Sonos Users Forced To Choose Between Privacy And Working Hardware

from the obey-or-suffer dept

For years now, we've highlighted how these days -- you don't technically own the things you buy. And thanks to a rotating crop of firmware and privacy policy updates delivered over the internet, what you thought you owned can very easily change -- or be taken away from you entirely. Time and tine again we've discussed how companies love to impose new restrictions on hardware via software update, then act shocked when consumers are annoyed because they've had either their rights -- or device functionality -- stripped away from them.

The latest example of this comes courtesy of Sonos, which informed users this week that "over time," they won't be able to use their pricey speaker systems if they refuse a new privacy policy update:

"A spokesperson for the home sound system maker told ZDNet that, "if a customer chooses not to acknowledge the privacy statement, the customer will not be able to update the software on their Sonos system, and over time the functionality of the product will decrease."

"The customer can choose to acknowledge the policy, or can accept that over time their product may cease to function," the spokesperson said.

In an e-mail to users, Sonos informed customers that they can "opt out of submitting certain types of personal information to the company; for instance, additional usage data such as performance and activity information." But users won't be able to opt out of data collection Sonos deems necessary to the system's core functionality. The problem with that, as we've seen with companies like Microsoft, is that companies aren't traditionally transparent about just what this "necessary" data entails, and tend to be overly generous when it comes to determining what personal data is "essential" in the first place.

In this case, the "functional data" Sonos won't let you avoid collection of includes email addresses, IP addresses, Sonos account login information, device data, information about Wi-Fi antennas and other hardware information, room names, system error data, and more. Needless to say, privacy advocacy groups like the EFF and the Center for Democracy and Technology aren't thrilled about users having to choose between their privacy rights or working hardware. Nor are they impressed by companies' apparent inability to cordon off essential functionality from data collection and sales:

"Sonos is a perfect illustration of how effective privacy, when it comes to not just services but also physical objects, requires more than just 'more transparency' -- it also requires choices and effective controls for users," said Joe Jerome, a policy analyst at the Center for Democracy & Technology.

"We're going to see this more and more where core services for things that people paid for are going to be conditioned on accepting ever-evolving privacy policies and terms of use," he said. "That's not going to be fair unless companies start providing users with meaningful choices and ensure that basic functionality continues if users say no to new terms."

Occasionally, consumer revolt is enough to change the tide. Media software developer Plex was forced to backtrack this week from an announcement that it would be issuing a new privacy policy that prevented users of its software from opting out of data collection and sales, including users that had paid for lifetime access to the service. Plex's retreat was forced after the company's forums lit up with complaints about what one customer called "super-duper bullshit." A subsequent Plex blog post stated that the company heard its users loud and clear, and would be reversing course on the decision.

Filed Under: bricking, freedom, freedom to tinker, ownership, privacy, privacy policy, terms of service
Companies: sonos

IP Is No Excuse: Even If Someone Is Using Fake Chips, It's Not Okay To Kill Their Devices

from the that's-not-how-it's-supposed-to-work dept

Not this again. For years, we were perplexed by the war on mod chips, which could be used to allow people to play pirated games, but also had plenty of legitimate uses as well, especially for developers and hackers. The same was true of the war on smart card readers. Yes, they could be used to get pirated TV, but they were also useful for lots of other, perfectly legitimate projects as well. The latest, however, appears to be a Microsoft update with some new drivers that were completely destroying devices that have fake FTDI chips. People started noticing that right after the Windows update devices using those chips were suddenly dead. Bricked. It's not that they wouldn't connect any more -- it's that the software update actively bricked the devices and you can't get them back.

FTDI chips are quite popular with hackers and there are plenty of them out there -- both real and fake. And, quite frequently, developers/hackers have no idea if their FTDI chips are legit or not, because they just buy devices that include them, and they assume they're legit. But the drivers in that Windows update didn't care and bricked any one using a fake FTDI chip. As Ars Technica notes, this really sucks for a bunch of hackers who never even did anything wrong.

The result of this is that well-meaning hardware developers updated their systems through Windows Update and then found that the serial controllers they used stopped working. Worse, it's not simply that the drivers refuse to work with the chips; the chips also stopped working with Linux systems. This has happened even to developers who thought that they had bought legitimate FTDI parts. It can be difficult to tell, and stories of OEMs and ODMs quietly ignoring design specs and using knock-offs instead of official parts are not uncommon. As such, even hardware that was designed and specified as using proper FTDI chips could be affected.

