Logitech Once Again Shows That In The Modern Era, You Don't Really Own What You Buy
from the sorry,-I-can't-do-that-Dave dept
Time and time again we’ve highlighted how in the modern era you don’t really own the hardware you buy. In the broadband-connected era, firmware updates can often eliminate functionality promised to you at launch, as we saw with the Sony Playstation 3. And with everything now relying on internet-connectivity, companies can often give up on supporting devices entirely, often leaving users with very expensive paperweights as we saw after Google acquired Revolv.
The latest example of this phenomenon is courtesy of Logitech, which annoyed consumers this week by announcing that it would be shutting down all support for the company’s Harmony Link hub. Released in 2011, the Link hub provided smartphone and tablet owners the ability to use these devices as universal remotes for thousands of devices. But users over at the Logitech forums say they’ve been receiving e-mails informing them these devices will be effectively bricked in the new year:
“This is an important update regarding your Harmony Link. On March 16, 2018, Logitech will discontinue service and support for Harmony Link. Your Harmony Link will no longer function after this date…There is a technology certificate license that will expire next March. The certificate will not be renewed as we are focusing resources on our current app-based remote, the Harmony Hub.”
Again there’s no monthly subscription fee for the service, and Logitech is compounding the problem by not really clearly communicating why it’s deciding to completely brick Link units. On the plus side, Logitech says it’s giving Link owners under warranty a Logitech Hub for free, and providing out-of-warranty Link owners a one-time, 35-percent discount on the Hub. But many users in the company’s forums and over at Reddit are questioning why the hardware needs to be crippled entirely (instead of just, say, ending formal support):
“This exact situation right here is why Ive always said ?if it requires a cloud service to function, I dont want it? hosting things locally on my own network is where its at.
Indeed. While this entire fracas was unfolding, several Reddit users discovered that the company was banning users from using the phrase “class action lawsuit,” which unsurprisingly is only making frustrated Link owners more annoyed.
Update: After some notable backlash, Logitech has announced that all existing Harmony Link owners will be upgraded to the company’s Harmony Hub, for free. Which is nice, but doesn’t really change the reality that you no longer actually own what you buy.
Filed Under: cloud, drm, harmony link hub, hub, iot, ownership
Companies: logitech
Comments on “Logitech Once Again Shows That In The Modern Era, You Don't Really Own What You Buy”
One more time, for the slow learners
If your device depends on someone’s cloud service, then it’s not YOUR device.
Re: One more time, for the slow learners
And if it’s NOT connected to the cloud, it likely won’t get timely security updates, if at all. So pick your poison…
Re: Re: One more time, for the slow learners
umm, if it isn’t connected, why would it need security updates?
Re: Re: Re: One more time, for the slow learners
“Not connected to (and depending on) a third-party cloud service” does not equal “not connected to / accessible over the Internet”.
Re: Re: One more time, for the slow learners
Re: “And if it’s NOT connected to the cloud, it likely won’t get timely security updates, if at all.”
If its not connected, then it wont need security updates.
On the one hand, this was handled incredibly poorly by Logitech and there is certainly an issue with loss of functionality on purchased products.
On the other hand, unless we come across a paradigm change in the software/firmware/hardware interaction model (which may or may not be possible), this is also a necessary part of the process of “securing the internet of things,” another problem that Techdirt talks about a lot.
Because the reality is that devices we own have security holes. Probably all of them, but certainly most of them. And patching those holes requires a continuous level of development support. So given that we can’t require that all companies provide eternal security support for their products (it’s simply unrealistic to do so without the above paradigm change), we will have to make a choice.
We will either have an ever increasing number of insecure, internet connected devices that can be used by bad actors to cause any number of problems. Or we can routinely experience loss of functionality in older products.
And while certainly broader support of various open source firmware/software can provide some relief to this for tech-savvy consumers… it’s not the tech-savvy consumers whose devices are a major issue here.
