Best Buy’s IoT Goes Dark, Leaving Some “Smart” Products Dumbfounded

Bad news if you bought several Insignia-branded smart devices from Best Buy. The company has decided to shut down the back end systems that make them work — or at least work as a smart device. On the chopping block are smart outlets, switches, a security camera, and an upright freezer. If you bought, say, the freezer, it will still keep things cold. But the security camera will apparently be of no use at all now that the backend systems have gone dark. The company is offering an unspecified partial refund to users of the affected devices.

Best Buy announced this in September, and the shutdown date was last week on November 6th. Not all Insignia products are impacted, just the ones that rely on their app.

Anytime we talk about cloud-based technology, there are always a few people who say something like, “I’ll never rely on anything in the cloud!” Perhaps they have a point — certainly in this case they were right. There are really two things to consider: hardware devices that rely on the cloud, and data that resides in the cloud. In some cases, one product — like a camera — might have both.

We’re Entwined with the Cloud, Like it or Not

It is highly unlikely that Google will pull the plug on, say, Gmail, anytime soon. If that day ever comes, we would expect they’d give us plenty of warning and migration options of some sort. But what if they didn’t? How disruptive would that be to you?

Granted, Gmail is an extreme example both because Google is unlikely to go anywhere and years worth of e-mail is especially valuable to most people. But major platforms do come and go. Yahoo recently decided to cut out a lot of content stored in its Groups product, and earlier this year Google+ shut down its social platform. Both gave a good bit of warning but they didn’t have to. Even with that warning, niche communities who had formed and thrived on these platforms had to scramble to backup as much content as possible, packing up and looking for a new home.

What’s the answer? Stop using cloud services? That would work, but it is very inconvenient. Another strategy is to store nothing online unless you can have full backups locally. That’s workable, too, but requires a lot of discipline to keep backups current and, perhaps, tested. It doesn’t really help with orphan hardware, which is really what we’re talking about with this article.

Source Code Escrow

In industry, large companies often require vendor-supplied software to employ source code escrow — a trusted third party holds private source code and can release it if the depositing company goes out of business or on some other trigger event. Perhaps we need a big cloud provider to offer “service escrow” — a promise to light up a minimal system if the original provider goes out of business.

For example, an online CAD program might decide to guarantee access to your designs via an escrow service. If the company decides to pull the plug, the escrow provider lights up a server that preserves files for download for 30 days in a common format like DXF. The CAD company would advertise this as a benefit to induce you to use their service.

Of course, there are other workable models. Maybe the escrow company could give you your files for $1 each. Whatever the arrangement —  what you get, under what conditions, and for what cost — can be outlined before you decide to use the service. The important bit is that you know you have options if the company presses the eject button.

When Bits Stop Playing Nicely with Atoms

Revolv chose a long-winded way of pronouncing the word “brick”

The situation gets pretty tricky when it comes to devices like Best Buy’s hardware. Here’s it isn’t merely a case of data being unavailable, but the electronics you spent your hard-earned to acquire end up as paperweights literally overnight.

If the service was profitable, Best Buy would probably keep it running. So the chance that an escrow arrangement would be workable is pretty low. A good example of this is the Revolv hub. This $300 device got bricked after Nest bought them. The FTC even wrote about it.

If you haven’t made it to the comments section yet, here’s a few questions: Are you willing to put your hardware and data at risk with cloud services? Do you stick to big name providers or are you willing to gamble? How about your data? Would service escrow help? Are there other ways to protect consumers from failed providers? On the plus side, if you are wanting to hack some cloud-based hardware, we figure you’ll be able to pick up these Insignia devices for a song.

95 thoughts on “Best Buy’s IoT Goes Dark, Leaving Some “Smart” Products Dumbfounded

  1. That’s what the open source community needs to create, a suite of open source cloud utilities that one can host themselves. Working on such a project is one of my long term goals for sure.

    1. It definitely sucks that one day if a company decides to stop hosting code in the cloud, you’re product is dead. I have some smart plugs that rely on the company’s aws S3 bucket code to interact with Alexa. So the app would still work but the voice integration would blow up if they decide to stop hosting their code.

        1. The same type of thing should apply to software. If the company stops supporting it, it should become free and the copyright become void. Case in point: Windows XP. Microsoft still claims copyright over XP, but refuse to have anything to do with it (unless they can see a buck in suing someone for making a copy of it).

    2. Yep. And it bears remembering that none of these things needed cloud support—all of these dumb smart home devices could be hosted locally, but they put them on rushed, badly-made, badly-maintained backends because they wanna slurp your data for another revenue stream.

      Honestly the only thing worse than the backend going down and bricking your gadgets is if the backend keeps functioning as intended.

