IMO a company should lose all control over technology once you've purchased it. Doesn't matter if it's "smart" or not. If the company wants to do something like telemetry, they can buy a license from you for that data. See how they like it when the tables are flipped.
Can't you trivially reframe the initial purchase as being subsidized by that license? Your $200 smart knife sharpener would be $300 if it weren't recording audio 24/7 (for VAD, surely!)
Then I invite them to offer such a product. I would love to buy e.g. YouTube premium, but as far as I know they still collect my data for advertising purposes, they just don't show the ads.
I do not think the value difference is $100 ;-) In fact, the longer you use it, the more money they can make off of you. (In that sense, that $200 is already WAY too expensive to start ;-) )
So yeah, reversing this would make the most sense. The default is: local data only and not connected. They need to pay me to get data.
Just like car companies, phones, etc, should be forced to do that as well.
I think you frame it that way you need to offer the other version.
I do wonder how many people would buy non-spy versions of devices given the option. More specifically, what that differential in price would be too. At worst it would be interesting to have a price explicitly stating what our data is worth. Many people actually internalize that it's not that valuable, but doing this would make it explicit.
Sure, that's basically how Kindle pricing works ($X with ads, or $X+$Y without ads) and it's infinitely better having the choice. If Amazon ever gets rid of the without ad version they will lose me as a customer overnight.
Likewise, there are a whole lot of products that don't have an "unsubsidized" version that I simply refuse to purchase (or have purchased and returned after confirming that they will not work when locked in IOT jail where they can't talk to the internet.)
>If Amazon ever gets rid of the without ad version they will lose me as a customer overnight.
Didn't they already remove the option for a completely ad free prime video experience or am I hallucinating that? They have such a ridiculous hold on the e reader market I feel like it is just matter of the next down quarter.
They seem to own 75% of the market, and I think you can get pretty much every book on every device, right? Of course your existing library is locked-in; ideally, that'd be illegal.
Worse - they actually can remove books that you've purchased. Not only revoke license for future downloads - but actually remove them from your device.
We’ve lived with companies that didn’t need to take pics of my dick while I’m shitting to subsidize their operation for as long as companies were a thing. Anyone saying this dick pic status quo is inevitable and necessary is too VC-brained to be allowed to run a company.
It's not, things haven't gotten that much relatively cheaper (have you looked at phones? The biggest pieces of spyware you can buy?). This is a line corporations like to feed us so we feel guilty about being bad instead of putting that where it belongs: every CEO.
I haven't tried it personally because my particular model of vacuum has some complicated and potentially destructive procedure to get the required access, but there's quite a few models where it can be installed easily.
"From there, he built a Raspberry Pi joystick to manually drive the vacuum, proving that there was nothing wrong with the hardware."
He should make these and sell them. It would be worth it to just drive it in "discovery" mode and give it the exact path to follow while cleaning. The constant inability to learn the floor plan is beyond annoying.
Depending on where he lives this might be illegal. Yes, we live in a cyberpunk dystopia where the manufacturer can break what you bought and then send you to jail for repairing it. You can read more about it here: https://consumerrights.wiki/w/Digital_Millennium_Copyright_A...
This shit is absolutely dystopian. The law must not just be reversed, manufacturers need to be taken to court for shoddy software. Insecure data collection and transmission should be treated the same as having unsafe electrical wiring. It is a defect that needs to be either fixed or the product recalled. As long as manufacturers are not just allowed to but rewarded for selling defective products this won't change. I expect the moment unsolicited data collection becomes a liability manufacturers will drop it like a hot potato.
>>>>> I expect the moment unsolicited data collection becomes a liability manufacturers will drop it like a hot potato.
Possession of the data needs to be illegal.
Here's how it could work. It's similar to how copyrights for music are enforced. A person whose data are found in someone's files or server can sue for "statutory" damages, which are levied on a per-offense basis.
>Here's how it could work. It's similar to how copyrights for music are enforced. A person whose data are found in someone's files or server can sue for "statutory" damages, which are levied on a per-offense basis.
