- cross-posted to:
- homeassistant
- [email protected]
- [email protected]
- cross-posted to:
- homeassistant
- [email protected]
- [email protected]
Thankfully I don’t use any of their products, but this really pisses me off. They claim that this open source project “causes significant economic harm to their company”
This is ridiculous. It is truly ridiculous. How can something that enables the user to efficiently control their AC cause “significant economic harm”???
Consider forking the repository or mirroring it to another platform like GitLab, Codeberg or your self-hosted Git server, so the project can continue to exist and someone can maybe fork it and maintain it.
The effected repos are: https://github.com/Andre0512/hOn and https://github.com/Andre0512/pyhOn
If you don’t know about Home Assistant, check it out. It’s an amazing piece of open-source software, that you can run at home on your own server and use it to control your smart home devices. That way, you don’t need to connect them to the manufacturer’s (probably insecure) cloud. It gives you sovereignty over your smart home instead of some proprietary vendor-locked garbage. Check out their website and the Lemmy community: [email protected]
I also highly recommend Louis Rossmann’s video about this: https://youtu.be/RcSnd3cyti0
He makes awesome videos in general, consider subscribing.
As Rossmann said, don’t ever buy anything from such a shitty company that doesn’t respect their customers. This move by Haier is nothing other than a slap in the face for everyone, who just wants to comfortably control the product they paid for. This company is actively hostile towards their paying customers. Fuck these bastards!
This is ridiculous. It is truly ridiculous. How can something that enables the user to efficiently control their AC cause “significant economic harm”???
We’re discussing this over in [email protected]. This absolutely has to be about them losing access to data they can sell to 3rd parties. The hOn ToS will no doubt have a clause that enables this.
It’s a dick move for sure.
They want to advertise that their stuff is “cloud enabled”, while offering the shittiest service possible and putting as many roadblocks as possible to minimize its use.
Having people use their services efficiently is increasing their cloud services bill, can’t have that.
Personally, I’ve restrained myself from buying into IoT, and if I’m going to do so, I’ll make sure it can be controlled locally without depending on a cloud service, and through a hub I can fully control. I need to be able to disconnect my modem and operate everything even if the WAN is down.
I basically run my house IoT setup as you desire. My smart switches are a mix of Tasmota (open source firmware, running totally locally) and ZigBee (an open protocol for IoT interoperability). The whole lot is controlled by a NUC running home assistant. My doorbell camera also streams directly to the server.
Home Assistant basically acts to glue everything together, and provides nice, easy to use GUIs. It can also bridge between networks. It’s easy to have all your IoT things on an isolated network, with no internet access. Only the HA install can see both networks.
I’ve also been careful of WAF (Wife Acceptance Factor). If the internet goes down, almost everything keeps working. If the NUC dies, the switches still work as dumb switches. The bulbs all default to full brightness neutral colour.
I have a bunch of smurt plugs that require internet and I didnt know before buying that they cant be flashed. Jealous.
You can flash them, you just need some tools from AliExpress to hook leads directly to the UART pins on the ESP chip they’re using.
Sounds way harder than it actually is.
Its not an ESP, its some other bullshit
This might cover it for non ESP devices: https://github.com/openshwprojects/OpenBK7231T_App
It used to be most used esp8266 or esp8285 modules. Unfortunately, tuya have created a pin compatible module that explicitly can’t be replaced easily. They’ve pushed it hard with their ecosystem, so it’s all over the place.
There are still a lot of esp based devices about, but you need to be careful of anything with a tie in to tuya.
Ah, yeah. Any Tuya device should be an automatic no for anyone.
Haven’t used it myself, but this supports some of them: https://github.com/openshwprojects/OpenBK7231T_App
Is home assistant also hardware? How is it configured so that HA can see both networks? Is one of them visible through a USB interface or something?
They do now do a hardware option, though I’ve not used it. In one of my setups, it just uses the native ethernet, as well as a usb adapter. The software doesn’t have any issues with this.
