Thankfully I don’t use any of their products, but this really pisses me off. They claim that this open source project “causes significant economic harm to their company”
This is ridiculous. It is truly ridiculous. How can something that enables the user to efficiently control their AC cause “significant economic harm”???
Consider forking the repository or mirroring it to another platform like GitLab, Codeberg or your self-hosted Git server, so the project can continue to exist and someone can maybe fork it and maintain it.
The effected repos are: https://github.com/Andre0512/hOn and https://github.com/Andre0512/pyhOn
If you don’t know about Home Assistant, check it out. It’s an amazing piece of open-source software, that you can run at home on your own server and use it to control your smart home devices. That way, you don’t need to connect them to the manufacturer’s (probably insecure) cloud. It gives you sovereignty over your smart home instead of some proprietary vendor-locked garbage. Check out their website and the Lemmy community: [email protected]
I also highly recommend Louis Rossmann’s video about this: https://youtu.be/RcSnd3cyti0
He makes awesome videos in general, consider subscribing.
As Rossmann said, don’t ever buy anything from such a shitty company that doesn’t respect their customers. This move by Haier is nothing other than a slap in the face for everyone, who just wants to comfortably control the product they paid for. This company is actively hostile towards their paying customers. Fuck these bastards!
This is ridiculous. It is truly ridiculous. How can something that enables the user to efficiently control their AC cause “significant economic harm”???
We’re discussing this over in [email protected]. This absolutely has to be about them losing access to data they can sell to 3rd parties. The hOn ToS will no doubt have a clause that enables this.
It’s a dick move for sure.
They want to advertise that their stuff is “cloud enabled”, while offering the shittiest service possible and putting as many roadblocks as possible to minimize its use.
Having people use their services efficiently is increasing their cloud services bill, can’t have that.
Personally, I’ve restrained myself from buying into IoT, and if I’m going to do so, I’ll make sure it can be controlled locally without depending on a cloud service, and through a hub I can fully control. I need to be able to disconnect my modem and operate everything even if the WAN is down.
I basically run my house IoT setup as you desire. My smart switches are a mix of Tasmota (open source firmware, running totally locally) and ZigBee (an open protocol for IoT interoperability). The whole lot is controlled by a NUC running home assistant. My doorbell camera also streams directly to the server.
Home Assistant basically acts to glue everything together, and provides nice, easy to use GUIs. It can also bridge between networks. It’s easy to have all your IoT things on an isolated network, with no internet access. Only the HA install can see both networks.
I’ve also been careful of WAF (Wife Acceptance Factor). If the internet goes down, almost everything keeps working. If the NUC dies, the switches still work as dumb switches. The bulbs all default to full brightness neutral colour.
I have a bunch of smurt plugs that require internet and I didnt know before buying that they cant be flashed. Jealous.
You can flash them, you just need some tools from AliExpress to hook leads directly to the UART pins on the ESP chip they’re using.
Sounds way harder than it actually is.
Its not an ESP, its some other bullshit
This might cover it for non ESP devices: https://github.com/openshwprojects/OpenBK7231T_App
It used to be most used esp8266 or esp8285 modules. Unfortunately, tuya have created a pin compatible module that explicitly can’t be replaced easily. They’ve pushed it hard with their ecosystem, so it’s all over the place.
There are still a lot of esp based devices about, but you need to be careful of anything with a tie in to tuya.
Ah, yeah. Any Tuya device should be an automatic no for anyone.
Haven’t used it myself, but this supports some of them: https://github.com/openshwprojects/OpenBK7231T_App
Is home assistant also hardware? How is it configured so that HA can see both networks? Is one of them visible through a USB interface or something?
To control Zigbee/Zwave you’ll need USB dongles. They did start offering their own hardware (essentially a purpose built Pi) but I’m not sure if it includes either of these radios.
They do now do a hardware option, though I’ve not used it. In one of my setups, it just uses the native ethernet, as well as a usb adapter. The software doesn’t have any issues with this.
What doorbell camera do you use?
Thanks!
