Logitech Once Again Shows That In The Modern Era, You Don't Really Own What You Buy

from the sorry,-I-can't-do-that-Dave dept

Thu, Nov 9th 2017 1:28pm — Karl Bode

Time and time again we've highlighted how in the modern era you don't really own the hardware you buy. In the broadband-connected era, firmware updates can often eliminate functionality promised to you at launch, as we saw with the Sony Playstation 3. And with everything now relying on internet-connectivity, companies can often give up on supporting devices entirely, often leaving users with very expensive paperweights as we saw after Google acquired Revolv.

The latest example of this phenomenon is courtesy of Logitech, which annoyed consumers this week by announcing that it would be shutting down all support for the company's Harmony Link hub. Released in 2011, the Link hub provided smartphone and tablet owners the ability to use these devices as universal remotes for thousands of devices. But users over at the Logitech forums say they've been receiving e-mails informing them these devices will be effectively bricked in the new year:

"This is an important update regarding your Harmony Link. On March 16, 2018, Logitech will discontinue service and support for Harmony Link. Your Harmony Link will no longer function after this date...There is a technology certificate license that will expire next March. The certificate will not be renewed as we are focusing resources on our current app-based remote, the Harmony Hub."

Again there's no monthly subscription fee for the service, and Logitech is compounding the problem by not really clearly communicating why it's deciding to completely brick Link units. On the plus side, Logitech says it's giving Link owners under warranty a Logitech Hub for free, and providing out-of-warranty Link owners a one-time, 35-percent discount on the Hub. But many users in the company's forums and over at Reddit are questioning why the hardware needs to be crippled entirely (instead of just, say, ending formal support):

"This exact situation right here is why Ive always said “if it requires a cloud service to function, I dont want it” hosting things locally on my own network is where its at.

Indeed. While this entire fracas was unfolding, several Reddit users discovered that the company was banning users from using the phrase "class action lawsuit," which unsurprisingly is only making frustrated Link owners more annoyed.

Update: After some notable backlash, Logitech has announced that all existing Harmony Link owners will be upgraded to the company's Harmony Hub, for free. Which is nice, but doesn't really change the reality that you no longer actually own what you buy.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: cloud, drm, harmony link hub, hub, iot, ownership
Companies: logitech

42 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Rich Kulawiec, 9 Nov 2017 @ 1:44pm

One more time, for the slow learners
If your device depends on someone's cloud service, then it's not YOUR device.
[ link to this | view in chronology ]
- Mark s, 10 Nov 2017 @ 3:22pm
  
  Re: One more time, for the slow learners
  And if it's NOT connected to the cloud, it likely won't get timely security updates, if at all. So pick your poison...
  [ link to this | view in chronology ]
  - MindParadox, 11 Nov 2017 @ 9:43am
    
    Re: Re: One more time, for the slow learners
    umm, if it isn't connected, why would it need security updates?
    [ link to this | view in chronology ]
    - The Wanderer (profile), 12 Nov 2017 @ 4:39am
      
      Re: Re: Re: One more time, for the slow learners
      "Not connected to (and depending on) a third-party cloud service" does not equal "not connected to / accessible over the Internet".
      [ link to this | view in chronology ]
  - Green Eggs and Ham (profile), 12 Nov 2017 @ 12:49pm
    
    Re: Re: One more time, for the slow learners
    Re: "And if it's NOT connected to the cloud, it likely won't get timely security updates, if at all."
    
    If its not connected, then it wont need security updates.
    [ link to this | view in chronology ]
Anonymous Coward, 9 Nov 2017 @ 1:59pm

On the one hand, this was handled incredibly poorly by Logitech and there is certainly an issue with loss of functionality on purchased products.

On the other hand, unless we come across a paradigm change in the software/firmware/hardware interaction model (which may or may not be possible), this is also a necessary part of the process of "securing the internet of things," another problem that Techdirt talks about a lot.

