Vacuum bricked after user blocks data collection – user mods it to run anyway
tomshardware.com370 points by toomanyrichies 10 days ago
370 points by toomanyrichies 10 days ago
IMO a company should lose all control over technology once you've purchased it. Doesn't matter if it's "smart" or not. If the company wants to do something like telemetry, they can buy a license from you for that data. See how they like it when the tables are flipped.
Advocating regulation against dark patterns is tantamount to summoning the antichrist. All the money will run away to Galt's Gulch, or maybe Texas.
Can't you trivially reframe the initial purchase as being subsidized by that license? Your $200 smart knife sharpener would be $300 if it weren't recording audio 24/7 (for VAD, surely!)
I don't like it either but here we are
Then I invite them to offer such a product. I would love to buy e.g. YouTube premium, but as far as I know they still collect my data for advertising purposes, they just don't show the ads.
I want to buy privacy, but it's not offered.
We’ve lived with companies that didn’t need to take pics of my dick while I’m shitting to subsidize their operation for as long as companies were a thing. Anyone saying this dick pic status quo is inevitable and necessary is too VC-brained to be allowed to run a company.
I think you frame it that way you need to offer the other version.
I do wonder how many people would buy non-spy versions of devices given the option. More specifically, what that differential in price would be too. At worst it would be interesting to have a price explicitly stating what our data is worth. Many people actually internalize that it's not that valuable, but doing this would make it explicit.
Its also because people don't trust companies to not spy on them, even when they say they aren't, even when you paid them not to. They still will. So if I see a offer for to pay $100 more for a vacuum that won't spy on me, I think - yeah right, you're going to spy on me AND get any extra hundred bucks.
> I do wonder how many people would buy non-spy versions of devices given the option.
Depending on the discount for the spyware version, I'd guess close to zero. The general public has become completely numb to being spied on. It's hard to get someone to give up $50 (a real cost) for something nebulous like "very slightly less of your life is known by marketing companies".
I'd pay for it if I could somehow know that they also deleted all the data they tracked in the past (impossible since they already sold it 100x)
> It's hard to get someone to give up $50 (a real cost) for something nebulous like "very slightly less of your life is known by marketing companies".
It's easy to make claims like yours without the real world data. To believe that things are the way they are because that's the most efficient way. Back justification is not logical. Idk about you, but I frequently make mistakes and need to redo things. I'm pretty confident it's just because I'm human and not an omniscient god.
Also, I'd suspect it might be more than $50. We didn't create a surveillance capitalist economy with trillion dollar businesses that resulted in everything including your vacuum spying on you because your data isn't valuable. Clearly it is...
The problem more is that people don't understand how that data is used and can be used. Which I don't blame anyone for that. It's abstract and honestly sounds like the stuff of tin foil hat conspiracy theorists. But at the same time, here we are. The point of ads is to manipulate you to buy things. Which isn't always bought with money. We have several multi trillion dollar companies and I'm pretty sure they don't exist for nothing
Sure, that's basically how Kindle pricing works ($X with ads, or $X+$Y without ads) and it's infinitely better having the choice. If Amazon ever gets rid of the without ad version they will lose me as a customer overnight.
Likewise, there are a whole lot of products that don't have an "unsubsidized" version that I simply refuse to purchase (or have purchased and returned after confirming that they will not work when locked in IOT jail where they can't talk to the internet.)
> If Amazon ever gets rid of the without ad version they will lose me as a customer overnight.
A couple of years ago, I subscribed to Peacock Premium (or whatever it was called). The selling point was access to all their library.
At that time, it was ad-free.
It is now packed with ads, and they want me to upgrade to “Peacock Squeal Like A Pig,” or whatever they call it.
Instead, I just canceled my subscription, and avoid any Peacock stuff, which isn’t difficult. They don’t have much I want to see.
I have a friend who pirates everything. I have always believed in paying for my media, but it’s become such a clusterfuck, that I can sympathize.
I would encourage you to partake in sharing files with your neighbor, and on the occasion you feel strongly you want to support something, get that subscription for a month or buy some merch or similar to show you really appreciate what you watched.
It's what we've come to. If buying isn't owning, piracy isn't theft. And in a market where data theft is built into the price, well... you are the one to set the price and the recipient of who you deem deserves it.
>If Amazon ever gets rid of the without ad version they will lose me as a customer overnight.
Didn't they already remove the option for a completely ad free prime video experience or am I hallucinating that? They have such a ridiculous hold on the e reader market I feel like it is just matter of the next down quarter.