To control Zigbee/Zwave you’ll need USB dongles. They did start offering their own hardware (essentially a purpose built Pi) but I’m not sure if it includes either of these radios.
What doorbell camera do you use?
Thanks!
My Home Assistant software and smart devices all are controlled locally and cloud access isn’t used but there are other, much more important reasons to avoid running it.
You should avoid it because Home Assistant is an addictive monster. It starts as a hobby and then the next thing you know you’re putting temperature sensors in your refrigerator and setting different brightness levels for your bathroom lights depending on the time of day.
Seriously though, the software gives an amazingly useful single dashboard for things you might use everyday including lighting, HVAC, alarm systems, weather, currency exchange rates, and entertainment systems. I use it every day.
Do you… set your thermostat based on the day’s currency exchange rate? Do you wake up and say, “Honey, I can see my breath; the Euro must be down. Alexa, call my broker.”
Lol - that’s possible. I spend time in Mexico and Canada so I keep the exchange rates on my dashboard. Easier than looking them up every time.
I could set my the thermostat higher on cloudy days in the winter or more usefully, increase the setting when our cell phones are in the house and decrease it when we’re away. One guy put a vibration sensor on his nightstand and tapping on the stand turns on his bedroom light. There are way too many possibilities, useful and not.
Like if you were bitten by a radioactive Scrooge, and got miser-sense
They probably want to pull a Chamberlain and sell a bunch of crappy buggy, inconsistent, error-prone addon services for $60/yr after you’ve already purchased the product.
But yeah, lesson mostly learned. Don’t support companies who only offer cloud-dependent services because they will definitely turn on the customer when they reach the natural ceiling of people buying the product and start looking for extra ways to squeeze their customers.
Or go the BluAir route and offload all the processing onto the cloud. They sell the new machines for the same cost as the old machines, but they’re dumb as a bag of bricks. If not connected to the cloud, none of the automatic settings work correctly. When you contact customer support to troubleshoot why it doesnt work on auto mode, the first thing they have you do is delete it and reconnect it to the app. No care about updates. Its just a fan on a wifi switch now. Total junk.
The tos should only apply to the software and not the hardware, right? Or do you need to sign a waiver when you purchase the damn thing?
Not sure about the Haier thing. My HVAC has an add-on “smart” controller that I had to pay extra for, and the ToS are no doubt attached to that.
The tos applies to their service, that is, they have a cloud service, and you have to abide the tos to use it. It doesn’t factor into hardware or software specifically but their hardware and software might not work without the service
It doesn’t work without the service. From the email you can tell that the functionality is going through their cloud service.
It’s probably to access their API in order to control the device remotely.
And so they can’t possibly actually do anything right? This is just a scare letter?
They probably can. I’m sure they’ve covered themselves with some bullshit ToS that governs the use of the cloud service itself, and acceptance is implied when you use the service.
There’s a part of me that really wishes it could be challenged, though, by pointing out that leaving the cloud service open to public consumption without some form of authorization should simply be a case of tough titties to them. Lock your shit down if you don’t want people like us using it in ways you didn’t intend.
But, as we all well know, once lawyers get involved, it’s simply too hard to fight this sort of shit.
Genuine question, since the code itself doesn’t infringe on IP (I think) wouldn’t the user executing the code be responsible for accepting the tos, not the repo.
The repo is just static non-compiled text files, it afaik isn’t actually communicating with their servers and therefore wouldn’t be able to accept any tos (implied or otherwise) (I don’t know if there are any actions, ci/cd pipelines, or deployments that would be in violation though)
I think it’s because the dev might’ve reverse-engineered the calls to the cloud service, and that may be where the legal sticking point is. Not a lawyer, so not 100% sure - will be interesting to see where this goes.
I saw elsewhere the dev has insurance, and they’re going to cover a lawyer, so they may very well fight it.
As a writer of software code and also of contacts (freelancer), I’m intrigued by the challenge of writing a TOS to prevent reverse-engineering an API.
