Welcome to Incremental Social! Learn more about this project here!
Check out lemmyverse to find more communities to join from here!

Haier, the air conditioner maker, takes down open source third-party Home Assistant integration

Thankfully I don't use any of their products, but this really pisses me off. They claim that this open source project "causes significant economic harm to their company"

This is ridiculous. It is truly ridiculous. How can something that enables the user to efficiently control their AC cause "significant economic harm"???

Consider forking the repository or mirroring it to another platform like GitLab, Codeberg or your self-hosted Git server, so the project can continue to exist and someone can maybe fork it and maintain it.

The effected repos are:
https://github.com/Andre0512/hOn and https://github.com/Andre0512/pyhOn

If you don't know about Home Assistant, check it out. It's an amazing piece of open-source software, that you can run at home on your own server and use it to control your smart home devices. That way, you don't need to connect them to the manufacturer's (probably insecure) cloud. It gives you sovereignty over your smart home instead of some proprietary vendor-locked garbage. Check out their website and the Lemmy community: !homeassistant

I also highly recommend Louis Rossmann's video about this: https://youtu.be/RcSnd3cyti0

He makes awesome videos in general, consider subscribing.

As Rossmann said, don't ever buy anything from such a shitty company that doesn't respect their customers. This move by Haier is nothing other than a slap in the face for everyone, who just wants to comfortably control the product they paid for. This company is actively hostile towards their paying customers. Fuck these bastards!

CosmicCleric ,
@CosmicCleric@lemmy.world avatar

At this point I need a website that tracks companies BS and gives them a grade level. Just too effing many of them.

SendMePhotos ,

Hmmm..... Like the BBB but better? The better BBB? BBBB perhaps... Or B^4...

CosmicCleric , (edited )
@CosmicCleric@lemmy.world avatar

Hmmm… Like the BBB but better?

No, I mean like just a static page that lists every company and with a grade to the right of their names, and you click on a company name to drill down to comments about them and their grade. A quick lookup reference that someone can use before purchasing a product.

Basically like how they have websites for movies, but for companies instead.

The BBB doesn't have such a thing AFAIK, it's just a place for reporting companies at an individual complaint level.

postmateDumbass ,

BBB is run by businesses, for businesses.

Not a consumer protection agency.

Trainguyrom ,

This was always the funniest thing when I worked product support. Folks would threaten to go to the BBB and we'd just mute to laugh

anarchy79 ,
@anarchy79@lemmy.world avatar

They didn't just pit us against each other through populist politics, they also hired us to fight one another.

It's pretty impressive in its darkness.

Trainguyrom ,

Bruh, it's screeching Karen's wasting everyone's time trying to get something for nothing when they're already in the wrong. Let's bring it back to the real world, here.

I always used what flexibility was available to me to try to do right for our customers, but we had a shocking amount of people literally trying to commit insurance fraud among other things.

anarchy79 ,
@anarchy79@lemmy.world avatar

Listen, I get where you're coming from don't get me wrong, what I meant was, back in the 80's, if you had a complaint, you had a number to an office, and the person answering was responsible for the content of the conversation, you know?

Now, as I see it, we've been kind of outsourced to take each others shit without having any real power. I don't know maybe that's trite, like obvious, you call a support center and get connected to India, know what I mean? They just offloaded their responsibility on the consumer, of which the employees most certainly are- we're all just consumers in the end. My 5c, also, apologies for any gangster lingo, I'm fuck white, I've just been watching a LOT of YouTube videos.

svc ,

"Know B^4 you buy"

Water1053 ,

BCFC - By Consumers for Consumers

BleatingZombie ,

Just a quick reminder to anybody reading this:

The BBB is not a government institution. It is nothing but a for-profit company

TeoTwawki , (edited )
@TeoTwawki@lemmy.world avatar

Its almost a poorly made extortion racket: if you are a business that does not pay the bbb to get a good rating they rate you badly till you do. But either way they can't actually do anything about shitty companies, its all the illusion of having recourse for the consumer when there is none.

anarchy79 ,
@anarchy79@lemmy.world avatar

What do you call supersized legos all painted black?

Big black blocks.

cadekat ,

There's https://foundation.mozilla.org/en/privacynotincluded/ for privacy, at least.