Because the reality is that devices we own have security holes. Probably all of them, but certainly most of them. And patching those holes requires a continuous level of development support. So given that we can't require that all companies provide eternal security support for their products (it's simply unrealistic to do so without the above paradigm change), we will have to make a choice.

We will either have an ever increasing number of insecure, internet connected devices that can be used by bad actors to cause any number of problems. Or we can routinely experience loss of functionality in older products.

And while certainly broader support of various open source firmware/software can provide some relief to this for tech-savvy consumers... it's not the tech-savvy consumers whose devices are a major issue here.
[ link to this | view in chronology ]
- Anonymous Coward, 9 Nov 2017 @ 2:16pm
  
  Re:
  Because the reality is that devices we own have security holes. Probably all of them, but certainly most of them. And patching those holes requires a continuous level of development support. So given that we can't require that all companies provide eternal security support for their products (it's simply unrealistic to do so without the above paradigm change), we will have to make a choice.
  
  The choice is easy:
  - The company can support the device until reasonable consumers would have discarded it for other reasons.
  - The company can explicitly and publicly commit up front to not providing that support, so purchasers know before they buy that they product may be unnecessarily bricked at corporate whim. Hiding that type of warning in a EULA does not count.
  - The company can commit to not locking out interested users from self-supporting. This means, at minimum, that before the company-hosted cloud servers shutdown, the company releases to the community everything that the company's own staff would need in order to stand up a replacement cloud data center: estimates on bandwidth, storage, and CPU requirements; dependency information; source to rebuild all relevant previously proprietary components; certificates to update the device or, if available, instructions on how a physically present owner can override the certificate check; information on how to redirect the device to use an alternate server of the owner's choosing (whether self-hosted or run by a group of interested users).
  We will either have an ever increasing number of insecure, internet connected devices that can be used by bad actors to cause any number of problems. Or we can routinely experience loss of functionality in older products.
  
  I have a keyboard and mouse that are older than most still-functioning laptops (more than 10 years, maybe longer). They were built to last, and they have lasted well. Of course, the manufacturer at the time had no option to stupidly make them "Internet of Things" devices, so they're classic "dumb" devices that cannot be remotely disabled at the manufacturer's whim. Nothing in this announcement says that they needed to halt this line because of unfixable security vulnerabilities. It looks to me like they simply got tired of running the cloud server it required, didn't want to let anyone else run the cloud server, and so decided to scuttle the whole project.
  
  And while certainly broader support of various open source firmware/software can provide some relief to this for tech-savvy consumers... it's not the tech-savvy consumers whose devices are a major issue here.
  
  Non-savvy iPhone users loved using jailbreaks on their phone to enable installing third-party enhancements written by savvy non-Apple-approved developers. There's no requirement that all customers be tech-savvy for this, only that there are some who are tech-savvy, willing to share, and that the device doesn't make it unnecessarily difficult for the non-savvy to benefit from that sharing.
  [ link to this | view in chronology ]
  - Anonymous Coward, 9 Nov 2017 @ 3:32pm
    
    Re: Re:
    
    I have a keyboard and mouse that are older than most still-functioning laptops (more than 10 years, maybe longer). They were built to last, and they have lasted well.
    
    Obviously not a Logitech mouse. Don't buy Logitech mice. There's no internet-enabled bullshit, just crappy microswitches that will be glitching in a couple of years.
    
    Of course, the manufacturer at the time had no option to stupidly make them "Internet of Things" devices
    
    Not true. The CueCat, released 17 years ago (late 2000 during the dotcom boom), is the prototype of uselessly-internet-enabled things. They used cryptography to make sure nobody could use it without the service. The service, of course, had a security breach that exposed the private details of 140000 users. And it was all shut down in January 2002, which gives it a lifetime of less than 18 months. All devices were then bricks, except to a few techies who could mod them... liquidators were offering them for 30¢ each but I doubt people would've paid for shipping if they were free.
    [ link to this | view in chronology ]
- Anonymous Coward, 9 Nov 2017 @ 2:42pm
  
  Re:
  A good start would be to avoid unnecessary permanent connection to the Internet. If the device is not on-line, or only on the users network, security becomes much less of an issue.
  [ link to this | view in chronology ]
  - ralph_the_bus_driver (profile), 10 Nov 2017 @ 8:34am
    
    Re: Re:
    While very true, that is increasingly unfeasible. Many organizations are, if not using cloud based operations, using off site servers shared by several sites.
    
