FTC Pushed to Crack Down on Companies That Ruin Hardware via Software Updates

Couldn't agree more.

A recent example - you buy a $1600 virtual reality headset (HP G2, specifically). A couple of years later the manufacturer drops support and Microsoft disables WMR capabilities.

This bricks a perfectly functional, expensive, device.

Personally, I feel the "right to repair" should extend to software. Why am I not allowed to revive an old mobile phone with a new OS version? Why am I not allowed to revive an old device by modernizing its hardware driver? Why can I not bring an old video game back to life?

Yes source code is IP - but maybe an expiration system similar to pharmaceuticals should apply where, for instance, a regulator compels a companies to release the sources of their drivers & services when a product or service is no longer officially supported.

And such dependency should only be permitted if there is some essential function the server is providing. Unfortunately, for a lot of devices that's inherently required to get through the firewall--for example, my garage door opener. Since it's not accessible from the internet the app has to communicate with the company server, the same server the opener opened a connection to to listen for commands.

There's also the grey area of remote kill. It should be required to be disclosed up front and the company should be required to put up a deposit with the FTC for a simple you-can-live server. If the company shuts down the FTC's copy is spun up and anything that hasn't been killed continues to operate.

OR at least you should be required to prominently mark the devices as "dependent on the manufacturer's servers"

Right next to the prominent label about causing cancer in the state of California, presumably.

I feel a notice wouldn't work here because the average consumer wouldn't understand the implications of depending on the manufacturer's servers or what it even means, plus every smart doorbell or whatever would just include it so it's not like it'd affect any consumer's choice

I think the opposite side of this coin is that the company should clearly define the minimum lifetime of the product and it support, including what services they will provide upon its sunset (such as a partial refund and disposal if the product folds before that date). I want to make an informed decision, and like you I would shop for another product beyond this crap we subscribe to.

When I buy a device, I don't want a perpetual, tethered relationship with the manufacturer in order to work the device.

Then don't buy that device. I know this will be unpopular but there is an entitlement here. I want X, X comes with insane restrictions, instead of sticking to my principles I will buy X then complain about the restrictions. I agree it shouldn't happen, but I also don't buy anything that allows that to happen to me.

I mean, I fully agree, but how would any jurisdiction even enforce this? If the manufacturer goes out of business, their cloud service will be shut down 90% of the time (exception is if some entity buys the bankrupt company to restructure it). No one has any incentive to keep a service running that makes no money.

And I believe (not totally sure though) that IP is always part of the bankruptcy assets so probably insolvent companies are not even allowed to just open-source their stuff and allow configuration of the backend so users could set up community-servers and keep things running.

Completely different are cases where companies continue to live but lock features behind new paywalls like Happiest Baby with their Snoo bassinet, invent fees to hinder re-sale like Peloton or cripple working hardware like Sonos did.

Those make me unreasonably mad, not just because I already have too many subscriptions for things that improve my QoL but add up, but also because I do care about my CO2 and environmental footprint. I do not want to trash working devices just because they are now 2 years old. Companies should untether them if they think further cloud support is no longer viable and at the very least should support them for 7-10y.

Don't stop at hardware. If the software runs locally but connects to a server for some non-essential or non-functional feature, it should continue working after they shut that server down.

When I buy a device, I don't want a perpetual, tethered relationship with the manufacturer in order to work the device.

Yes, but all the manufacturers want you in that relationship with them, and the technology of "internet" has finally given them that ability.

It's just a reminder that capitalism doesn't produce the best goods for consumers, it only produces the ones that are just not shitty enough that people keep buying them.

No matter how good a product is, the market will inevitably enshittify it to optimally conform to market incentives.

Products configured this way are a combination of a "logic bomb" [0] and a "dead man's handle" [1]. Together they form a very nasty combo.

Suicide bombers like release-to-make switches, so if you shoot them they at least complete part of their mission.

Companies that create self-destructing products are thinking like this. They are binding their survival to that of their customers as human shields and saying "we'll take you with us".

It's very disturbing psychology and having laws that allow companies to do it, even by hiding behind supposed technical ignorance, is a problem.

[0] https://en.wikipedia.org/wiki/Logic_bomb

[1] https://en.wikipedia.org/wiki/Dead_man's_switch

It shouldn't really matter whether a company discontinues their service or not, because the right way to address this trend is through antitrust enforcement against the bundling of device products with software service products. These two things should be distinct product offerings with independent markets, and devices should be straightforwardly configurable as to which specific servers/services to use (with openly documented protocols, of course).

