hckrnws
FTC Pushed to Crack Down on Companies That Ruin Hardware via Software Updates
by lg_rocket
They need to crack down on companies that ruin hardware (or will one day ruin hardware) when they shut off their last cloud server.
There's no excuse for an appliance to brick itself or lose functionality just because of the manufacturer's remote action. When I buy a device, I don't want a perpetual, tethered relationship with the manufacturer in order to work the device. I don't want it to ask the manufacturer for permission to run every day. I don't want it to be dependent on the manufacturer to keep it alive. I don't want to create an account. I don't want to log in to the manufacturer's servers. I don't want them to know my IP address or my home address. Leave me alone, I'm just not that into you!
A hardware device should work on day 10,000 just as it worked on day 1. If you as a company can't do that, you should not be able to sell the device (EDIT: OR at least you should be required to prominently mark the devices as "dependent on the manufacturer's servers")
Couldn't agree more.
A recent example - you buy a $1600 virtual reality headset (HP G2, specifically). A couple of years later the manufacturer drops support and Microsoft disables WMR capabilities.
This bricks a perfectly functional, expensive, device.
Personally, I feel the "right to repair" should extend to software. Why am I not allowed to revive an old mobile phone with a new OS version? Why am I not allowed to revive an old device by modernizing its hardware driver? Why can I not bring an old video game back to life?
Yes source code is IP - but maybe an expiration system similar to pharmaceuticals should apply where, for instance, a regulator compels a companies to release the sources of their drivers & services when a product or service is no longer officially supported.
The current VR generation was destroyed by the manufacturers themselves with the exception of Valve. Oculus did develop nice devices as well, but you never could get a single replacement part if anything broke. Want to exchange a heavily used controller? Tough luck, maybe you find a used one that is heavily overpriced. Using any other controller isn't possible.
This isn't acceptable, especially not for devices in that price range. I recommend to try it once as it is an experience, but otherwise VR is pretty much dead again. But don't buy Facebook or something similar, they simply don't offer support for their hardware.
Smartphones are a tragedy itself. Security theatre destroyed it. I could have a safer phone that is on a current patch level instead of using the OEM OS. But my digitally incompetent bank doesn't allow me to use a good phone to run a banking app, because it doesn't allow rooting devices.
Even without giving you any source, manufacturers could at least provide binaries and a mechanism to flash it to devices. There is no technical reason to not allow this.
God, I just have to share a little experience that not too long ago happened to me, relating with what you said about oculus and repairability.
So, ol' monkeyfun had a quest 2 controller grip button break. From gentle, ordinary gripping. And on the same day as fixing an unrelated problem in another controller. Tragedy!
Naturally this loser went to fix it. No guides? Oh well, at least she could see 3rd party 3D printed parts online for sale.
Might as well disassemble it to see how broken the part is, to know what to order. Whipped out tools, started disassem-- aaaaaaand it broke.
Not only was there a terribly placed ribbon cable made very difficult to access, not only were tons of parts inconsistently either held in by the lightest friction or intense nearly glued-together forces or strange catches, but the precise intersection of these aspects (and a ribbon cable that was seemingly stuck to the connector on just one pin) meant that when a disassembly step caused the controller to spontaneously fall apart into a few pieces, it was so forceful that it damaged that ribbon cable.
AAAAAAAAAAA!!!! ================
For what it's worth, I anyway discovered that the way the part broke would need me to extract an embedded piece of metal anyway and make some repairs to another piece of plastic, so it was never going to end in success.
But it really made me appreciate just how terribly designed those controllers are for repair. Even the component that broke was... designed to bend a piece of plastic repeatedly from what I could tell, rather than say just having a small metal spring.
So user-hostile.
Regarding rooted android, it is possible to bypass the root checks of most banking apps:
- 1. use MagiskSU for rooting
- 2. add some modules to bypass SafetyNet/PlayIntegrity (https://github.com/chiteroman/PlayIntegrityFix/releases)
- 3. For especially annoying apps add some modules to hide well-known "root apps" from the applist, so these apps don't know they're installed (https://github.com/LSPosed/LSPosed.github.io/releases + https://github.com/Dr-TSNG/Hide-My-Applist/releases) [I only needed it to get Pokemon-Go to work, banking worked without it]
My local banking apps and even google wallet work mostly fine with these workarounds. Though it breaks every few months, which is then usually quickly fixed with a magisk+module update.
“[I only needed it to get Pokemon-Go to work, banking worked without it]”
Yep sounds about right. This world is a parody unto itself.
>But my digitally incompetent bank doesn't allow me to use a good phone to run a banking app, because it doesn't allow rooting devices.
Honestly part of that is the fault of the OS itself. If shouldn't allow apps to tell if the phone is rooted or not. Unless I'm asking the app to do something that requires root, the app shouldn't have any ability to tell that it's on a rooted device.
Agreed. It is part of corporate ambitions to verify devices. We see that with remote attestation too. Again security theatre and a mechanism that doesn't serve the user.
> Smartphones are a tragedy itself. Security theatre destroyed it.
If you're willing to buy a new device, then I recommend getting a Pixel on sale and flashing it with GrapheneOS[0]. No rooting required. Read up on it when you have a chance. Also, if you install the sandboxed Google Play Services layer (which doesn't require any Google account logins and has very limited access to the device) you will be able to run your bank app.
While I would agree that overall repair-ability isn't great, you're wrong. Replacement controllers are available without an issue directly from meta:
- https://www.meta.com/us/en/quest/accessories/quest-2-control...
- https://www.meta.com/us/en/quest/accessories/quest-touch-plu...
On the software side they have been pretty great with support IMO, e.g. by adding 120Hz to the Quest 2 quite some time after release and opening up the Oculus GO, after they discontinued it. Maybe not valve-level but definitely much more than I expected from meta, and their hardware was a third of the price of valve's, despite having an actual APU in them!
I don't believe I am wrong. Try to find a controller for the Rift or Rift S.
You may now want to argue that these devices are older. That is true, you mostly need replacement parts for older devices.
And software support? I do remember where Facebook forced me to make an account or the hardware would be unusable.
For me that was the argument to never buy hardware from Facebook again. Sure, it was Oculus at the time and even if technically the Rift and Rift S were solid products, I would thoroughly recommend to not become a private customer of Facebook for now. Maybe things have improved, because they certainly should.
Need some kind of public domain requirements on sunset code/software.
Same as we need copyright maximums in the range of a generation (20 years). Having something come out of copy right 100 years later removes the cultural impact that putting a copyright into the public domain has. Primarily because everyone who was impacted by the original copyright is no longer alive. A prime example is steamboat Willie, aka Micky mouse og, really doesn't have any interest in doing much with it because it is culturally stale/mummified/dried out.
I think this would seriously tank the smartphone business. The reason why I have to buy a new phone every few years is basically sugarcoated planned obsolescence. If the software running my five year old Android phone was public domained, likely the community would keep my phone running for at least five more years.
Not saying that this shouldn't happen, though. Just saying that people suggesting this sort of stuff should realize that the economic consequences for some businesses would be major.
>I think this would seriously tank the smartphone business
Not so sure in reality. There's a lot to dislike about Apple and I won't go into it, but as an example, I like their support policy. They promise 5y and usually it's 7y. They do disable features on older phones via feature flags where the performance would not be up to it (like on-device AI lately), but this rather long support does not seem to impact their sales negatively. Arguably it works for them b/c people know they can resell their phones after 2y and still get a good price as buyers know they will get support. I am one who switched from Android/Sony precisely because of this.
