cross-posted from: https://lemmy.world/post/32265822

xkcd #3109: Dehumidifier

xkcd #3109: Dehumidifier

Title text:

It’s important for devices to have internet connectivity so the manufacturer can patch remote exploits.

Transcript:

[A store salesman, Hairy, is showing Cueball a dehumidifier, with a “SALE” label on it. Several other unidentified devices, possibly other dehumidifier models, are shown in the store as well.]

Salesman: This dehumidifier model features built-in WiFi for remote updates.
Cueball: Great! That will be really useful if they discover a new kind of water.

Source: https://xkcd.com/3109/

explainxkcd for #3109

  • ragebutt@lemmy.dbzer0.comEnglish
    12·
    9 hours ago

    This has been my approach and it has gone okay so far except for 2 issues that are quite a pain:

    1: you have to thoroughly research what you buy. Does it work on an isolated vlan? Just because it works with home assistant does not guarantee this. Many home assistant users are comfortable with some degree of data collection and an integration does not mean that it will work local only (nor does it mean that all features will work). If it does work local only you may sacrifice some features. Cameras are a good example. Most cameras with object/person detection do this in hardware, but not all. If you circumvent the Internet connection and proprietary app you may sacrifice this, or more likely alerts

    2: there is 0 regulation binding a vendor to the terms of service agreed to at the point of sale, including making significant and sweeping changes. Case in point: I got a chamberlain myQ garage door opener. It worked well and opened my garage door. Integrated with home assistant via the API. However, chamberlain serves a lot of ads for upsells and services via their shitty app. They decided that users circumventing the app and not seeing that you could give amazon drivers access to your garage to deliver packages (seriously) or buy shitty cameras was unacceptable so they updated the TOS and revoked API access for all users. The only way it works now is via their app. I sold mine and built a ratgdo

    Another example is Philips hue: while they have been able to be used local only for over a decade Philips has decided they’re going to start a subscription security service with all the devices that entails based around the hue hub. At some point in the near future if your hub updates it will require you to sign in to a Philips account and be online. This one’s way worse as some people have thousands of dollars invested in hue. I have like $300 in the fancier white hue bulbs but some people on the HA forums and reddit literally have their house decked out with like 80-100 bulbs, many of which are the RGB. Kind of silly but they do work very well, flicker free, good color, and last ages. I still have some from like 2016 going strong. Luckily here if you have the bridge on an isolated vlan it won’t update and worst case the bulbs work with zwave zigbee but the principle of the thing is ridiculous. It should be illegal for a company to change the terms this far after the contract of sale

    Other examples too. Many car manufacturers (Mazda, Chevrolet, ford) because api access limited data collection for them to sell, some companies are openly hostile to home assistant and when an integration is created they will go out of their way to break it (Ariston, bambu), etc. see https://github.com/unixorn/internet-of-trash

    • Landless2029@lemmy.worldOPEnglish
      3·
      16 hours ago

      Gahhhh…

      Sounds like a total PITA

      And yes we need stronger consumer protections.

      I follow FUTO so I’m aware of TOS BS.

      • ragebutt@lemmy.dbzer0.comEnglish
        2·
        9 hours ago

        I’ve been happy with reolink cameras fwiw though not 100% so. They do have some nonsense though

        I also prefer Lutron Caseta for lighting. It’s fairly bulletproof (I’ve literally never had any connectivity issues in like 6+ years) and they haven’t pulled any tos nonsense as far as I know. Downside is pricey and the install is more complex than typical iot stuff. And while they can control outlets they are only rated for 10A lighting so keep that in mind.

        The only internet requirement for both of these (not always with reolink I think but at least with the cameras I have) is that you have to allow internet once during initial setup to pair devices. Once that is done you can remove internet access and delete the app

        The common thread with these is wired too. The further along I go the more I realize that 2.4ghz WiFi iot shit is garbage. going from WiFi cameras that had privacy concerns and disconnected to local only poe cameras that just work was very nice. Learn from my mistake, don’t buy bullshit eufy cameras that you then have to sell at a loss.

        And for your own sanity don’t try to get smart smoke detectors. Your options are either Google/nest that apparently does work well (never tried it, fuck Google), the new kidde that is built into amazons ring platform (never tried it, fuck amazon, plus the preceding model had awful reviews), or the new firstalert that is replacing the Google/nest (again, fuck Google, but I did try the preceeding first alert and it was atrociously bad).

        I mention this because this brings up a key issue with regulatory compliance in the US (and probably EU, dunno). You can also try a number of off brand detectors as well that apparently work a lot better. If you search amazon for smart detectors you’ll see stuff like x sense and these apparently have somewhat solid reviews and work okay (though getting them to work in HA is mixed).

        However, what amazon fails to mention is that these types of detectors have not been submitted for regulatory compliance in the US (unlike Kidde, firstalert, etc that you’d find at a home depot). They “meet UL requirements” but they have not been submitted for testing so they cannot print the UL logo on the box (legally) but they can write “meets UL requirements”, which is misleading. Fuck amazon and fuck the us government for giving them no culpability in selling obscenely dangerous bullshit

        This means if you use these and your house burns down your insurance could technically nullify your policy for not having adequate protection. Or they could not work and you could die, of course

        There are smart relays you can tie into an interconnected smoke detector circuit using normal smoke detectors that are appropriately rated if you do want alerts on your phone. There are also device that will listen for chirps but these get false positives

    • psud@aussie.zoneEnglish
      1·
      16 hours ago

      My “smart” bulbs are at the less online end of the spectrum, they host local wifi or bluetooth for configuration via their app, but even that can bite you

      I added a wifi range extender to address the problem of stuff at one end of the house regularly losing connection and needed to point one of a particular brand at the new wifi

      Its app hadn’t been updated and I needed to dig out my old phone stuck on an old version of Android to set the bulb up again