With IoT stuff, especially light bulbs, the "escape hatch" to avoid some of the cloud nonsense manufacturers might disable at any time is to ensure you get devices that have local-only control interfaces. So basically bluetooth, ZWave, Zigbee, or a WiFi API that works 100% offline.
There are quite a few that fit that requirement, but among the WiFi bulbs I know that LiFX devices all support a local API with official documentation[1].
I was able add support[2] for the LiFX bulbs to Mozilla's IoT gateway because of that local API.
These are all largely closed devices though, the real solution is to get devices where the firmware is under your own control. However that's easier said than done, as it constrains your choices quite a bit.
As terrible of an experience as this is, I’d wager it’s less that “we’re slathering your data around” and more like “we use a crappy outsourced cloud platform to control the lights and don’t have the budget/desire/capability to make sure it’s compliant and won’t get us sued.”
Granted, this is why I don’t buy IoT devices with crappy cloud control panels, since they can stop working whenever the company behind them decides they’re not worth maintaining.
https://news.ycombinator.com/item?id=17143200