The same could be true for opening older phones as some Android makers do unlocking the boot loader and leave it to enthusiasts to port newer Android versions. Many phones get recycled to something different this way (controller for home automation) and would never reduce sales.
Lack of software updates is definitely a factor why people have to trash a working smartphone but there are two more: software bloat and battery degradation. Newer apps tend to use more and more RAM an CPU so one have to upgrade or use slower and slower apps. Li-Ion batteries have limited life time. Even if you are ready to spend time and money on a battery replacement, spare batteries are available only for still widely used models.
I think most people buy a new smart phone because the battery has aged too much. And changing to a new battery never seems to improve things.
People talk a lot about how phones are built with "planned obsolescence," but different people mean wildly different things when they say that.
On one end of the spectrum are people who insist that the reason phones only last as long as they do is a 100% deliberate decision on the part of smartphone manufacturers to hamstring their own hardware, often going all the way into full conspiracy-theory-level thinking, with timed kill switches and the like. Frankly, I find this line of thought to be bullshit.
On the other end are the people who are talking about smartphone manufacturers using components that are chosen for being small, light, and/or cheap, rather than being durable and user-repairable, purely for reasons of design, practicality, and cost savings.
Personally, I know which side of this I come down on; Hanlon's Razor[0] applies here, as well as the fact that, to the best of my knowledge, no actual timed kill switches in hardware or software—nor anything in the same general vein—have ever been proven to exist. And if not even the lowest-grade independent Android phone manufacturers are putting those things in their phones, why on earth would the likes of Samsung, Xiaomi, or Apple feel the need to do so?
If you apply Hanlon's razor to corporations the only one being stupid is you.
If you blindly assume malice every time it's theoretically possible with corporations, you're going to be left angry, frustrated, and wrong an awful lot of the time. They're really just not competent enough to be doing most of this stuff deliberately.
I agree, but I also give the company the concession of being able to open-source the product when support ends. If they do that, I'm okay with it. As soon as they're done making whatever money they could from the thing and it becomes a burden to their pocketbook, hand the source code and schematics over to the community and let them take the wheel.
Not sure about others, but I am more likely to respect a company that does that and buy future products from them.
Open source would be ideal but I imagine the reality of NDAs and proprietary bits and other lawyer stuff means most companies won't or can't. Which, fine, but if you cut off services for a cloud encumbered device in a way that will effectively brick it, you should at least be required to push a final update that lets it continue with whatever basic functionality is reasonable. None of this "we reserve the right for this thing to stop working arbitrarily when we feel like it" in the ToS, the maker is legally obligated to make it keep working if you ship a product like this.
It's an unrealistic pipedream, but one can hope.
A lot of "impossible" things become possible when required by law. NDAs and business contracts are the way they are because companies can get away with it, not because no other way is possible.
> Why am I not allowed to revive an old mobile phone with a new OS version? Why am I not allowed to revive an old device by modernizing its hardware driver? Why can I not bring an old video game back to life?
Hardware is complicated and there are just not enough people with the deep understanding to fix it. I've got lots of old 'open source' devices that lost traction in their developer community. Nobody ever managed to recreate a usable OS for the old Sharp Zaurus PDA until the device itself was completely obsolete.
New OS versions rely on new hardware functions (or just a higher amount of memory or I/O to be usable) so patching to run on old hardware won't deliver something running well.
Video games are a bit of a special case because there's the media copyright as well. But there are lots of reimplementations of game engines so maybe you can't but others certainly do...
Related to this specific example, WMR headsets are just open enough for linux VR software to work with them - https://lvra.gitlab.io/docs/hardware/#xr-devices (of course this is an uphill battle, ...)
Removing 3rd party code from the sources is apparently a monumental task and a major reason why sources for dead software aren't released more often.
This necessarily requires software regulation, too—if your software requires internet connection, functionality should also require internet connections. Why am I making an account with you just to track my periods?
While I do like the idea of requiring vendors to open-source their IP when support for a product ends, I don't think it's practical. For example, the iPhone X is out of the support window for iOS updates, does that mean Apple should be required to open-source the first version it shipped with (11) or the latest version they supported for it (16)?
In either case, these unsupported iOS versions share a lot of code with newer versions, that are still supported, and also with entirely unrelated products like MacOS, iPadOS, etc. So should Apple only be required to open-source only code that's no longer used in any version of their active products? Should they only open-source the drivers and unlock the bootloader so a third party OS can be made to work on it?
Modern software stack for a phone or even less advanced devices contains a fair number of proprietary drivers, which wouldn't be released because the chipset designs they are written for typically outlive the devices they are used in (the chipset gets modified slightly and repurposed for another device). You cannot really get all of the software for the device even if you wanted to.
> Yes source code is IP - but maybe an expiration system similar to pharmaceuticals should apply where, for instance, a regulator compels a companies to release the sources of their drivers & services when a product or service is no longer officially supported.
For the US, an expiration system is built into the constituion: "for a limited time"
It's just that that expiration has been stretched to absurdity where "a limited time" now means a whole second lifetime after the death of the author.
> OR at least you should be required to prominently mark the devices as "dependent on the manufacturer's servers"
Right next to the prominent label about causing cancer in the state of California, presumably.
I feel a notice wouldn't work here because the average consumer wouldn't understand the implications of depending on the manufacturer's servers or what it even means, plus every smart doorbell or whatever would just include it so it's not like it'd affect any consumer's choice
Love it.
This product may be revoked at any time.
This product incurs $30 billion in annual fees.
This product sells your usage data.
Yeah.
The features present at time of purchase may be changed, downgraded, or removed at any time.
With no obligation from the manufacturer to inform you of changes, and even if one exists in law, whaddya tonna do about it? We're doing the take it or leave it approach.
Whenever I come across a thing that contains a "terms of service" or "license agreement", I refuse to read it and make the assumption it says the following things:
> you own nothing
> the company owns everything
> you have no rights
> you promise not to try and exercise any right you think you have
> just in case you ever get it in your silly little head that you do have any rights whatsoever, you agree to binding arbitration with the firm we pay
> you cannot do anything the company doesn't like
> the company can do literally anything it wants whether you like it or not
> the company is not responsible for anything ever
> the company makes absolutely no guarantees about anything
> but you agree to indemnify us in all possible circumstances
That, sadly, is an entirely reasonable take on all this.
Yep. Major turn off. I do not buy, unless forced.
Just have no need for the hassles.
Yeah these labeling requirements only work if you operate under the assumption companies will be truthful. But if they're truthful, we wouldn't require labels in the first place, they'd just do them. So it's dead in the water.
And such dependency should only be permitted if there is some essential function the server is providing. Unfortunately, for a lot of devices that's inherently required to get through the firewall--for example, my garage door opener. Since it's not accessible from the internet the app has to communicate with the company server, the same server the opener opened a connection to to listen for commands.
There's also the grey area of remote kill. It should be required to be disclosed up front and the company should be required to put up a deposit with the FTC for a simple you-can-live server. If the company shuts down the FTC's copy is spun up and anything that hasn't been killed continues to operate.
Garage door opener is a perfect example of a device that should NOT require a cloud service in order to operate. Think about how it works. I'm sitting in my house on my LAN, the same LAN that the garage door opener is on. I open the app to close the garage door. It sends a command out to some server on the Internet. Then the garage door, which is presumably polling the server at all times, receives the command to close from the server, and closes.
Why on earth can't I just send the command directly to my garage door opener over my LAN? That should be the simplest mode of operation possible. I only need Internet connectivity if I somehow want to close my garage door from miles away!