That's not how copyright lawsuits work though. For the typical person torrenting, it's because they were caught in the act of torrenting (eg. they had a torrent client in the swarm connecting from an ip that was assigned to them). Otherwise it's a DMCA takedown and companies don't even bother suing. Nobody is getting their hard drives searched for illegal music and getting sued as a result.
That's right. I'm not talking about copyright, but about a new restriction on possession of the data. The only parallel is the use of statutory damages as a remedy.
What are the odds individuals learn their data has been found. What kind of damages could be awarded that would make hiring a lawyer and giving them 50% of winnings a worth while effort? I could also easily see individual cases combining to become class action reducing the winnings even further.
In other words, I find this a silly suggestion as it's just never going to work in the real world.
I seem to find out my data has been leaked in a breach every other month. I don't even care if I actually get the money for it, let it go to the class action lawyers. Life is good so long as the companies pay more than they make by holding the data.
There's an exemption from Section 1201 for "Computer programs that control devices designed primarily for use by consumers for diagnosis, maintenance, or repair of the device or system".
Are you allowed to share how you repaired the software? Because if not then what I said stands, he cannot sell these little Raspberry Pis or publish information on how people can build them themselves. That's one of the problems Louis Rossmann has been talking about in regards to the FULU bounty program.
I see in the "final rule" for 2024 (PDF) a section titled "11. Computer Programs—Repairs of
Devices Designed Primarily for Use by Consumers", although it seems to indicate that nothing changed, as opposed to telling you what stayed the same.
Never connected my Roomba to the internet and it has worked fine for the past several years. It insists that I should connect to it via the app to resolve the occasional minor issue, but I would always ignore those. It's starting to show its wear and it's probably time for a new vacuum. I'm not sure if I'll be able to bootstrap one without connectivity, nowadays. Any good recommendations out there?
Valetudo is the best out there. I rooted my Roborock, and connected it my home assistant. It's super useful without having to send data to the cloud. The only thing is the developers are severely limited by how many vacuums they can support. I recently bought a Dreame X50 and it's still not supported.
Thankful for people like this - with kids and family and work I’d probably have had this sit bricked for a year in my garage before finding time to tinker with it. Now I can just never buy any iLife product ever.
There is a significantly easier option (although still more work than just buying a vacuum and using it as the manufacturer intended): get one of the Valetudo supported vacuums[0]. This firmware replacement blocks telemetry and allows for near complete feature parity with the original firmware, and flashing is (usually) relatively simple. Certainly much simpler than the process described here.
Sure, but a cleaner coming twice is the same cost of a robot vacuum that will work for a couple of years, typically. They do an okay enough job, but they need to run daily, sometimes twice a day, to really keep up considering it's limitations.
People obviously find them useful. But I will reiterate a sibling comments recommendation, get one that can run Valetudo : https://github.com/Hypfer/Valetudo
When I bought my Roomba in 2013, it cost as much total as I pay my cleaning ladies to come once every two weeks. If your floors get dirty easily, it's not really going to get them spotless, but it'll get them far cleaner than they'd otherwise be.
But the cleaners do more than the floors. Vacuuming takes me about 20 minutes once a week. I don't really see the point when I live in a 2 bed apartment.
Considering some of these things cost almost £1000. This firmly then lives in the total waste of money pile then. I will stick with my £50 tesco vacuum thank you.
I think it’s one of the most idiotic devices anyone could own. Buy a normal vacuum cleaner for half the price, spend 10 minutes a week vacuuming your apartment, and you won’t come home and find that your cleaning robot spent the afternoon choking on a shoelace.
Hypothetically, some people who own such an idiotic device might have pets that bring in lots of dirt from the fields, lose lots of hair, and get a little bit agitated by the normal vacuum cleaner but more or less ignore the robot vacuum.
Cats aren't that bothered by vacuum cleaners unless you come at them with it and they normally just run into another room. Never seen a dog that bothered by them.
I'm reminded of when AWS us-east-1 went down and all the beds made by EightSleep (business model: Juicero for beds) became disabled. EightSleep put all the significant control for their beds in the cloud, doubtless because they couldn't or didn't know how to hire embedded engineers, and the only devs they could find were node.js flunkies who only knew how to do cloud. Looks like the makers of this vacuum did the same thing; they didn't know how or didn't want to build just enough smarts to do the localization and mapping itself, and said "fuck it, we'll do it in the cloud".