      Why do people think it’s preferable or even inevitable that we hook up our basic appliances to corporate cloud servers? None of this stuff even gets used for more than a couple weeks by the vast majority of their customers. It’s just a gimmick and they’re getting people to poke holes all through their security for essentially nothing. Wish it would be regulated.

        1. You depend on many government regulations every single day. Like car safety regulations, roads and bridge construction regulations, health care regulations and food preparation regulations.

          Blanket statements like “regulation would make it even worse” ignore the hard work over many lifetimes.

          There are an unlimited examples that unregulated industries are much less safe, much more likely to poison our environment and sacrifice customers and employees for literally pennies of profit.

      1. You have a point about most of this hardware not needing remote hosting, but I don’t think it’s productive to pronounce a sour grapes indictment about smart devices in general.

        Smart home devices have the potential to be extremely useful, smoothing out a lot of the micro inefficiencies of daily life. The thing is, they have to be produced by someone who actually cares about that goal. Companies usually don’t, DIY tinkers who hack their own smart homes usually do. But I think that this just means that there is a product design solution waiting to be made that makes these benefits accessible to the common consumer.

        What that solution looks like I can’t say, but it’s pretty clear relying on a for-profit company to run a backend for free in perpetuity is not it.

        1. Oh yeah, I’m sorry—I didn’t mean to imply they were useless in general. But ones that are put together slapdash in the hopes of getting a bit of adtech and surveillance out of a few hundred thousand users or whatever before the VCs pull out and the company tanks? Those suck. I think self-hosted stuff is pretty good, and indeed I have plenty of things I’ve built around the house that qualify and I think are miles better than some nasty cloud-connected lightbulbs or simplisafe or other chintzy excuses to log your data are out there.

          But yes, properly owned computerization can have benefits as far as one can stretch their imagination.

      2. I would like to see a requirement that smart devices use an open protocol (e.g., mqtt) and allow user configuration so users can choose to host a server locally for control.

        I flashed all of my wifi outlets to tasmota so I can keep them locally controlled rather than relying on multiple third party applications–to protect my data, to ensure service availability (when when my ISP sucks or in the event the company goes out of business it stops supporting their apps), and to protect my network (all IOT devices are on a vlan without internet access so there’s less chance of them bring subverted to a botnet).

    3. I wonder if cloud providers could charge per device. Maybe you’d pay them a fixed fee per device certificate given an range of each device’s monthly data usage; big companies might have enough data to make a pretty good price estimate since the number of IoT devices that will live and be used for longer than 3-10 years is probably vanishingly small.

      That would still depend on the cloud provider surviving and perpetually honoring your ‘unlimited plan’ though, and security vulnerabilities still wouldn’t get patched if the company drops support.

      1. Do not want.
        I’ve been using my Philips Hue bulbs for longer than three years, and I paid a song for them in the beginning. I really don’t want them to have a cloud service (luckily they don’t *need* a cloud service).
        If I’d paid a premium for a premium product and was then charged extra for the pleasure of operating them I would be miffed to put it simply.
        I could imagine a world where they would offer me either a cloud service or give me an application to host and run myself (which would be DMZed to hell and back).

    4. For devices that use an open protocol and allow user configuration, there are already some great options–I’m using mqtt wifi outlets with home assistant. The problem is when device manufacturers provide no means for local control and no means for user configuration: I had to flash custom firmware onto each of the outlets to allow local control.

    1. Well now. That thing should just die. The interfarce of .io makes me clicking the back button as fast as possible after a link points there. How you can design a webside so counter intuitive and wasteful of screen real estate is beyond me.

  2. The general public has been conned into believing that IOT technology requires cloud services to operate. In reality, the primary and often only reason why most IOT devices depend on the cloud is because the businesses that make them want to vacuum up your data. Unfortunately for many of them, only a handful of these cloud services will survive. So, Google, Amazon and a couple of others will end up in control of your lives if you use cloud based IOT systems. The problem is that while it is technically easy to create a cloud free system that actually works better than cloud based systems, it is hard to create a “unicorn” monopoly that way and investors require that. There are business opportunities, just not quite the size that VCs want. It is probably going to require hackers and hobbyists to create an open, cloud free IOT platform.

  3. I thought about this about 30 years ago when I got stuck with a SCSI based gadget that the maker abandoned. I kept a WinXP machine running until very recently since there was a software fiddle that could keep me using it under XP (but nothing newer). The critical bit was the driver (natch).

    We should consider software and *documentation* escrow a mandatory part of “right to repair.” If they screw us over after taking the money, we should have access to the software and the documentation so we (or at least a technically inclinded user community) could keep our investments from turning to landfill.

    One complication in the legal aspects of this is the amount of cross-licensing and stuff that goes on. The seller of the SCSI gadget I had claimed they were willing to release the code they wrote but couldn’t because it relied on other code they licensed. IP laws are a PITA.