>Why on earth can't I just send the command directly to my garage door opener over my LAN?
Because of NAT. Your door opener isn't connected to the internet, it's connected to your router, which uses network address translation to make all your devices share a single internet connection. So your door opener can send outgoing messages no problem, and the NAT router will route those outside, and then route responses to those messages back to the opener, but there's no (easy) way for a device outside your home network to access your opener. Of course, your phone or PC is on your home network, but only when you're at home. Presumably, you also want to be able to control your door opener when you're not at home, and at those times, you have to get through the NAT. Doing that requires the company's server, or something like Tailscale which sets up a virtual private network (VPN) between your opener and selected devices. But even Tailscale requires some type of server on the internet to work, even though the main traffic goes direct.
Basically, what you're asking for could have been a reality if 1) we had IPv6 (or just not IPv4 with its very limited number of unique addresses), and 2) we didn't have to worry about security so we could feel safe putting random crappy IoT devices directly on the internet and not worrying about hackers opening our garage doors or houses so thieves could enter and take stuff.
Over LAN. The thing about my home garage is that it's at my home where my wifi is. NAT and ipv6 doesn't enter the discussion if I'm already on my home wifi.
Right, I addressed that in my prior post.
Because you start with the absurd assumption that remote access is the primary function of a door.
It does not seem unreasonable that a users might want to open the door while they are coming down the street or turning into the driveway, before they are within wifi range. Maybe their home wifi just barely reaches the inside of the garage and doesn't extend past the garage door. Most folks are not exactly wireless network experts.
I agree it would be ideal to use a local network path if possible, but given that remote access is a requirement, I can understand why they just made it the default.
This was solved even before internet or wifi existed.
If I'm at home, yes. But if I'm pulling up to the house I'm not on the WiFi. And the range on the remote is very iffy.
... Doesn't your garage door opener send an RF signal to the receiver on the motor?
Many of them now go through the internet. My friend had me install the app, granted me access to his garage door from another country and revoked it later, all while still in that country.
I'm pretty sure he's had it fail from right outside his house due to mobile network outages more often than he's used it from far away though.
I think the opposite side of this coin is that the company should clearly define the minimum lifetime of the product and it support, including what services they will provide upon its sunset (such as a partial refund and disposal if the product folds before that date). I want to make an informed decision, and like you I would shop for another product beyond this crap we subscribe to.
The Elkjop electrical goods store in Norway supplies an environmental impact statement which often includes the manufacturer's estimate of the lifetime. For instance the Ankarsrum Assistent (successor to the classic Electrolux Assistent) kitchen machine it's 30 years with spare parts available for 12 years.
https://www.elkjop.no/product/hjem-rengjoring-og-kjokkenutst...
Unfortunately for electronic items the lifetime and spares information is usually blank because the manufacturer doesn't supply it.
Off-topic, but I've got an Ankarsrum Assistent (in the US). It's a ridiculously good machine. Much better design IMO than the KitchenAid stand mixer. The rotating bowl means adding ingredients doesn't require stopping the mixer & lifting the head, you can just pour things in.
>including what services they will provide upon its sunset (such as a partial refund and disposal if the product folds before that date)
This might be OK for a huge company like Google, but for many others, what good is it? If the product folds, it's probably because the whole company folded, and when that happens, you're not getting a refund, regardless of what any contract says.
Why people like me buy iphones? Not because they've got the best hardware or have the best camera or the best apps (though they're pretty damn good at those), not because they are open for hackers (they're basically the worst), but because the manufacturer provides de facto support for at least 5 years after release. My kids all have iPhone 8s and they still get security iOS updates.
Did they promise that anywhere? No. Did they kept on their unwritten and unspoken promise? Yes, for years now. Do you have to be Apple to do this? I don't know, would love it if the answer was no, but looks like everyone else treats this as cost and Apple treats it as value added?
I mean that's fine? If you still exist then your obligations remain. Maybe we will have some sort of "digital rights bankruptcy"
Defining minimum support period is already required by law in UK and will also be mandatory in EU as of next year.
This is the same problem as packaging. I think we should have a designated escrow service for the disposal costs of packaging that is taken off the front end, similar to the pension benefit guarantee corporation.
Imagine if there were a product support guarantee corporation which took, say, 4% of the cost of retail electronics sales, in order to guarantee their long term support.
It shouldn't really matter whether a company discontinues their service or not, because the right way to address this trend is through antitrust enforcement against the bundling of device products with software service products. These two things should be distinct product offerings with independent markets, and devices should be straightforwardly configurable as to which specific servers/services to use (with openly documented protocols, of course).
They should not be legally allowed to use the word "buy". They're actually renting out their products.
This is the biggest thing IMHO. Same with games. Buy should mean buy.
Yeah it's especially bad with video games. One of the most dishonest practices I've ever seen. People amass "libraries" and "accounts" worth tens of thousands of dollars and the corporation can just take it all away for any reason at all including no reason. They don't like a little comment you made somewhere, banned, entire account deleted, "your" "property" permanently revoked, and unless some legal miracle happens that forces them to overturn it they won't even reply to you.
They say "buy" but in reality it's a "licensing agreement" nonsense with a zillion lawyery rules nobody cares about or even reads. Judges should take one look at that and throw the whole thing out but they won't because the intellectual property industry is worth trillions of dollars which means they can buy laws that favor them via lobbyists. It feels like the world is unfixably wrong.
>you should be required to prominently mark the devices as "dependent on the manufacturer's servers")
Actually it's "we spy on you and reserve the right to brick your device at any time", which pretty much every EULA already covers ...
That language needs to be in bold print on the consumer package not hidden in a shrinkwrap license inside the box or worse, online somewhere.
Treat it like we do with food allergen labels. A standard location and plain language.
Don't stop at hardware. If the software runs locally but connects to a server for some non-essential or non-functional feature, it should continue working after they shut that server down.
local network isn't enough because these things are usually driven by phone apps and google and apple make periodic API breaking changes and kick everything off the platforms that doesn't constantly update. So even if its not server dependent many IOT things will still become unusable rather quickly.
"dependent on the manufacturer's servers" should also require that it let my install my own certs so I can MITM that connection and see what it's saying to the manufacturer's servers.
Alternatively we could require companies open-source the server hardware if they choose to shut down their for-profit offering.
Another option is to require companies go the Minecraft route where the "server" portion is always free to download and run but you need the paid client to actually connect to the servers to play the game.
So then the new-business model is escrow for ensuring continuity of server-based services ?
Products configured this way are a combination of a "logic bomb" [0] and a "dead man's handle" [1]. Together they form a very nasty combo.
Suicide bombers like release-to-make switches, so if you shoot them they at least complete part of their mission.
Companies that create self-destructing products are thinking like this. They are binding their survival to that of their customers as human shields and saying "we'll take you with us".
It's very disturbing psychology and having laws that allow companies to do it, even by hiding behind supposed technical ignorance, is a problem.
The way it's sold, you buy all those services from the vendor, and need their device to get access. So either the device should be replacable at low or no cost, or you should be able to switch vendor.
> When I buy a device, I don't want a perpetual, tethered relationship with the manufacturer in order to work the device.
Yes, but all the manufacturers want you in that relationship with them, and the technology of "internet" has finally given them that ability.
It's just a reminder that capitalism doesn't produce the best goods for consumers, it only produces the ones that are just not shitty enough that people keep buying them.
No matter how good a product is, the market will inevitably enshittify it to optimally conform to market incentives.
