They need to crack down on companies that ruin hardware (or will one day ruin hardware) when they shut off their last cloud server.
There's no excuse for an appliance to brick itself or lose functionality just because of the manufacturer's remote action. When I buy a device, I don't want a perpetual, tethered relationship with the manufacturer in order to work the device. I don't want it to ask the manufacturer for permission to run every day. I don't want it to be dependent on the manufacturer to keep it alive. I don't want to create an account. I don't want to log in to the manufacturer's servers. I don't want them to know my IP address or my home address. Leave me alone, I'm just not that into you!
A hardware device should work on day 10,000 just as it worked on day 1. If you as a company can't do that, you should not be able to sell the device (EDIT: OR at least you should be required to prominently mark the devices as "dependent on the manufacturer's servers")
Couldn't agree more.
A recent example - you buy a $1600 virtual reality headset (HP G2, specifically). A couple of years later the manufacturer drops support and Microsoft disables WMR capabilities.
This bricks a perfectly functional, expensive, device.
Personally, I feel the "right to repair" should extend to software. Why am I not allowed to revive an old mobile phone with a new OS version? Why am I not allowed to revive an old device by modernizing its hardware driver? Why can I not bring an old video game back to life?
Yes source code is IP - but maybe an expiration system similar to pharmaceuticals should apply where, for instance, a regulator compels a companies to release the sources of their drivers & services when a product or service is no longer officially supported.
The current VR generation was destroyed by the manufacturers themselves with the exception of Valve. Oculus did develop nice devices as well, but you never could get a single replacement part if anything broke. Want to exchange a heavily used controller? Tough luck, maybe you find a used one that is heavily overpriced. Using any other controller isn't possible.
This isn't acceptable, especially not for devices in that price range. I recommend to try it once as it is an experience, but otherwise VR is pretty much dead again. But don't buy Facebook or something similar, they simply don't offer support for their hardware.
Smartphones are a tragedy itself. Security theatre destroyed it. I could have a safer phone that is on a current patch level instead of using the OEM OS. But my digitally incompetent bank doesn't allow me to use a good phone to run a banking app, because it doesn't allow rooting devices.
Even without giving you any source, manufacturers could at least provide binaries and a mechanism to flash it to devices. There is no technical reason to not allow this.
While I would agree that overall repair-ability isn't great, you're wrong. Replacement controllers are available without an issue directly from meta:
- https://www.meta.com/us/en/quest/accessories/quest-2-control...
- https://www.meta.com/us/en/quest/accessories/quest-touch-plu...
On the software side they have been pretty great with support IMO, e.g. by adding 120Hz to the Quest 2 quite some time after release and opening up the Oculus GO, after they discontinued it. Maybe not valve-level but definitely much more than I expected from meta, and their hardware was a third of the price of valve's, despite having an actual APU in them!
I don't believe I am wrong. Try to find a controller for the Rift or Rift S.
You may now want to argue that these devices are older. That is true, you mostly need replacement parts for older devices.
And software support? I do remember where Facebook forced me to make an account or the hardware would be unusable.
For me that was the argument to never buy hardware from Facebook again. Sure, it was Oculus at the time and even if technically the Rift and Rift S were solid products, I would thoroughly recommend to not become a private customer of Facebook for now. Maybe things have improved, because they certainly should.
Regarding rooted android, it is possible to bypass the root checks of most banking apps:
- 1. use MagiskSU for rooting
- 2. add some modules to bypass SafetyNet/PlayIntegrity (https://github.com/chiteroman/PlayIntegrityFix/releases)
- 3. For especially annoying apps add some modules to hide well-known "root apps" from the applist, so these apps don't know they're installed (https://github.com/LSPosed/LSPosed.github.io/releases + https://github.com/Dr-TSNG/Hide-My-Applist/releases) [I only needed it to get Pokemon-Go to work, banking worked without it]
My local banking apps and even google wallet work mostly fine with these workarounds. Though it breaks every few months, which is then usually quickly fixed with a magisk+module update.