They probably want to pull a Chamberlain and sell a bunch of crappy buggy, inconsistent, error-prone addon services for $60/yr after you’ve already purchased the product.
But yeah, lesson mostly learned. Don’t support companies who only offer cloud-dependent services because they will definitely turn on the customer when they reach the natural ceiling of people buying the product and start looking for extra ways to squeeze their customers.
Or go the BluAir route and offload all the processing onto the cloud. They sell the new machines for the same cost as the old machines, but they’re dumb as a bag of bricks. If not connected to the cloud, none of the automatic settings work correctly. When you contact customer support to troubleshoot why it doesnt work on auto mode, the first thing they have you do is delete it and reconnect it to the app. No care about updates. Its just a fan on a wifi switch now. Total junk.
And so they can’t possibly actually do anything right? This is just a scare letter?
They probably can. I’m sure they’ve covered themselves with some bullshit ToS that governs the use of the cloud service itself, and acceptance is implied when you use the service.
There’s a part of me that really wishes it could be challenged, though, by pointing out that leaving the cloud service open to public consumption without some form of authorization should simply be a case of tough titties to them. Lock your shit down if you don’t want people like us using it in ways you didn’t intend.
But, as we all well know, once lawyers get involved, it’s simply too hard to fight this sort of shit.
Genuine question, since the code itself doesn’t infringe on IP (I think) wouldn’t the user executing the code be responsible for accepting the tos, not the repo.
The repo is just static non-compiled text files, it afaik isn’t actually communicating with their servers and therefore wouldn’t be able to accept any tos (implied or otherwise) (I don’t know if there are any actions, ci/cd pipelines, or deployments that would be in violation though)
I think it’s because the dev might’ve reverse-engineered the calls to the cloud service, and that may be where the legal sticking point is. Not a lawyer, so not 100% sure - will be interesting to see where this goes.
I saw elsewhere the dev has insurance, and they’re going to cover a lawyer, so they may very well fight it.
As a writer of software code and also of contacts (freelancer), I’m intrigued by the challenge of writing a TOS to prevent reverse-engineering an API.
In some way you’d have to represent the interface itself as the intellectual property, or something. Normal copyright covers copies, but this would be sort of like covering complementary parts. Like you invented a lock, and you’re trying to copyright or protect the set of keys that could open that lock.
The only way to stop the advancement of legal red tape is for people to consciously, willingly decide to take legal risks.
The reasons lawyers take over everything is because we do everything they tell us to do. Their job is to minimize our legal risk, and by doing everything they tell us to, we put legal risk at the highest level of priority in our own decision-making.
A conscious decision to, say, take the risk of a lawsuit or something, is the only way to be free of lawyers’ control.
Yeah, I feel like all Chinese companies profit off selling customer data first, selling products second.
In fairness, that’s just about any tech-connected company nowadays. Social media, streaming services - you name it. They’re all bloody doing it.
They could have done what Chamberlin did with MyQ and just locked the API down so that it can’t be used outside the app. What a ridiculous strategy that won’t backfire at all.
Yep, good point. That’s still a bit of a dick move, but a completely legitimate one too. If you don’t like people like us having a play and developing our own capabilities against the service, you can re-assert your ownership and lock it down.
Siccing lawyers onto a dev who is helping your customers use your product in new and improved ways is just plain fucking stupid.
“Significant economic harm”
Yeah, like my never considering you for any products ever again you pieces of trash. Why the fuck do your products even need to connect with the cloud?
Fuck off.
Why? Their response showed why: so they can sell your data. There’s literally no other reason. And they can’t just sell a product for profit, that’s not enough, they have to also sell out our privacy for more revenue! Otherwise they would have stayed quiet, maintaining plausible deniability and not taken this step. It’s literally never enough for these scumbag companies…
Oh yeah, I mean my question was pretty much rhetorical, selling my useage data isn’t a good reason for this to happen.
Still, I’m glad you responded so anyone who wasn’t already familiar can get the perspective.
Special shout-out to LiftMaster/Chamberlain who did the same rug-pull on their customers last year.
Never trust free cloud services attached to a paid product.