    1. Right there with you. I believe that once a cloud service goes tits up, the company should be required to release the source code to the products to give the repair/reconditioning community a chance to keep these things out of a landfill. It isn’t a loophole to force companies to give up their intellectual secrets…it’s just good housekeeping for your planet that we only have one of. If they are purchased and then go sun down, same rules should apply. The amount of e-waste all these IoT devices will generate when it all stops being popular is going to go nuclear. HaD just posted an article about phone VR being dead. Well guess what? Various chinese manufactures pumped out millions of plastic shells with fancy cardboard boxes that are useless because the public didn’t respond well to it. Just pile it on the rest of the garbage I guess. It isn’t their problem once the merchant takes receipt of inventory.

    2. A while back I was thinking of starting an internet cafe. I had a chance to pick up some thin clients for nothing. At the time their specs would have been good enough for the WWW of the day along with accessing webmail.

      The problem was the clients were End Of Life and the manufacturer was withholding all software for them and had deleted all the info about the model from their website, except for a single product page touting its features in non-technical terms. The page *had* a listing of the hardware options, with part numbers, but that was all in a single image file that they’d deleted. They also had archive.org remove all their backups of the information.

      The company said they’d be happy to sell me their latest thin clients. In short, their attitude was “Piss off! Buy our new stuff!”. Sorry, but no. If you refuse to at least provide information like a hardware options list with part numbers (for things like the internal hard drive kit) so I can search the used market, why would I buy your current products when you’ll do exactly the same thing the instant *those* are discontinued? If the company had been willing to sell me a CD with their server software, and had a manual to download, I would have setup shop and very likely in a year or two upgraded to their newest little boxes.

      DELL knows what support is. They have software and information on products they had no hand in, like the WYSE thin clients made prior to DELL buying WYSE. By providing that limited support for prior products DELL knows owners of old WYSE equipment are more likely to buy new DELL-WYSE equipment.

      I’ve had to throw away pieces of hardware because not only did the manufacturer whose name, logo, current address, phone number and URL were on it not have any information or software available, the manufacturer either insisted they never made such a thing or the product flat out didn’t exist. One item really pissed me off, it was something that would have been neat, except that I obtained it *the day after its EOL*. Just the day before was when its maker had wiped all trace of its existence from the web (including archive.org) except for a line denoting it was EOL as of the date before. I spent a bunch of time attempting to find somewhere else that perhaps might have the required software. I found a few non-company sites but they’d gotten to them as well. Dead ends and dead links. The only way I would ever be able to use the thing would have been to somehow find another one that still had the original software disc.

      Remember Trident Microsystems? They “never made” any video cards, despite millions of video cards being made with their name and FCC ID numbers registered to them. What they did was licensed “reference designs” for boards using their video chips, and they sold massive numbers of unassembled “reference kits” supposedly intended for other companies to use in developing their own Trident based boards and drivers. Most of them just used the reference drivers. Some swapped in their own logos. A rotten few tweaked the BIOS and drivers to make the reference drivers fail to work. So Trident made potloads of PCBs and components then let other companies solder them together and bear the burden of support.

      Then there’s buying a product for the sole purpose of killing it, despite the buyer having nothing like it in their product line. Years ago, Hewlett Packard bought a small software company that made a Macintosh hard drive utility called SCSI Director. (This was before OS X was even hinted at by Apple.) HP had no Macintosh formatting utility so the purchase and kill wasn’t to eliminate competition or to assimilate distinctive technology. Just bought and *poof*. HP *didn’t* go on a web rampage to snuff out all online traces of SCSI Director, but the final release was nowhere to be found. I did manage to dig up an email address for a person inside HP who sent me a disk image of his personal floppy of the final released version of SCSI Director. But *why* would HP do that to a company that had been making Macintosh hard drive utilities since the Mac first had a hard drive option?

    1. Since I’ve got one of those NAS devices, I’ve got a gmail backup package running on it. So, even if Google goes off-line, I will at least have access to my 82k emails.
      A backup plan is always a good idear and for those devices that rely on some service, make sure that they’re not primary devices without which you cannot function. (like your door lock, if it fails you can be locked out of your home)

  4. I refuse to use the phrase in conversation, preferring to make it explicit: “someone else’s computer.” We’re storing our data on someone else’s computer. This is backed up on someone else’s computer. It gets the point across.

    1. Let’s be clear, cloud services are someone else’s computer in someone else’s garage. I’ve been through three and 1/2 different server migrations (one is under way), from our garage to a big vendor garage, to a different vendor garage after we cost reduced the services down and the vendor declined to renew our contract to the garage we are in now but are moving out of because “everyone is doing cloud”. Oddly we need to have a real physical server installed (old license software won’t run on VM’s) and we are being quoted 14-16 weeks to get that to happen.