That's awfully generous. Forcing phone-home, remote control, data harvesting features to be always-on creates a huge amount of data that can be sold for a lot of money. It gets all the wrong people excited about investing and normalizing the level of intrusion into your privacy, with some faceless corporation harvesting gigabytes of data per month from the most intimate and vulnerable physical location in nearly anyone's life.
Yes, I was thinking he needs an attorney to file suit against them for intentionally damaging his property, and then charge them for the 'repair' which would be the months he probably spent fixing it at a top grade engineering salary.
That's always a good idea, but how many people have the resources to research these details? First of all you have to be aware that this issue even exists. Then you have to scrape the corners of the internet for whether an appliance has any anti-features, because no manufacturer will ever write "collects unsolicited data about you, we will break the appliance if you refuse us your personal information" on the box. And finally you need to be able to afford the time and patience for the whole process.
I don't own a smart vacuum cleaner because the trouble is not worth it to me. However, I can see smart vacuum cleaners being very good for elderly or disabled people, or someone who has very limited free time and could let the robot clean the house on its own while the owner is out. It is really disgusting that scumbag manufacturers are exploiting those people.
The owner did not hack the vacuum, he blocked the IP address on his network for the telemetry server. Same thing tons of people do with Pi-Hole DNS blocking, for example.
There's no sane world where it is defensible to remotely brick a device because it can't communicate with a telemetry server.
> There's no sane world where it is defensible to remotely brick a device because it can't communicate with a telemetry server.
Just today: Setting up an old smartphone: "Google assistant cannot work on this device." The only choice was "back". Had to search on the internet the solution: do not connect to wi-fi.
> As the business running the servers of smart vacuums, if I saw an atypical device reporting in, without context, I too would kill that device.
If you want to block a device from accessing your servers because it's behaving in an odd way, such as this one that was contacting the update server but not the telemetry server, that's not entirely unreasonable. Sending it a command to modify its software to stop it from operating entirely is outrageous.
Why would a business have the power to decide what should and what shouldn't be homogeneous about the property of others? A transaction took place, property has legally changed hands and the former owner is exerting control over property that isn't theirs any more.
How about if the builder of your house comes into your home via an access route unknown to you, and starts rearranging where things are placed, or where you and your wife are placed, etc. in order to maintain homogeneous layout?
> How about if the builder of your house comes into your home via an access route unknown to you, and starts rearranging where things are placed, or where you and your wife are placed, etc. in order to maintain homogeneous layout?
And if you complain he kicks you and your wife out of the house you bought. And if you dare to close off the backdoor he sends you to jail.
> How about if the builder of your house comes into your home via an access route unknown to you, and starts rearranging where things are placed, or where you and your wife are placed, etc. in order to maintain homogeneous layout?
I've seen this movie. Only, the twist was that the home was built 100+ years ago and the builder long since dead. The family living in the home currently had to resort to an exorcist.
Edit to say that the sarcasm is direct rebuttal with the preposterous nature of the hypothetical.
This is a cool article, and neat he got it working in the end.
One thing that is odd - if he blocked it calling home, it doesn't make sense that the kill code was issued remotely. It makes more sense that there is a line of code internally that kills the machine when it can't call home (which would be far less malicious).
That would in many ways be even worse because it means that if the manufacturer were to go out of business all of the stuff they sold would stop working. That's more malicious, not less.
He implied they were remoting in after he blocked network traffic. It could easilyl be a standard exception handling approache when it can't call home and fetch latest settings etc. It might not be malicious - not defending the architecture, just think that there is an assumption of intent here.
Whether they remote into his device or it kills itself is irrelevant except that if it's local code that's even worse, as they've programmed in future obsolescence. That is indefensible, full stop, do not pass go.
Well, no. You can't just revoke a license.
As far as owning the software in the device, I works would argue that you do own a copy of it. I'm sure there is some buried tos claiming you just own a license to run it, and I know this is still being litigated. But when the average person purchases someone their expectation is that they've purchased it, not licensed it.
I suspect this is not the full story. Why would someone waste their time manually disabling a device? That makes me think that this device was doing something malicous to their servers, enough to trip an alert.