If you're willing to buy a new device, then I recommend getting a Pixel on sale and flashing it with GrapheneOS[0]. No rooting required. Read up on it when you have a chance. Also, if you install the sandboxed Google Play Services layer (which doesn't require any Google account logins and has very limited access to the device) you will be able to run your bank app.
[0] https://grapheneos.org/
God, I just have to share a little experience that not too long ago happened to me, relating with what you said about oculus and repairability.
So, ol' monkeyfun had a quest 2 controller grip button break. From gentle, ordinary gripping. And on the same day as fixing an unrelated problem in another controller. Tragedy!
Naturally this loser went to fix it. No guides? Oh well, at least she could see 3rd party 3D printed parts online for sale.
Might as well disassemble it to see how broken the part is, to know what to order. Whipped out tools, started disassem-- aaaaaaand it broke.
Not only was there a terribly placed ribbon cable made very difficult to access, not only were tons of parts inconsistently either held in by the lightest friction or intense nearly glued-together forces or strange catches, but the precise intersection of these aspects (and a ribbon cable that was seemingly stuck to the connector on just one pin) meant that when a disassembly step caused the controller to spontaneously fall apart into a few pieces, it was so forceful that it damaged that ribbon cable.
AAAAAAAAAAA!!!! ================
For what it's worth, I anyway discovered that the way the part broke would need me to extract an embedded piece of metal anyway and make some repairs to another piece of plastic, so it was never going to end in success.
But it really made me appreciate just how terribly designed those controllers are for repair. Even the component that broke was... designed to bend a piece of plastic repeatedly from what I could tell, rather than say just having a small metal spring.
So user-hostile.
Need some kind of public domain requirements on sunset code/software.
Same as we need copyright maximums in the range of a generation (20 years). Having something come out of copy right 100 years later removes the cultural impact that putting a copyright into the public domain has. Primarily because everyone who was impacted by the original copyright is no longer alive. A prime example is steamboat Willie, aka Micky mouse og, really doesn't have any interest in doing much with it because it is culturally stale/mummified/dried out.
I think this would seriously tank the smartphone business. The reason why I have to buy a new phone every few years is basically sugarcoated planned obsolescence. If the software running my five year old Android phone was public domained, likely the community would keep my phone running for at least five more years.
Not saying that this shouldn't happen, though. Just saying that people suggesting this sort of stuff should realize that the economic consequences for some businesses would be major.
Not so sure in reality. There's a lot to dislike about Apple and I won't go into it, but as an example, I like their support policy. They promise 5y and usually it's 7y. They do disable features on older phones via feature flags where the performance would not be up to it (like on-device AI lately), but this rather long support does not seem to impact their sales negatively. Arguably it works for them b/c people know they can resell their phones after 2y and still get a good price as buyers know they will get support. I am one who switched from Android/Sony precisely because of this.
The same could be true for opening older phones as some Android makers do unlocking the boot loader and leave it to enthusiasts to port newer Android versions. Many phones get recycled to something different this way (controller for home automation) and would never reduce sales.
People talk a lot about how phones are built with "planned obsolescence," but different people mean wildly different things when they say that.
On one end of the spectrum are people who insist that the reason phones only last as long as they do is a 100% deliberate decision on the part of smartphone manufacturers to hamstring their own hardware, often going all the way into full conspiracy-theory-level thinking, with timed kill switches and the like. Frankly, I find this line of thought to be bullshit.
On the other end are the people who are talking about smartphone manufacturers using components that are chosen for being small, light, and/or cheap, rather than being durable and user-repairable, purely for reasons of design, practicality, and cost savings.
Personally, I know which side of this I come down on; Hanlon's Razor[0] applies here, as well as the fact that, to the best of my knowledge, no actual timed kill switches in hardware or software—nor anything in the same general vein—have ever been proven to exist. And if not even the lowest-grade independent Android phone manufacturers are putting those things in their phones, why on earth would the likes of Samsung, Xiaomi, or Apple feel the need to do so?