DeltaTangoLima ,
@DeltaTangoLima@reddrefuge.com avatar

This is ridiculous. It is truly ridiculous. How can something that enables the user to efficiently control their AC cause “significant economic harm”???

We're discussing this over in !homeassistant. This absolutely has to be about them losing access to data they can sell to 3rd parties. The hOn ToS will no doubt have a clause that enables this.

It's a dick move for sure.

DumbAceDragon ,
@DumbAceDragon@sh.itjust.works avatar

The tos should only apply to the software and not the hardware, right? Or do you need to sign a waiver when you purchase the damn thing?

DeltaTangoLima ,
@DeltaTangoLima@reddrefuge.com avatar

Not sure about the Haier thing. My HVAC has an add-on "smart" controller that I had to pay extra for, and the ToS are no doubt attached to that.

echo64 ,

The tos applies to their service, that is, they have a cloud service, and you have to abide the tos to use it. It doesn't factor into hardware or software specifically but their hardware and software might not work without the service

pearsaltchocolatebar ,

It doesn't work without the service. From the email you can tell that the functionality is going through their cloud service.

ShepherdPie ,

It's probably to access their API in order to control the device remotely.

mp3 ,
@mp3@lemmy.ca avatar

They want to advertise that their stuff is "cloud enabled", while offering the shittiest service possible and putting as many roadblocks as possible to minimize its use.

Having people use their services efficiently is increasing their cloud services bill, can't have that.

Personally, I've restrained myself from buying into IoT, and if I'm going to do so, I'll make sure it can be controlled locally without depending on a cloud service, and through a hub I can fully control. I need to be able to disconnect my modem and operate everything even if the WAN is down.

andrew ,
@andrew@lemmy.stuart.fun avatar

They probably want to pull a Chamberlain and sell a bunch of crappy buggy, inconsistent, error-prone addon services for $60/yr after you've already purchased the product.

But yeah, lesson mostly learned. Don't support companies who only offer cloud-dependent services because they will definitely turn on the customer when they reach the natural ceiling of people buying the product and start looking for extra ways to squeeze their customers.

fishos ,
@fishos@lemmy.world avatar

Or go the BluAir route and offload all the processing onto the cloud. They sell the new machines for the same cost as the old machines, but they're dumb as a bag of bricks. If not connected to the cloud, none of the automatic settings work correctly. When you contact customer support to troubleshoot why it doesnt work on auto mode, the first thing they have you do is delete it and reconnect it to the app. No care about updates. Its just a fan on a wifi switch now. Total junk.

cynar ,

I basically run my house IoT setup as you desire. My smart switches are a mix of Tasmota (open source firmware, running totally locally) and ZigBee (an open protocol for IoT interoperability). The whole lot is controlled by a NUC running home assistant. My doorbell camera also streams directly to the server.

Home Assistant basically acts to glue everything together, and provides nice, easy to use GUIs. It can also bridge between networks. It's easy to have all your IoT things on an isolated network, with no internet access. Only the HA install can see both networks.

I've also been careful of WAF (Wife Acceptance Factor). If the internet goes down, almost everything keeps working. If the NUC dies, the switches still work as dumb switches. The bulbs all default to full brightness neutral colour.

Steve ,

I have a bunch of smurt plugs that require internet and I didnt know before buying that they cant be flashed. Jealous.

pearsaltchocolatebar ,

You can flash them, you just need some tools from AliExpress to hook leads directly to the UART pins on the ESP chip they're using.

Sounds way harder than it actually is.

Steve ,

Its not an ESP, its some other bullshit

MangoPenguin ,
@MangoPenguin@lemmy.blahaj.zone avatar

This might cover it for non ESP devices: https://github.com/openshwprojects/OpenBK7231T_App

cynar ,

It used to be most used esp8266 or esp8285 modules. Unfortunately, tuya have created a pin compatible module that explicitly can't be replaced easily. They've pushed it hard with their ecosystem, so it's all over the place.

There are still a lot of esp based devices about, but you need to be careful of anything with a tie in to tuya.

pearsaltchocolatebar ,

Ah, yeah. Any Tuya device should be an automatic no for anyone.