They seem to own 75% of the market, and I think you can get pretty much every book on every device, right? Of course your existing library is locked-in; ideally, that'd be illegal.
Worse - they actually can remove books that you've purchased. Not only revoke license for future downloads - but actually remove them from your device.
Ironically they did that to 1984 book.
The “good news” is you can get a refund for titles that are removed. But you have to ask for it.
Does it actually make a difference? I have an old Kindle (from 2013 I think) and I opted for the ad version. I only see ads on the lock screen, which means I never really read the ads. The few times I’ve looked at them intentionally, they were books I’d never consider reading, just from the title and cover; in other words, a terrible ad for the recipient.
Does the ad-free version not collect your data too?
I don't actually care if they collect my data in that particular case. There's really nothing of significance that Amazon gets from my reading habits that it Visa doesn't already get from my purchasing the book in the first place.
I care if I see ads, even if I "don't read them". And when it comes to other devices, like IP security cameras I might care a lot more about whether the manufacturer has access to the device once it's set up.
My goal was just to point out that there is at least one existing case where you can pick between a subsidized and unsubsidized (or less subisdized if you prefer) product, and having the choice is strictly better than not having the choice.
> I don't actually care if they collect my data in that particular case. There's really nothing of significance that Amazon gets from my reading habits that it Visa doesn't already get from my purchasing the book in the first place.
Visa knows you bought a book. That's all they know. Amazon knows that you actually read the book (or didn't), how long it took you to read the book, how many times you read it, every date/time when you opened it, what specific pages you flip to and re-read later, etc. Maybe you consider that data to be "nothing of significance", but Amazon doesn't see it that way. They spend a lot of time and money collecting, storing, and analyzing that data and it isn't because they didn't think it's worth anything.
That has been the way things work since the early 2000s. PCs started to come loaded with junk malware, and what those malware makers were willing to pay was the only profit the PC makers were making. Modern smart TVs are exactly at the same place; everybody is adamant that the only profit in TVs is with the sale of the usage data.
They should be forced to present both options, and the price difference must equal the revenue they actually make from spying.
Once again, I'm amazed some HN readers, like yourself, are unfamiliar with the basic tenets of the GDPR. (Hint: A company cannot provide a service on the condition that you provide unnecessary personal data or consent to spying)
If you work in a tech field, there is simply no reason for such ignorance.
It's adorable that you think every company actually abides by these rules. There have been class action lawsuits recently against the largest tech companies. Why wouldn't the smaller ones break the rules too?
It's akin to cheating in financial markets. Hedge funds will gladly commit fraud or other cheating methods as long as the fine is less than the income gained.
Well the article then proves clear violation of those rules. Not only is no consent or notification provided but when the secret data collection is blocked the device gets remotely disabled. Perhaps someone should file a complaint against this company and see if they get fined to death.
The GDPR doesn't impact a lot of companies, if you are acting on behalf of a customer who is the actual data processor for instance.
I do not think the value difference is $100 ;-) In fact, the longer you use it, the more money they can make off of you. (In that sense, that $200 is already WAY too expensive to start ;-) )
So yeah, reversing this would make the most sense. The default is: local data only and not connected. They need to pay me to get data.
Just like car companies, phones, etc, should be forced to do that as well.
Yes. That's what my comment was getting at.
And no, they shouldn't be allowed to set the price. If I buy a license from Steam, I can't name my price, so I don't see why these companies should either. If they want my data, then they'll either pay the money I demand or they won't get the data at all. Cutthroat, perhaps, but necessary.
It's not, things haven't gotten that much relatively cheaper (have you looked at phones? The biggest pieces of spyware you can buy?). This is a line corporations like to feed us so we feel guilty about being bad instead of putting that where it belongs: every CEO.
Yes, but then it should be sold as such.
If you're buying a service and not a product, then the consumer has a right to know!
This could be the sort of thing that a Nielsen takes care of, just like viewing data for TV.
Previous post
https://news.ycombinator.com/item?id=45503560
which points to the actual blog of the author on github, instead of a news coverage of it.
A good time to point out https://github.com/Hypfer/Valetudo.
I haven't tried it personally because my particular model of vacuum has some complicated and potentially destructive procedure to get the required access, but there's quite a few models where it can be installed easily.
I am super happy with Valetudo.
Since the robots got cameras and microphones, it's a no-go for me to have it in my home connected to some cloud.
It's little bit challenging to orient oneself in the project (tip: read a couple of the last release notes), but once you do, it's great.