Re: Re:
The choice is easy:
I have a keyboard and mouse that are older than most still-functioning laptops (more than 10 years, maybe longer). They were built to last, and they have lasted well. Of course, the manufacturer at the time had no option to stupidly make them "Internet of Things" devices, so they’re classic "dumb" devices that cannot be remotely disabled at the manufacturer’s whim. Nothing in this announcement says that they needed to halt this line because of unfixable security vulnerabilities. It looks to me like they simply got tired of running the cloud server it required, didn’t want to let anyone else run the cloud server, and so decided to scuttle the whole project.
Non-savvy iPhone users loved using jailbreaks on their phone to enable installing third-party enhancements written by savvy non-Apple-approved developers. There’s no requirement that all customers be tech-savvy for this, only that there are some who are tech-savvy, willing to share, and that the device doesn’t make it unnecessarily difficult for the non-savvy to benefit from that sharing.
Re: Re: Re:
Obviously not a Logitech mouse. Don’t buy Logitech mice. There’s no internet-enabled bullshit, just crappy microswitches that will be glitching in a couple of years.
Not true. The CueCat, released 17 years ago (late 2000 during the dotcom boom), is the prototype of uselessly-internet-enabled things. They used cryptography to make sure nobody could use it without the service. The service, of course, had a security breach that exposed the private details of 140000 users. And it was all shut down in January 2002, which gives it a lifetime of less than 18 months. All devices were then bricks, except to a few techies who could mod them… liquidators were offering them for 30¢ each but I doubt people would’ve paid for shipping if they were free.
Re: Re:
A good start would be to avoid unnecessary permanent connection to the Internet. If the device is not on-line, or only on the users network, security becomes much less of an issue.
Re: Re: Re:
While very true, that is increasingly unfeasible. Many organizations are, if not using cloud based operations, using off site servers shared by several sites.
Add in the push to make apps and programs cloud/server based will only further that.
And that sucks.
Re: Re: Re: Re:
What is unfeasible about avoiding connecting everything to the cloud. About the only reason many of these devices do so is because the senior management of the company want to collect user data because somehow big data analysis will increase the companies profit.
Re: Re:
Or we can decide that maybe a universal remote control doesn’t require internet access. It might be nice to make it compatible with newer hardware (though it’s a problem entirely caused by AV-equipment companies’ refusal to use standards)… but we could have people insert an SD card to load new codes. Unless by "universal remote" they mean something that allows me to control all the devices of the universe from my couch, and that’s why internet access is needed…
Or as was already stated, they could drop support but release enough information for the community to take over. It’s Logitech that decided to keep all this stuff secret so far. PCs from 20 years ago can still get on the internet as securely as any other, as long as you find a recent and supported OS.
Re: Re:
I will believe it has anything to do with patching security holes when i see it.
The general security problems with these sorts of devices are that they are IoT for no readily discernible reason in the first place (other than slurping your information and behavioral data), so one can secure them by not making them internet-connected. If someone really needs to turn on their TV while they are 500 miles away, give them that as an extra option instead of a main functionality, and don’t require the traffic go to a company server – there is zero need for that.
Another problem is that the code and settings should not be so laughably poor that a ridiculous little device could ever require so many software patches in the first place.
But the thing is, the number of IoT devices receiving security patches is laughably small, so claiming that as a reason for product EOL (literally, EOL), requires some evidence first and reasons why a patch or other fix is impossible next.
People are
Easy to fool, because of their massive ignorance. It is just how things go, nothing is going to change. For every expert telling the government how things would probably work best there are 10 experts paid by a company to say the opposite.
And people wonder why no one takes the experts seriously or believe them when they “bust out that science”.
It is just too easy to sell you cardboard and call it something else.
It used to be that if someone at your cloud service even hinted at withdrawing support, they would be fired.
Re: Re:
Thanks for the link – I’ll be looking into this story.
If you’re not familiar with this, look into the story of one of my long-time heroes: Stanislav Petrov.