MangoPenguin ,
@MangoPenguin@lemmy.blahaj.zone avatar

Haven't used it myself, but this supports some of them: https://github.com/openshwprojects/OpenBK7231T_App

intensely_human ,

Is home assistant also hardware? How is it configured so that HA can see both networks? Is one of them visible through a USB interface or something?

cynar ,

They do now do a hardware option, though I've not used it. In one of my setups, it just uses the native ethernet, as well as a usb adapter. The software doesn't have any issues with this.

ShepherdPie ,

To control Zigbee/Zwave you'll need USB dongles. They did start offering their own hardware (essentially a purpose built Pi) but I'm not sure if it includes either of these radios.

christophski ,

What doorbell camera do you use?

cynar ,

Reolink PoE

https://m.reolink.com/gb/product/reolink-video-doorbell/

christophski ,

Thanks!

spaghettiwestern , (edited )

My Home Assistant software and smart devices all are controlled locally and cloud access isn't used but there are other, much more important reasons to avoid running it.

You should avoid it because Home Assistant is an addictive monster. It starts as a hobby and then the next thing you know you're putting temperature sensors in your refrigerator and setting different brightness levels for your bathroom lights depending on the time of day.

Seriously though, the software gives an amazingly useful single dashboard for things you might use everyday including lighting, HVAC, alarm systems, weather, currency exchange rates, and entertainment systems. I use it every day.

nonfuinoncuro ,

Do you... set your thermostat based on the day's currency exchange rate? Do you wake up and say, "Honey, I can see my breath; the Euro must be down. Alexa, call my broker."

spaghettiwestern ,

Lol - that's possible. I spend time in Mexico and Canada so I keep the exchange rates on my dashboard. Easier than looking them up every time.

I could set my the thermostat higher on cloudy days in the winter or more usefully, increase the setting when our cell phones are in the house and decrease it when we're away. One guy put a vibration sensor on his nightstand and tapping on the stand turns on his bedroom light. There are way too many possibilities, useful and not.

bane_killgrind ,

Like if you were bitten by a radioactive Scrooge, and got miser-sense

bdonvr ,

And so they can't possibly actually do anything right? This is just a scare letter?

DeltaTangoLima ,
@DeltaTangoLima@reddrefuge.com avatar

They probably can. I'm sure they've covered themselves with some bullshit ToS that governs the use of the cloud service itself, and acceptance is implied when you use the service.

There's a part of me that really wishes it could be challenged, though, by pointing out that leaving the cloud service open to public consumption without some form of authorization should simply be a case of tough titties to them. Lock your shit down if you don't want people like us using it in ways you didn't intend.

But, as we all well know, once lawyers get involved, it's simply too hard to fight this sort of shit.

Takumidesh ,

Genuine question, since the code itself doesn't infringe on IP (I think) wouldn't the user executing the code be responsible for accepting the tos, not the repo.

The repo is just static non-compiled text files, it afaik isn't actually communicating with their servers and therefore wouldn't be able to accept any tos (implied or otherwise) (I don't know if there are any actions, ci/cd pipelines, or deployments that would be in violation though)

DeltaTangoLima ,
@DeltaTangoLima@reddrefuge.com avatar

I think it's because the dev might've reverse-engineered the calls to the cloud service, and that may be where the legal sticking point is. Not a lawyer, so not 100% sure - will be interesting to see where this goes.

I saw elsewhere the dev has insurance, and they're going to cover a lawyer, so they may very well fight it.

intensely_human ,

As a writer of software code and also of contacts (freelancer), I’m intrigued by the challenge of writing a TOS to prevent reverse-engineering an API.

In some way you’d have to represent the interface itself as the intellectual property, or something. Normal copyright covers copies, but this would be sort of like covering complementary parts. Like you invented a lock, and you’re trying to copyright or protect the set of keys that could open that lock.

intensely_human ,

The only way to stop the advancement of legal red tape is for people to consciously, willingly decide to take legal risks.

The reasons lawyers take over everything is because we do everything they tell us to do. Their job is to minimize our legal risk, and by doing everything they tell us to, we put legal risk at the highest level of priority in our own decision-making.

A conscious decision to, say, take the risk of a lawsuit or something, is the only way to be free of lawyers’ control.

kn0wmad1c ,
@kn0wmad1c@programming.dev avatar

Yeah, I feel like all Chinese companies profit off selling customer data first, selling products second.