They should not be legally allowed to use the word "buy". They're actually renting out their products.

The way it's sold, you buy all those services from the vendor, and need their device to get access. So either the device should be replacable at low or no cost, or you should be able to switch vendor.

Alternatively we could require companies open-source the server hardware if they choose to shut down their for-profit offering.

Another option is to require companies go the Minecraft route where the "server" portion is always free to download and run but you need the paid client to actually connect to the servers to play the game.

So then the new-business model is escrow for ensuring continuity of server-based services ?

you should be required to prominently mark the devices as "dependent on the manufacturer's servers")

Actually it's "we spy on you and reserve the right to brick your device at any time", which pretty much every EULA already covers ...

"dependent on the manufacturer's servers" should also require that it let my install my own certs so I can MITM that connection and see what it's saying to the manufacturer's servers.

I really wish that what we got instead of "Hey, your device can connect to smart-things.com and do stuff, ain't that need!" we had "Hey, this device speaks Protocol 1.2.3 over bluetooth which you can import to smart-things.com or other services".

There really is no reason why a phone couldn't, for example, have a home management app on it that manages all the IOT devices over bluetooth or other protocols directly rather than needing an internet connection.

Just look at the ones that support Tasmota (or ESPhome).

Those use opensource software, integrate nicely into home assistant, and well.. are "local first".

If you want to cloud delete you may be able to install valetudo on your roborock. You still get a local control via webpage or the (foss) app.

https://valetudo.cloud/pages/general/supported-robots.html

Agreed - can't tell you how many cloud connected devices I've had that completely stopped working. Like my Mellow Sous Vide. Most of my house now is Z-wave and Zigbee.

WiFi is terrible for IoT anyway. Look into other procotols such as Zigbee, they don't connect to the internet, ever.

Wifi iot can be good, but it depends on a few factors

Devices with local API, be it binary or http, are one part of the equation. There are systems like esphome that are best in class.

The other part is getting a decent router and Wi-Fi infrastructure to support them. Most consumer routers crap their pants after 30 or so devices

I used to be vehemently against Wi-Fi. Internet of things stuff, but when I got my new house, my current house I've been building it out in a hybrid approach. Approach. Lighting loads are controlled via lutron, and then non-lighting loads are a mixture of Z-Wave, zigbee, and Wi-Fi devices running ESPhome. My Network infrastructure is a unifi system. It's been more or less bulletproof

I just bought a bunch of Shelly wall switches and US outlets. They are very affordable and use an open source OS on what I think is an ESP32 enabling Bluetooth and WiFi. They have an IoT cloud thing paired with their app BUT you can disable their cloud or use your own cloud URL, enable RPC over http or UDP and write your own code, use MQTT, local web server in the switch, etc. The outlets are just relays though they measure load current and voltage. Bonus is they do not need to be commissioned through an app - you can do everything over a browser or http calls via curl so you can use whatever OS and even script it.

My only gripe is the wall switches do not have any ability to accommodate retrofitting a 3/4-way setup which is quite common for stairwell and hallway lighting.

Edit: here's the dimmer API for reference https://shelly-api-docs.shelly.cloud/gen2/Devices/Gen2/Shell...

Good for you!

I depend on nothing in the cloud and I only have encrypted backups in the cloud secondary to local back ups. I even download my email in Thunderbird.

Apple is criminal when it comes to cloud dependence. An iPhone is mostly useless without an iCloud account. With GrapheneOS and Android there is no dependence on the cloud. I am just pissed that the android phone makers keep getting rid of SD card expansion.

I will never own an IoT device though. I never saw the convenience of them over the hassle and cost.

Without regulation, I'd be afraid that it would simply become impossible to find a product that doesn't have customer hostile features. Companies don't need to fear lacking stickers if their competitors lack them as well (or if they don't have viable competitors).

Good idea! Like a nutritional label for electronics. The FDA is very strict about nutritional labels, as they should be.

Stickers still need regulation.

Europe has the CE marker [2] which indicates that the product meet EU safety, health or environmental requirements.

However, China created the "CE" marker (China Export) which looks very identical to the Europe CE marker [1]. ChinaExport does not imply any regulations.

So if you buy a power supply from China you might think it is safe due to the "fake" CE marker.

1: https://www.kimuagroup.com/news/differences-between-ce-and-c...

