An engineer got curious about how his iLife A11 smart vacuum worked and monitored the network traffic coming from the device. That’s when he noticed it was constantly sending logs and telemetry data to the manufacturer — something he hadn’t consented to. The user, Harishankar, decided to block the telemetry servers’ IP addresses on his network, while keeping the firmware and OTA servers open. While his smart gadget worked for a while, it just refused to turn on soon after. After a lengthy investigation, he discovered that a remote kill command had been issued to his device.
remote kill command had been issued to his device.
What the actual fuck?!
The fact that this isn’t considered outright fraud is disturbing. This person OWNS the device, yes? They’re not leasing it.
FFS, this should be illegal.
I agree with you that this should be illegal. I expect this was in the terms of service, though. Since we have no laws restricting this kind of bullshit, the company can argue that they’re within their rights.
We need some real legislation around privacy. It’s never going to happen, but it needs to. We need a right to anonymity but that is too scary for advertisers and our police state.
Terms of service need to stop being treated like law.
I have just purchased a Dreame L10s Ultra and have had the PCB for a breakout board made and components for setting it up ordered. In a few days I should get the last bits and I will be able to root the device and have it connect to Valetudo managed through Home Assistant. Fully local operation with basically the same features but none of the privacy issues. As soon as I can get it connected I will be able to use it just like a robot I actually own should without some random third party being involved in every single operation.
I was thinking about getting one but I learned that they do require a lot of maintenance like cleaning the brushes and you have to change parts regularly. That sounds like more work they just sweeping from time to time. Also, broom has a lower carbon footprint.
I bought one and was disappointed to realise that i still need to (manually!) tidy up the rooms (kids’ toys, cats’ toys etc) for it to have good effect. yes, i am not very smart.
Ours has needed very little maintenance and has quickly become a necessity because it gets the floors much cleaner that we ever did. An unexpected consequence is that the whole house stays cleaner because we still spend some of the time and energy we were spending on sweeping on other cleaning tasks.
As much as the thing irritates me you’d have to pry it from my cold, dead hands.
I guess it depends on your use case. I know people with pets love them because sweeping hair is a lot of work. Probably the same with kids. For us with no pets or kids there’s really not that much sweeping.
My robot vac will only operate when connected to the Internet so it’s only allowed to communicate when actually in use. As soon as it returns to the charger Internet access is automatically blocked.
Unfortunately the manufacturer has deliberately made this as inconvenient as possible. If communication is blocked for more than a few hours the vacuum loses all maps and will no longer even load saved maps from the Tuya app. To use it the vac must be powered down and the app killed. Only then can a saved map be restored.
It’s too bad it’s so useful.
Name and shame.
from the Tuya app.
it’s only allowed to communicate when actually in use.
What’s the point? The manufacturer is interested in the map of your apartment and usage statistics. What do you think it’s sending when not in use? Does it have a microphone or something?
Since I haven’t pulled it apart or tried to decrypt the ssl traffic I have no idea whether it has “a microphone or something.” That’s the point.
Keeping it offline some of the time isn’t effective against passive data collection unless you’re willing to take the inconvenient step of factory-resetting it each time you’re about to use it. Anything it collects it can just hold onto until it next gets the chance to upload.
I specifically got one which can run valetudo and it works great for over two years now. Without sending images of my flat to china or the us
while this is good, we really don’t need all these smart devices in the first place
Libre alternative?
…when i ‘buy’ something, should i not own and be able to use it and all functions until the end of it’s mechanical processes?..