I mean, I fully agree, but how would any jurisdiction even enforce this? If the manufacturer goes out of business, their cloud service will be shut down 90% of the time (exception is if some entity buys the bankrupt company to restructure it). No one has any incentive to keep a service running that makes no money.
And I believe (not totally sure though) that IP is always part of the bankruptcy assets so probably insolvent companies are not even allowed to just open-source their stuff and allow configuration of the backend so users could set up community-servers and keep things running.
Completely different are cases where companies continue to live but lock features behind new paywalls like Happiest Baby with their Snoo bassinet, invent fees to hinder re-sale like Peloton or cripple working hardware like Sonos did.
Those make me unreasonably mad, not just because I already have too many subscriptions for things that improve my QoL but add up, but also because I do care about my CO2 and environmental footprint. I do not want to trash working devices just because they are now 2 years old. Companies should untether them if they think further cloud support is no longer viable and at the very least should support them for 7-10y.
Make it a legal requirement that if they brick the devices they owe the purchaser a refund for the value of any parts of the hardware that are compromised, minus some depreciation schedule. Then they have an incentive to keep running that service even if it's not currently making them any money. If they go out of business, that obligation is the same as any other on the books - assets will be sold off to cover the debts as best as possible, or some other agreement reached. Patching some code so that the system isn't bricked when the server shuts down is almost certainly cheaper than giving everyone their money back.
Force the manufacturer to release their source code for any server-side component of any product. Or API specifications and any HAB keys needed to boot new firmware on the device.
>When I buy a device, I don't want a perpetual, tethered relationship with the manufacturer in order to work the device.
Then don't buy that device. I know this will be unpopular but there is an entitlement here. I want X, X comes with insane restrictions, instead of sticking to my principles I will buy X then complain about the restrictions. I agree it shouldn't happen, but I also don't buy anything that allows that to happen to me.
Many devices can absolutely be built in a way that they do not require a dumb remote server to work, but they're built that way anyways because the manufacturer is rent seeking. It can be damn near impossible to find equivalent devices that don't do that. It is absolutely right to get one and complain about absurd remote links that shouldn't be there in the first place.
If you're financially rewarding them to do it, I honestly don't want to hear you complain about it. Company X is doing exactly what I paid them to do! What a nightmare!
Is it clearly advertised at time of sale that X comes with the insane restrictions? Is there a viable alternative to X without? What are the consequences if you don't make a purchase at all?
There are some necessary conditions to fully consent to an agreement. If someone has a gun to your head and tells you to do something you don't want to do, it is not entitlement to comply but complain instead of "sticking to your principles".
> Then don't buy that device
Except when the device doesn't appear to be, but can be updated in a way that makes it obvious it does. Absolute statements like "all devices should be able to be jailbroken" or "I want things supported forever" or "just dont do x" are misguided. The world is more complicated, even on this issue. Any implemented solution will have holes and the world will be all the better for it. Progress requires things to die off.
Comment was deleted :(
What we really need are a variety of certifications enforced by the FTC, not blanket regulation. Like you can put a sticker on your product, which would be illegal for non-complying products to have. One seal could be for Open Source, another for Cloud-Free, Firmware Rollbacks, Telemetry-Free, E2EE, 10 years of replacement parts, etc.
It's clear just from this thread that different people care about different things. And I'd rather see a certification that never gets used, than a whole kind of product removed from the market because the FTC got it wrong, and now it doesn't make sense to produce it.
Without regulation, I'd be afraid that it would simply become impossible to find a product that doesn't have customer hostile features. Companies don't need to fear lacking stickers if their competitors lack them as well (or if they don't have viable competitors).
Make it like EnergyStar. No sticker? Then government can’t buy it!
Granted this doesn’t always work but since many state and local governments have similar rules for EnergyStar it does drive a lot of compliance with a completely optional certification in many industries.
Why would someone not just start a competitor to take advantage of the market vacuum? If consumers desire something, have a means to tell if they're getting it, and are willing to pay for it, the market is remarkably good at providing.
Electronic waste is an externality that I am ok with the government regulating.
My VCR still plays cassettes 30 years after it was made, but my 1st Gen iPad stopped playing YouTube videos 5 years after it was made.
That's not a good comparison. VHS was a standard that the VCR makers themselves helped create so of course they'll be inter compatible forever. Youtube didn't make iPads and Apple didn't make Youtube so there's no guarantee for them to be compatible forever. A better comparison would be how long Apple chooses to provide OS updates to iPads and Macbooks since they're all made by the same company.
The idea of free market being "remarkably good at providing" things is completely conditional on the very specific properties of that specific market. Via your logic, monopolies would never exist, nor would anti competitive business practices, and yet they do, because the first thing companies do in a free market is do their best to make it unfree where possible as it's more profitable that way.
The only way to solve this problem is to regulate markets that become unfree where observed to be necessary to do so.
Sure it is, but manufactured goods is one of those markets that has generally proven to have relatively low barriers to entry and lots of competition. That's why first the Japanese, then Chinese, now Southeast Asians have been so successful at displacing American and British incumbents. There's no natural monopoly there, no real consumer lock-in once people write off their bricked-by-software paperweights, and the technological expertise is spread fairly widely across a hundreds of thousands of skilled professionals. You do have economies of scale and pretty large capital costs, but capital is not that hard to come by.
You don't need regulation to fix this, you need startups to go compete with the entrenched firms that are bricking their customers' devices.
Scratch an abusive monopoly and just beneath the surface, you'll usually find not a "free market", but a government with its finger on the scale.
Any industry that involves leveraging copyrights and patents to keep the incumbents in power, for example.
Abusive monopolies really work just fine without big bad government, with mechanisms such as raw power and threat of violence, ownership of key resources (property laws are always fine according to government bad ideologies) and the related natural monopolies, cryptographic-technical barriers, pricing shenanigans to kill new competition, anticompetitive contracts with distributors...
You clearly set out to disagree with my post, but based on the examples you've cited, I'm not sure you succeeded. Threats of violence can simply be handled under the same laws that address it in non-commercial contexts, anticompetitive contracts require government action to enforce, and 'pricing shenanigans' can only exist in a monopoly that is (again) likely to have arisen due to regulatory interference.
At the risk of being paternalistic, the problem with this attitude is basically always that consumers value short-term benefits too highly over long-term ones. Open source software is basically as long-term in the manner of benefits as it gets.
> If consumers desire something
Consumers are stupid. To most, computers are still Magic Box.
Free market dynamics like you, and others, describe only work IF the consumers are able to have the knowledge easily, cheaply, and instantly. You'll find in modern society, with complex products and supply chain, this is becoming harder to satisfy.
Look at the FDA. Why don't consumers just desire lower calorie products and go towards those, why does the FDA need to force serving size suggestions? Because Comsumers can't spent 10,000 dollar and hundreds of hours burning every single piece of food they buy to deduce the calories.
You can apply the same argument to the existence of the stickers itself (rather than looking the FTC to define them), for which the obvious answer is that we're dealing with a market failure.
Because you're assuming that a meaningful amount of customers care about these things. Why wouldn't someone just start a competitor without these proposed regulatory changes?
Stickers still need regulation.
Europe has the CE marker [2] which indicates that the product meet EU safety, health or environmental requirements.
However, China created the "CE" marker (China Export) which looks very identical to the Europe CE marker [1]. ChinaExport does not imply any regulations.
So if you buy a power supply from China you might think it is safe due to the "fake" CE marker.
1: https://www.kimuagroup.com/news/differences-between-ce-and-c...