In some way you’d have to represent the interface itself as the intellectual property, or something. Normal copyright covers copies, but this would be sort of like covering complementary parts. Like you invented a lock, and you’re trying to copyright or protect the set of keys that could open that lock.
The only way to stop the advancement of legal red tape is for people to consciously, willingly decide to take legal risks.
The reasons lawyers take over everything is because we do everything they tell us to do. Their job is to minimize our legal risk, and by doing everything they tell us to, we put legal risk at the highest level of priority in our own decision-making.
A conscious decision to, say, take the risk of a lawsuit or something, is the only way to be free of lawyers’ control.
Yeah, I feel like all Chinese companies profit off selling customer data first, selling products second.
In fairness, that’s just about any tech-connected company nowadays. Social media, streaming services - you name it. They’re all bloody doing it.
They could have done what Chamberlin did with MyQ and just locked the API down so that it can’t be used outside the app. What a ridiculous strategy that won’t backfire at all.
Yep, good point. That’s still a bit of a dick move, but a completely legitimate one too. If you don’t like people like us having a play and developing our own capabilities against the service, you can re-assert your ownership and lock it down.
Siccing lawyers onto a dev who is helping your customers use your product in new and improved ways is just plain fucking stupid.
“Significant economic harm”
Yeah, like my never considering you for any products ever again you pieces of trash. Why the fuck do your products even need to connect with the cloud?
Fuck off.
Why? Their response showed why: so they can sell your data. There’s literally no other reason. And they can’t just sell a product for profit, that’s not enough, they have to also sell out our privacy for more revenue! Otherwise they would have stayed quiet, maintaining plausible deniability and not taken this step. It’s literally never enough for these scumbag companies…
Oh yeah, I mean my question was pretty much rhetorical, selling my useage data isn’t a good reason for this to happen.
Still, I’m glad you responded so anyone who wasn’t already familiar can get the perspective.
Special shout-out to LiftMaster/Chamberlain who did the same rug-pull on their customers last year.
Never trust free cloud services attached to a paid product.
Fuck these guys for real. I had just set up a raspberry pi and nfc tags. I’m not buying their shitty ecosystem even harder now.
LiftMaster/Chamberlain
Get a ratgdo. It’s a little ESP8266-powered board that connects to the garage door opener and lets you open/close it and turn the light on and off, and reports the status of the door (opening, open, closing, closed) and obstruction sensor status via MQTT, entirely locally. I installed one on my LiftMaster garage door opener (an old version with no smart features) and it works well! I zip tied mine inside the plastic cover that goes over the light bulb, as per the developer’s recommendation.
They have a beta firmware for HomeKit integration too, to directly control it from Apple devices if you don’t want to run something like Home Assistant with an MQTT broker.
“ratgdo” stands for “rage against the garage door opener” :D
based device name
A garage door opener is simply a machine so a shorter name could be “rage against the machine.”
Wait…
Jesus I finally just understood where the name was derived from. I thought it was just some odd Chinese-Amazon-store-esque name.
Go one step further and make your own using ESPHome.
The issue is that Chamberlain/LiftMaster garage door openers made in the last 15ish years use an encrypted communication protocol over the wire, so a basic relay won’t work.
There’s a project called rat-ratgdo where the ratgdo has been reverse engineered and an open-source schematic has been produced. You can make your own based on that and use the ESPHome firmware for the ratgdo. For me it was just easier to buy the ratgdo.
I ripped mine out as soon as they pulled this. Fuck them, they won’t get my data if they won’t let me do what I want with a product I already paid for.
https://github.com/Andre0512/hon/issues/147#issuecomment-1892738060
Looks like the owner isnt taking it down and will force them to take it down.
I’m curious what the legal reason is for this. They arent actually using any illegal IP right?
They just don’t want to go through the hassle of securing their api, so they’re trying to strong arm the devs into dropping the project.
It would be laughably easy for them to kill this, but maybe their devs aren’t competent enough to do it.
This seems like the answer. If there is no proprietary code and they did not actually reverse-engineer patented technology, I doubt they have a leg to stand on.