    Add in the push to make apps and programs cloud/server based will only further that.
    
    And that sucks.
    [ link to this | view in chronology ]
    - Anonymous Coward, 10 Nov 2017 @ 12:24pm
      
      Re: Re: Re:
      What is unfeasible about avoiding connecting everything to the cloud. About the only reason many of these devices do so is because the senior management of the company want to collect user data because somehow big data analysis will increase the companies profit.
      [ link to this | view in chronology ]
- Anonymous Coward, 9 Nov 2017 @ 2:47pm
  
  Re:
  
  We will either have an ever increasing number of insecure, internet connected devices that can be used by bad actors to cause any number of problems. Or we can routinely experience loss of functionality in older products.
  
  Or we can decide that maybe a universal remote control doesn't require internet access. It might be nice to make it compatible with newer hardware (though it's a problem entirely caused by AV-equipment companies' refusal to use standards)... but we could have people insert an SD card to load new codes. Unless by "universal remote" they mean something that allows me to control all the devices of the universe from my couch, and that's why internet access is needed...
  
  Or as was already stated, they could drop support but release enough information for the community to take over. It's Logitech that decided to keep all this stuff secret so far. PCs from 20 years ago can still get on the internet as securely as any other, as long as you find a recent and supported OS.
  [ link to this | view in chronology ]
- orbitalinsertion (profile), 9 Nov 2017 @ 9:54pm
  
  Re:
  I will believe it has anything to do with patching security holes when i see it.
  
  The general security problems with these sorts of devices are that they are IoT for no readily discernible reason in the first place (other than slurping your information and behavioral data), so one can secure them by not making them internet-connected. If someone really needs to turn on their TV while they are 500 miles away, give them that as an extra option instead of a main functionality, and don't require the traffic go to a company server - there is zero need for that.
  
  Another problem is that the code and settings should not be so laughably poor that a ridiculous little device could ever require so many software patches in the first place.
  
  But the thing is, the number of IoT devices receiving security patches is laughably small, so claiming that as a reason for product EOL (literally, EOL), requires some evidence first and reasons why a patch or other fix is impossible next.
  [ link to this | view in chronology ]
Anonymous Coward, 9 Nov 2017 @ 2:17pm

People are
Easy to fool, because of their massive ignorance. It is just how things go, nothing is going to change. For every expert telling the government how things would probably work best there are 10 experts paid by a company to say the opposite.

And people wonder why no one takes the experts seriously or believe them when they "bust out that science".

It is just too easy to sell you cardboard and call it something else.
[ link to this | view in chronology ]
Roger Strong (profile), 9 Nov 2017 @ 2:27pm

It used to be that if someone at your cloud service even hinted at withdrawing support, they would be fired.
[ link to this | view in chronology ]
- ThaumaTechnician (profile), 9 Nov 2017 @ 2:50pm
  
  Re:
  Thanks for the link - I'll be looking into this story.
  
  If you're not familiar with this, look into the story of one of my long-time heroes: Stanislav Petrov.
  
  People should know his name by heart.
  [ link to this | view in chronology ]
  - Roger Strong (profile), 9 Nov 2017 @ 3:39pm
    
    Re: Re:
    Yup!
    
    Sadly, Petrov died in May. And that item on Petrov's resume isn't unique.
    
    There was also the 1995 Norwegian rocket incident. The first and only known incident where any nuclear weapons state had its nuclear briefcase activated and prepared for launching an attack.
    
    And over on the American side...
    