Every USB device has a pair of IDs. One, the Vendor ID (VID), is allocated by the USB group. Each vendor has its own unique VID and uses that VID on every USB device it makes. The second is the Product ID (PID), allocated by the vendor, with each distinct chip type having its own PID. Windows uses the VID/PID pair to figure out which driver a given piece of hardware needs. The counterfeit chips use FTDI's VID and set the PID to the PID of whichever chip it is they're cloning (FTDI has a range of similar parts, each with their own PIDs).

The new driver reprograms the PID of counterfeit chips to 0000. Because this PID does not match any real FTDI part, it means that FTDI drivers no longer recognize the chips and, hence, no longer provide access to them. This PID is stored in persistent memory, so once a chip has been reprogrammed it will continue to show this 0000 PID even when used with older drivers, or even when used with Linux.

It's not entirely clear if this is something FTDI did on purpose or not (though, their comments below suggest they did), but it is worrisome, and it's simply not okay -- whether it was on purpose (in which case it's potentially illegal) or not (in which case it's just bad).

Sherwin Siy, over at Public Knowledge does a nice job explaining why copyright (or other IP laws) are never a legitimate reason to break a device -- even if a contract warns it might happen (as is apparently the case with FTDI).

The fact that disabling countless devices without warning can harm millions of innocent users and manufacturers should be a screaming sign that this is the wrong thing to do. And if they’re doing this deliberately, this is wrong not just in the sense of being unethical, but illegal, too.

This is something that people seem to forget in the IP space, and also in the technology space, which makes it unsurprising that we see it here. It’s the same impulse that leads people to ask if they can shotgun a drone that strays onto their property (No, no more than you can torch a car that parks in your driveway), or whether you can destroy the computers of people who have illegally downloaded your song.

So whether or not FTDI has any trademark rights, copyrights, or other rights in whatever the knockoff chips are copying, the actual physical chips themselves are the property of their users, and FTDI doesn’t have the right to break them. A French vintner can’t stroll down the aisles of an American wine store with a hammer, shattering bottles of “California Champagne.” Roving gangs of Nike enforcers can’t rip fake Jordans off the feet of passing kids. And we don’t have Givenchy shock troops marching down Canal Street taking flamethrowers to fake handbags. If your IP rights are being infringed, the proper course of action is to go to court, not take the law into your own hands.

Unfortunately, in this era of intellectual property maxmalism, people seem to forget these things. They assume that if you have a "fake" chip then obviously it's "okay" to break the device, because they falsely seem to believe that copyrights and trademarks and the like give the holder "all the rights over everything," rather than a limited set of rights over certain things. FTDI's response to all of this (including removing the driver from the latest Windows update) suggests (but does not outright claim) that it did this on purpose:

As you are probably aware, the semiconductor industry is increasingly blighted by the issue of counterfeit chips and all semiconductor vendors are taking measures to protect their IP and the investment they make in developing innovative new technology. FTDI will continue to follow an active approach to deterring the counterfeiting of our devices, in order to ensure that our customers receive genuine FTDI product. Though our intentions were honourable, we acknowledge that our recent driver update has caused concern amongst our genuine customer base. I assure you, we value our customers highly and do not in any way wish to cause distress to them.

Honorable intentions or not, counterfeit products or not, actively going in and breaking the property of others is not an acceptable response.

Filed Under: bricking, copyright, counterfeit, drivers, ftdi chips, microsoft update, property, property rights, trademark, update
Companies: ftdi, microsoft

Judge Lets iPhone Antitrust Trial Move Forward

from the not-such-a-good-day-at-apple dept

Last year, we wrote about an antitrust lawsuit filed against Apple for sending an update that disabled, or "bricked," the iPhones of people who had changed the firmware to accept outside programs. While Apple tried to push for a dismissal of the lawsuit, a judge has denied the motion to dismiss and will let the case carry on. While a full-on antitrust finding seems unlikely, there are elements of the case that may get Apple into trouble down the road -- and it all comes back to Apple's Achilles' heel: its desire to control absolutely everything, even after you've bought it. Depending on how this case works out, Apple may discover that it (legally) needs to learn to loosen the strings a bit.

Filed Under: antitrust, bricking, control, iphone, lawsuits
Companies: apple