      People have short memory of things like the “left-pad” disaster. Code from the cloud? Data in the Cloud? Yep, your business is reliant on some guy, on some one else’s computer in someone’s garage (using someones juice can and string network. )

  5. Yeah… Nothing really new here, yet another cloud uh computer put offline, move around… I like the idea of an escrow (this is not like french “escroc”!) but with all these legal stuff around it’s probably complicated and somebody will have to pay and so on. I prefer to use open, documented file formats and software. Of course this does not always work and for stuff like mail i rely on somebody else, sure (but not Google!).

  6. Cloud is bad! Ok… it has its uses. But people don’t seem to realize that when they use cloud service X they are giving up ownership. Especially true when buying cloud products like movies and videos. As an example: My CD/DVD/BD collection is owned by me and my ownership is not controlled by company X. Those using cloud resources need to carefully consider what giving up that ownership is doing. This is even more true as the release of windoze 11, or whatever they will call it. nears. I need a day or two to write enough to do this topic justice but I don’t have the time. I imagine many would violently disagree. They just haven’t thought it through. We *DO* have a choice. And I choose to avoid the cloud entangling my life… except for HackADay!. :-)

    1. You do know those CD/DVD/BD media items will be useless in a few years as the media itself becomes unreadable and the players/interfaces become unobtanium and irreparable, right?

      1. That is the other part of ownership: Its my responsibility to keep it running, if I so desire. As @N-e-b-u-l-o-u-s so eloquently stated, I keep it working. And at least I have the choice. My Laser Disc player is still playing the handful of movies I have on Laser Disc. I’ve repaired it a couple of times. I’ll probably run those down to BD some day. The video quality was superior to DVD. BD will be the only thing that does it justice.

        If I still had movies on CED or BetaMax I would still be able to play them as long as I maintain the player. Although both of those mediums are liable deteriorate with age and plays and so I’d back them up on something else: DBD, BD, MP4, … *I OWN* them. I have the choice. This is of course why the entertainment industry loves iTunes, Amazon, … *THEY* have the control.

        Also its of interest to note that from what I’ve read the low end life span of these discs is about 25yrs the upper end 40. That’s more than enough time for cloud services to go bust, upgrade me out of a product they claimed I “owned”, get bought out and break/drop the service, …

        And then there are backups I can make… I have floppy images of software I used in the ’80s and ’90s on DOS machines. Hear of DosEmu, DosBox, … MP3s of my CD collection. The CDs are really my backup. :-) Once again because I own it I have choices.

        Oh and I’m still playing those CDs from the ’80s. LPs anyone? I have those too. And OMG… they still play! I gotta start burning backup CDs of those!

        These are things you own. Everything in the cloud is owned by those who host the service, including whatever data you *choose* to put up there. Privacy? Anything you put on the cloud is now in the hands of someone else. Even when the companies have the best intentions it doesn’t mean that their employees do. There have been several reports of employees exfiltrating data from cloud service users, even selling it off. Anyone who wants privacy regarding something should never put it in the “cloud”, unless *THEY* encrypt it on their own devices first and then push it up.

        Ok… I better quit now… As the T-Shirt and @smellsofbikes said, “There is no cloud. Its just someone else’s computer.”

      2. This is why I won’t consider a piece of media “mine” until it’s in an open format on my nas (being hot storage, I expect to migrate my nas data to newer systems over the years). If I can’t rip it, I consider it expendable and will therefore be much less willing to spend money on it.

    2. Any music and video not created by you on those silvery round beermats is only licenced to you. You’re still reliant on someone else’s knowledge to access that data, unless you have the knowledge and capabilities to build yourself a silvery round beermat player.

  7. “It is highly unlikely that Google will pull the plug on, say, Gmail, anytime soon. If that day ever comes, we would expect they’d give us plenty of warning and migration options of some sort.”

    I believe you can bulk download an archive.

    “Both gave a good bit of warning but they didn’t have to. Even with that warning, niche communities who had formed and thrived on these platforms had to scramble to backup as much content as possible, packing up and looking for a new home.”

    The difference between what YOU pay for vs what SOMEONE ELSE pays for. People could pay for their own cloud service under their direct control.

    “The situation gets pretty tricky when it comes to devices like Best Buy’s hardware. Here’s it isn’t merely a case of data being unavailable, but the electronics you spent your hard-earned to acquire end up as paperweights literally overnight.”

    Games are like this as well. Maybe releasing enough information the community could create their own back-end.

  8. “If the company decides to pull the plug, the escrow provider lights up a server that preserves files for download for 30 days in a common format like DXF. The CAD company would advertise this as a benefit to induce you to use their service.”