Fuck these guys for real. I had just set up a raspberry pi and nfc tags. I’m not buying their shitty ecosystem even harder now.
LiftMaster/Chamberlain
Get a ratgdo. It’s a little ESP8266-powered board that connects to the garage door opener and lets you open/close it and turn the light on and off, and reports the status of the door (opening, open, closing, closed) and obstruction sensor status via MQTT, entirely locally. I installed one on my LiftMaster garage door opener (an old version with no smart features) and it works well! I zip tied mine inside the plastic cover that goes over the light bulb, as per the developer’s recommendation.
They have a beta firmware for HomeKit integration too, to directly control it from Apple devices if you don’t want to run something like Home Assistant with an MQTT broker.
“ratgdo” stands for “rage against the garage door opener” :D
based device name
A garage door opener is simply a machine so a shorter name could be “rage against the machine.”
Wait…
Jesus I finally just understood where the name was derived from. I thought it was just some odd Chinese-Amazon-store-esque name.
Go one step further and make your own using ESPHome.
The issue is that Chamberlain/LiftMaster garage door openers made in the last 15ish years use an encrypted communication protocol over the wire, so a basic relay won’t work.
There’s a project called rat-ratgdo where the ratgdo has been reverse engineered and an open-source schematic has been produced. You can make your own based on that and use the ESPHome firmware for the ratgdo. For me it was just easier to buy the ratgdo.
I ripped mine out as soon as they pulled this. Fuck them, they won’t get my data if they won’t let me do what I want with a product I already paid for.
https://github.com/Andre0512/hon/issues/147#issuecomment-1892738060
Looks like the owner isnt taking it down and will force them to take it down.
I’m curious what the legal reason is for this. They arent actually using any illegal IP right?
They just don’t want to go through the hassle of securing their api, so they’re trying to strong arm the devs into dropping the project.
It would be laughably easy for them to kill this, but maybe their devs aren’t competent enough to do it.
This seems like the answer. If there is no proprietary code and they did not actually reverse-engineer patented technology, I doubt they have a leg to stand on.
It costs nothing to threaten to sue, and it sometimes works.
afaik reverse engineering is generally legal so long as the person prosecuting you can’t prove you used insider knowledge
This is why things like game system emulators are generally fine
Reverse engineering is legal, but if you still arrive at a solution covered by a patent, then that solution is illegal. But this shouldn’t be covered by a patent.
Software patents isn’t a thing in Europe, so that doesn’t hold any weight for Haier. Even their terms are null and void as is the case of almost all “terms of service” documents in Europe.
That wouldn’t stop them from pursuing something in a US court if the other party is in the US. But even here, I doubt their argument would hold water in an actual trial, considering existing precedent.
That seems like it would be nearly impossible to prove with software. There are so many ways to structure solutions and most of them conform to an open standard
It’s an open source project repository. It can be compared to the process descriptions in the patent. But patents and copyright don’t cover APIs, as decided in Oracle vs Google in 2021.
I’m saying this usage of reverse engineering is probably safe, but if you reverse engineered a way to process data that happened to match a patent, it doesn’t matter that you never saw the patent or original code, it can still be infringement.
It would still require a lot of time and hundreds of thousands of dollars in lawyers.
It wouldn’t require that much time or money to lock down the API. It’s not something they’d have to create from scratch.
Although I’m sure the entire platform is a mess of spaghetti code, so maybe it would be expensive to have someone untangle it enough to implement.
APIs are, by nature, open. Anyone can use them. The business bros don’t like this fact and are using lawyers to express their distaste for people using their product as intended.
Not to excuse this sort of behaviour, but at least they’re honest enough to say it’s about the money, instead of hiding behind excuses like “bUt sEcuRiTy vUlNeRaBiLiTieS”.
We need laws to prevent this kind of anti-consumer bullshit (yeah I know, a pipe dream) and for people to simply not give Haier their money, or data.
I don’t even think this is honest, I doubt that a small FOSS project is causing “significant economic damage” to a company of such size. It’s just user-hostility and the wish to control the users and the products they bought and paid for. Unfortunately, this is an increasing trend among companies.