DeltaTangoLima , (edited )
@DeltaTangoLima@reddrefuge.com avatar

In fairness, that's just about any tech-connected company nowadays. Social media, streaming services - you name it. They're all bloody doing it.

ShepherdPie ,

They could have done what Chamberlin did with MyQ and just locked the API down so that it can't be used outside the app. What a ridiculous strategy that won't backfire at all.

DeltaTangoLima ,
@DeltaTangoLima@reddrefuge.com avatar

Yep, good point. That's still a bit of a dick move, but a completely legitimate one too. If you don't like people like us having a play and developing our own capabilities against the service, you can re-assert your ownership and lock it down.

Siccing lawyers onto a dev who is helping your customers use your product in new and improved ways is just plain fucking stupid.

dangblingus ,

I live in caveman times. I turn my lights on with a light switch, and I turn my AC on with the power button on the unit.

Dehydrated OP ,

If it works it works I guess.

Trainguyrom ,

I can see where some automation would be really nice. I don't want to remember to turn the heat down at night when I'm already covered in blankets and don't need it as warm. I could use a automation to dim the lights when it gets late as another indicator that it's time to head to bed

dual_sport_dork ,
@dual_sport_dork@lemmy.world avatar

Nearly all window air conditioner units have a built in programmable timer that allows you to do just this, and if your system is central you can spend all of $20 on an electronic programmable thermostat that's a plug-in replacement for your old one and doesn't require being connected to the internet.

Just saying, this functionality already existed and worked just fine before everything had to be on the fucking "cloud."

Trainguyrom ,

I mean that's where Home Assistant comes into play. Host it yourself or pay for a managed instance and you get the best of both worlds.

Also you can buy thermostats and air conditioners easily that use with micro controlers and don't rely on any network. It's not like TVs where you have to dig and largely don't get that choice anymore

stockRot ,

🆗🆒

anarchy79 ,
@anarchy79@lemmy.world avatar

Hey, also, just btw, as an aside, apropos...

If you use "smart devices" in your home, you're a fucking moron.

Dehydrated OP ,

If you use "smart devices" cheap Chinese garbage that requires a 24/7 connection to some random insecure cloud server in your home, you're a fucking moron. But there are some great solutions that run entirely locally and enable you to do some really cool home automation. Check out the !homeautomation community, as well as !homeassistant. Home Assistant is probably the best piece of software for building an actually smart home, that's also sovereign and not reliant on an internet connection or some company and their infrastructure.

anarchy79 ,
@anarchy79@lemmy.world avatar

Yeah I know, I should have worded myself less aggressively.

v9CYKjLeia10dZpz88iU ,

GitHub also has a legal defense fund for developers. GitHub lists it on their DMCA takedown page.

When GitHub processes a DMCA takedown under our circumvention technology claim review process, we will offer the repository owner a referral to receive independent legal consultation through GitHub’s Developer Defense Fund at no cost to them.

They created this fund after claims were made against a YouTube downloader from a third party. (not Google)

I don’t know if this would be an anti-circumvention claim, but it doesn’t sound like a bad idea to ask.

anarchy79 ,
@anarchy79@lemmy.world avatar

Isn't GitHub Microsoft owned now? Or am I missing something?

v9CYKjLeia10dZpz88iU ,

It is owned by Microsoft.

Goodie ,

This is ridiculous. It is truly ridiculous. How can something that enables the user to efficiently control their AC cause "significant economic harm"???

I assume they have their own app and run ads/user analytics through it that make them money.

I have to wonder if you bought their products on the basis that they worked with HA, if you could have some sort of claim here.

Dehydrated OP ,

No, thankfully I don't use any of their products. But I find their statement ridiculous. If I buy something, it's mine, I own it because I paid for it. The manufacturer can fuck off.

Goodie ,

But they want you to use their app.

And they've decided if you have a HA plugin, you won't.

So we do our research, and avoid scumbag companies when making purchasing decisions, or more likely, pick the lesser of a several evils.

Dehydrated OP ,

So we do our research, and avoid scumbag companies when making purchasing decisions, or more likely, pick the lesser of a several evils.