Your source no. 2 disputes your source no. 1:
> In 2008, a logo very similar to CE marking was alleged to exist and to stand for China Export because some Chinese manufacturers apply it to their products. However, the European Commission says that this is a misconception. The matter was raised at the European Parliament in 2008. The Commission responded that it was unaware of the existence of any "Chinese Export" mark and that, in its view, the misunderstanding had arisen because a producer had failed to respect the precise dimensions and proportions of the mark as prescribed in the legislation.
Comment was deleted :(
That just throws the burden back on consumers. Many products already come festooned with stickers or logos printed on packaging, and most of them are little more than flair. I can also politicians demanding to know why taxpayers' hard-earned money is going to promote products that are 'anti-innovation' (telemetry-free) or 'support criminality' (E2EE).
The standardized energy consumption stickers, EU mandates are really useful and a huge selling point in shops around me. I was shopping for new kitchen appliances this year and haven't heard a single customer asking about features or smart functions but everyone was comparing design, noise levels, and energy usage in that order. These stickers make it really easy.
Good idea! Like a nutritional label for electronics. The FDA is very strict about nutritional labels, as they should be.
missing the /s
Those labels don't mean much because companies have really worked around and lobbied to make it all a very murky label.
"Organic" labels, for instance, don't mean they haven't used pesticides or other harmful things – just a certain list of them.
Nutritional facts labels, specifically, are very strict about the contents of the package. “Organic“ is not a nutritional facts label. I apologize for not giving the full, official name for that label. For decades, it’s been the go-to place to see what macro and micro nutrients you’re eating. I think an “electronics facts” label which was similarly rigorous and covered important areas that the OP mentioned would be great.
https://www.fda.gov/food/nutrition-education-resources-mater...
What’s wrong with the nutritional labels that GP mentioned?
> because the FTC got it wrong
Ok. What if instead of the FTC getting it wrong, they only put out rules and regulations on very obvious situations, where it isn't really possible to get it wrong?
People do this very weird thing where they bring up the downsides of government regulation, but they don't recognize that some problems are easier to solve than others.
Not everything is a matter of "well, its just trade offs! What if customers prefer to have their hardware purposefully sabotaged and they bought the hardware because they want to be screwed over".
A much better explanation, is that sometimes consumers don't expect to be completely screwed over, they don't know what they magic seals or pages of fine print mean, so they buy the thing anyway, without knowing the consequences.
Once again, this argument can perfectly reasonably be applied only to the extremely obvious situations, where we don't have to go all in on the libertarian, perfectly rational actor arguments.
This reminds me of when Sony disabled their officially supported OtherOS support (used to install Linux and other os's dual boot) with an update. Of course without the update, no access to the Sony Store, games that require the latest Sony PS3 stopped working, etc...
They got sued in a class action lawsuit for that, which got dragged out for ~7 years: https://en.wikipedia.org/wiki/OtherOS
And in the end users who had used that feature and lost it got... $10.07
Class actions are more about penalizing the company than making customers whole. I’m pretty sure the legal and settlement costs were enough to make Sony create processes to avoid that happening again.
Yes, they made sure that there would never be a refuge from the walled garden to begin with.
Exactly. It's too risky.
Sony isn't going to change anything for a $3.75M slap on the wrist.
The executive in charge of the business unit probably got an extra $4M bonus for managing to make the costs so low.
Disagree. What was the revenue upside of the openness to start with? Probably less than $3.75m.
$3.75m is tiny to Sony but probably quite large for the group responsible for the loss. I know I've seen serious trouble at Fortune 10 companies over $3m issues, when the 6-person group's annual budget is $500k.
Well for one, they got "free" marketing for PS3 by getting it associated with supercomputer performance. They averaged almost 12.5M units sold per year, which means a lot of game sales (where the money really comes from). They're the largest video game company in the world, and make about $2B earnings before interest and taxes per year these days.
https://en.wikipedia.org/wiki/PlayStation_3_cluster
https://www.theverge.com/2019/12/3/20984028/playstation-supe...
> Well for one, they got "free" marketing for PS3 by getting it associated with supercomputer performance.
At least in Germany's nerd circles Sony's behaviour rather lead to "so nie" jokes (explanation of "so nie": when you pronouce "Sony" with the first syllable like you would pronounce a German word, stress the second syllable, and put a little break between the syllables, it sounds like "so nie" [German for "never this way"]), and lots of people used this "little different" prounciation of "Sony" to express their disgust for Sony's behaviour. This "guerilla pronounciation" of "Sony" helped to spread quite some reputational damage of Sony among hackers and tech enthusiasts in Germany.
You also needed onerous levels of proof to get that whopper of a payout. IIRC you needed a photo of you using it or to submit a dump of your MBR showing the OtherOS partition.
I did not get my $10.07.
Sony omitted OtherOS support with the PS3 Slim hardware revision with seemingly no technical justification and later removed it from existing consoles.
Afterwards several researchers investigated how to execute third-party code on the device and succeeded. [1] In response Sony did attempt to prosecute several people under DMCA and similar claims [2] and were more successful with certain defendants in some countries versus others.
[1] https://media.ccc.de/v/27c3-4087-en-console_hacking_2010 [2] https://en.wikipedia.org/wiki/Sony_Computer_Entertainment_Am...
Exactly what I thought of, too. Was the PS3 the first forced-downgrade?
Nowhere near the same level of "forced", but the earliest similar situation I know of was Microsoft issuing an update to MS-DOS that removed the "DoubleSpace" filesystem compression feature due to losing a patent lawsuit [1]. They later introduced another update with a replacement, "DriveSpace", that did roughly the same thing but with an incompatible on-disk format and a modest performance hit.
[1] https://www.latimes.com/archives/la-xpm-1994-02-24-fi-26671-...
And I haven't bought anything from them since. May that company go bankrupt.
I will be frank: there are a ton of devices I have not purchased because of these potential risks and dependencies.
Just not worth the hassle.
I pretty much avoid newer cars for similar reasons. The ones I drive have no annoying screen. It is easy to setup a Bluetooth phone connection to either the factory radio, or an easily installed one. And I can do most repairs, need never talk to a dealer, they go for 100, often 200k miles after I buy them, get great fuel economy, and it goes on and on. I would be crazy to buy a new car.
The rest of what one might need?
Got a phone for that. In a pinch, an older car phone powered by a current phone hot spot works great too.
Music?
Got all the tunes I need on a storage device. Or pop a CD in. I like CD media, and this year it outpaced digital downloads.
Good. I like vinyl too.
I see people struggle with a lot of this stuff. No thanks. My life is nowhere near as enriched relative to the costs and risks.
I have been working to eliminate all my wifi IOT devices.
Years ago I gave them a separate guest network / vlan to use, with only 5mbit of bandwidth.
The only thing I have left is some ip cameras and my roborock vacuum.
We seriously need a local first law that enables all these devices to work 100% on local wifi.
I really wish that what we got instead of "Hey, your device can connect to smart-things.com and do stuff, ain't that need!" we had "Hey, this device speaks Protocol 1.2.3 over bluetooth which you can import to smart-things.com or other services".
There really is no reason why a phone couldn't, for example, have a home management app on it that manages all the IOT devices over bluetooth or other protocols directly rather than needing an internet connection.
>I really wish that what we got instead of "Hey, your device can connect to smart-things.com and do stuff, ain't that need!" we had "Hey, this device speaks Protocol 1.2.3 over bluetooth which you can import to smart-things.com or other services".
I made a conscious decision to build out absolutely everything HA-related that I could using Zigbee and Z-Wave devices. I intentionally avoided anything based on wifi and proprietary apps. It's basically what you're describing. I switched from SmartThings to Home Assistant about a year ago, and everything flipped over without any real drama.
