Google reaches into customers' homes and bricks their gadgets

It occurs to me that the problem with those drug cabinets might have been expediently solved if the drug cabinets were simply bricked after a certain point.

In the end, isn’t forcing people to buy a new device better than quietly ending support and allowing more and more security bugs to be revealed over time? “They should open source the device APIs and let people fix it themselves!” is one response, but wouldn’t that just make things even less secure? Surely supporting the device forever and ever just isn’t feasible, anymore than writing completely bug-free software to begin with.

We’re not talking about ending updates or tech support. We’re talking about shutting down the servers rather then merely not supporting them, and bricking the product in people’s homes.

A product sold with a “Lifetime Subscription.” Bricked after 17 months.

When those products control important infrastructure and/or bricking them puts people at risk, then yes, I do. The presence of software doesn’t change that. My utility company isn’t allowed to turn off my electricity or natural gas heat even if I don’t pay my bill for months, but Google can brick my thermostat on a whim. My keys will never stop working and I can call a locksmith whenever I need to, but Google can brick my smart front door lock. (Note, I use “my,” loosely, I don’t use any home automation). Even if my alarm company goes out of business, I can use the same hardware with another company. They chose to make a device that people rely on for their well-being and safety and make it rely on their maintaining their servers. And yes, they do have responsibilities for meeting reasonable expectations regardless of warranty length.

The difference being that if and when a game no longer works because the server is decommissioned I’m out a form of entertainment. these games have lifecycles, and most players have moved on to the next one. If a home automation device goes down, things like heating, cooling, and lighting go down. It’s much more of a issue. Not to mention more expensive to change out to a replacement that may or may not be compatible with my other existing hardware.

Right now this is affecting early adopters and the more wealthy. But eventually these will be items that you get because your house came with them. In a decade or so they will be more common and cheaper, to the point where many people will lose control of their house functions because the hub device stopped working.

The solution is a DD-WRT type Linux distribution standard for home automation. So that the core software runs on hardware you own, and any device that is compatible will connect first to the local hub and not to the internet. Ths has the added bonus of not needing to put heavy encryption into the lightbulbs and power switches. All remote access can go through the hub. It has to be done right, and it would mean that companies couldn’t lock people into walled gardens of automation products. So it’s probably doomed.

It’s a dick move, I’ll grant you, but we shouldn’t expect a company to support its products indefinitely.

The Revolv was launched mid-2013 and sold for some time after that. There’s a hell of a difference between “indefinitely” and a maximum of three years.

Can an EULA be enforced if the terms of the contract is fraudulent? If these devices were sold as “lifetime subscriptions” and then the device is killed off after 1 1/2 year - is that fraud?

If you went to a restaurant that had an all you can eat sign and you paid for it and then 1/2 way thru dinner they say that they raised the price and you have to stop eating - that’s not legal.

Tivo pulled something similar - they sold the tivo series 1 as a lifetime subscription. I have lifetime on both 1 and 2 series devices. After about 5 years they started to kill off or throttle the updates to the devices for recording shows. Complaints came in on forums around the same time. People figured that the switch to monthly subscriptions signaled a change at Tivo that us lifetime owners were no longer welcome getting the same updates that monthly subscribers got. I have a device with a lifetime subscription and it’s 17 years old. If it still operates, the lifetime is still good. It’s not MY lifetime or some date picked out by an accountant that is financially worthwhile for them…

lifetime of the company…

The company didn’t go under. Google bought it. Google IS the company, and it’s still alive. It’s not a case of Google buying the assets after the company went under.

If something is insecure because it’s open, then it wasn’t secure in the first place. Obscurity is only a minor speed bump when you want to break something.

no, Revolv Inc is still a company - but probably an empty shell without assets and employees

Owned by Google. Google took on its responsibilities.

maybe, maybe not. I have no fucking clue about corporate law

Got it, I was interpreting “should expect” from the wrong angle. Thanks for clarifying.

It’s for the best. I’ve seen A.I.. Do we really want a billion Haley Joel Osments huddling in fllooded Disneyland?

