressive Web App (PWA) delivers a Nest‑like UI for remote control; alternatively, Home Assistant users can connect via MQTT/REST to incorporate the thermostat into local automations.

The main technical lever is reverse engineering of the communication layer and a safe‑sounding trick: emulate the expected server behavior rather than reengineering the UI/thermostat stack. That lowers the amount of device changes required (no full rewrite of the UI), but it also depends on precise protocol compatibility and stable bootloader behavior — components that are sensitive to device revision and firmware version.

---

What you get after installing No Longer Evil​

According to project documentation and early reporting, once the No Longer Evil firmware is successfully flashed and the device is associated with an account on the No Longer Evil service or a compatible self‑hosted endpoint, you regain:

• A remote control surface (PWA) that mirrors the earlier Nest UI: setpoint adjustments, mode switching (heat/cool/off), and on‑device schedule management from a phone or browser.
• Local status monitoring (temperature, humidity, HVAC state) and logs for diagnostics.
• Integration options for popular home automation platforms (Home Assistant via MQTT/REST).
• The ability to avoid Google cloud dependencies while maintaining the original hardware’s sensors and display.

These capabilities make it possible to keep the old hardware useful in a modern smart‑home setup — with a caveat list that follows below.

---

Installation realities: what the process actually requires​

No Longer Evil is purposefully technical. The project is aimed at people comfortable with firmware flashing, hardware recovery modes, and home network configuration. The broad steps described by the project and reported in coverage are:

• Put the Nest into its device firmware update (OMAP DFU) mode by following the hardware‑specific entry steps.
• Connect via USB to a host system and run the provided flashing tools to install the custom bootloader/kernel images.
• Create an account on the No Longer Evil service (or configure a local backend) and pair the flashed device.
• Optionally add Home Assistant integration via the project’s documented MQTT/REST endpoints.

This is not a “one‑click” update. It involves low‑level device access and risk of bricking; the project maintainers are explicit about the technical skill required and the need for a backup thermostat or heating source while testing. The terms of service and public warnings on the project site emphasize use at your own risk — a bricked HVAC controller is not a trivial outcome.

---

Strengths and notable design choices​

• Community ownership and auditability: By releasing the firmware and server code as open source, the project enables public inspection and community review — a key win for security and trust compared to proprietary black‑box cloud fixes. Open code lets integrators and auditors validate behavior and modify it for local privacy/compatibility needs.
• Local control and privacy: The design supports running local backends or integrating with Home Assistant, meaning users can avoid vendor telemetry and keep sensitive HVAC metadata under local control. For privacy‑conscious homes this is a substantial advantage over proprietary cloud lock‑in.
• Extends hardware life and reduces waste: Reusing a decade‑old thermostat reduces e‑waste and saves money versus wholesale replacement — an environmental and consumer benefit that aligns with Right‑to‑Repair values. The FULU bounty structure (base award + public matching) incentivized a fast, practical response.
• Compatibility focus: Rather than rewriting the thermostat’s UI or sensors, the project emulates the cloud API layer. That pragmatic approach minimizes invasive changes and increases the odds that the existing front‑end and mechanical interface keep working as expected.

---

Risks, limitations, and safety considerations​

No Longer Evil is promising, but the project carries meaningful risks that homeowners and installers must weigh carefully:

• Bricking risk: Flashing low‑level firmware always carries a non‑zero chance of rendering hardware inoperable. The project’s maintainers and independent coverage both repeat that warning: test only on units you can afford to lose and never rely on early builds for critical heating during cold spells.
• HVAC safety and liability: Thermostats control combustion appliances and HVAC systems. Any software that misreports state, fails to trigger safety interlocks, or causes repeated actuator cycling could create equipment damage or safety hazards. Users should understand their system’s fail‑safes and maintain alternative manual control during testing. This is not merely theoretical — local thermostats are often safety critical.
• Legal and warranty implications: Replacing firmware almost certainly voids any remaining warranty and may conflict with terms of sale or local regulations. The No Longer Evil project’s terms explicitly state the software is not affiliated with Google/Nest and users must ensure they own the device and comply with local law before modifying it.
• Maintenance burden: The user (or community) becomes responsible for updates, security patches, and server uptime. A community project may be robust, but it is not the same as vendor SLAs; long‑term reliability depends on contributors and maintainers.
• Partial feature parity and edge cases: Reverse‑engineering a cloud API rarely yields perfect parity. Some advanced features, telemetry behaviors, or edge conditions (different hardware revisions, region‑specific builds) may not translate cleanly. Users with complex HVAC setups should validate thoroughly.