    30 days is not much benefit when the lifetime of a product is decades long. It’s one of the biggest problems with FPGA’s. They’re *reprogrammable* logic. But when the company announces EOL of a chip, support lives on for a year or so, then all tooling vanishes with no recourse. Just try find Xilinx tools for an older FPGA, say the XC2064. You can buy stocks on ebay, but they’re useless. Yet much older GAL’s, 74-series logic chips, etc will be useful 50+ years from now.

    And as for Insignia, my Infocast (Chumby) still works fine, but there’s no servers for it to talk to, short of rolling my own. No more Chuck Norris Widget. Cloud-based = time bomb forced obsolescence no matter how you slice it.

    1. Chumby!

      My first SBC was a Chumby, the Chumby Hacker Board. I used it as my own personal VPN, later a proxy, later a seedbox… Now it’s gathering dust somewhere. Later came the first RasPi, the Carambola from 8devices, and a Cubietruck (now my personal video player under my happy dumb TV).

      1. Both Chumby and Sony left my devices dark, but there’s a pay-for service (probably in some guy’s garage) to bring your Chumby or Sony Dash back up with at least a few of the apps active again. Don’t think the guy is getting rich, but I pay him a few bucks and I get my “worlds best alarm clock” back up and running.

  9. Disclosure – I am the former employee of a company that shut down a division several years ago; and this division had some products that were code-intensive. Some large and long-time customers were given approximately a 18-month notice, but most others were given a three-month notice. None of these products were ‘cloud’ based equipment, but support, firmware updates, and related forums were deleted after the division shut down. The company retained some stock for limited warranty support, but the customers had no other support (which may not be significant as this former employer sold to other companies that sold to the end-use consumer).

    “We should consider software and *documentation* escrow a mandatory part of “right to repair.” If they screw us over after taking the money, we should have access to the software and the documentation so we (or at least a technically inclinded user community) could keep our investments from turning to landfill.”

    No. There are obvious liability issues where code or schematics are released for many types of products. And some consumer goods fall into that risk category per Canada, Mexico, and U.S. statutes. Who knows anymore what passes for liability in Asia and Europe.

    ” I refuse to use the phrase in conversation, preferring to make it explicit: “someone else’s computer.” We’re storing our data on someone else’s computer. This is backed up on someone else’s computer. It gets the point across. ”

    True, but probably does not increase understanding of IoT or cloud stuff in any meaningful way. Most people in supposedly developed countries remain baffled by most ‘technology’.

    “Here’s a major difference: I never paid for Gmail. Crippling devices I did pay for is something completely different.”

    Be careful making such assumptions. You have and will continue to pay for gmail and other such ‘free’ services in more ways that you can know.

    “Cloud-based = time bomb forced obsolescence no matter how you slice it.”

    Perhaps, but much consumer stuff is simply unreliable crap. So it is a race between loss of cloud support/company gone and hardware failure.

    “But when the company announces EOL of a chip, support lives on for a year or so…”

    Twice in previous 12 or so years, a major chip vendor has obsoleted a product on me with 60 days or less notice.

    “IP laws are a PITA.”

    That is their intent. It is by lawyers and it is for lawyers. Laws are not for us plebeians, they are for ‘them’.

    Final thoughts:

    Shit happens.
    Life sucks then you die.
    Not much has a logical explanation, and any meaning is found by following the bottom line.

      1. If we’re honest, I think we know there’s perfectly good reasons why code for these things isn’t open-sourced at EOL:

        – they almost certainly used code libraries which they can’t open source
        – they developed code which they’re continuing to use for other products, just not this one
        – the system was actually not very secure, and they don’t want to expose that
        – our litigation culture has made the (perceived, whether or not real) risks of releasing it too high. If someone rolls their own server and kills themselves, who’s liable? What if the bug was already in the company’s code? Even if it’s a no-brainer, the court costs (and time) will still be there, and the risk isn’t worth it
        – the system relies on secrets for security (e.g. their company private key), which they won’t release as itd allow you to attack other users, or newer products.
        – the system relies on certificates for security, which you can’t fake anyway
        – they’re EOLing it now, but they might well sell it on to someone else, or resurrect it later.
        Etc

    1. “No. There are obvious liability issues where code or schematics are released for many types of products. And some consumer goods fall into that risk category per Canada, Mexico, and U.S. statutes. Who knows anymore what passes for liability in Asia and Europe.”

      If you’re going to cite laws of that sort, the least you could do is to indicate where such laws may be found and what they say.

      Remember when radios and TVs used to have mandatory requirements to post schematics of what was inside of them? Granted, they were also stated to have “user serviceable” parts inside.

      –But isn’t that what software is? If software itself isn’t “user-serviceable” then what is?