As others have said, Matter is another step in this direction with the end goal of making setup a little bit easier; it's still incredibly immature at the moment, though. But Z-Wave and Zigbee are both here now and work fine.
I'm currently doing home assistant + zigbee/zwave as well for everything. The main issue I have is it seems like the amount of those devices being released is fairly limited. It can be hard to find devices for some applications (like high current switches, for example).
Be that as it may, the issue is also that you can't take your phone and hook up directly to these devices which is the bigger issue for wider adoption, IMO. It's fine for someone like me that has a home server laying around where I can plop in HA. But what about the average consumer who's only device is probably their phone and maybe a smart speaker?
That's more the problem I was talking about that needs addressing.
The iPhone 15 pro has a Thread radio, so we may start to see it become more common.
Yeah, that's specifically what Matter+Thread are intended to address. The intention is that most devices that aren't battery powered and have an internet connection can act as a Thread border router and build out a mesh from there. The controller can be practically anything from that point.
Neither Matter nor Thread nor Matter+Thread requires an Internet connection in order to chooch.
(And that's kind of the entire point.)
Same here, when I was getting started I bought some wifi light bulbs, realized they expected you to have them connected to the internet and immediately returned them, instead getting zigbee ones. Has been working for years with zero issues, was great when Philips started going cloud focused for their Hue bulbs since I didn't have to worry about it affecting me.
I bought a bunch of zigbee light switches years ago. A couple of them have failed and I replaced them with dumb switches. For my use case I found I was rarely using them as anything other than dumb switches anyway.
This exists, it’s “Matter”, and it’s a smart home local-first IP based protocol. It’s available through the SmartThings, AppleHomeKit, and GoogleHome apps, as well as other smaller companies (eg. Alexa).
It can operate over WiFi/Ethernet, as well as thread and Bluetooth.
Edit: the implementation is also open source, and you can roll your own
> There really is no reason why a phone couldn't, for example, have a home management app on it that manages all the IOT devices over bluetooth or other protocols directly rather than needing an internet connection.
>> This exists, it’s “Matter”
Sadly, I am not sure Matter will solve the problem. Not because it cannot solve it, but because what I see in the industry manufacturers will not solve it.
I have tried several (e.g., Aqara, Google, GE) Matter products that supposed to "just work", but they did not. Every one of the devices I tried failed or made it extremely onerous to function with non-native hubs.
At 3.5% profit margin for the hardware, there is little incentive to truly interoperate. The money is in subscriptions, locking the user into an ecosystem that makes them dependent for the life of the product.
(Caveat emptor - I am an old crotchety, jaded grouch.)
Does pairing (or network joining or whatever it's called) work in Matter? Or is this going to be like Bluetooth where 30 years later the most fundamental underlying workflow still finds new and innovative ways to be completely broken for the most basic tasks?
Pairing mostly works. Matter is still "new", despite having been in the cooker for a few years, and there are glitches to the setup process, but it works eventually.
I've got a few cheap Matter light bulbs that I've picked up mostly just to play with, starting a few months ago.
This fleet has several random and forgettable names on the packaging and exactly two (also unmemorable) manufacturers so far.
Pairing is a little weird: It seems to broadly involve a pocket supercomputer with Alexa or Google Home or Home Assistant or whatever, and scanning a QR code.
This QR apparently begins Bluetooth handshake between the light bulb and the pocket computer, wherein things like WiFi information seem to be exchanged.
After that, Matter devices (in my application at least) just live on WiFi.
This all happens without needing weird(er) apps, overseas clown accounts, or manufacturer-specific hardware. It is local. (Well, Home Assistant is local. The others...are whatever hybrids they are.)
And multiple local control systems (like the three I've already mentioned) can each monitor and control each Matter devices directly. There's probably a limit, but it's nice to have these things non-interactively interacting. ;)
And they seem to be working fine. Boring, even. Right now I just have all of my IoT stuff on the same VLAN/SSID as everything else because it is easy, but I have 100% confidence that these Matter devices would continue to boringly Just Work if I were to isolate them to their own VLAN with zero WAN access.
(Maybe that's something I will work on when setting everything up again after the next move.)
Cool, that sounds promising, I'll have to play around with it some time!
Iirc, Matter uses BT LE for adding devices; not sure if that's required or just a supported option, though.
Yay?
> I really wish that what we got instead of "Hey, your device can connect to smart-things.com and do stuff, ain't that need!" we had "Hey, this device speaks Protocol 1.2.3 over bluetooth which you can import to smart-things.com or other services".
The problem is that end users suuuuuuuck.
Oh, by the way iOS and Android do everything in the universe to make using Bluetooth absolutely miserable. Which Android or iOS version are you running? Which buggy Bluetooth stack did Samsung saddle you with? Oh, we retired that version of the app 18 months ago, please, for the love of God, update it. And, oh, you're using a shitty cracked Chinese version of the app <facepalm>.
If I make the users connect to the "cloud", I can control the device, the backend talking to the device, and the front end talking to the user. I now know exactly what the versions are, and the Chinese can't pirate the app. The customer support is orders of magnitude easier.
From the perspective of the device developer, the "cloud" is simply a no-brainer on every single front.
You, as a local-only user, simply won't pay anywhere near enough money to make supporting you worthwhile.
I just bought a bunch of Shelly wall switches and US outlets. They are very affordable and use an open source OS on what I think is an ESP32 enabling Bluetooth and WiFi. They have an IoT cloud thing paired with their app BUT you can disable their cloud or use your own cloud URL, enable RPC over http or UDP and write your own code, use MQTT, local web server in the switch, etc. The outlets are just relays though they measure load current and voltage. Bonus is they do not need to be commissioned through an app - you can do everything over a browser or http calls via curl so you can use whatever OS and even script it.
My only gripe is the wall switches do not have any ability to accommodate retrofitting a 3/4-way setup which is quite common for stairwell and hallway lighting.
Edit: here's the dimmer API for reference https://shelly-api-docs.shelly.cloud/gen2/Devices/Gen2/Shell...
[dead]
If you want to cloud delete you may be able to install valetudo on your roborock. You still get a local control via webpage or the (foss) app.
Valetudo has been awesome on my Roborock S5s. It does occasionally hang up so I have some reboot cludge scripts, but in general its pretty solid. And way more than you can ask for from some random guy on the internet.
On my dreame t is rock solid. Better than any OEM IOT software by a long shot.
Just look at the ones that support Tasmota (or ESPhome).
Those use opensource software, integrate nicely into home assistant, and well.. are "local first".
For lights and relays (haven't bought the others yet) i;ve been really hapoy with the quality of athom devices. Tasmota, esphome and wled support natively.
Thanks, didn't know them but their products seem real good. I'll have to try them.
Wifi iot can be good, but it depends on a few factors
Devices with local API, be it binary or http, are one part of the equation. There are systems like esphome that are best in class.
The other part is getting a decent router and Wi-Fi infrastructure to support them. Most consumer routers crap their pants after 30 or so devices
I used to be vehemently against Wi-Fi. Internet of things stuff, but when I got my new house, my current house I've been building it out in a hybrid approach. Approach. Lighting loads are controlled via lutron, and then non-lighting loads are a mixture of Z-Wave, zigbee, and Wi-Fi devices running ESPhome. My Network infrastructure is a unifi system. It's been more or less bulletproof
Good for you!
I depend on nothing in the cloud and I only have encrypted backups in the cloud secondary to local back ups. I even download my email in Thunderbird.