IMO a company should lose all control over technology once you've purchased it. Doesn't matter if it's "smart" or not. If the company wants to do something like telemetry, they can buy a license from you for that data. See how they like it when the tables are flipped.
Can't you trivially reframe the initial purchase as being subsidized by that license? Your $200 smart knife sharpener would be $300 if it weren't recording audio 24/7 (for VAD, surely!)
I don't like it either but here we are
Then I invite them to offer such a product. I would love to buy e.g. YouTube premium, but as far as I know they still collect my data for advertising purposes, they just don't show the ads.
I want to buy privacy, but it's not offered.
I do not think the value difference is $100 ;-) In fact, the longer you use it, the more money they can make off of you. (In that sense, that $200 is already WAY too expensive to start ;-) )
So yeah, reversing this would make the most sense. The default is: local data only and not connected. They need to pay me to get data.
Just like car companies, phones, etc, should be forced to do that as well.
I think you frame it that way you need to offer the other version.
I do wonder how many people would buy non-spy versions of devices given the option. More specifically, what that differential in price would be too. At worst it would be interesting to have a price explicitly stating what our data is worth. Many people actually internalize that it's not that valuable, but doing this would make it explicit.
Sure, that's basically how Kindle pricing works ($X with ads, or $X+$Y without ads) and it's infinitely better having the choice. If Amazon ever gets rid of the without ad version they will lose me as a customer overnight.
Likewise, there are a whole lot of products that don't have an "unsubsidized" version that I simply refuse to purchase (or have purchased and returned after confirming that they will not work when locked in IOT jail where they can't talk to the internet.)
>If Amazon ever gets rid of the without ad version they will lose me as a customer overnight.
Didn't they already remove the option for a completely ad free prime video experience or am I hallucinating that? They have such a ridiculous hold on the e reader market I feel like it is just matter of the next down quarter.
They seem to own 75% of the market, and I think you can get pretty much every book on every device, right? Of course your existing library is locked-in; ideally, that'd be illegal.
Worse - they actually can remove books that you've purchased. Not only revoke license for future downloads - but actually remove them from your device.
Ironically they did that to 1984 book.
They should be forced to present both options, and the price difference must equal the revenue they actually make from spying.
We’ve lived with companies that didn’t need to take pics of my dick while I’m shitting to subsidize their operation for as long as companies were a thing. Anyone saying this dick pic status quo is inevitable and necessary is too VC-brained to be allowed to run a company.
It's not, things haven't gotten that much relatively cheaper (have you looked at phones? The biggest pieces of spyware you can buy?). This is a line corporations like to feed us so we feel guilty about being bad instead of putting that where it belongs: every CEO.
Previous post
https://news.ycombinator.com/item?id=45503560
which points to the actual blog of the author on github, instead of a news coverage of it.
First of all, it's Android Debug Bridge, which gives him full root access to the vacuum, wasn't protected by any kind of password or encryption.
Good. You bought it, you own it.
(I have no skin in this game --- my vacuum is as dumb as they come, and can be fixed with basic machine shop tools.)
A good time to point out https://github.com/Hypfer/Valetudo.
I haven't tried it personally because my particular model of vacuum has some complicated and potentially destructive procedure to get the required access, but there's quite a few models where it can be installed easily.
Recently discussed: https://news.ycombinator.com/item?id=45642571
I have it on two of my Roborocks and it rocks.
"From there, he built a Raspberry Pi joystick to manually drive the vacuum, proving that there was nothing wrong with the hardware."
He should make these and sell them. It would be worth it to just drive it in "discovery" mode and give it the exact path to follow while cleaning. The constant inability to learn the floor plan is beyond annoying.
Depending on where he lives this might be illegal. Yes, we live in a cyberpunk dystopia where the manufacturer can break what you bought and then send you to jail for repairing it. You can read more about it here: https://consumerrights.wiki/w/Digital_Millennium_Copyright_A...
This shit is absolutely dystopian. The law must not just be reversed, manufacturers need to be taken to court for shoddy software. Insecure data collection and transmission should be treated the same as having unsafe electrical wiring. It is a defect that needs to be either fixed or the product recalled. As long as manufacturers are not just allowed to but rewarded for selling defective products this won't change. I expect the moment unsolicited data collection becomes a liability manufacturers will drop it like a hot potato.