People should know his name by heart.
Re: Re: Re:
Yup!
Sadly, Petrov died in May. And that item on Petrov’s resume isn’t unique.
There was also the 1995 Norwegian rocket incident. The first and only known incident where any nuclear weapons state had its nuclear briefcase activated and prepared for launching an attack.
And over on the American side…
The New Yorker: Nukes of Hazard
Other sources:
Wikipedia: List of nuclear close calls
Union of Concerend Scientists: Close Calls with Nuclear Weapons (PDF)
agen bola online
Jangan lewatkan juga promo dan bonus menarik SPESIAL HANYA UNTUK MEMBER KAMI yang antara lain :
So tunggu apa lagi ? PASTI LEBIH MENGUNTUNGKAN BERMAIN DI SARANA365 http://www.arenasarana.com
You brick it to force people to buy the new version. As I am sure that’s why they chose to do it in the first place, and only the massive backlash made them change their minds
Re: Re:
Bricking hardware is a good way to have your base start buying from the competition.
MARI GABUNG DI ROYALKASINO.COM
Kini Anda dapat bermain Kasino dengan mudah, bisa dimainkan via Handphone. Download game nya dan menangkan permainan nya.
Dengan minimal deposit yang cukup terjangkau Rp 25.000, Anda sudah dapat bermain Casino online, seperti Baccarat, Roulette, Slot Game, Sic Bo, dan Dragon Tiger.
Dapatkan juga bonus menarik bisa kamu dapatkan dengan mudah dari kami yang antara lain :
– Komisi rollingan 0.8%
– Cashback 2.5% setiap minggu
– Bonus referral 1% seumur hidup
Yuuukkk Gabung sekarang juga , coba keberuntugan kamu bermain di http://WWW.ROYALKASINO.COM, menangkan taruhannya hingga ratusan juta.
Untuk info lebih lanjut silahkan hubungi Customer Service 24/7 nonstop melalui :
* BBM : D61DA887
* Whatsapp : +855968397588
* Skype : royal kasino
* Livechat : http://royalkasino.com/royalkasino/index.jsp
If you don’t own what you buy (hardware), then you should start stealing it.
Re: Re:
Whats the point of stealing it, when you have to sign up to a service to get it to work?
Re: Re: Re:
To be a dick to a bunch of cocks.
Quite fitting, I’d say.
Not buying logitech.
To think I was about to buy a G710+ (only because it was on sale, I’m already squeamish after my experience with some of their wireless mice) – nope. I’m not buying any of their stuff again.
I wonder how many other customers they’re about to lose over this.
Silver
With the track record of IoT security, maybe it’s a good thing these devices have a finite lifespan.
I think everyone is ignoring part of their announcement
Not to minimize or disagree with any of the IoT threads, but the announcement says “There is a technology certificate license that will expire next March”. I’m guessing there is some piece of patented tech in the device and Logitech is either unwilling or unable to renew the license. Its possible the patent is on the cloud side, or that Logitech is worried that the patent holder will go after users of the device once the license expires (we’ve seen that happen before).
If it was a subscription based system then it would make more sense and it should not be expensive but if you paid full, 1-time price for it then it should work until it breaks. If online connectivity is absolutely needed then let private servers be used. Or don’t sell at all.
It’s clearly another example on how the private sector can’t adhere to good practices by itself and needs to be regulated.
All devices which require specific online services for their functionality should come with service agreements which contain a clause stating (in effect) “if we ever choose to stop providing the service which enables this device to work, we will release all information necessary to enable others to provide a replacement service”. The absence of such a clause should be treated as reason to refuse to purchase the device.
(Ideally the absence of such a clause would even be treated as sufficient to invalidate the agreement and require the refund of the purchase price, but it’s a bit unlikely that courts would take it that far.)
You Do Really Own What You Buy: If you buy a horse, the previous owner has no right to drop by an shoot it to force you to buy another one!