    The New Yorker: Nukes of Hazard
    
    In 1960, the computer at the North American Air Defense Command (NORAD) in Colorado Springs warned, with 99.9-per-cent certainty, that the Soviets had just launched a full-scale missile attack against North America. The warheads would land within minutes. When it was learned that Khrushchev was in New York City, at the United Nations, and when no missiles landed, officials concluded that the warning was a false alarm. They later discovered that the Ballistic Missile Early Warning System at Thule Airbase, in Greenland, had interpreted the moon rising over Norway as a missile attack from Siberia.
    
    In 1979, NORAD’s computer again warned of an all-out Soviet attack. Bombers were manned, missiles were placed on alert, and air-traffic controllers notified commercial aircraft that they might soon be ordered to land. An investigation revealed that a technician had mistakenly put a war-games tape, intended as part of a training exercise, into the computer. A year later, it happened a third time: Zbigniew Brzezinski, the national-security adviser, was called at home at two-thirty in the morning and informed that two hundred and twenty missiles were on their way toward the United States. That false alarm was the fault of a defective computer chip that cost forty-six cents.
    
    Other sources:
    
    Wikipedia: List of nuclear close calls
    
    Union of Concerend Scientists: Close Calls with Nuclear Weapons (PDF)
    [ link to this | view in chronology ]
This comment has been flagged by the community. Click here to show it
tiaraa, 9 Nov 2017 @ 2:40pm

agen bola online
Jangan lewatkan juga promo dan bonus menarik SPESIAL HANYA UNTUK MEMBER KAMI yang antara lain :
- freechip setiap hari
- mix parlay gratis
- cashback 5% - 15% khusus sportsbook dan tangkas
- cashback casino 3%
- komisi rollingan casino 0.8%
- bonus TO poker 0.3% So tunggu apa lagi ? PASTI LEBIH MENGUNTUNGKAN BERMAIN DI SARANA365 http://www.arenasarana.com
[ link to this | view in chronology ]
Padpaw (profile), 9 Nov 2017 @ 2:41pm

You brick it to force people to buy the new version. As I am sure that's why they chose to do it in the first place, and only the massive backlash made them change their minds
[ link to this | view in chronology ]
- ralph_the_bus_driver (profile), 10 Nov 2017 @ 8:39am
  
  Re:
  Bricking hardware is a good way to have your base start buying from the competition.
  [ link to this | view in chronology ]
This comment has been flagged by the community. Click here to show it

ROYALKASINO, 9 Nov 2017 @ 2:51pm

MARI GABUNG DI ROYALKASINO.COM
Kini Anda dapat bermain Kasino dengan mudah, bisa dimainkan via Handphone. Download game nya dan menangkan permainan nya.
Dengan minimal deposit yang cukup terjangkau Rp 25.000, Anda sudah dapat bermain Casino online, seperti Baccarat, Roulette, Slot Game, Sic Bo, dan Dragon Tiger.
Dapatkan juga bonus menarik bisa kamu dapatkan dengan mudah dari kami yang antara lain :
- Komisi rollingan 0.8%
- Cashback 2.5% setiap minggu
- Bonus referral 1% seumur hidup
Yuuukkk Gabung sekarang juga , coba keberuntugan kamu bermain di www.ROYALKASINO.COM, menangkan taruhannya hingga ratusan juta.
Untuk info lebih lanjut silahkan hubungi Customer Service 24/7 nonstop melalui :
* BBM : D61DA887
* Whatsapp : +855968397588
* Skype : royal kasino
* Livechat : http://royalkasino.com/royalkasino/index.jsp
[ link to this | view in chronology ]
Anonymous Coward, 9 Nov 2017 @ 3:18pm

If you don't own what you buy (hardware), then you should start stealing it.
[ link to this | view in chronology ]
- Anonymous Coward, 9 Nov 2017 @ 3:43pm
  
  Re:
  Whats the point of stealing it, when you have to sign up to a service to get it to work?
  [ link to this | view in chronology ]
  - Anonymous Coward, 9 Nov 2017 @ 7:13pm
    
    Re: Re:
    To be a dick to a bunch of cocks.
    