>>>>> I expect the moment unsolicited data collection becomes a liability manufacturers will drop it like a hot potato.
Possession of the data needs to be illegal.
Here's how it could work. It's similar to how copyrights for music are enforced. A person whose data are found in someone's files or server can sue for "statutory" damages, which are levied on a per-offense basis.
>Here's how it could work. It's similar to how copyrights for music are enforced. A person whose data are found in someone's files or server can sue for "statutory" damages, which are levied on a per-offense basis.
That's not how copyright lawsuits work though. For the typical person torrenting, it's because they were caught in the act of torrenting (eg. they had a torrent client in the swarm connecting from an ip that was assigned to them). Otherwise it's a DMCA takedown and companies don't even bother suing. Nobody is getting their hard drives searched for illegal music and getting sued as a result.
That's right. I'm not talking about copyright, but about a new restriction on possession of the data. The only parallel is the use of statutory damages as a remedy.
What are the odds individuals learn their data has been found. What kind of damages could be awarded that would make hiring a lawyer and giving them 50% of winnings a worth while effort? I could also easily see individual cases combining to become class action reducing the winnings even further.
In other words, I find this a silly suggestion as it's just never going to work in the real world.
I seem to find out my data has been leaked in a breach every other month. I don't even care if I actually get the money for it, let it go to the class action lawyers. Life is good so long as the companies pay more than they make by holding the data.
There's an exemption from Section 1201 for "Computer programs that control devices designed primarily for use by consumers for diagnosis, maintenance, or repair of the device or system".
Are you allowed to share how you repaired the software? Because if not then what I said stands, he cannot sell these little Raspberry Pis or publish information on how people can build them themselves. That's one of the problems Louis Rossmann has been talking about in regards to the FULU bounty program.
https://bounties.fulu.org/
That's news to me. Do you have a source for that I can look at? Not being snarky. I would legitimately like to read more about this.
Probably refers to regulatory exceptions that aren't in the statue directly, which are updated every 3 years:
https://www.copyright.gov/1201/2024/
I see in the "final rule" for 2024 (PDF) a section titled "11. Computer Programs—Repairs of Devices Designed Primarily for Use by Consumers", although it seems to indicate that nothing changed, as opposed to telling you what stayed the same.
Sounds like the "remote kill switch" was probably "log buffer was full", given that it comes back to life when used on a different network.
Never connected my Roomba to the internet and it has worked fine for the past several years. It insists that I should connect to it via the app to resolve the occasional minor issue, but I would always ignore those. It's starting to show its wear and it's probably time for a new vacuum. I'm not sure if I'll be able to bootstrap one without connectivity, nowadays. Any good recommendations out there?
You might be interested in this project https://valetudo.cloud/
They have a list of supported vacuums
Valetudo is the best out there. I rooted my Roborock, and connected it my home assistant. It's super useful without having to send data to the cloud. The only thing is the developers are severely limited by how many vacuums they can support. I recently bought a Dreame X50 and it's still not supported.
I wish I had the abilities of the engineer, plus the time he could devote to the problem.
Thankful for people like this - with kids and family and work I’d probably have had this sit bricked for a year in my garage before finding time to tinker with it. Now I can just never buy any iLife product ever.
We should probably update this story to link directly to the hackers blog, they deserve the credit! https://codetiger.github.io/blog/the-day-my-smart-vacuum-tur...
There is a significantly easier option (although still more work than just buying a vacuum and using it as the manufacturer intended): get one of the Valetudo supported vacuums[0]. This firmware replacement blocks telemetry and allows for near complete feature parity with the original firmware, and flashing is (usually) relatively simple. Certainly much simpler than the process described here.
[0] https://valetudo.cloud/pages/general/supported-robots.html
Whenever I read about robovac. I wonder gow good are these robot vacs really?
Maybe it is just me, but surely would be less effort to hire a cleaner and they can do more than just vacuuming.
