An engineer got curious about how his iLife A11 smart vacuum worked and monitored the network traffic coming from the device. That’s when he noticed it was constantly sending logs and telemetry data to the manufacturer — something he hadn’t consented to. The user, Harishankar, decided to block the telemetry servers’ IP addresses on his network, while keeping the firmware and OTA servers open. While his smart gadget worked for a while, it just refused to turn on soon after. After a lengthy investigation, he discovered that a remote kill command had been issued to his device.
Louis Rossman should do a segment on them.
He did. Where he said the article looked AI generated and so he wasn’t going to waste any time with it.
I am planning to make a list of devices I really do NOT want near me. Starting with this one.
Network segmentation.
But yea, you don’t want a moving cam/mic device reporting home…
Gonna be a long list…
Time to run off into the forest I suppose
This is every single ‘smart device’ out there. The way I was able to block everything in 2 Roborocks at home was by setting them up in Home Assistant over Matter, blocking everything and using it from HA only (us the schedules, those remain in the robots). It’s less than convenient allowing it access to the update servers once per month to see if there’s any and then blocking it again, but it’s something.
We’re preparing our ‘smart home’ for our new house that’s not finished yet by choosing only devices that are matter over wifi (not thread) so that I can set it all up to work locally ove Home Assistant. That, in my opinion, is the best way to keep some convenience while shutting those assholes out.
Most of them, sure. Every single one until proven otherwise, yes. Every single one, no qualifiers? No.
Brands like Shelly allow you to completely disable the cloud, which AFAIK makes them stop phoning home completely except for update checks.
I think a lot of “Home Assistant certified” brands are good privacy-wise, as that means that they don’t care about pushing you onto their proprietary cloud.
Reject bottom feeder, Embrace Rigid vacuum.
broom chads stay winning
I wish companies would at least offer a “no data collecting/selling” price option. Like, how much would they make from selling my data? Just give me the option to pay that extra amount so I can buy a vacuum without thinking about how it’s spying on me.
My concern is that they’ll include the equipment for spying on you, and just enable it later.
I bought a Hue because it said “no online account required!” Later they changed their mind.
I want the promise plus open standards and a base of libre software. I want them to tie themselves to the mast.
Yeah, good point. Owners of Samsung “smart” refrigerators started seeing ads on them recently.
I’m sure there was some sort of legal terms that users had to agree to to enable that, but it still feels like a scam. Some amount of those fridge owners would not have bought the fridge if they knew there would be ads on it at any point in time.
I mean, if I felt I could control the little computer in a smart fridge without expending excessive effort to do so, I might be interested in getting one myself. Absent other concerns, a tablet integrated into my fridge could be handy to monitor the appliance, make quick or even automated grocery list updates, etc. Not earth shattering, but still marginally useful.
Do they not just a cheaper version that could come without wifi or Bluetooth? I usually get that option where available for any products. because I’m a cheap ass.
There are older models you can get that work that way. They’re just less convenient in that you have to clean them out yourself. I had one for a long time, but I wanted one that is self-emptying.
The fact that this isn’t considered outright fraud is disturbing. This person OWNS the device, yes? They’re not leasing it.
FFS, this should be illegal.
If it were illegal, that would be a huge infraction to FREEDOM®🦅🦅
Too bad he’s an engineer and not a lawyer.
I agree with you that this should be illegal. I expect this was in the terms of service, though. Since we have no laws restricting this kind of bullshit, the company can argue that they’re within their rights.
We need some real legislation around privacy. It’s never going to happen, but it needs to. We need a right to anonymity but that is too scary for advertisers and our police state.
Terms of service need to stop being treated like law.
They’re not law as long as you can afford the lawyers and legal costs to fight them. Which is, of course, the problem and the system working as designed.
Pre-Trump47 I was in the first camp. I’m not going to lie about how long it took me to figure it out. It was always obvious that the system was broken, but I’ll admit that for a long time I was foolish enough to believe the system worked well enough that it was worth trying to fix, that the fundamentals were sound and there was enough good there to want to save it.