    Quite fitting, I'd say.
    [ link to this | view in chronology ]
Anonymous Coward, 9 Nov 2017 @ 3:51pm

Not buying logitech.
To think I was about to buy a G710+ (only because it was on sale, I'm already squeamish after my experience with some of their wireless mice) - nope. I'm not buying any of their stuff again.

I wonder how many other customers they're about to lose over this.
[ link to this | view in chronology ]
Anonymous Coward, 9 Nov 2017 @ 4:06pm

Silver
With the track record of IoT security, maybe it's a good thing these devices have a finite lifespan.
[ link to this | view in chronology ]
coward (anon), 9 Nov 2017 @ 11:12pm

I think everyone is ignoring part of their announcement
Not to minimize or disagree with any of the IoT threads, but the announcement says "There is a technology certificate license that will expire next March". I'm guessing there is some piece of patented tech in the device and Logitech is either unwilling or unable to renew the license. Its possible the patent is on the cloud side, or that Logitech is worried that the patent holder will go after users of the device once the license expires (we've seen that happen before).
[ link to this | view in chronology ]
Ninja (profile), 10 Nov 2017 @ 3:33am

If it was a subscription based system then it would make more sense and it should not be expensive but if you paid full, 1-time price for it then it should work until it breaks. If online connectivity is absolutely needed then let private servers be used. Or don't sell at all.

It's clearly another example on how the private sector can't adhere to good practices by itself and needs to be regulated.
[ link to this | view in chronology ]
The Wanderer (profile), 10 Nov 2017 @ 4:59am

All devices which require specific online services for their functionality should come with service agreements which contain a clause stating (in effect) "if we ever choose to stop providing the service which enables this device to work, we will release all information necessary to enable others to provide a replacement service". The absence of such a clause should be treated as reason to refuse to purchase the device.

(Ideally the absence of such a clause would even be treated as sufficient to invalidate the agreement and require the refund of the purchase price, but it's a bit unlikely that courts would take it that far.)
[ link to this | view in chronology ]
Peter (profile), 10 Nov 2017 @ 10:21am

You Do Really Own What You Buy: If you buy a horse, the previous owner has no right to drop by an shoot it to force you to buy another one!
The Supreme Court of the United States of America disagrees with Logitec: the justices have "a long tradition of ownership known as “first sale,” which does not allow owners to automatically control a product past its first sale: If a farmer buys a horse from a breeder, the breeder no longer has any say about what the farmer does with the horse. The same goes for CDs, books and works of art."
https://www.insidehighered.com/news/2013/03/20/supreme-court-sides-against-textbook-publishers- resale-imported-works
[ link to this | view in chronology ]
- John85851 (profile), 10 Nov 2017 @ 10:48am
  
  Re: You Do Really Own What You Buy: If you buy a horse, the previous owner has no right to drop by an shoot it to force you to buy another one!
  This would be a good argument except many companies have already thought of it: this is why so many transactions are now called "licenses" instead of "purchases". There's no "first sale" doctrine for "licenses".
  [ link to this | view in chronology ]
  - Anonymous Coward, 13 Nov 2017 @ 6:44am
    
    Re: Re: You Do Really Own What You Buy: If you buy a horse, the previous owner has no right to drop by an shoot it to force you to buy another one!
    The FTC could slap companies down if they're misrepresenting licenses as sales. Actually, these are sales, it's just that they're not sales of useful products unless one licenses some software and accesses the manufacturer's servers (agreeing to any associated license terms). It's doubtful that ads are making this clear, or that manufacturers will do anything for people who disagree with those post-sale terms, but so far consumer protection agencies haven't been doing anything about it.
    [ link to this | view in chronology ]
- Anonymous Coward, 13 Nov 2017 @ 6:39am
  
  Re: You Do Really Own What You Buy: If you buy a horse, the previous owner has no right to drop by an shoot it to force you to buy another one!
  