Apple is criminal when it comes to cloud dependence. An iPhone is mostly useless without an iCloud account. With GrapheneOS and Android there is no dependence on the cloud. I am just pissed that the android phone makers keep getting rid of SD card expansion.
I will never own an IoT device though. I never saw the convenience of them over the hassle and cost.
Comment was deleted :(
Agreed - can't tell you how many cloud connected devices I've had that completely stopped working. Like my Mellow Sous Vide. Most of my house now is Z-wave and Zigbee.
WiFi is terrible for IoT anyway. Look into other procotols such as Zigbee, they don't connect to the internet, ever.
Make blowing eFuses in devices illegal. The device no longer belongs to the manufacturer and they should have no power to physically damage it, nor to compel me to allow them to physically damage it as a condition for use.
EFuses enable awful anti-consumer "features" like preventing firmware downgrades, blacklisting compromised cryptographic keys, and bricking devices remotely.
>Make blowing eFuses in devices illegal.
Do you mean before or after manufacturing? Afterwards, I agree. Before, no way: that's how most modern CPUs work. They put a bunch of crap on the chip and make them all the same way, but due to defects, different chips have different parts that don't work, so they blow efuses inside the chip to disable the broken parts, and then sell the chip as the variant that doesn't include that function.
IDK. I'd kind of like it if manufacturers would stop selling me V-12-shaped engines that can only be run as inline-4s, too.
(No, that's not a thing.
But I'm not sure what qualitative differences might exist, and which would actually survive debate, betwixt a fully-built silicon chip with parts disabled forever and a fully-built engine assembly with parts disabled forever.)
> Do you mean before or after manufacturing?
After the sale-- that's why I qualified who the device belongs to in my post. Before the sale it belongs to the manufacturer and they can do whatever they want to it.
They also enable things like resettable fuses in a car (ie Tesla) such that you don't need to have some dumb fuse in the fusebox blow and then waste money/time buying replacements. Instead make them software resettable after a fault has been resolved and now you have eliminated a cost and made the system more efficient.
I don't think we're talking about the same kind of eFuses. The ones I'm talking about don't serve a current-limiting function like a traditional fuse. They're features on chips to allow for non-volatile storage of a limited number of bits that, once blown, cannot be reset.
AKA how the Nintendo Switch prevents firmware downgrades - https://medium.com/hackernoon/how-the-nintendo-switch-preven...
Yes I know about eFuses, they were used on the Xbox 360 console as well. As far as I know, they are similar types of eFuses on the Tesla that are capable of changing their state via firmware instead of one time blow (different application) but I could be wrong. Its just in this case the thing being controlled is not a checksum for what firmware can be installed, but a checksum to confirm if current should flow to a specific path.
MS removed support for mixed reality in windows 11 24H2 which made all windows VR headsets unusable (except MS's headset). I wonder if that counts.
Just speculating here but I assume law will answer this with one word: "intent". Did MS design this with the intention of planned obsolescence, or was it reasonable to impractical to avoid?
We have been calling on laws to stop this practice for at least 2 decades now. Early examples include the bricking of PS3 Linux support and HP printer modules. This situation needs to change especially with so many cloud connected IOT devices. The law really needs to not just be about functionality loss or bricking remotely but also components that work without the cloud that can work locally.
The bricked PS3s that ran Linux?
The full story: https://en.wikipedia.org/wiki/OtherOS
The solution that would not require govt cost or enforcement is a legal change:
A company introducing a product that requires a connection to their service MUST maintain utility and features at the same or better for at least 7 years after the hardware product is last sold at a retail establishment (equal or expanded features and lower cost).
At whatever time they reduce features or increase cost beyond a faster level of inflation, they are required to release all related current source code, comments, documentation, test suites, etc. required to make usable all product features, into the public domain.
At that point, all parties are also fully permitted to use any measures to reverse engineer or otherwise hack the source code and firmware.
Simple: You maintain it, it's yours as long as you want. You stop maintaining it, everyone else can do it for you.
Let the bean counters trying to cut this month's bottom line costs fight with the IP lawyers trying to hide everything forever.
[edit: typos]
I think this gets tricky if their source code uses other proprietary software that can’t be open sourced. So in practice open sourcing would not be an option.
I could also imagine a common situation where there was some complex integration with various third party like OpenAI where it wouldn’t be that easy for users to handle themselves.
For sure, there will be edge cases and such as you describe. That is no reason to not do it.
1) resolve them in favor of the customers/users. If it is required to use it, release it, and anyone is free to hack. If it integrates with some 3rdPty service, they'll pretty quickly update their TOS to prevent such risks to their codebase, so it won't be an option.
2) it'll encourage corporations selling products to use modular and local-first design. If the product works by itself, local-first, and using a software package delivered with the product, and they sell an ADD-ON cloud-based service, they'll have zero problems. They can discontinue the ADD-ON cloud service at will, and people can still use the original product as sold.
The classic example is deep use of cloud services. If the whole thing is built on AWS services, you won't have a meaningful app to deploy. Or if they use proprietary assets from somewhere like unity.
This is a surprisingly good recommendation. I would consider it fair.
Why should people be able to hold their products hostage if they aren't even selling or maintaining them anymore? Customers win and the company doesn't really lose anything. They aren't selling or maintaining it anymore!
[dead]
I'm scared for the next election, remember Ajit Pai in the FCC? If Lina Khan goes away the FTC will most likely get a corporate stooge and all the wins under her will be gone
I think what we really need is a mandate to open firmware for any hardware thats EoL. You should just have to pay an escalating fee, or at least be liable in a suit for damages when you EoL a product without opening up the hardware.
Fair enough: You don't want to support our stuff? Then let us support it ourselves.
They need to go after Peloton with their new activating fee on used bikes. But I also see car manufacturers doing this (ruining hardware through software updates). For example I’ve now started receiving random ads popping up on my screen, which is needed for basic things like climate control, pushing me to activate a Sirius XM trial. I didn’t get those before until an update was forced on me - the car gave me three attempts to ignore the update and then said I am out of delay attempts and that the update will be installed when the car was stationary.
You should name the car brand and model so others can avoid it.
I had a PS3 that I used 99.99% of the time running Linux (e.g. for Cell development). When portal 2 came out I thought it might be fun to play, ... the startup had some updates that it needed to run... and bam, my Linux install was inaccessible. WTF.
But hey I got paid $10 for my trouble in a class action lawsuit.
There's a lot of stuff like this that should be very illegal and include excessive fines and jail time to stop it from happening. Buying something and then having the manufacturer take features away is a major bait and switch in the best case. It's fraud. Turning off cloud servers and abandoning hardware leaving it useless when it could be made useful if source code was released should be just as illegal. They need to start cracking down on these horrid business practices.
I had a bose sound bar, just a week outside of warranty, brick itself with a forced update. Surprisingly, bose replaced the sound bar when I contacted them for support..
I started just sending broken products back to Amazon. My DENON smart speaker broke outside of warranty (1.5 years), so I bought a new identical speaker and returned the broken one.
It's unethical but I am just tired of paying $$$ for products that break right after warranty ends.
I did exactly this with a busted ASUS monitor. Bought a 43" 4K display for my desk and it failed after barely 2 months of use. Contacted ASUS and their support said they'd be happy to fix it under the warranty, after I sent the item to their repair facility in Texas, on my own dime. A 43" monitor. Would've costed me $180.