It costs nothing to threaten to sue, and it sometimes works.
afaik reverse engineering is generally legal so long as the person prosecuting you can’t prove you used insider knowledge
This is why things like game system emulators are generally fine
Reverse engineering is legal, but if you still arrive at a solution covered by a patent, then that solution is illegal. But this shouldn’t be covered by a patent.
Software patents isn’t a thing in Europe, so that doesn’t hold any weight for Haier. Even their terms are null and void as is the case of almost all “terms of service” documents in Europe.
That wouldn’t stop them from pursuing something in a US court if the other party is in the US. But even here, I doubt their argument would hold water in an actual trial, considering existing precedent.
That seems like it would be nearly impossible to prove with software. There are so many ways to structure solutions and most of them conform to an open standard
It’s an open source project repository. It can be compared to the process descriptions in the patent. But patents and copyright don’t cover APIs, as decided in Oracle vs Google in 2021.
I’m saying this usage of reverse engineering is probably safe, but if you reverse engineered a way to process data that happened to match a patent, it doesn’t matter that you never saw the patent or original code, it can still be infringement.
It would still require a lot of time and hundreds of thousands of dollars in lawyers.
It wouldn’t require that much time or money to lock down the API. It’s not something they’d have to create from scratch.
Although I’m sure the entire platform is a mess of spaghetti code, so maybe it would be expensive to have someone untangle it enough to implement.
APIs are, by nature, open. Anyone can use them. The business bros don’t like this fact and are using lawyers to express their distaste for people using their product as intended.
Not to excuse this sort of behaviour, but at least they’re honest enough to say it’s about the money, instead of hiding behind excuses like “bUt sEcuRiTy vUlNeRaBiLiTieS”.
We need laws to prevent this kind of anti-consumer bullshit (yeah I know, a pipe dream) and for people to simply not give Haier their money, or data.
I don’t even think this is honest, I doubt that a small FOSS project is causing “significant economic damage” to a company of such size. It’s just user-hostility and the wish to control the users and the products they bought and paid for. Unfortunately, this is an increasing trend among companies.
One thing I find annoying is that there’s no way for me to let the company know that this behavior lost me as their customer forever unless they change their tune.
I’m fairly sure I’m the kind of person they’d market those products towards and it hurs them, but there’s no wat that I’m aware of to let them know.
If there was a way, and a significant amount of people would do so, maybe the decision makers would understand it’s stupid…
Make a project of getting escalated up to an executive through a chain of emails. LinkedIn provides a good starting point with contact information.
A while ago, I expressed my desire to tell a Microsoft executive to fuck themselves over a decision that frustrated me and that idea proved fruitful. (Thanks lemmy) Just stay professional until you earn your prize and, at worst, you’ll waste some of their money as your potential entry point wastes time reading your entirely unrelated message. Change emails if you care to cover your tracks.
That’s actually the one thing that Twitter is still good for.
It was the only thing I ever used Twitter for. Then it stopped working as I think a lot of companies stopped caring. Then Musk came along and I closed my account.
You can contact them https://www.haierappliances.com/support/contact-us
Sadly, those who care about ethics is a small number. See Reddit as a good example. You and I go “this company sucks, I’ll spend my money elsewhere.” Most people go “ooh, monkey like shiny” and that’s the end of it.
At this point I need a website that tracks companies BS and gives them a grade level. Just too effing many of them.
Hmmm… Like the BBB but better? The better BBB? BBBB perhaps… Or B^4…
“Know B^4 you buy”
BCFC - By Consumers for Consumers
BBB is run by businesses, for businesses.
Not a consumer protection agency.
This was always the funniest thing when I worked product support. Folks would threaten to go to the BBB and we’d just mute to laugh
They didn’t just pit us against each other through populist politics, they also hired us to fight one another.
It’s pretty impressive in its darkness.
Bruh, it’s screeching Karen’s wasting everyone’s time trying to get something for nothing when they’re already in the wrong. Let’s bring it back to the real world, here.