[0] https://en.wikipedia.org/wiki/Hanlon%27s_razor
Lack of software updates is definitely a factor why people have to trash a working smartphone but there are two more: software bloat and battery degradation. Newer apps tend to use more and more RAM an CPU so one have to upgrade or use slower and slower apps. Li-Ion batteries have limited life time. Even if you are ready to spend time and money on a battery replacement, spare batteries are available only for still widely used models.
Modern software stack for a phone or even less advanced devices contains a fair number of proprietary drivers, which wouldn't be released because the chipset designs they are written for typically outlive the devices they are used in (the chipset gets modified slightly and repurposed for another device). You cannot really get all of the software for the device even if you wanted to.
Related to this specific example, WMR headsets are just open enough for linux VR software to work with them - https://lvra.gitlab.io/docs/hardware/#xr-devices (of course this is an uphill battle, ...)
This necessarily requires software regulation, too—if your software requires internet connection, functionality should also require internet connections. Why am I making an account with you just to track my periods?
Hardware is complicated and there are just not enough people with the deep understanding to fix it. I've got lots of old 'open source' devices that lost traction in their developer community. Nobody ever managed to recreate a usable OS for the old Sharp Zaurus PDA until the device itself was completely obsolete.
New OS versions rely on new hardware functions (or just a higher amount of memory or I/O to be usable) so patching to run on old hardware won't deliver something running well.
Video games are a bit of a special case because there's the media copyright as well. But there are lots of reimplementations of game engines so maybe you can't but others certainly do...
Removing 3rd party code from the sources is apparently a monumental task and a major reason why sources for dead software aren't released more often.
I agree, but I also give the company the concession of being able to open-source the product when support ends. If they do that, I'm okay with it. As soon as they're done making whatever money they could from the thing and it becomes a burden to their pocketbook, hand the source code and schematics over to the community and let them take the wheel.
Not sure about others, but I am more likely to respect a company that does that and buy future products from them.
And such dependency should only be permitted if there is some essential function the server is providing. Unfortunately, for a lot of devices that's inherently required to get through the firewall--for example, my garage door opener. Since it's not accessible from the internet the app has to communicate with the company server, the same server the opener opened a connection to to listen for commands.
There's also the grey area of remote kill. It should be required to be disclosed up front and the company should be required to put up a deposit with the FTC for a simple you-can-live server. If the company shuts down the FTC's copy is spun up and anything that hasn't been killed continues to operate.
Garage door opener is a perfect example of a device that should NOT require a cloud service in order to operate. Think about how it works. I'm sitting in my house on my LAN, the same LAN that the garage door opener is on. I open the app to close the garage door. It sends a command out to some server on the Internet. Then the garage door, which is presumably polling the server at all times, receives the command to close from the server, and closes.
Why on earth can't I just send the command directly to my garage door opener over my LAN? That should be the simplest mode of operation possible. I only need Internet connectivity if I somehow want to close my garage door from miles away!
Because of NAT. Your door opener isn't connected to the internet, it's connected to your router, which uses network address translation to make all your devices share a single internet connection. So your door opener can send outgoing messages no problem, and the NAT router will route those outside, and then route responses to those messages back to the opener, but there's no (easy) way for a device outside your home network to access your opener. Of course, your phone or PC is on your home network, but only when you're at home. Presumably, you also want to be able to control your door opener when you're not at home, and at those times, you have to get through the NAT. Doing that requires the company's server, or something like Tailscale which sets up a virtual private network (VPN) between your opener and selected devices. But even Tailscale requires some type of server on the internet to work, even though the main traffic goes direct.
Basically, what you're asking for could have been a reality if 1) we had IPv6 (or just not IPv4 with its very limited number of unique addresses), and 2) we didn't have to worry about security so we could feel safe putting random crappy IoT devices directly on the internet and not worrying about hackers opening our garage doors or houses so thieves could enter and take stuff.