---

Security and ethical considerations​

Open‑source solutions can raise both security and legal questions. On security, the advantage is transparency: anyone can audit the code to find flaws or backdoors. That reduces the risk of opaque vendor code quietly collecting data. But it also introduces new attack surfaces: a publicly available emulation of a legacy API could be misused if improperly secured (for example, if someone exposes a No Longer Evil server to the public internet without authentication). The project’s privacy policy states minimal data collection and encourages self‑hosting to mitigate exposure, but operators must still harden any exposed endpoints. On the ethics/legal front, FULU’s model deliberately crowdsources bounties to restore owner control — a movement framed around consumer rights — but modifying devices raises intellectual property and software license questions in some jurisdictions. Anyone considering deploying No Longer Evil at scale (e.g., in rental properties or managed buildings) should consult legal advice regarding tenant safety, landlord responsibilities, and local electrical/HVAC codes.

---

How this fits into the larger smart‑home ecosystem​

No Longer Evil is one manifestation of a larger trend: users and repair communities building local‑first alternatives in response to cloud‑only vendor strategies. Matter, Home Assistant, and other local protocols aim to reduce cloud lock‑in, but older devices were designed before those standards existed. Projects like No Longer Evil show how reverse engineering and open‑source engineering can extend usable life and create pragmatic migration paths for legacy devices. There’s also a policy angle: public bounties (FULU’s program among them) demonstrate organized ways the community can financially motivate solutions when manufacturers choose to deprecate hardware. That model won’t replace vendor support in all cases, but it provides an alternative channel for rescue engineering that prioritizes owner rights.

---

Practical recommendations for WindowsForum readers and home integrators​

• Test, don’t trust: Treat No Longer Evil as experimental. Deploy on a non‑critical thermostat first, and keep a known working manual thermostat or mechanical override available in your home while you test.
• Read the docs and TOS carefully: The project’s site and terms contain specific warnings and configuration notes. Understand the privacy model and hosting options before connecting a flashed device to your home network.
• Secure the backend: If you self‑host the No Longer Evil backend or expose an instance to the network, secure it behind strong authentication, TLS, and, ideally, network segmentation. Don’t expose control endpoints to the public internet without robust safeguards.
• Validate HVAC compatibility: Not all thermostat/HVAC pairings are identical. Confirm that heating/cooling calls behave correctly through a test cycle and that emergency and fail‑safe modes still function after flashing.
• Consider Home Assistant integration: If you want redundancy and deeper automation, integrate the flashed thermostat with Home Assistant via the documented MQTT/REST endpoints. That gives you local automations that continue to operate even if the cloud/service is down.
• Follow the community: The project is evolving rapidly; follow the GitHub repo and discussion threads for updates, patches, and community‑published experiences to learn from early adopters.

---

Implications for manufacturers and the industry​

The No Longer Evil project serves as a cautionary case for platforms that tightly couple hardware function to cloud services. Consumers now expect longer usable lifespans for connected devices, and vendor decisions to end support can spark both negative press and grassroots technical responses that restore functionality — sometimes in ways the manufacturer never intended.
For manufacturers, the options are clear:

• Build devices that gracefully degrade to a useful local mode and publish protocols or recovery modes to support long‑term ownership.
• Provide upgrade/compatibility paths or open APIs so communities can safely extend device life.
• Recognize that community bounties and reverse engineering will increasingly be used to resist forced obsolescence. Embracing open standards or publishable interfaces is likely to be a less costly path than battling repair communities.

---

Final analysis — why this matters​

No Longer Evil is more than a firmware project for nostalgia hardware; it’s a practical expression of the right‑to‑repair and digital‑ownership movements. It restores functionality to devices abandoned for business reasons and highlights how community engineering and bounty funding can create resilient alternatives to vendor lock‑in. The technical approach — emulating legacy cloud APIs and shipping a PWA for UX — is pragmatic and effective for the short term, and it reduces waste by keeping serviceable hardware in circulation. But it also underscores a difficult truth: if you build a smart‑home ecosystem that depends on opaque, proprietary cloud services, you may lose features when those services vanish. Projects like No Longer Evil give owners tools to push back, but they are not a replacement for safe, vendor‑supported solutions. For homeowners and integrators, the sensible path is to plan redundancy, favor local‑first automation where possible, and treat community rescue projects as powerful but experimental options that require careful testing and respect for safety constraints. No Longer Evil restores choice: the thermostat you bought can remain yours — if you’re willing to accept the technical work and the responsibility that comes with running your own firmware and services. The project’s emergence will likely accelerate the industry conversation about device longevity, local control, and the economics of supporting long‑lived connected hardware.

---

Conclusion
No Longer Evil is a timely, technically pragmatic answer to a problem many smart‑home owners now face: devices rendered partially useless by cloud‑only designs. It demonstrates how reverse engineering, open code, and community funding can revive hardware and return control to owners. At the same time it is a cautionary tale: flashing low‑level firmware and running replacement cloud services brings real risks and responsibilities. For hobbyists and tech‑savvy homeowners, No Longer Evil offers a powerful tool to reclaim functionality and privacy; for broader audiences, it’s a reminder to demand devices that remain useful and safe long after the vendor’s update cycle ends.

---

Source: Tom's Hardware No Longer Evil Thermostat hack strips Google from Nest thermostat to heat your home better — open source project revives sunsetted hardware, gives more precise control