I always used what flexibility was available to me to try to do right for our customers, but we had a shocking amount of people literally trying to commit insurance fraud among other things.
Listen, I get where you’re coming from don’t get me wrong, what I meant was, back in the 80’s, if you had a complaint, you had a number to an office, and the person answering was responsible for the content of the conversation, you know?
Now, as I see it, we’ve been kind of outsourced to take each others shit without having any real power. I don’t know maybe that’s trite, like obvious, you call a support center and get connected to India, know what I mean? They just offloaded their responsibility on the consumer, of which the employees most certainly are- we’re all just consumers in the end. My 5c, also, apologies for any gangster lingo, I’m fuck white, I’ve just been watching a LOT of YouTube videos.
Just a quick reminder to anybody reading this:
The BBB is not a government institution. It is nothing but a for-profit company
Its almost a poorly made extortion racket: if you are a business that does not pay the bbb to get a good rating they rate you badly till you do. But either way they can’t actually do anything about shitty companies, its all the illusion of having recourse for the consumer when there is none.
Hmmm… Like the BBB but better?
No, I mean like just a static page that lists every company and with a grade to the right of their names, and you click on a company name to drill down to comments about them and their grade. A quick lookup reference that someone can use before purchasing a product.
Basically like how they have websites for movies, but for companies instead.
The BBB doesn’t have such a thing AFAIK, it’s just a place for reporting companies at an individual complaint level.
What do you call supersized legos all painted black?
Big black blocks.
There’s https://foundation.mozilla.org/en/privacynotincluded/ for privacy, at least.
Bullshit from companies continues… someone don’t forget to upload all code to the Internet Archive just in case.
It’s pretty easy. Download the repo from GitHub as a .zip and upload that to the archive. Pretty simple. Don’t forget to do this for both repos.
Indeed it is, I just can’t do it right now
Also fork the repos. Git makes duplicating a repository simple, and preserving history with a fork is way better than uploading a zip snapshot. For best results fork to GitLab, Bitbucket, Codeberg, etc. as well.
Forking yeah, but not by clicking the Fork button on Github. When a repo get DMCA its forks get deleted too…
Isn’t the whole point of this to not use their services? As long as Haier’s software and servers are not being touched I don’t see how they have any legal standing. This guy should speak to a lawyer to verify if this is the case.
Anyhow, the last Haier/GE air conditioner I took apart had a commodity off-the-shelf USB Wi-Fi dongle inside it plugged in via a short USB extension lead to an off-the-shelf microcontroller board to enable its “smart” features. I’ll bet you a dime Haier is violating the terms of at least one open source license, possibly more than one, via the software stack they’re running in there. So as far as I’m concerned they’re free to take a flying fuck at a rolling doughnut.
Generally, a lot of companies that add “cloud enabled” to their products don’t let you access the local device. Home Assistant isn’t talking to the air conditioner, it’s logging into their web interface. If it’s polling 1/minute, that can be a lot of extra traffic, compared to a normal user.
The better solution is to work with their buyers, not against them. If they provided a local API, then the excess traffic would go away. Theirs no money in that, in the short term, however. So they take the lazy route.
There’s a reason I only buy IoT type devices with a local API. They also have a tendency to turn servers off. Suddenly your smart device is bricked, despite working fine.
The problem is it’s a script that logs onto Haier’s servers with the user’s email and password and starts polling for data. Considering that most designed usage is probably based around users every once in a while checking and adjusting their thermostat, just one user with an HACS install doing a poll every minute is 1440x more usage than the next who checks it once a day. If HACS uses were the majority of traffic for these devices I wouldn’t be surprised by that metric.
That’s what probably meant by the ToS because the users using it are probably violating it, and the addon can be considered as something that makes violating it easier (it doesn’t have a secondary purpose other than using a set of credentials that are only given after accepting the ToS).