I bought a new robot vacuum that was specifically recommended by the Valetudo project (Dreame L10s Pro Ultra Heat). The rooting was straightforward and non-destructive. The robot works great.
And the usage is much better even for non-developer people (i.e. my wife), as the UI is simple, not constantly changing under your hands, no ads, no upseling. It's a tool as it should be.
> ... because my particular model of vacuum has some complicated and potentially destructive procedure to get the required access
This right there is the root of the entire problem. We had IBM PC clones that you could recover and keep running for decades by easily replacing expansion cards, HDDs, RAM sticks, peripherals and even circuit components like caps, ICs and batteries. We used to partition our 50 GB HDD into a dozen little partitions and multiboot every conceivable OS out there. Now we have an oligarchic dystopia where even RAMs and batteries are soldered on and bonded with single-use resins instead of age-old screws. Even if you get through, you can't salvage or swap ICs because they're paired individually at device level. You can't reach the boot partition without a Ph.D in RevEng and a risk of still bricking the device 3 out of 4 times. And that's all for technological progress and security, they say! Those claims have as much credibility as their claims to making an honest living. It's weasel-speak, not engineering insight.
Modifying the device that you paid for should never be this complicated. Those greedy corpos are usurping the consumer's rights and wealth, plain and simple.
From my understanding (I might be wrong) the images are pre-built by the owner of the project right? I remember there being a form you fill and you receive a download link.
If that's the case what guarantees do I have there's no "funny business" on the image?
It runs entirely on LAN, ie; you just go to the vacuums IP address in a browser to control it. So you can block internet access for it if you're worried with no negative effects.
You can then cut the robot off the internet completely.
Which you cant do with the 1st party apps. This alone is enough for me.
The private builder is not great, but the reason are understandable, it is what it is.
First of all, it's Android Debug Bridge, which gives him full root access to the vacuum, wasn't protected by any kind of password or encryption.
Good. You bought it, you own it.
(I have no skin in this game --- my vacuum is as dumb as they come, and can be fixed with basic machine shop tools.)
> (I have no skin in this game --- my vacuum is as dumb as they come, and can be fixed with basic machine shop tools.)
The real question is, is that still an option? If it is, then for how long? Sadly, there are several other product lines that have entirely crossed that line a while ago.
If the day ever comes where this is not an option anymore, then I will just clean my house with a broom. Same thing goes for washing machines. If I can't buy one without internet, then I will clean my clothes by hand.
Smart things are the worst shit ever. They make everything take longer, given the debugging/upgrading overhead. Not buying into that. What would be smart, would be a washing machine that cleans, dries, sorts and folds my clothes. Without talking to facebook. I would buy into that, but I don't need to share my washing machine status on instagram
> If the day ever comes where this is not an option anymore, then I will just clean my house with a broom. Same thing goes for washing machines. If I can't buy one without internet, then I will clean my clothes by hand.
Perfect! I wish a large enough section of the population took this principled stance. Those greedy corpos wouldn't be abusing their customers so much if the latter were united in denying them the market and the opportunity. Those 'smart devices' really need and deserve a lobotomy.
There's a reason the vintage appliance community exists, and is growing. Replacement parts are still available for my decades-old vacuum cleaner, and even if they weren't, they're basic electromechanical parts that I could make or substitute easily.
"From there, he built a Raspberry Pi joystick to manually drive the vacuum, proving that there was nothing wrong with the hardware."
He should make these and sell them. It would be worth it to just drive it in "discovery" mode and give it the exact path to follow while cleaning. The constant inability to learn the floor plan is beyond annoying.
Depending on where he lives this might be illegal. Yes, we live in a cyberpunk dystopia where the manufacturer can break what you bought and then send you to jail for repairing it. You can read more about it here: https://consumerrights.wiki/w/Digital_Millennium_Copyright_A...
This shit is absolutely dystopian. The law must not just be reversed, manufacturers need to be taken to court for shoddy software. Insecure data collection and transmission should be treated the same as having unsafe electrical wiring. It is a defect that needs to be either fixed or the product recalled. As long as manufacturers are not just allowed to but rewarded for selling defective products this won't change. I expect the moment unsolicited data collection becomes a liability manufacturers will drop it like a hot potato.
>>>>> I expect the moment unsolicited data collection becomes a liability manufacturers will drop it like a hot potato.
Possession of the data needs to be illegal.