2: https://en.wikipedia.org/wiki/CE_marking

That just throws the burden back on consumers. Many products already come festooned with stickers or logos printed on packaging, and most of them are little more than flair. I can also politicians demanding to know why taxpayers' hard-earned money is going to promote products that are 'anti-innovation' (telemetry-free) or 'support criminality' (E2EE).

because the FTC got it wrong

Ok. What if instead of the FTC getting it wrong, they only put out rules and regulations on very obvious situations, where it isn't really possible to get it wrong?

People do this very weird thing where they bring up the downsides of government regulation, but they don't recognize that some problems are easier to solve than others.

Not everything is a matter of "well, its just trade offs! What if customers prefer to have their hardware purposefully sabotaged and they bought the hardware because they want to be screwed over".

A much better explanation, is that sometimes consumers don't expect to be completely screwed over, they don't know what they magic seals or pages of fine print mean, so they buy the thing anyway, without knowing the consequences.

Once again, this argument can perfectly reasonably be applied only to the extremely obvious situations, where we don't have to go all in on the libertarian, perfectly rational actor arguments.

This is why none of my brand new appliances will ever be connected and allowed a firmware update.

I started just sending broken products back to Amazon. My DENON smart speaker broke outside of warranty (1.5 years), so I bought a new identical speaker and returned the broken one.

It's unethical but I am just tired of paying $$$ for products that break right after warranty ends.

We've lowered our expectations so much that common decency like that is now "above and beyond".

They got sued in a class action lawsuit for that, which got dragged out for ~7 years: https://en.wikipedia.org/wiki/OtherOS

And in the end users who had used that feature and lost it got... $10.07

Exactly what I thought of, too. Was the PS3 the first forced-downgrade?

Sony omitted OtherOS support with the PS3 Slim hardware revision with seemingly no technical justification and later removed it from existing consoles.

Afterwards several researchers investigated how to execute third-party code on the device and succeeded. [1] In response Sony did attempt to prosecute several people under DMCA and similar claims [2] and were more successful with certain defendants in some countries versus others.

[1] https://media.ccc.de/v/27c3-4087-en-console_hacking_2010 [2] https://en.wikipedia.org/wiki/Sony_Computer_Entertainment_Am...

Make blowing eFuses in devices illegal.

Do you mean before or after manufacturing? Afterwards, I agree. Before, no way: that's how most modern CPUs work. They put a bunch of crap on the chip and make them all the same way, but due to defects, different chips have different parts that don't work, so they blow efuses inside the chip to disable the broken parts, and then sell the chip as the variant that doesn't include that function.

They also enable things like resettable fuses in a car (ie Tesla) such that you don't need to have some dumb fuse in the fusebox blow and then waste money/time buying replacements. Instead make them software resettable after a fault has been resolved and now you have eliminated a cost and made the system more efficient.

I think this gets tricky if their source code uses other proprietary software that can’t be open sourced. So in practice open sourcing would not be an option.

I could also imagine a common situation where there was some complex integration with various third party like OpenAI where it wouldn’t be that easy for users to handle themselves.

This is a surprisingly good recommendation. I would consider it fair.

Why should people be able to hold their products hostage if they aren't even selling or maintaining them anymore? Customers win and the company doesn't really lose anything. They aren't selling or maintaining it anymore!

tbf it's still a usable phone and still gets occasional security updates. I'd say the main way it has been rendered unusable is websites totally ignoring the possibility of screens that size.

I notice even with my 12 mini there's been a big increase in websites with horizontal scroll bars

In this case the manufacturer is destroying the value of an item after you bought it. So you can't just not buy it and no one will pay you for it.

I agree that regulation should be used sparingly, but I could see a justification for some regulation here.

Or tbh perhaps this could be solved by deregulation: remove DMCA protection for drivers and firmware.

you're old fashioned. that clearly isn't and hasn't been working.

Who needs the FDA when you can just choose to buy the canned meat without maggots in it?

the integral MacBook battery is swelling and a would be a total pain to replace.

You can go to Apple directly to get the battery replaced. They'll help you with Macbooks going back to 2015.

Why don't they work anymore?

The bricked PS3s that ran Linux?

Just speculating here but I assume law will answer this with one word: "intent". Did MS design this with the intention of planned obsolescence, or was it reasonable to impractical to avoid?

What happened to fire sticks?

This is a good reason to avoid proprietary solutions and instead build your own home server using open-source software.

You should name the car brand and model so others can avoid it.

A fair amount. They are more limited to the letter of the law, but they already had a lot of authority.