Over LAN. The thing about my home garage is that it's at my home where my wifi is. NAT and ipv6 doesn't enter the discussion if I'm already on my home wifi.
Right, I addressed that in my prior post.
Because you start with the absurd assumption that remote access is the primary function of a door.
It does not seem unreasonable that a users might want to open the door while they are coming down the street or turning into the driveway, before they are within wifi range. Maybe their home wifi just barely reaches the inside of the garage and doesn't extend past the garage door. Most folks are not exactly wireless network experts.
I agree it would be ideal to use a local network path if possible, but given that remote access is a requirement, I can understand why they just made it the default.
... Doesn't your garage door opener send an RF signal to the receiver on the motor?
Many of them now go through the internet. My friend had me install the app, granted me access to his garage door from another country and revoked it later, all while still in that country.
I'm pretty sure he's had it fail from right outside his house due to mobile network outages more often than he's used it from far away though.
Right next to the prominent label about causing cancer in the state of California, presumably.
I feel a notice wouldn't work here because the average consumer wouldn't understand the implications of depending on the manufacturer's servers or what it even means, plus every smart doorbell or whatever would just include it so it's not like it'd affect any consumer's choice
Love it.
This product may be revoked at any time.
This product incurs $30 billion in annual fees.
This product sells your usage data.
Yeah.
The features present at time of purchase may be changed, downgraded, or removed at any time.
With no obligation from the manufacturer to inform you of changes, and even if one exists in law, whaddya tonna do about it? We're doing the take it or leave it approach.
Whenever I come across a thing that contains a "terms of service" or "license agreement", I refuse to read it and make the assumption it says the following things:
Yep. Major turn off. I do not buy, unless forced.
Just have no need for the hassles.
Yeah these labeling requirements only work if you operate under the assumption companies will be truthful. But if they're truthful, we wouldn't require labels in the first place, they'd just do them. So it's dead in the water.
I think the opposite side of this coin is that the company should clearly define the minimum lifetime of the product and it support, including what services they will provide upon its sunset (such as a partial refund and disposal if the product folds before that date). I want to make an informed decision, and like you I would shop for another product beyond this crap we subscribe to.
This might be OK for a huge company like Google, but for many others, what good is it? If the product folds, it's probably because the whole company folded, and when that happens, you're not getting a refund, regardless of what any contract says.
Why people like me buy iphones? Not because they've got the best hardware or have the best camera or the best apps (though they're pretty damn good at those), not because they are open for hackers (they're basically the worst), but because the manufacturer provides de facto support for at least 5 years after release. My kids all have iPhone 8s and they still get security iOS updates.
Did they promise that anywhere? No. Did they kept on their unwritten and unspoken promise? Yes, for years now. Do you have to be Apple to do this? I don't know, would love it if the answer was no, but looks like everyone else treats this as cost and Apple treats it as value added?
The Elkjop electrical goods store in Norway supplies an environmental impact statement which often includes the manufacturer's estimate of the lifetime. For instance the Ankarsrum Assistent (successor to the classic Electrolux Assistent) kitchen machine it's 30 years with spare parts available for 12 years.
https://www.elkjop.no/product/hjem-rengjoring-og-kjokkenutst...
Unfortunately for electronic items the lifetime and spares information is usually blank because the manufacturer doesn't supply it.
This is the same problem as packaging. I think we should have a designated escrow service for the disposal costs of packaging that is taken off the front end, similar to the pension benefit guarantee corporation.
Imagine if there were a product support guarantee corporation which took, say, 4% of the cost of retail electronics sales, in order to guarantee their long term support.
Defining minimum support period is already required by law in UK and will also be mandatory in EU as of next year.
Then don't buy that device. I know this will be unpopular but there is an entitlement here. I want X, X comes with insane restrictions, instead of sticking to my principles I will buy X then complain about the restrictions. I agree it shouldn't happen, but I also don't buy anything that allows that to happen to me.