Sure, but a cleaner coming twice is the same cost of a robot vacuum that will work for a couple of years, typically. They do an okay enough job, but they need to run daily, sometimes twice a day, to really keep up considering it's limitations.
It really depends on how big your properties is. A cleaner here could be done in less than an hour and there is no cleaner charging £150 an hour.
People obviously find them useful. But I will reiterate a sibling comments recommendation, get one that can run Valetudo : https://github.com/Hypfer/Valetudo
I am not interested in getting one at all.
When I bought my Roomba in 2013, it cost as much total as I pay my cleaning ladies to come once every two weeks. If your floors get dirty easily, it's not really going to get them spotless, but it'll get them far cleaner than they'd otherwise be.
But the cleaners do more than the floors. Vacuuming takes me about 20 minutes once a week. I don't really see the point when I live in a 2 bed apartment.
> I don't really see the point.
You save the 20 minutes once a week.
That's it. That is the whole point. A slight convenience. I use one in a 1 bedroom apartment.
Considering some of these things cost almost £1000. This firmly then lives in the total waste of money pile then. I will stick with my £50 tesco vacuum thank you.
I think it’s one of the most idiotic devices anyone could own. Buy a normal vacuum cleaner for half the price, spend 10 minutes a week vacuuming your apartment, and you won’t come home and find that your cleaning robot spent the afternoon choking on a shoelace.
But what if I'm too lazy to vacuum 10 minutes a week and don't want to do it?
You could change your attitude. A vacuum cleaner is already a labour saving device
> "most idiotic devices anyone could own"
Ever been to Chesterton's Fence?
Hypothetically, some people who own such an idiotic device might have pets that bring in lots of dirt from the fields, lose lots of hair, and get a little bit agitated by the normal vacuum cleaner but more or less ignore the robot vacuum.
Cats aren't that bothered by vacuum cleaners unless you come at them with it and they normally just run into another room. Never seen a dog that bothered by them.
Probably a felony under the DMCA.
I'm reminded of when AWS us-east-1 went down and all the beds made by EightSleep (business model: Juicero for beds) became disabled. EightSleep put all the significant control for their beds in the cloud, doubtless because they couldn't or didn't know how to hire embedded engineers, and the only devs they could find were node.js flunkies who only knew how to do cloud. Looks like the makers of this vacuum did the same thing; they didn't know how or didn't want to build just enough smarts to do the localization and mapping itself, and said "fuck it, we'll do it in the cloud".
That's awfully generous. Forcing phone-home, remote control, data harvesting features to be always-on creates a huge amount of data that can be sold for a lot of money. It gets all the wrong people excited about investing and normalizing the level of intrusion into your privacy, with some faceless corporation harvesting gigabytes of data per month from the most intimate and vulnerable physical location in nearly anyone's life.
"Never attribute to incompetence that which can be attributed to malice" or something.
Clearly automatic beds have some degree of embedded software. The decision to put the controls in the cloud was certainly a conscious one.
And what the company did is a felony under CFAA.
Yes, I was thinking he needs an attorney to file suit against them for intentionally damaging his property, and then charge them for the 'repair' which would be the months he probably spent fixing it at a top grade engineering salary.
I block this nonsense before it gets to the cash register.
That's always a good idea, but how many people have the resources to research these details? First of all you have to be aware that this issue even exists. Then you have to scrape the corners of the internet for whether an appliance has any anti-features, because no manufacturer will ever write "collects unsolicited data about you, we will break the appliance if you refuse us your personal information" on the box. And finally you need to be able to afford the time and patience for the whole process.
I don't own a smart vacuum cleaner because the trouble is not worth it to me. However, I can see smart vacuum cleaners being very good for elderly or disabled people, or someone who has very limited free time and could let the robot clean the house on its own while the owner is out. It is really disgusting that scumbag manufacturers are exploiting those people.
The simplest way is to just not buy any IoT devices.
I don't. I take it home, open the package and return it as defective.
You see the same everywhere. Lawnmowers even. A goat is more user friendly.
[flagged]
The owner did not hack the vacuum, he blocked the IP address on his network for the telemetry server. Same thing tons of people do with Pi-Hole DNS blocking, for example.
There's no sane world where it is defensible to remotely brick a device because it can't communicate with a telemetry server.