Here's how it could work. It's similar to how copyrights for music are enforced. A person whose data are found in someone's files or server can sue for "statutory" damages, which are levied on a per-offense basis.
>Here's how it could work. It's similar to how copyrights for music are enforced. A person whose data are found in someone's files or server can sue for "statutory" damages, which are levied on a per-offense basis.
That's not how copyright lawsuits work though. For the typical person torrenting, it's because they were caught in the act of torrenting (eg. they had a torrent client in the swarm connecting from an ip that was assigned to them). Otherwise it's a DMCA takedown and companies don't even bother suing. Nobody is getting their hard drives searched for illegal music and getting sued as a result.
That's right. I'm not talking about copyright, but about a new restriction on possession of the data. The only parallel is the use of statutory damages as a remedy.
What are the odds individuals learn their data has been found. What kind of damages could be awarded that would make hiring a lawyer and giving them 50% of winnings a worth while effort? I could also easily see individual cases combining to become class action reducing the winnings even further.
In other words, I find this a silly suggestion as it's just never going to work in the real world.
I seem to find out my data has been leaked in a breach every other month. I don't even care if I actually get the money for it, let it go to the class action lawyers. Life is good so long as the companies pay more than they make by holding the data.
There's an exemption from Section 1201 for "Computer programs that control devices designed primarily for use by consumers for diagnosis, maintenance, or repair of the device or system".
Are you allowed to share how you repaired the software? Because if not then what I said stands, he cannot sell these little Raspberry Pis or publish information on how people can build them themselves. That's one of the problems Louis Rossmann has been talking about in regards to the FULU bounty program.
That's news to me. Do you have a source for that I can look at? Not being snarky. I would legitimately like to read more about this.
Probably refers to regulatory exceptions that aren't in the statue directly, which are updated every 3 years:
https://www.copyright.gov/1201/2024/
I see in the "final rule" for 2024 (PDF) a section titled "11. Computer Programs—Repairs of Devices Designed Primarily for Use by Consumers", although it seems to indicate that nothing changed, as opposed to telling you what stayed the same.
I actually was just reading up on it yesterday because I've rooted a commercial e-ink word processor and was trying to sort out how much about the process I can legally share. The sibling post has the link to the LoC rulemakings that define the exemption categories. These exemptions are the same basis for any phone jailbreak, which makes me suspect it could be legal to publish methods as well as do it your self, but I'm still unsure.
I wish I had the abilities of the engineer, plus the time he could devote to the problem.
Thankful for people like this - with kids and family and work I’d probably have had this sit bricked for a year in my garage before finding time to tinker with it. Now I can just never buy any iLife product ever.
We should probably update this story to link directly to the hackers blog, they deserve the credit! https://codetiger.github.io/blog/the-day-my-smart-vacuum-tur...
There is a significantly easier option (although still more work than just buying a vacuum and using it as the manufacturer intended): get one of the Valetudo supported vacuums[0]. This firmware replacement blocks telemetry and allows for near complete feature parity with the original firmware, and flashing is (usually) relatively simple. Certainly much simpler than the process described here.
[0] https://valetudo.cloud/pages/general/supported-robots.html
> I wish I had the abilities of the engineer, plus the time he could devote to the problem.
Ability is a matter of patience and persistence. And both are the results of motivation. Anyone can learn anything as long as they really want it. (barring disabilities like depression that destroy motivation. But some people use even that as an opportunity to learn new skills that in turn help them recover.) But Time is an entirely different matter. You can find time if you really want to, but life has other priorities too - including time doing nothing (rest). Finding the extra time in between all that will depend on your craftiness. That's the true skill here.
Never connected my Roomba to the internet and it has worked fine for the past several years. It insists that I should connect to it via the app to resolve the occasional minor issue, but I would always ignore those. It's starting to show its wear and it's probably time for a new vacuum. I'm not sure if I'll be able to bootstrap one without connectivity, nowadays. Any good recommendations out there?
You might be interested in this project https://valetudo.cloud/
They have a list of supported vacuums
Valetudo is the best out there. I rooted my Roborock, and connected it my home assistant. It's super useful without having to send data to the cloud. The only thing is the developers are severely limited by how many vacuums they can support. I recently bought a Dreame X50 and it's still not supported.
Buy a used one the same as your current one. Find one with little use and you’ll be good for many more years.
I wish every product like this had giant warnings on the box, in the online listing, etc.
I bought a robot vac (after owning an early roomba for some time) - Opened it up, ready to use it - instructions said download the app to make it work.
It's back in it's box somewhere around here and never used.