That's why I created this post. To inform people about Haier's shitty and customer-hostile solely profit-oriented business practices.

anarchy79 ,
@anarchy79@lemmy.world avatar

If you dig just below the surface, you will find that the very philosophical concept of "ownership" comes with terms and conditions.

anarchy79 ,
@anarchy79@lemmy.world avatar

Hell's Angels? Because it feels like everything works with Hell's Angels now.

m3t00 ,
@m3t00@lemmy.world avatar

reminds me of the DMCA form letters. full of scary empty threats. paid legal dept. earning their keep. mgmt doesn't realize the freely developed stuff makes their products more desirable when it does a better job than their own software. may they flounder in ignorance

EmperorHenry ,
@EmperorHenry@discuss.tchncs.de avatar

It would be even better if they just stopped putting microphones and cameras on thermostats and stopped making them with internet connectivity.

anarchy79 ,
@anarchy79@lemmy.world avatar

Are you saying things were better before? Because I feel like things have never been better! I'm a CEO of a F500 company though.

anarchy79 ,
@anarchy79@lemmy.world avatar

MY ECONOMIC HARM!

badbytes ,

Boycott Haier

dual_sport_dork ,
@dual_sport_dork@lemmy.world avatar

You should do that anyway; they're a bag of dicks. I have to deal with them at work.

Note also that Haier includes GE Appliances and their subsidiaries GE Profile, Cafe, and Hotpoint since Haier acquired the GE Appliances division in 2016. Fisher and Paykel is also owned by Haier now, too. So if you're gotten the feeling that your GE appliances are crap now compared to the ones your parents had, it's not just a feeling and you're right: They're crap now since Haier has been cutting corners all over the place to chase a dollar.

dual_sport_dork ,
@dual_sport_dork@lemmy.world avatar

Isn't the whole point of this to not use their services? As long as Haier's software and servers are not being touched I don't see how they have any legal standing. This guy should speak to a lawyer to verify if this is the case.

Anyhow, the last Haier/GE air conditioner I took apart had a commodity off-the-shelf USB Wi-Fi dongle inside it plugged in via a short USB extension lead to an off-the-shelf microcontroller board to enable its "smart" features. I'll bet you a dime Haier is violating the terms of at least one open source license, possibly more than one, via the software stack they're running in there. So as far as I'm concerned they're free to take a flying fuck at a rolling doughnut.

MudMan ,
@MudMan@kbin.social avatar

I'm curious about the details, yeah. Maybe they're plugging into some API or something? Breaking some safety measure? Otherwise I really don't see how these threats aren't empty. Suing somebody for breaking EULA terms does not have a great track record, and neither does modifying things you buy or making unauthorized software for computers.

But hey, if the guy says the project is coming down, then I guess the aggressive language did the thing they wanted it to do, even if it's relatively toothless.

cynar ,

Generally, a lot of companies that add "cloud enabled" to their products don't let you access the local device. Home Assistant isn't talking to the air conditioner, it's logging into their web interface. If it's polling 1/minute, that can be a lot of extra traffic, compared to a normal user.

The better solution is to work with their buyers, not against them. If they provided a local API, then the excess traffic would go away. Theirs no money in that, in the short term, however. So they take the lazy route.

There's a reason I only buy IoT type devices with a local API. They also have a tendency to turn servers off. Suddenly your smart device is bricked, despite working fine.

ShortFuse , (edited )

The problem is it's a script that logs onto Haier's servers with the user's email and password and starts polling for data. Considering that most designed usage is probably based around users every once in a while checking and adjusting their thermostat, just one user with an HACS install doing a poll every minute is 1440x more usage than the next who checks it once a day. If HACS uses were the majority of traffic for these devices I wouldn't be surprised by that metric.

That's what probably meant by the ToS because the users using it are probably violating it, and the addon can be considered as something that makes violating it easier (it doesn't have a secondary purpose other than using a set of credentials that are only given after accepting the ToS).