At this point I need a website that tracks companies BS and gives them a grade level. Just too effing many of them.
Hmmm… Like the BBB but better? The better BBB? BBBB perhaps… Or B^4…
“Know B^4 you buy”
BCFC - By Consumers for Consumers
BBB is run by businesses, for businesses.
Not a consumer protection agency.
This was always the funniest thing when I worked product support. Folks would threaten to go to the BBB and we’d just mute to laugh
They didn’t just pit us against each other through populist politics, they also hired us to fight one another.
It’s pretty impressive in its darkness.
Bruh, it’s screeching Karen’s wasting everyone’s time trying to get something for nothing when they’re already in the wrong. Let’s bring it back to the real world, here.
I always used what flexibility was available to me to try to do right for our customers, but we had a shocking amount of people literally trying to commit insurance fraud among other things.
Listen, I get where you’re coming from don’t get me wrong, what I meant was, back in the 80’s, if you had a complaint, you had a number to an office, and the person answering was responsible for the content of the conversation, you know?
Now, as I see it, we’ve been kind of outsourced to take each others shit without having any real power. I don’t know maybe that’s trite, like obvious, you call a support center and get connected to India, know what I mean? They just offloaded their responsibility on the consumer, of which the employees most certainly are- we’re all just consumers in the end. My 5c, also, apologies for any gangster lingo, I’m fuck white, I’ve just been watching a LOT of YouTube videos.
Just a quick reminder to anybody reading this:
The BBB is not a government institution. It is nothing but a for-profit company
Its almost a poorly made extortion racket: if you are a business that does not pay the bbb to get a good rating they rate you badly till you do. But either way they can’t actually do anything about shitty companies, its all the illusion of having recourse for the consumer when there is none.
Hmmm… Like the BBB but better?
No, I mean like just a static page that lists every company and with a grade to the right of their names, and you click on a company name to drill down to comments about them and their grade. A quick lookup reference that someone can use before purchasing a product.
Basically like how they have websites for movies, but for companies instead.
The BBB doesn’t have such a thing AFAIK, it’s just a place for reporting companies at an individual complaint level.
What do you call supersized legos all painted black?
Big black blocks.
There’s https://foundation.mozilla.org/en/privacynotincluded/ for privacy, at least.
Bullshit from companies continues… someone don’t forget to upload all code to the Internet Archive just in case.
It’s pretty easy. Download the repo from GitHub as a .zip and upload that to the archive. Pretty simple. Don’t forget to do this for both repos.
Indeed it is, I just can’t do it right now
Also fork the repos. Git makes duplicating a repository simple, and preserving history with a fork is way better than uploading a zip snapshot. For best results fork to GitLab, Bitbucket, Codeberg, etc. as well.
Forking yeah, but not by clicking the Fork button on Github. When a repo get DMCA its forks get deleted too…
Isn’t the whole point of this to not use their services? As long as Haier’s software and servers are not being touched I don’t see how they have any legal standing. This guy should speak to a lawyer to verify if this is the case.
Anyhow, the last Haier/GE air conditioner I took apart had a commodity off-the-shelf USB Wi-Fi dongle inside it plugged in via a short USB extension lead to an off-the-shelf microcontroller board to enable its “smart” features. I’ll bet you a dime Haier is violating the terms of at least one open source license, possibly more than one, via the software stack they’re running in there. So as far as I’m concerned they’re free to take a flying fuck at a rolling doughnut.
Generally, a lot of companies that add “cloud enabled” to their products don’t let you access the local device. Home Assistant isn’t talking to the air conditioner, it’s logging into their web interface. If it’s polling 1/minute, that can be a lot of extra traffic, compared to a normal user.
The better solution is to work with their buyers, not against them. If they provided a local API, then the excess traffic would go away. Theirs no money in that, in the short term, however. So they take the lazy route.
There’s a reason I only buy IoT type devices with a local API. They also have a tendency to turn servers off. Suddenly your smart device is bricked, despite working fine.