I’ve had crappy “Smart” ACs and Samsung was the absolute worst. At random times their AWS instance in Europe would go down or their app wouldn’t respond. I gave up and coded my own script to directly interface with the device over the local WiFi. You cut Samsung completely out of the equation. You don’t have to worry about their servers not working anymore. That’s an ideal way for an add-on to work. Ideally most of the script can be retuned to work directly with the device.
Any appliance made by Samsung is pure garbage. I just got rid of one of their dryers and I’m very glad to have it gone.
What kind of trouble did you have with the dryer?
All the parts they used internally are made to be as cheap as possible. The rollers that support the drum, and the belt tensioner, use low quality bushings that wear out prematurely. The extra fiction the parts caused would cause the belt to fail too. I’d have to tear the entire thing apart every two years or so and replace these parts to keep it running, far more often than I’d have to repair any other dryer brand. The sensor dry cycle on it never properly dried the clothes, and the steam function on it didn’t work very well either.
A friend of mine has a Samsung dryer, washer, fridge, dishwasher, and microwave. He hates all of them with a passion for similar reasons.
I don’t hate everything Samsung as I’m quite happy with their tablets and watches, but I’d never purchase another one of their appliances.
My drier squeaks a lot, it seems like the previous owner has replaced the wheel once, and I replaced the wheel again, and it still squeaks…
Seems like the customer would be violating the TnC, not the repo owner
I said that?
I’m curious about the details, yeah. Maybe they’re plugging into some API or something? Breaking some safety measure? Otherwise I really don’t see how these threats aren’t empty. Suing somebody for breaking EULA terms does not have a great track record, and neither does modifying things you buy or making unauthorized software for computers.
But hey, if the guy says the project is coming down, then I guess the aggressive language did the thing they wanted it to do, even if it’s relatively toothless.
are in violation of our terms and agreements
So what if you dont agree with their terms? What then? Cant you just host the repo and tell them to fuck off since you sisnt agree to anything?
Not to mention this is being used to control products purchased by individuals. Are they not allowed to use their AC after paying for it because they don’t agree to Haiers TOS?
Did OP even agree to their terms?
Right… a violation of our TnC… doesn’t matter. Maybe for the customer, not the repo owner.
Badwill. Always a bad strategy. Join progress, don’t fight it.
I don’t have any Haier products but as a Chamberlain/MyQ garage door owner I can relate all too well. At least ratgdo is an option for the garage doors, I doubt there’s anything nearly as simple for the Haier users.
Fuck these companies.
GitHub also has a legal defense fund for developers. GitHub lists it on their DMCA takedown page.
When GitHub processes a DMCA takedown under our circumvention technology claim review process, we will offer the repository owner a referral to receive independent legal consultation through GitHub’s Developer Defense Fund at no cost to them.
They created this fund after claims were made against a YouTube downloader from a third party. (not Google)
I don’t know if this would be an anti-circumvention claim, but it doesn’t sound like a bad idea to ask.
Isn’t GitHub Microsoft owned now? Or am I missing something?
It is owned by Microsoft.
This is ridiculous. It is truly ridiculous. How can something that enables the user to efficiently control their AC cause “significant economic harm”???
I assume they have their own app and run ads/user analytics through it that make them money.
I have to wonder if you bought their products on the basis that they worked with HA, if you could have some sort of claim here.
No, thankfully I don’t use any of their products. But I find their statement ridiculous. If I buy something, it’s mine, I own it because I paid for it. The manufacturer can fuck off.
If you dig just below the surface, you will find that the very philosophical concept of “ownership” comes with terms and conditions.
But they want you to use their app.
And they’ve decided if you have a HA plugin, you won’t.
So we do our research, and avoid scumbag companies when making purchasing decisions, or more likely, pick the lesser of a several evils.
So we do our research, and avoid scumbag companies when making purchasing decisions, or more likely, pick the lesser of a several evils.
That’s why I created this post. To inform people about Haier’s shitty and customer-hostile solely profit-oriented business practices.
Hell’s Angels? Because it feels like everything works with Hell’s Angels now.
As if I needed another reason not to buy their shitty appliances.