      The real liability will happen when cloud services stop, and the IoT devices stop working as designed. You can tell everyone that you’re protecting us from ourselves. But bland excuses based on hand waving are not going to convince many people here.

    1. Most people, it seems.

      Top managers also want to save money by moving local computer services somewhere else. The fact that all of their data is stolen does not seem to cross their minds.

    2. Lots of people shop for stuff like this based on price and perceived features. I decided to get smart lights for my home and I chose the Philips Hue system for two reasons, despite the (relatively) eye watering price tag compared to competitors . 1 – better overall product quality and light quality. The lights don’t have any flicker to them and don’t get crazy hot like some competitors, and they have an entire ecosystem of different products. 2. ALL OF IT RUNS OFF A LOCAL LAN BRIDGE DEVICE. No cloud. There are some optional things you can have it do with a cloud account, but I haven’t bothered to make one, nor will I.

  10. It’s not just Cloud based things where this happens. I used to use (until very recently) an FTP app on macOS. Fantastic piece of software, never had any complaints with it, but on transferring to a new iMac, I found out that the developer sadly passed away and the app is no longer available, nor supported. His estate could have benefited from sale of the source code and customer base, but unfortunately, it looks like they’ve been unable to arrange this. I love the idea of source code escrow, might have a chat to my boss about this.

  11. This unnecessary use of cloud as a form of hardware DRM needs to be made illegal under environmental laws, which would be an easier way to sneak it past the attention of the tech lobbyists.
    All this stuff ends up in landfill when the corporate overlords pull the plug.

    same with repair and replacements, software lockouts of any kind like this should be illegal as they are anti-user and bad for the environment in the sense that the bricked devices end up, once again, in landfill…

  12. “It is highly unlikely that Google will pull the plug on, say, Gmail, anytime soon.”

    That depends on the timeframe you regard as “soon.” They have no issue discarding data without migration options after they consider it commercially irrelevant, even if it is clearly personally or historically significant.

    Case in point: Google Groups used to hold a rather significant archive of Usenet after they bought up Deja News. It is now a barren wasteland. If it were not for private archives much of the early communication of the internet and slightly before that would be completely lost. Don’t think for a moment that they wouldn’t do that to your lifetime archive of emails once the “next best thing” comes along and will be widely accepted. Not immediately, of course, but after some time. Silently, and irrevocably. And then you’ll be left wondering how to retrieve that communication from 20 years ago that, for whatever reason, has become relevant to you again.

    I am not anti-cloud when it comes to ephemeral data. Technology becomes obsolete, and after it does, support of obsolete technology will dry out eventually. A small cottage industry and some very enthusiastic enthusiasts come in, but those are the outliers. Analogue TV is gone now, analogue radio is on the way out, there haven’t been physical phone lines in a while, and fax machines are all but gone (except for in Japan, that glorious Galapagos Island of technology.)

    But one really, really shouldn’t rely on someone else to keep their data (accessible) for any timeframe whatsoever. The cloud is to be regarded as that single drive on your desk that may fail any time. And the general rule for hard disks can and must be extended to the cloud: If your data is stored in only one single place, it is stored nowhere.


  13. I never trust things (or buy them) that depend on cloud (or clod) services.

    Who would be stupid enough to do that?

    My thoughts exactly. We don’t trust our data (think photos, backups, etc.) in the cloud. I liked the analogy above of putting your stuff in another persons garage. Would you do that not knowing the person who offered it to you? Can you say Identity theft field day?

    Certainly don’t understand why you would bring Alexa and such into your home either.

    Automating things in the home is neat, but then letting it loose with access from the cloud seems dangerous to me. So my ‘cloud’ stays local.

    What do Iphone users do when they say switch to android? Does Icloud go with? Or are you ‘locked in’? I have an iphone (company required), and just use it for phone/text. Occasionally maps/safari/calculator or I may take a snapshot (rare).

  14. I really wish that when a company EOLed something (or EOLed the backend that powers something) they would either open source all the software/drivers for it, OR AT THE VERY LEAST, release enough documentation about how it worked such that someone else could write their own driver for it, etc..

  15. One of the major issues with IoT is product longevity. How long is product support really supposed to be? Houses last decades if not centuries. The 100 year old houses in my town still have original electrical switches that work. It would be absurd if I need to change my light switches every 2,5,10 years because they are “smart”. That level of product obsolescence is terrible for scenarios like homes where certain things should last for a decade or two or more.

    My parents have x10 switches going on 30 years. That’s not bad. And I can still integrate them insteon and even a Crestron system.

    All the smart devices I have in my house work without cloud interaction but I have to pick and choose what products I buy. I would love it if the smart home manufacturers would make offline APIs standard across more devices.

    Places like Lowe’s and Best buy clearly have no business in this space though.