The problem is it’s a script that logs onto Haier’s servers with the user’s email and password and starts polling for data. Considering that most designed usage is probably based around users every once in a while checking and adjusting their thermostat, just one user with an HACS install doing a poll every minute is 1440x more usage than the next who checks it once a day. If HACS uses were the majority of traffic for these devices I wouldn’t be surprised by that metric.
That’s what probably meant by the ToS because the users using it are probably violating it, and the addon can be considered as something that makes violating it easier (it doesn’t have a secondary purpose other than using a set of credentials that are only given after accepting the ToS).
I’ve had crappy “Smart” ACs and Samsung was the absolute worst. At random times their AWS instance in Europe would go down or their app wouldn’t respond. I gave up and coded my own script to directly interface with the device over the local WiFi. You cut Samsung completely out of the equation. You don’t have to worry about their servers not working anymore. That’s an ideal way for an add-on to work. Ideally most of the script can be retuned to work directly with the device.
Seems like the customer would be violating the TnC, not the repo owner
I said that?
I’m curious about the details, yeah. Maybe they’re plugging into some API or something? Breaking some safety measure? Otherwise I really don’t see how these threats aren’t empty. Suing somebody for breaking EULA terms does not have a great track record, and neither does modifying things you buy or making unauthorized software for computers.
But hey, if the guy says the project is coming down, then I guess the aggressive language did the thing they wanted it to do, even if it’s relatively toothless.
are in violation of our terms and agreements
So what if you dont agree with their terms? What then? Cant you just host the repo and tell them to fuck off since you sisnt agree to anything?
Not to mention this is being used to control products purchased by individuals. Are they not allowed to use their AC after paying for it because they don’t agree to Haiers TOS?
Did OP even agree to their terms?
Right… a violation of our TnC… doesn’t matter. Maybe for the customer, not the repo owner.
Badwill. Always a bad strategy. Join progress, don’t fight it.
I don’t have any Haier products but as a Chamberlain/MyQ garage door owner I can relate all too well. At least ratgdo is an option for the garage doors, I doubt there’s anything nearly as simple for the Haier users.
Fuck these companies.
GitHub also has a legal defense fund for developers. GitHub lists it on their DMCA takedown page.
When GitHub processes a DMCA takedown under our circumvention technology claim review process, we will offer the repository owner a referral to receive independent legal consultation through GitHub’s Developer Defense Fund at no cost to them.
They created this fund after claims were made against a YouTube downloader from a third party. (not Google)
I don’t know if this would be an anti-circumvention claim, but it doesn’t sound like a bad idea to ask.
Isn’t GitHub Microsoft owned now? Or am I missing something?
It is owned by Microsoft.
This is ridiculous. It is truly ridiculous. How can something that enables the user to efficiently control their AC cause “significant economic harm”???
I assume they have their own app and run ads/user analytics through it that make them money.
I have to wonder if you bought their products on the basis that they worked with HA, if you could have some sort of claim here.
No, thankfully I don’t use any of their products. But I find their statement ridiculous. If I buy something, it’s mine, I own it because I paid for it. The manufacturer can fuck off.
But they want you to use their app.
And they’ve decided if you have a HA plugin, you won’t.
So we do our research, and avoid scumbag companies when making purchasing decisions, or more likely, pick the lesser of a several evils.
So we do our research, and avoid scumbag companies when making purchasing decisions, or more likely, pick the lesser of a several evils.
That’s why I created this post. To inform people about Haier’s shitty and customer-hostile solely profit-oriented business practices.
If you dig just below the surface, you will find that the very philosophical concept of “ownership” comes with terms and conditions.
Hell’s Angels? Because it feels like everything works with Hell’s Angels now.
reminds me of the DMCA form letters. full of scary empty threats. paid legal dept. earning their keep. mgmt doesn’t realize the freely developed stuff makes their products more desirable when it does a better job than their own software. may they flounder in ignorance
Hmm, so anyone want to fork the project? I don’t own their devices so have never signed their ToS. I’d love to see how they’d reason I’m breaking some law by hosting the code.