  The Supreme Court of the United States of America disagrees with Logitec: the justices have "a long tradition of ownership known as “first sale,” which does not allow owners to automatically control a product past its first sale
  
  How does that disagree with Logitech? The owners could use their hardware as a doorstop, melt it down for recycling, whatever. It sucks that the hardware is basically useless without the service they're going to shut down... but "you don't own what you buy" is a figurative statement, not a literal one. In your example, the horse-breeders have no post-sale responsibility to the purchasers; is there any case law saying Logitech does? (I think we're likely to see some, but based around false advertising rather than first sale--when Logitech says their thing will let you control all your devices, do they announce the caveat "as long as we feel like running the servers"?)
  [ link to this | view in chronology ]
united9198 (profile), 10 Nov 2017 @ 10:54am

Ownership
Most people would be shocked to learn that GM claims that THEY own the software on the car you paid for and they have the rights to all the data that is collected and transmitted to them on an hourly basis. They are taking your data and selling it for a lot of money and you have no "opt out" privileges. As we move forward, the ownership of software/data/ etc will become increasingly cloudy. Washington DC has been totally asleep at the switch on this and perhaps has no ability to comprehend the impact.
[ link to this | view in chronology ]
- Digitari, 10 Nov 2017 @ 2:56pm
  
  Re: Ownership
  "Washington DC has been totally asleep at the switch on this and perhaps has no ability to comprehend the impact."
  
  That is not a Bug, it's a Feature!
  [ link to this | view in chronology ]
  - Anonymous Coward, 13 Nov 2017 @ 7:09am
    
    Re: Re: Ownership
    In the case of cars, it really is. The government has mandated certain privacy-invasive features (like wireless tire-pressure monitoring) and is looking at doing it more ("V2V" etc.).
    [ link to this | view in chronology ]
    - Green Eggs and Ham (profile), 13 Nov 2017 @ 9:11am
      
      Re: Re: Re: Ownership
      I use to want a Tesla, but not anymore. Their car calls home.
      [ link to this | view in chronology ]
- Green Eggs and Ham (profile), 13 Nov 2017 @ 9:08am
  
  Re: Ownership
  Thats not right. Thats my privacy. I'll be buying an old muscle car next.
  [ link to this | view in chronology ]
Anonymous Coward, 10 Nov 2017 @ 3:26pm

like this is news ?
I got a logitech squeezebox loved it
till they dropped supporting it .
Thank goodness for Amazon echo and line in inputs
So I can still use it for internet radio
[ link to this | view in chronology ]
Green Eggs and Ham (profile), 12 Nov 2017 @ 1:31pm

Encryption is Fools Gold
If software can be installed remotely, then that device has a back door. Your trust in those controlling the installation is as certain as the future. The future is trending towards increased computer attacks, despite increased security controls. The problem is that the only change in security is the level of sophistication, but sophistication is just a brain game and not the fundamental solution to security. Don't be a fool. The fundamental solution to security is embedded right into the concept of security, accessibility. If something is accessible in theory, then its accessible and sophistication is a fools game. True security is inaccessibility, this is either by zero knowledge or by being logically not accessible.
[ link to this | view in chronology ]
rachelfionalie, 28 Jan 2018 @ 4:00am

Casino Online
You article is good nah,

if you want play casino game, can visit my page at https://m8ko.com
[ link to this | view in chronology ]
Agen SBOBET Online, 3 Oct 2019 @ 11:20pm

Situs Bola Resmi SBOBET Dengan Bonus New Member 200%
http://gamez007.com/situs-bola-resmi-sbobet-dengan-bonus-new-member-200-2/ menjadi salah satu blog terbaik yang menyediakan berbagai informasi seputar SBOBET bola online. Jika merasa tertarik, bisa langsung untuk mengunjungi situs yang berkaintan.
[ link to this | view in chronology ]