  16. This is particularly a problem when others force us to use cloud based technology.

    Smart meters for instance.
    The city recently replaced our analog electrical meters with smart meters.
    Some of the analog meters dated back well over 60 years.
    They just keep working.

    Now we have smart meters, which cost a lot of money to install.
    They were estimated to break even in on the order of 10 years.

    It is unlikely that these will be allowed to last for decade after decade.
    So we will have to pay again and again to replace these every few years.
    (Generating a lot of electronic waste.)
    (The wireless systems they use probably won’t remain secure for
    decade after decade, even if they are secure-ish now.)

    Same scenario goes for automobiles.
    As manufacturers move to smart features it may become impossible to
    get non-cloud using devices.
    (How many cars can you get now that use an actual physical
    key/key hole to unlock each door. How do you open the ones with
    electronic keys when the car has no power?
    How about cars with manual window openers. (How do you open
    power windows when your car is under water?)
    That is not a cloud problem, but an example of how features one
    may not want are forced onto us.)

    1. Smart in any description doesn’t imply cloud. Server at head office is more like it, and the worst if the radio goes dead is they don’t get the info to bill you (ask me how I know) a situation they’ll quickly remedy.

    2. Opening was not so much a problem. Locking it up again was impossible. Luckily there were some people which gave me a jump start.
      I drive mostly alone and I sometimes like to open all windows and the sliding roof in good weather. It would not be practical to crank down right side and rear windows. So power windows are the way to go. Driving under water anyway was never a thing I considered. If I really have to do that, I want a submarine.

  17. Surprised no one has mentioned IRIS by Lowes. That service went belly up earlier this year, but there was quite a bit of warning and they gave out $40 visa gift cards for the inconvenience. They also promised to open source the software and followed through…https://github.com/arcus-smart-home; although, I am not sure if their code release is usable.

    The reason I think some people are drawn to these cloud home automation things is the cost and ease of setup. On one hand, blame Alexa, Google Home, etc on the setup bit. On the other, think of the non-techie consumers that aren’t sure about this home automation thing to begin with; aren’t sure they will like it; or understand the cloud implications:?; however, they want to have just a single light switch automated. Should they buy a local-only system from their box store that will most likely run them well over $100 USD and likely confusing for them to setup? Or buy a single wifi switch that likely costs $30 or less, and has a setup process they are possibly already familiar with?

  18. In the UK/EU, you might have the right to go back to the retailer and ask for a refund as the product no longer works as advertised. I heard of people doing this when Sony removed support for Other OS in the PS3, and I managed to do it with an eReader that said it could do something (can’t remember what now) but wasn’t able to as they hadn’t actually started that online service when I bought it.

    https://www.techspot.com/news/38542-ps3-owner-gets-refund-over-other-os-removal.html

  19. There is no cloud.
    Only other people’s computers.

    Chumby actually cdis it pretty well. They took an insanely long time to finally shut down, long after they had basically became irrelevant.

    1. Jeez that’s some premium priced coffee wank. You could have a thousand coffees from coffee shops for the price of that thing, assuming it doesn’t break, and before you buy any coffee to put in it.

  20. This is why all of my home automation stuff is either home-built, based on open source APIs (running on my servers), or a product that allows me to keep it literally “in house” (e.g. PLCs and industrial controllers). Also, most of the IoT stuff out there is not at all secure and is easily hacked.
    Sure, I don’t have all of the really cool or useful gadgets, but as long as I still have the ability to repair and/or replace everything, I’m ok.

  21. I fully documented their protocol / implementation and successfully managed my own session and access token until about a year ago when I forgot to “renew” an access token after 30 days of inactivity.

    It was at this point I discovered they upgraded their certs (likely TLS related) and lost the ability to run the Insignia app through an SSL proxy to sniff out the negotiated access token to get things going again.

    I’d be more than happy to share the code I developed for this. It ended up being a simple combination of a shell script, curl, and jq.

    1. This brings out an important point. The issue in being able to use IOT devices without a proprietary cloud service is often not a matter of the software accessibility or the message format being used. Those can usually be reverse engineered or replaced. The problem is often because secret keys are deliberately implemented to require the use of their cloud service. If the keys were made available to the users, even if that is only when a company goes bust, it should be possible to use the devices without a proprietary cloud. At one point I was interested in using Samsung IOT hardware but it required the use of their keys with their service so I junked the hardware.

      1. I remember coming across a job posting deeply embedded in their API at one point. I want to say they had it set in a header and it basically read:

        “If you are reading this we think you may have the right stuff to be a member of our team to work on state of the art IoT software and hardware. Please forward this note and a resume to XXXX”

        Glad I never followed their advice. Sounds like I’d be out of a job.