Not just devices. Same for apps. If you block the live monitoring features of some crash accumulators apps will not function. (Looking at you dexcom)
> There's no sane world where it is defensible to remotely brick a device because it can't communicate with a telemetry server.
Just today: Setting up an old smartphone: "Google assistant cannot work on this device." The only choice was "back". Had to search on the internet the solution: do not connect to wi-fi.
> As the business running the servers of smart vacuums, if I saw an atypical device reporting in, without context, I too would kill that device.
If you want to block a device from accessing your servers because it's behaving in an odd way, such as this one that was contacting the update server but not the telemetry server, that's not entirely unreasonable. Sending it a command to modify its software to stop it from operating entirely is outrageous.
> Why would they not be homogenous?
Why would a business have the power to decide what should and what shouldn't be homogeneous about the property of others? A transaction took place, property has legally changed hands and the former owner is exerting control over property that isn't theirs any more.
How about if the builder of your house comes into your home via an access route unknown to you, and starts rearranging where things are placed, or where you and your wife are placed, etc. in order to maintain homogeneous layout?
> How about if the builder of your house comes into your home via an access route unknown to you, and starts rearranging where things are placed, or where you and your wife are placed, etc. in order to maintain homogeneous layout?
And if you complain he kicks you and your wife out of the house you bought. And if you dare to close off the backdoor he sends you to jail.
> How about if the builder of your house comes into your home via an access route unknown to you, and starts rearranging where things are placed, or where you and your wife are placed, etc. in order to maintain homogeneous layout?
I've seen this movie. Only, the twist was that the home was built 100+ years ago and the builder long since dead. The family living in the home currently had to resort to an exorcist.
Edit to say that the sarcasm is direct rebuttal with the preposterous nature of the hypothetical.
This is a cool article, and neat he got it working in the end.
One thing that is odd - if he blocked it calling home, it doesn't make sense that the kill code was issued remotely. It makes more sense that there is a line of code internally that kills the machine when it can't call home (which would be far less malicious).
That would in many ways be even worse because it means that if the manufacturer were to go out of business all of the stuff they sold would stop working. That's more malicious, not less.
> It makes more sense that there is a line of code internally that kills the machine when it can't call home (which would be far less malicious).
Would it be? Whether the line of code is on the server or the device, what's the difference?
He implied they were remoting in after he blocked network traffic. It could easilyl be a standard exception handling approache when it can't call home and fetch latest settings etc. It might not be malicious - not defending the architecture, just think that there is an assumption of intent here.
Whether they remote into his device or it kills itself is irrelevant except that if it's local code that's even worse, as they've programmed in future obsolescence. That is indefensible, full stop, do not pass go.
If you bring me your silverware from the kitchen, or I go into your house to take it, what's the difference?
(CFAA charges)
The business has no right to remotely kill a device purchased by an end user.
Yeah! Just degrade the battery life and user experience through forced updates so they are pushed to upgrade instead!
Did you accept the EULA?
Consumer law comes above the EULA. A clause which states the company can remotely brick your hardware should be rendered invalid.
OK, no _moral_ right. They could probably stick a clause in there about the vacuum eating my pets for nourishment, but...
And now you've lost the plot or jumped the shark depending on which side of the pond you're on.
The point is it's good to complain
Only sane comment in this thread
You don't own the software on the device, they do. If they choose to revoke that license, that is their choice.
Well, no. You can't just revoke a license. As far as owning the software in the device, I works would argue that you do own a copy of it. I'm sure there is some buried tos claiming you just own a license to run it, and I know this is still being litigated. But when the average person purchases someone their expectation is that they've purchased it, not licensed it.
In EU you have the right to use bundled software as long as you own the appliance. Not sure this is true for US.
I own the device and all of its storage. The exact state of that storage is my business and precisely no one else's.
Does low-effort rage-bait belong on HN? aka, are you f**ing kidding?
I suspect this is not the full story. Why would someone waste their time manually disabling a device? That makes me think that this device was doing something malicous to their servers, enough to trip an alert.
Might just be a "could not contact server for X days in a row" thing.
Not really. They probably flagged this as someone modifying the device and thought it could be someone reverse engineering it.