The Supreme Court of the United States of America disagrees with Logitec: the justices have “a long tradition of ownership known as “first sale,” which does not allow owners to automatically control a product past its first sale: If a farmer buys a horse from a breeder, the breeder no longer has any say about what the farmer does with the horse. The same goes for CDs, books and works of art.”
https://www.insidehighered.com/news/2013/03/20/supreme-court-sides-against-textbook-publishers-resale-imported-works
Re: You Do Really Own What You Buy: If you buy a horse, the previous owner has no right to drop by an shoot it to force you to buy another one!
This would be a good argument except many companies have already thought of it: this is why so many transactions are now called “licenses” instead of “purchases”. There’s no “first sale” doctrine for “licenses”.
Re: Re: You Do Really Own What You Buy: If you buy a horse, the previous owner has no right to drop by an shoot it to force you to buy another one!
The FTC could slap companies down if they’re misrepresenting licenses as sales. Actually, these are sales, it’s just that they’re not sales of useful products unless one licenses some software and accesses the manufacturer’s servers (agreeing to any associated license terms). It’s doubtful that ads are making this clear, or that manufacturers will do anything for people who disagree with those post-sale terms, but so far consumer protection agencies haven’t been doing anything about it.
Re: You Do Really Own What You Buy: If you buy a horse, the previous owner has no right to drop by an shoot it to force you to buy another one!
How does that disagree with Logitech? The owners could use their hardware as a doorstop, melt it down for recycling, whatever. It sucks that the hardware is basically useless without the service they’re going to shut down… but "you don’t own what you buy" is a figurative statement, not a literal one. In your example, the horse-breeders have no post-sale responsibility to the purchasers; is there any case law saying Logitech does? (I think we’re likely to see some, but based around false advertising rather than first sale–when Logitech says their thing will let you control all your devices, do they announce the caveat "as long as we feel like running the servers"?)
Ownership
Most people would be shocked to learn that GM claims that THEY own the software on the car you paid for and they have the rights to all the data that is collected and transmitted to them on an hourly basis. They are taking your data and selling it for a lot of money and you have no “opt out” privileges. As we move forward, the ownership of software/data/ etc will become increasingly cloudy. Washington DC has been totally asleep at the switch on this and perhaps has no ability to comprehend the impact.
Re: Ownership
“Washington DC has been totally asleep at the switch on this and perhaps has no ability to comprehend the impact.”
That is not a Bug, it’s a Feature!
Re: Re: Ownership
In the case of cars, it really is. The government has mandated certain privacy-invasive features (like wireless tire-pressure monitoring) and is looking at doing it more (“V2V” etc.).
Re: Re: Re: Ownership
I use to want a Tesla, but not anymore. Their car calls home.
Re: Ownership
Thats not right. Thats my privacy. I’ll be buying an old muscle car next.
like this is news ?
I got a logitech squeezebox loved it
till they dropped supporting it .
Thank goodness for Amazon echo and line in inputs
So I can still use it for internet radio
Encryption is Fools Gold
If software can be installed remotely, then that device has a back door. Your trust in those controlling the installation is as certain as the future. The future is trending towards increased computer attacks, despite increased security controls. The problem is that the only change in security is the level of sophistication, but sophistication is just a brain game and not the fundamental solution to security. Don’t be a fool. The fundamental solution to security is embedded right into the concept of security, accessibility. If something is accessible in theory, then its accessible and sophistication is a fools game. True security is inaccessibility, this is either by zero knowledge or by being logically not accessible.
Casino Online
You article is good nah,
if you want play casino game, can visit my page at https://m8ko.com
Situs Bola Resmi SBOBET Dengan Bonus New Member 200%
http://gamez007.com/situs-bola-resmi-sbobet-dengan-bonus-new-member-200-2/ menjadi salah satu blog terbaik yang menyediakan berbagai informasi seputar SBOBET bola online. Jika merasa tertarik, bisa langsung untuk mengunjungi situs yang berkaintan.