An engineer got curious about how his iLife A11 smart vacuum worked and monitored the network traffic coming from the device. That’s when he noticed it was constantly sending logs and telemetry data to the manufacturer — something he hadn’t consented to. The user, Harishankar, decided to block the telemetry servers’ IP addresses on his network, while keeping the firmware and OTA servers open. While his smart gadget worked for a while, it just refused to turn on soon after. After a lengthy investigation, he discovered that a remote kill command had been issued to his device.
The fact that this isn’t considered outright fraud is disturbing. This person OWNS the device, yes? They’re not leasing it.
FFS, this should be illegal.
I agree with you that this should be illegal. I expect this was in the terms of service, though. Since we have no laws restricting this kind of bullshit, the company can argue that they’re within their rights.
We need some real legislation around privacy. It’s never going to happen, but it needs to. We need a right to anonymity but that is too scary for advertisers and our police state.
While I expect the same, there’s also just a reasonablility standard. If Meta and Google updated their TOS to say that users agreed to become human chattle slaves to mine cobalt and forfeit their rights, no court (…right, SCOTUS?..right?) would uphold that. A TOS is a contract, but it’s mostly for the protection of companies from liability. Takign active steps to brick someone’s device over the device not connecting to it’s C2 server (the company had zero evidence this was done intentionally and a router firewall misconfiguration could just have easily done the same thing), is IMO something that should result in a lawsuit.
How often are the terms of service evident at the time of purchase? It’s unreasonable to assume at the checkout that the price is only for a limited time of use. I doubt the put it on the box or on the Amazon page when you purchased stuff like this. Are you supposed to buy it and then return it after reading the fine print in the instruction booklet after opening it up?
Unfortunately this is from a Chinese company and China will never make it illegal; hell they’re more likely to pass a law requiring ILIFE to share the personal data with the government than tell them not to collect them. This could be enforced for US based companies but as long as we buy luxury goods from China this is going to be a fact of life.