Many devices can absolutely be built in a way that they do not require a dumb remote server to work, but they're built that way anyways because the manufacturer is rent seeking. It can be damn near impossible to find equivalent devices that don't do that. It is absolutely right to get one and complain about absurd remote links that shouldn't be there in the first place.
Except when the device doesn't appear to be, but can be updated in a way that makes it obvious it does. Absolute statements like "all devices should be able to be jailbroken" or "I want things supported forever" or "just dont do x" are misguided. The world is more complicated, even on this issue. Any implemented solution will have holes and the world will be all the better for it. Progress requires things to die off.
I mean, I fully agree, but how would any jurisdiction even enforce this? If the manufacturer goes out of business, their cloud service will be shut down 90% of the time (exception is if some entity buys the bankrupt company to restructure it). No one has any incentive to keep a service running that makes no money.
And I believe (not totally sure though) that IP is always part of the bankruptcy assets so probably insolvent companies are not even allowed to just open-source their stuff and allow configuration of the backend so users could set up community-servers and keep things running.
Completely different are cases where companies continue to live but lock features behind new paywalls like Happiest Baby with their Snoo bassinet, invent fees to hinder re-sale like Peloton or cripple working hardware like Sonos did.
Those make me unreasonably mad, not just because I already have too many subscriptions for things that improve my QoL but add up, but also because I do care about my CO2 and environmental footprint. I do not want to trash working devices just because they are now 2 years old. Companies should untether them if they think further cloud support is no longer viable and at the very least should support them for 7-10y.
Force the manufacturer to release their source code for any server-side component of any product. Or API specifications and any HAB keys needed to boot new firmware on the device.
Don't stop at hardware. If the software runs locally but connects to a server for some non-essential or non-functional feature, it should continue working after they shut that server down.
local network isn't enough because these things are usually driven by phone apps and google and apple make periodic API breaking changes and kick everything off the platforms that doesn't constantly update. So even if its not server dependent many IOT things will still become unusable rather quickly.
Yes, but all the manufacturers want you in that relationship with them, and the technology of "internet" has finally given them that ability.
It's just a reminder that capitalism doesn't produce the best goods for consumers, it only produces the ones that are just not shitty enough that people keep buying them.
No matter how good a product is, the market will inevitably enshittify it to optimally conform to market incentives.
Products configured this way are a combination of a "logic bomb" [0] and a "dead man's handle" [1]. Together they form a very nasty combo.
Suicide bombers like release-to-make switches, so if you shoot them they at least complete part of their mission.
Companies that create self-destructing products are thinking like this. They are binding their survival to that of their customers as human shields and saying "we'll take you with us".
It's very disturbing psychology and having laws that allow companies to do it, even by hiding behind supposed technical ignorance, is a problem.
[0] https://en.wikipedia.org/wiki/Logic_bomb
[1] https://en.wikipedia.org/wiki/Dead_man's_switch
It shouldn't really matter whether a company discontinues their service or not, because the right way to address this trend is through antitrust enforcement against the bundling of device products with software service products. These two things should be distinct product offerings with independent markets, and devices should be straightforwardly configurable as to which specific servers/services to use (with openly documented protocols, of course).
They should not be legally allowed to use the word "buy". They're actually renting out their products.
The way it's sold, you buy all those services from the vendor, and need their device to get access. So either the device should be replacable at low or no cost, or you should be able to switch vendor.
Alternatively we could require companies open-source the server hardware if they choose to shut down their for-profit offering.
Another option is to require companies go the Minecraft route where the "server" portion is always free to download and run but you need the paid client to actually connect to the servers to play the game.
So then the new-business model is escrow for ensuring continuity of server-based services ?
Actually it's "we spy on you and reserve the right to brick your device at any time", which pretty much every EULA already covers ...
"dependent on the manufacturer's servers" should also require that it let my install my own certs so I can MITM that connection and see what it's saying to the manufacturer's servers.