Recent events have shown and continue to show me how naive I’ve been, none of this is an accident, it’s all part of the poker game and we’re all putting in most of the chips that keep it going whether we know it or not. And I have to be thankful that Russia, China, USA, Israel, Europe, and even my own country’s governments have made this all so abundantly clear that even I (and hopefully a lot of other people) can finally see it. I’m joining the resistance. Fuck the system and all the crooked people involved in it, it’s time for a cyberpunk revolution.
How often are the terms of service evident at the time of purchase? It’s unreasonable to assume at the checkout that the price is only for a limited time of use. I doubt the put it on the box or on the Amazon page when you purchased stuff like this. Are you supposed to buy it and then return it after reading the fine print in the instruction booklet after opening it up?
Just because something’s written in the terms of service, doesn’t mean it’s legal.
And just because it’s legal doesn’t mean it’s ethical.
I expect this was in the terms of service, though
While I expect the same, there’s also just a reasonablility standard. If Meta and Google updated their TOS to say that users agreed to become human chattle slaves to mine cobalt and forfeit their rights, no court (…right, SCOTUS?..right?) would uphold that. A TOS is a contract, but it’s mostly for the protection of companies from liability. Takign active steps to brick someone’s device over the device not connecting to it’s C2 server (the company had zero evidence this was done intentionally and a router firewall misconfiguration could just have easily done the same thing), is IMO something that should result in a lawsuit.
When an authoritarian country does it, everyone goes crazy
When a company does it to make more money and take more control, it’s just business as usual.
Just like work. If a government tried to treat us like that, we would have a revolution tomorrow. Yet, we’ve all been groomed into just accepting it.
There needs to be a huge neon orange warning on the Front of these products that explains, clearly, that you don’t own it, your privacy will be invaded and the company can disable it at anytime. This will stop people from buying this garbage, and hopefully companies will stop if they want our money.
My life rule is, if it says Smart on it, it’s never going to be smart. It will always cause trouble.
IMO “Smart” refers to the lawyers that got paid to write a 900-page TOS that lets a company do whatever they want.
And, unfortunately, a 900 page TOS guarantees that the average consumer never reads it.
No that’s called “smarmy”.
Unfortunately this is from a Chinese company and China will never make it illegal; hell they’re more likely to pass a law requiring ILIFE to share the personal data with the government than tell them not to collect them. This could be enforced for US based companies but as long as we buy luxury goods from China this is going to be a fact of life.
How is this legal?
Shitty terms of service.
Same story with this guy (in french)
https://www.youtube.com/watch?v=OGMRUiBOFj0
Highly recommend watching his stuff, might be very technical but also super methodical
My robot vac will only operate when connected to the Internet so it’s only allowed to communicate when actually in use. As soon as it returns to the charger Internet access is automatically blocked.
Unfortunately the manufacturer has deliberately made this as inconvenient as possible. If communication is blocked for more than a few hours the vacuum loses all maps and will no longer even load saved maps from the Tuya app. To use it the vac must be powered down and the app killed. Only then can a saved map be restored.
It’s too bad it’s so useful.
Name and shame.
from the Tuya app.
it’s only allowed to communicate when actually in use.
What’s the point? The manufacturer is interested in the map of your apartment and usage statistics. What do you think it’s sending when not in use? Does it have a microphone or something?
Since I haven’t pulled it apart or tried to decrypt the ssl traffic I have no idea whether it has “a microphone or something.” That’s the point.
Keeping it offline some of the time isn’t effective against passive data collection unless you’re willing to take the inconvenient step of factory-resetting it each time you’re about to use it. Anything it collects it can just hold onto until it next gets the chance to upload.
SmartTVs will hold onto your data as long as they have storage, even through a factory reset. So if you sell it and the next person hooks it up to the Internet then the data is uploaded.
I know it can be done, so it wouldn’t shock me at all to find out that it does happen, but do you know of any manufacturers who have been proven to do this?