Whenever I read about robovac. I wonder gow good are these robot vacs really?
Maybe it is just me, but surely would be less effort to hire a cleaner and they can do more than just vacuuming.
Sure, but a cleaner coming twice is the same cost of a robot vacuum that will work for a couple of years, typically. They do an okay enough job, but they need to run daily, sometimes twice a day, to really keep up considering it's limitations.
It really depends on how big your properties is. A cleaner here could be done in less than an hour and there is no cleaner charging £150 an hour.
What math are you doing here?
Robovacuums don't cost £150 an hour. If you buy one for £500 and run it every day for two years, you're paying ~70p per hour. Are there any cleaners who charge less than £1 per visit?
I was being hyperbolic because people seem to be overstating the cost of a cleaner.
I used to pay my Spainish cleaners about €20 euros a week for two cleaners. Granted that was while ago, but it was peanuts.
Also I'd rather have cleaner do it properly, than by a robovac that (as everyone says on the sibling comments) does half a job.
People obviously find them useful. But I will reiterate a sibling comments recommendation, get one that can run Valetudo : https://github.com/Hypfer/Valetudo
When I bought my Roomba in 2013, it cost as much total as I pay my cleaning ladies to come once every two weeks. If your floors get dirty easily, it's not really going to get them spotless, but it'll get them far cleaner than they'd otherwise be.
But the cleaners do more than the floors. Vacuuming takes me about 20 minutes once a week. I don't really see the point when I live in a 2 bed apartment.
I was surprised to discover that if you run the robot vac once a day or even every second day it significantly reduces the amount of dust that ends up on other surfaces.
You just schedule it and forget it. As everyone says it doesn't do as good of a job as you do but the main benifit is it's consistent about doing that job more frequently.
If 20 minutes is all you need once a week, yeah it maybe doesnt make sense for you.
I have a dog and need to vacuum at least once a day, currently.
Without a robot vacuum, Id go crazy.
> I don't really see the point.
You save the 20 minutes once a week.
That's it. That is the whole point. A slight convenience. I use one in a 1 bedroom apartment.
Considering some of these things can cost almost £1000. This firmly then lives in the total waste of money pile then. I will stick with my £50 tesco vacuum thank you.
I bought mine about 6 years ago for 200 EUR then. Still works. Had to switch the battery once.
I think it’s one of the most idiotic devices anyone could own. Buy a normal vacuum cleaner for half the price, spend 10 minutes a week vacuuming your apartment, and you won’t come home and find that your cleaning robot spent the afternoon choking on a shoelace.
But what if I'm too lazy to vacuum 10 minutes a week and don't want to do it?
You could change your attitude. A vacuum cleaner is already a labour saving device
So could you. You're already using one labour saving device, why not another?
Because it is relatively expensive, totally unnecessary and decadent and probably doesn't do a particularly good job (as people have admitted in their replies to me).
Additionally much like people ubering a McDonalds when the drive through is less than a 2 minute drive away. It actually causes additional headaches (food is more likely to come col and/or incorrect) and complications that don't exist with simply just spending a few minutes not being lazy is actually easier.
> probably doesn't do a particularly good job
It's not the same as a full vacuum run. But it's god as what they are designed to do. Clean a bit every single day.
All the crumbs that fall down in the kitchen over a day, don't get chance to get stamped into the floor. Noticeable less dust buildup on top of counters. I come home and it's done. Mental load removed.
It's neat. And you can get them from 80 EUR. Even if they only last 5 years, that's 16 EUR per year, but saves you maybe 8h per year. Maybe it's because I live in a relative rich country, but here that is not decadent. People buy cars for 50 000 EUR :3
If getting a small vacuum out quickly is a big mental load, I dunno what to say to that. It all seems like it isn't necessary.
It is like having a smart fridge or something that produce ice-cubes for me and loads of other stupid kitchen gadgets. I didn't feel the need to have a robot vacuum cleaner in the past and I don't feel the need to have one now. Especially with all the iffy spying stuff that it might be doing.
Also any of these things that is less than 100 euros is likely to be crap. I just got rid of a lot of old electronics tat.
The cheaper ones are great, because they don't connect to an app or wifi. Mine just has a remote with a timer. Like I wrote you, mine has been going for 6 or 7 years.
I'm not trying to convince you to buy one, I'm trying to explain why you have one. Because YOU said that you don't understand it. I'm trying to explain my needs. No need to shame me.
Of all the household items i have, the robot vacuum I would certainly buy again.