I've had crappy "Smart" ACs and Samsung was the absolute worst. At random times their AWS instance in Europe would go down or their app wouldn't respond. I gave up and coded my own script to directly interface with the device over the local WiFi. You cut Samsung completely out of the equation. You don't have to worry about their servers not working anymore. That's an ideal way for an add-on to work. Ideally most of the script can be retuned to work directly with the device.

burrito ,

Any appliance made by Samsung is pure garbage. I just got rid of one of their dryers and I'm very glad to have it gone.

intensely_human ,

What kind of trouble did you have with the dryer?

baseless_discourse ,

My drier squeaks a lot, it seems like the previous owner has replaced the wheel once, and I replaced the wheel again, and it still squeaks...

burrito ,

All the parts they used internally are made to be as cheap as possible. The rollers that support the drum, and the belt tensioner, use low quality bushings that wear out prematurely. The extra fiction the parts caused would cause the belt to fail too. I'd have to tear the entire thing apart every two years or so and replace these parts to keep it running, far more often than I'd have to repair any other dryer brand. The sensor dry cycle on it never properly dried the clothes, and the steam function on it didn't work very well either.

A friend of mine has a Samsung dryer, washer, fridge, dishwasher, and microwave. He hates all of them with a passion for similar reasons.

I don't hate everything Samsung as I'm quite happy with their tablets and watches, but I'd never purchase another one of their appliances.

phoneymouse ,

Seems like the customer would be violating the TnC, not the repo owner

ShortFuse ,

I said that?

kozonak ,

are in violation of our terms and agreements

So what if you dont agree with their terms? What then? Cant you just host the repo and tell them to fuck off since you sisnt agree to anything?

ShepherdPie ,

Not to mention this is being used to control products purchased by individuals. Are they not allowed to use their AC after paying for it because they don't agree to Haiers TOS?

nova_ad_vitum ,

Did OP even agree to their terms?

phoneymouse ,

Right… a violation of our TnC… doesn’t matter. Maybe for the customer, not the repo owner.

Emerald ,

I laughed when I saw "significant economic harm"

Dehydrated OP ,

Because that statement is really ridiculous.

neidu2 ,

So, is the code in question using a publicly accessible API of theirs? If so it'd be a shame if something were to access that API more than anticipated..

nbafantest ,

https://github.com/Andre0512/hon/issues/147#issuecomment-1892738060

Looks like the owner isnt taking it down and will force them to take it down.

I'm curious what the legal reason is for this. They arent actually using any illegal IP right?

pearsaltchocolatebar ,

They just don't want to go through the hassle of securing their api, so they're trying to strong arm the devs into dropping the project.

It would be laughably easy for them to kill this, but maybe their devs aren't competent enough to do it.

gedaliyah ,
@gedaliyah@lemmy.world avatar

This seems like the answer. If there is no proprietary code and they did not actually reverse-engineer patented technology, I doubt they have a leg to stand on.

It costs nothing to threaten to sue, and it sometimes works.

tdawg ,

afaik reverse engineering is generally legal so long as the person prosecuting you can't prove you used insider knowledge

This is why things like game system emulators are generally fine

brianorca ,

Reverse engineering is legal, but if you still arrive at a solution covered by a patent, then that solution is illegal. But this shouldn't be covered by a patent.

tdawg ,

That seems like it would be nearly impossible to prove with software. There are so many ways to structure solutions and most of them conform to an open standard

brianorca ,

It's an open source project repository. It can be compared to the process descriptions in the patent. But patents and copyright don't cover APIs, as decided in Oracle vs Google in 2021.

I'm saying this usage of reverse engineering is probably safe, but if you reverse engineered a way to process data that happened to match a patent, it doesn't matter that you never saw the patent or original code, it can still be infringement.

VonReposti ,

Software patents isn't a thing in Europe, so that doesn't hold any weight for Haier. Even their terms are null and void as is the case of almost all "terms of service" documents in Europe.

brianorca ,

That wouldn't stop them from pursuing something in a US court if the other party is in the US. But even here, I doubt their argument would hold water in an actual trial, considering existing precedent.

stoly ,

It would still require a lot of time and hundreds of thousands of dollars in lawyers.

pearsaltchocolatebar ,

It wouldn't require that much time or money to lock down the API. It's not something they'd have to create from scratch.

Although I'm sure the entire platform is a mess of spaghetti code, so maybe it would be expensive to have someone untangle it enough to implement.

stoly ,

APIs are, by nature, open. Anyone can use them. The business bros don't like this fact and are using lawyers to express their distaste for people using their product as intended.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • mildlyinfuriating@lemmy.world
  • incremental_games
  • random
  • meta
  • All magazines
    •