SSL bold of you to assume that
My robot vac will only operate when connected to the Internet
That would trigger me to return it to the store. “It doesn’t work”
Should have read up on it before buying this crap.
Lol. Read what? Does your TV manual or privacy policy tell you what’s being transmitted? Have you ever even bought a connected appliance?
deleted by creator
So you’re just another Internet “expert”. Got it.
deleted by creator
Stalkerware is criminal digital slavery. It is sale and ownership of a part of a person to manipulate and exploit them.
I think your comparison to slavery is a bit overblown and minimizes the tragedy of actual slavery. But I agree with the sentiment.
There are other types of slavery besides American chattel slavery.
No, I don’t think it does that at all. People need to be able to see the world in more than just binary choices, “it is, or it isn’t”. I reject the premise that things can’t be in between, that it can’t be a little bit of slavery, while still understanding that plantations were a whole lot of slavery. Comparing the similar aspects of things and discussing the things they have in common is not the same as equating them and we can have better discussions if we resist the assumptions that drive us to that conclusion.
I think we also need to keep in mind what slavery actually is, the actual concept of slavery not just the most extensively taught and politically important implementation of it which people tend to confuse and conflate with the concept itself. What happened with the trans-atlantic slave trade is just one example of slavery, it’s not the definition, and as a result we need to be clear which concept of slavery we’re talking about here.
Slavery is fundamentally about depriving people of their right to choose for themselves. The sadistic violence and cruelty of the slave trade and plantations are the emblematic and possibly inevitable results of that, but it’s not what actually defines it. A slave would still technically be a slave even if all the choices being made for them were to make them comfortable and protected while they live in luxury. If they are not allowed to choose anything different for themselves and do not have any personal autonomy to make the choices they want to make, they are a slave to someone or to something. Even kings have sometimes been described as slaves to their position and that is actually true in some ways. That is not “minimizing” slavery, that’s simply describing what being a slave is. It’s not having the right to choose for yourself.
If modern technology and digital rights management controls are depriving people of their rights to choose for themselves in important ways, then it’s totally fair to call it digital slavery.
But someone making money off of me without my consent is literally slavery. No one is saying that this form of slavery is equivalent to chattel slavery, so I don’t understand how this minimizes that? Do you also think that wage slavery or forced prison labor are not slavery?
As soon as you’re forced to buy that vacuum, sure, your analogy is rock solid and it’s like actual slavery.
No. This robot vacuum situation is basically the Holocaust, and if you can’t see that then you are complicit. /s
Say it with me. If buying doesnt mean 100% ownership…
Then pirating isn’t stealing.
… FUCK THE DMCA!
What did I win?
then they will buy it
If I don’t own it 100% then reimburse me if you disable it.
For me the worst part is that someone developed the functionality to monitor and track, until the signal is lost, and if so, kill. It’s really crazy how daring this is.
There’s something not working in this article.
They say it “makes sense” for the device to basically send the plan of your home to some online server, because the vacuum is not powerful enough to process this data on its own. This is already a bit horrifying to me, but okay.
And then when that guy blocked it out, the vacuum “worked for a while” before something sent the kill command through an update.
How come is it still working at all if navigation requires that server?
It is total BS. Offline vacuum cleaners do mapping and localisation just fine. It is just an excuse to spy on your home.
It’s not the navigation that requires the server but the processing of the mapping data.
Which in itself is BS because most of these vacuums come with hardware roughly equivalent of a top of the line smartphone from about 5-6 years ago. They can easily do the raw data to map conversion, even if it’s a bit slow and takes 20-30 seconds.
Also if you read the article it specifies that the damn thing is already running Google Cartographer which is a SLAM 3D map builder software - one of the better pro-grade mapping software suites, mind you. So the whole claim of cloud needed for processing is BS.
My VR headset can create pretty accurate 3D maps of my environment like nothing, and it only uses cameras to do so, so I can imagine it’s doable.
Then, yeah, it doesn’t “make sense” for that thing to externalize that.