      2. Keys make devices secure. If the keys are made public wouldn’t all the devices become insecure? Is insecure better than unusable? What happens when the keys are used to hack and obsolete product and someone is injured? Who becomes liable then?

        1. Keys are good. The question is who controls the keys: you or somebody else. Would you give your front door key to somebody so that you have to ask them to open your door every time you want to go in?

  22. I see no reason for a light bulb or switch to be connected to someone else’s server.

    I once had an electric company ask me for the last 4 of my SS number.
    This lady said it was part of their “new security protocol”. If I didn’t provide it to “prove I was on the account”,
    I wouldn’t be able to pay the bill.
    Well, my reply to that first rep was, no way was she getting my SS number, Not happening, no, nada zip.

    She said she wouldn’t let me pay my bill without it. Really?
    I said, then I guess I’m not paying today. Hung up, called back, got a different rep,
    paid my bill and she even offered to delete my SS number once I explained what happened.
    They would rather have a paying customer than lose one wouldn’t they?

    Same thing with Upwork. They wanted a scanned copy of my ID to “help prevent fraud
    and scams.” Told them they weren’t getting it, they said I could no longer use the site Bye bye. Gone from Upwork.

    So, they’re worried about “fraudsters, hackers and scammers” on their site and I’m supposed to give them a scanned
    copy of my ID? Same thing with Farcebook. Wanted my ID. Nope. Bye bye.

    This is why the “internet of things” and “cloud based services” are doomed to fail. Not only are people not
    willing to give up information they consider private, they don’t want to have to rely on “someone else’s server”.
    Also, what information is being sent to the “cloud”? These “smart” meters also send data back.
    Based on that data, it can be determined when you’re home or not. With these cloud companies, what happens
    to that data once the company goes belly up? Granted, the support, files, updates, etc. will stop, but where does
    are data go once the servers shut down? What’s to stop someone from buying all that old hardware and mining
    it for data? Light bulbs, televisions, doorbells, and baby monitors existed before cloud computing and the internet
    of things. In the end my data security is up to me, and ultimately I am the one to make the decision as to what
    data I decide to release. So, no smart lights, tv’s etc. etc. in my house.

  23. Excellent article Al, well done! (And nice to meet you at the supercon!)

    This same cycle will repeat some number of times before consumers wise up. The smart thing for a new IOT device startup to do is open source the server side (or an server side) so that people know the cloud / someone else’s computer part will or at least can always be available. Of course, that means the device configuration will need to have an option to set the url / ip of the service provider.

    The service doesn’t make any money anyway, unless there is some data you can sell. Who wants to know that Mr. Jones “patio” light is on? And believe me, services need to make money somehow. Donations? Promised funding from some major player? I just don’t see any of that happening. If you want to pay once, and have a free service behind the device for it’s useful life, you need
    1. To host the service yourself / pay for the service
    2. Give away some information or something that makes the service data worth having.

    The solution I would love to see (but probably won’t) is a totally open source set of products which are easy enough to use that the average joe / non-hackaday reader will still buy them, along with a small “cloud” service provider (read:raspi) that sits in your house and runs things for you via your twitter account or whatever. E.g. you want to turn off your “patio” light? You post a message to your twitter account, the pi picks it up, and tells the light to go off. You pay for twitter (insert social media or messaging service) with other content, and can reconfigure your devices as needed.

    And you can update firmware if it gets hacked, or the hackaday people release a cool new feature. If that’s easy to do, even joe average might do it.

    Anyway, we should step up, and I’m interested in helping.

    1. Most of the elements necessary to do this already exist although there is some effort required to integrate all the hardware and software if you want a solid secure system. A combination of ESP based devices with a Pi based gateway using MQTT and Node-Red covers most of what is required. The hard part to find is an easy to set up and use App for controlling and monitoring devices. I have used App Inventor but it doesn’t have a MQTT interface let alone a secure MQTT interface, although I have been able to fake it somewhat. Thunkable, a spin-off from App Inventor, shows some promise but its MQTT interface is a paid-for extension and, if I recall correctly, doesn’t support secure MQTT with client side certificates. That is important for security. I don’t mind paying for the extension but only if I can be sure it will meet my needs. Does anyone know of a simple App Dev environment that can create apps which can communicate with PI based servers using secure MQTT?

      1. Two ideas for easy config:
        1. WiFi Access Point mode in the ESP’s. Serve a standard http web page for configuration to the router, then once connected locally, just hit that IP to configure further. Did that here:
        http://techref.massmind.org/techref/ESP8266/WebSerial.htm

        2. Use USB OTG with a local cell phone or tablet. Granted this is less sure, but it’s interesting as an option where you don’t want to use WiFi:
        http://techref.massmind.org/Techref/language/DroidScript/BusPirate/index.htm

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.