And they wonder why people don’t feel bad about “illegally” downloading their software. smdh

Let me say this again even more clearly: They’re bricking a product sold with a “Lifetime Subscription” after 17 months. That is not even remotely a “lifetime”, let alone “indefinitely.”

Nor is it merely cutting support. That usually means ending further development and tech support, not remotely bricking the product.

It is Medium, after all.

We, as consumers, should not put up with this crap. I understand that we may not be able to do anything about laws like the DMCA, because the companies that want such laws will always have more political “speech” than the rest of us. But if it won’t work without being tethered to the internet, I will not buy it. The biggest issue at our house with this has been video games, because I have teenagers. But we don’t have games that will not work unconnected. None of us have anything on “the cloud” that we do not have a backup of. Even then, there were lesson hard learned. my teenage daughter is more social than the rest of us, and an issue with similar names led to her icloud images and data being merged with her very conservative grandmother’s account. Grandma likes to use an ipad, and she was not pleased when details of her Grand Daughter’s life that she did not want to know about showed up. Big family drama ensued. We also have John Deere tractors, but we have learned to work on those without being constrained by the limits of Big Green. Most hardware, like our tractors, can be re-engineered to work well or even better than originally intended. I understand that I am not supposed to do so. I guess if they want to try to use force to stop me, it will be their decision to do so. Come to think of it, I have a Chinese-made high capacity ink tank system hooked up to my printer. They may decide that these things are worth sending a SWAT team on us, or calling in a drone strike. I hope not.

I’d be curious to know how receptive, or not, these devices are to 3rd party firmware. Obviously this doesn’t help Joe User much either way, since he probably bought an ‘appliance’ because he didn’t feel like, know how to, or know that he had an option to, mess with zigbee-on-embedded-linux; but from the geek perspective(either owner, or someone who might pick one up on ebay) there is a big difference between “Yeah, servers are down; but you can still make it do your own thing” and “Yeah, servers are down; and the only payload cryptographically blessed to boot on the device relies on the servers; so STFU, DIAF.”

Also, when dealing with ‘cloud’ devices, there is an argument to be made that the mothership’s servers and whatever it is they do really ought to be included in the block diagram as equals of the rest of the components: if the device doesn’t work when example.com’s API disappears, is a box labeled “example.com API” connected to the system by TCP/IP any less valid than, say, a flash chip connected to the system by an MMC bus?

Also probably worth thinking about the difference between what one might call ‘user serviceable’ “cloud” devices and “cloud” devices that are effectively captive to the supplier forever(either because of cryptographic enforcement, because the ‘cloud’ magic that they require is simply not available anywhere else, or both).

A cellphone, say, isn’t going to be doing much cellphoning if the carrier goes belly up. However, as long as it isn’t SIM-locked, it’s pretty trivial to instruct it to seek services from some other carrier, and there are standardized mechanisms for doing so. Same with cable modems, email clients, etc.

Other ‘cloud’ things; Not So Much. Sometimes it is just a matter of lock-in. The ‘cloud’ portion might be little more than a thin candy shell over an HTTP or WebDAV or similar server; but if it is hardcoded to only work with the vendor’s SSL certs, sucks to be you(and, if the ‘cloud’ is battle.net, the vendor might go tactical nuclear asshole on you and argue that merely creating an interoperable 3rd party implementation is illegal because the DMCA. Not hypothetically or anything; seriously, fuck Blizzard. In other cases the ‘cloud’ portion may be a fairly giant pile of proprietary algorithms for which no real replacement exists, but there may be nothing preventing you from shimming in the best substitute you can find.

I see two sides to this: side A: You’re an idiot for buying this spyware and bringing it into your home after almost a decade of warnings.
We don’t blame people who smoke and develop cancer for not reading the fine print that came on the box; we blame them for being idiots.

Side B: The laws are fucked. That means we’re fucked.

I’m starting to think there is no line that cannot be crossed; no horrible thing the powers-that-be cannot do that will cause the majority to seek change.