It’s not that it’s impossible, but it requires effort, skill, and time. Instead of hiring a bunch of programmers who would make it run on the device locally, you can just throw the same amount of money at Amazon and it will run whatever unoptimised version of the renderer you stole on some random Chinese forum. As a bonus, you got to enrich a multibillionaire and make a world slightly worse place, which is a second and third priority of every CEO after getting money.
As useful a smart device are, it’s very annoying that the company behind it are always either: 1) a scumbag that will collect data and will lockdown the device if people doesn’t use it their way; 2)incompetent idiots that can’t make a good software to save their life. So by using these device you basically have to pick the thing that you’re willing to lose.
It’s really too bad because robovac save me a lot of time and mental exhaustion.
I have just purchased a Dreame L10s Ultra and have had the PCB for a breakout board made and components for setting it up ordered. In a few days I should get the last bits and I will be able to root the device and have it connect to Valetudo managed through Home Assistant. Fully local operation with basically the same features but none of the privacy issues. As soon as I can get it connected I will be able to use it just like a robot I actually own should without some random third party being involved in every single operation.
The mentioning of Valetudo should be more at the top to make people aware of the existing alternatives.
My aged Roborock S5 suddenly stopped working a year ago and only cleaned a very small segment making it effectively useless. Since I knew that data is exchanged with the manufacturer I suspected them to actively prevent the device from working properly to make me buy a new one. Thanks to Valetudo the device is working back again just fine. Meaning there never was a hardware (or software) failure, but a remote issue.
This is why free software is so important. The company can just lie to you about their product and for some reason it isn’t illegal. I really want to have a dishwasher and washing machine with an ESP32 controller and free software to control it, ideally with Home Assistant integration, but at this point I can’t find anything.
Just looked at the PCB board and man that guy is such a insufferable, gatekeeping twat.
I can see why you would feel that way but I came to a different conclusion. I agree with much of what he says given his position and circumstances.
The project is open source and anyone is welcome to fork it. He is not making something which will make money, provide a living, and secure his station as an open source guru. He is making something because he thinks it should exist and because he finds it interesting. He is not making something for end users, it isn’t for them, it is for people who have enough interest and knowledge to figure it out given the massive leg up he has provided already.
This means he does not do a bunch of things that would pull beginner users in. For example, there is not a simple GUI installer for this. He doesn’t sell kits to root your device. He doesn’t sell little server boxes based on a raspberry pi. He doesn’t have an app for quick discovery and configuration. All of these things would entice beginners and therefore induce them to install unsupported firmware on their several hundred to over a thousand dollar robot vacuum.
This would be hell. Each user with a new and unique way of not understanding the instructions would come up with new failures in an area where bricking your very expensive machine is easy. Can you imagine how much of a dick he would have to be to say “Nah, this is super easy, come give it a go” when the outcome would definitely be causing at least some people to lose hundreds of dollars in a few minutes? That would be him acting like a dick.
What he is doing has a second function. I have just ordered my first custom PCB. I have some components on the way and will be doing my second major electronics project once the parts arrive. I am much more experienced on the software end of things so I get all of the basics around using a terminal etc but now I am learning about using the UART interface and while it is a little bit sink and swim I am at a level where I understand how far outside my knowledge base this is and can take a reasonably informed risk. I am learning and growing and I am actually really excited. If it doesn’t work I will know enough to be helped through by the community but my expectation is I will fail at first and maybe take a few weeks to figure it out. Because of that expectation I am not doing this after my last vacuum broke and now I just desperately need this to work, that would add so much stress, instead I am doing this in the least stressful and most enjoyable way possible.
If I had been correctly scared off early I wouldn’t have lost a bunch of photos accidentally wiping a drive while installing Linux for the first time, so I would have used virtual machines for longer, but I also would have eventually gotten there. I got there by losing some data, but if I had a community around me it would have been better. He actively encourages community building and sharing knowledge. I think that is cool and would be an awesome outcome. I know I will be posting about my spare adapters once I am done making them to see if anyone else wants to learn how to do it.