Fucking ridiculous. I ordered a second if for no other reason than to get back to work, and that one arrived broken! But, fortunately, the power supply was in-tact so I took them both apart, constructed a working one, kept it and returned the broken parts. If whoever's fulfillment can't even be fucked to check the ones they're shipping out to see if they're shattered, I figured it was long odds anyone would even care if I did it. And I never heard a thing about it.
And an interesting side note, I received refunds for both purchases. I have no idea why, but clearly some folks working at either Amazon or ASUS aren't too on the ball.
And the monitor I built still works too, so.
This is becoming the most valuable benefit of buying on Amazon. At least I can always return a broken product and not just eat the cost of the ever-decreasing quality of consumer electronics.
FWIW, if this was somewhat recent, Gamers Nexus recently did a segment [1] on ASUS' warranty support and practices, and they say that they are making some improvements to the way warranty support is being handled. They claim that they retroactively reviewed, or will review, warranty cases for issues such as what you outlined like shipping being charged, high RMA fees, and so forth.
We've lowered our expectations so much that common decency like that is now "above and beyond".
Indeed, I'm not sure why software gets so much leniency. If a Bose technician had broken in at night and desoldered the speakers' MCU I don't think anyone would be this generous with their expectations.
This is why none of my brand new appliances will ever be connected and allowed a firmware update.
Until it becomes a requirement.
It's often a requirement to use any smart features. My SIL has a coffee maker that requires an Internet connection to program the delayed start. It still has all the buttons of the previous generation that ostensibly allow you to have your morning coffee ready when you get up, but blinked at her demanding an SSID before you could use the interface; now it can do whatever they want it to do. Ostensibly, you can set more options and set them more easily from a phone app over the cloud, but practically I just want the coffee to be hot and ready at 6:05 AM.
Avoiding anything labeled "Smart" is a great way to massively reduce cognitive load and improve reliability around the house. I recently replaced my old cheap coffee maker that finally broke with a new cheap coffee maker. It took about 5 seconds to set the timer for the next morning and I'm confident that's the last I'll have to think about it for years to come.
Then it gets returned. "requirements" are a two-way street.
I’m talking my ovens, cooking top, washer and drier. It’s all Siemens and it works perfectly not being connected so i can only imagine downsides by connecting it.
Well, sometimes updates are not for "new" features but also for fixing core stuff.
Did I ever tell you, I "love" software engineers and their mentality of "ship first, fix bugs later"?
/s
How can I push back against PMs and suits when they want stuff like this? I think whatever I think to say or have said is just talking past them; they don't seem to care about the ability of the product, just that it appears good enough to sell.
The one and only way to convince management to be interested in quality is to convince them it will cost the company lots of money to ignore it, and to convince them the company will be able to easily attribute that cost increase to them specifically.
Appealing to common sense, or morality/ethics, or a sense of professional responsibility or pride in the work, won’t help. Saying that crap work will tank the company won’t even help, because if attribution is missing, there’s no fear of punishment and a good chance of failing upwards. IOW, just assume that most adults will act like horrible selfish children most of the time and you’ll rarely be disappointed.
Oh, this is just useless cloud (read “dream of perpetual revenue with additional “convenience services”) features from the era of IoT hype. Now things started integrating AI features which are more integrated into the whole system and needs more “cloud” access. Once the AI hype falls(either bubble bursting if glorious “auto-complete” marketed as novel thing or consolidated by few key uses similar to image processing, pharma etc) and these “AI” integrations are shut down as “unsustainable”, the devices will be also bricked.
Cloud(read IoT fever) at least can be mitigated by somehow mocking the thing the device is looking for, the unpredictable AI mocking is …
They need to force hardware makers to publish all the information needed to use the hardware with customer supplied software.
This does not have to be a release. But at a trigger point. EOL announcement, or on an update that removes previously available features, or after 2 years after the first sale of the device.
There should be zero exceptions. If a hardware provider can’t do this they should be forced a full refund of the device and any software components bought tied to said device.
Spotify Car Thing. Facebook Portal. I've been hosed the last few years by this (but at least got my money back from Spotify).
I think that everything that runs software should have an unlockable bootloader and sufficient hardware documentation for third parties to develop software. I'm not big on government mandates, but I might make an exception for this.
The recent Synology update removed Video Station and HEIC support from Photo Station. I'm annoyed that they can arbitrarily remove consumer focused functionality in an update like that. There has been quite a bit of grumbling in /r/synology about this.
This is a good reason to avoid proprietary solutions and instead build your own home server using open-source software.
RIP OG iPhone SE that was rendered useless by a growing iOS.
tbf it's still a usable phone and still gets occasional security updates. I'd say the main way it has been rendered unusable is websites totally ignoring the possibility of screens that size.
I notice even with my 12 mini there's been a big increase in websites with horizontal scroll bars
I used mine for text messages and phone calls. Most everything else had been removed to make space for iOS updates. Maybe mine was the model with the smallest drive - 8 or 16GB.
16 GB was the smallest size that iPhone SE was released in.
LG Smart TVs, for sure
I originally thought this might/could be an US portion of the Stop Killing Games campaign - until I read the "hardware" part of the title.
Are they growing to crack down on Apple? Or are they the only ones allowed to make money by limiting software capabilities?
Given recent rulings by the US Supreme court, how much actual authority does the FTC have left?
A fair amount. They are more limited to the letter of the law, but they already had a lot of authority.
I can’t help but this of my aging apple MacBook. I once had full functioning, non subscription versions of both windows office suite and Adobe photoshop and illustrator. Neither of those packages of software work now and the integral MacBook battery is swelling and a would be a total pain to replace.
>the integral MacBook battery is swelling and a would be a total pain to replace.
You can go to Apple directly to get the battery replaced. They'll help you with Macbooks going back to 2015.
Why don't they work anymore?
Someone wrote a letter to the FTC?
Is this like some obscure government rule where the FTC can't do something until they receive a letter in the mail? What is this world we live in? Are they not aware of what is happening in the world? Do all government agencies enforce their mandates by mail order?
Hello, HP!
Great news for anyone who owns a “Smart TV”
Can't wait for Amazon to be held responsible for force-bricking Firesticks in order to drive new sales, alongside their paywalling of Ring devices, after not disclosing the multiple data breaches that occurred.
What happened to fire sticks?
Amazon teams pushed bloatware that bricked older Firesticks, resulting in a boost in the sale of new Firesticks. People were promoted for it.
I wonder if a severe crisis that makes it difficult to source hardware (such as a global war) would unfuck this issue. People would need to scrounge and fix what they have and will be rightfully outraged that these devices aren't truly "theirs." Today nobody cares (by nobody I mean average users) because it's trivial to just replace things.
cricut needs to be investigated for this.
Judging by the URL, the full name of the article is "FTC pushed to crack down on companies that ruin hardware via software updates or annoying paywalls".
Regarding annoying paywalls, it's ironic that the page says "Checking your browser before accessing this site.", "Please allow up to 5 seconds..." and then keeps showing the wait sign indefinitely.
I guess Techdirt site could be a subject to FTC push?
Call me old fashioned but who needs the FTC when you can just not buy the thing (or sell it) if you don't like it? Remove regulation and more competition will spring up to make every type of customer happy.
In this case the manufacturer is destroying the value of an item after you bought it. So you can't just not buy it and no one will pay you for it.
I agree that regulation should be used sparingly, but I could see a justification for some regulation here.
Or tbh perhaps this could be solved by deregulation: remove DMCA protection for drivers and firmware.
you're old fashioned. that clearly isn't and hasn't been working.
Who needs the FDA when you can just choose to buy the canned meat without maggots in it?
Crafted by Rajat
Source Code