1y ago

Haier, the air conditioner maker, takes down open source third-party Home Assistant integration

Thankfully I don't use any of their products, but this really pisses me off. They claim that this open source project "causes significant economic harm to their company"

This is ridiculous. It is truly ridiculous. How can something that enables the user to efficiently control their AC cause "significant economic harm"???

Consider forking the repository or mirroring it to another platform like GitLab, Codeberg or your self-hosted Git server, so the project can continue to exist and someone can maybe fork it and maintain it.

The effected repos are: https://github.com/Andre0512/hOn and https://github.com/Andre0512/pyhOn

If you don't know about Home Assistant, check it out. It's an amazing piece of open-source software, that you can run at home on your own server and use it to control your smart home devices. That way, you don't need to connect them to the manufacturer's (probably insecure) cloud. It gives you sovereignty over your smart home instead of some proprietary vendor-locked garbage. Check out their website and the Lemmy community: !homeassistant@lemmy.world

I also highly recommend Louis Rossmann's video about this: https://youtu.be/RcSnd3cyti0

He makes awesome videos in general, consider subscribing.

As Rossmann said, don't ever buy anything from such a shitty company that doesn't respect their customers. This move by Haier is nothing other than a slap in the face for everyone, who just wants to comfortably control the product they paid for. This company is actively hostile towards their paying customers. Fuck these bastards!

homeassistant @lemmy.world

Dehydrated @lemmy.world

1y ago

Haier, the air conditioner maker, takes down open source third-party Home Assistant integration

Open Source @lemmy.ml

Dehydrated @lemmy.world

1y ago

Haier, the air conditioner maker, takes down open source third-party Home Assistant integration

134 comments

This is ridiculous. It is truly ridiculous. How can something that enables the user to efficiently control their AC cause “significant economic harm”???
We're discussing this over in !homeassistant@lemmy.world. This absolutely has to be about them losing access to data they can sell to 3rd parties. The hOn ToS will no doubt have a clause that enables this.
It's a dick move for sure.
- They want to advertise that their stuff is "cloud enabled", while offering the shittiest service possible and putting as many roadblocks as possible to minimize its use.
  Having people use their services efficiently is increasing their cloud services bill, can't have that.
  Personally, I've restrained myself from buying into IoT, and if I'm going to do so, I'll make sure it can be controlled locally without depending on a cloud service, and through a hub I can fully control. I need to be able to disconnect my modem and operate everything even if the WAN is down.
  
  I basically run my house IoT setup as you desire. My smart switches are a mix of Tasmota (open source firmware, running totally locally) and ZigBee (an open protocol for IoT interoperability). The whole lot is controlled by a NUC running home assistant. My doorbell camera also streams directly to the server.
  Home Assistant basically acts to glue everything together, and provides nice, easy to use GUIs. It can also bridge between networks. It's easy to have all your IoT things on an isolated network, with no internet access. Only the HA install can see both networks.
  I've also been careful of WAF (Wife Acceptance Factor). If the internet goes down, almost everything keeps working. If the NUC dies, the switches still work as dumb switches. The bulbs all default to full brightness neutral colour.
  
  My Home Assistant software and smart devices all are controlled locally and cloud access isn't used but there are other, much more important reasons to avoid running it.
  You should avoid it because Home Assistant is an addictive monster. It starts as a hobby and then the next thing you know you're putting temperature sensors in your refrigerator and setting different brightness levels for your bathroom lights depending on the time of day.
  Seriously though, the software gives an amazingly useful single dashboard for things you might use everyday including lighting, HVAC, alarm systems, weather, currency exchange rates, and entertainment systems. I use it every day.
  
  They probably want to pull a Chamberlain and sell a bunch of crappy buggy, inconsistent, error-prone addon services for $60/yr after you've already purchased the product.
  But yeah, lesson mostly learned. Don't support companies who only offer cloud-dependent services because they will definitely turn on the customer when they reach the natural ceiling of people buying the product and start looking for extra ways to squeeze their customers.
- The tos should only apply to the software and not the hardware, right? Or do you need to sign a waiver when you purchase the damn thing?
  
  Not sure about the Haier thing. My HVAC has an add-on "smart" controller that I had to pay extra for, and the ToS are no doubt attached to that.
  
  The tos applies to their service, that is, they have a cloud service, and you have to abide the tos to use it. It doesn't factor into hardware or software specifically but their hardware and software might not work without the service
  
  It's probably to access their API in order to control the device remotely.
- And so they can't possibly actually do anything right? This is just a scare letter?
  
  They probably can. I'm sure they've covered themselves with some bullshit ToS that governs the use of the cloud service itself, and acceptance is implied when you use the service.
  There's a part of me that really wishes it could be challenged, though, by pointing out that leaving the cloud service open to public consumption without some form of authorization should simply be a case of tough titties to them. Lock your shit down if you don't want people like us using it in ways you didn't intend.
  But, as we all well know, once lawyers get involved, it's simply too hard to fight this sort of shit.
- Yeah, I feel like all Chinese companies profit off selling customer data first, selling products second.
  
  In fairness, that's just about any tech-connected company nowadays. Social media, streaming services - you name it. They're all bloody doing it.
- They could have done what Chamberlin did with MyQ and just locked the API down so that it can't be used outside the app. What a ridiculous strategy that won't backfire at all.
  
  Yep, good point. That's still a bit of a dick move, but a completely legitimate one too. If you don't like people like us having a play and developing our own capabilities against the service, you can re-assert your ownership and lock it down.
  Siccing lawyers onto a dev who is helping your customers use your product in new and improved ways is just plain fucking stupid.
“Significant economic harm”
Yeah, like my never considering you for any products ever again you pieces of trash. Why the fuck do your products even need to connect with the cloud?
Fuck off.
- Why? Their response showed why: so they can sell your data. There's literally no other reason. And they can't just sell a product for profit, that's not enough, they have to also sell out our privacy for more revenue! Otherwise they would have stayed quiet, maintaining plausible deniability and not taken this step. It's literally never enough for these scumbag companies...
  
  Oh yeah, I mean my question was pretty much rhetorical, selling my useage data isn’t a good reason for this to happen.
  Still, I’m glad you responded so anyone who wasn’t already familiar can get the perspective.
Special shout-out to LiftMaster/Chamberlain who did the same rug-pull on their customers last year.
Never trust free cloud services attached to a paid product.
- Fuck these guys for real. I had just set up a raspberry pi and nfc tags. I’m not buying their shitty ecosystem even harder now.
- LiftMaster/Chamberlain
  Get a ratgdo. It's a little ESP8266-powered board that connects to the garage door opener and lets you open/close it and turn the light on and off, and reports the status of the door (opening, open, closing, closed) and obstruction sensor status via MQTT, entirely locally. I installed one on my LiftMaster garage door opener (an old version with no smart features) and it works well! I zip tied mine inside the plastic cover that goes over the light bulb, as per the developer's recommendation.
  They have a beta firmware for HomeKit integration too, to directly control it from Apple devices if you don't want to run something like Home Assistant with an MQTT broker.
  "ratgdo" stands for "rage against the garage door opener" :D
  
  based device name
  
  Go one step further and make your own using ESPHome.
- I ripped mine out as soon as they pulled this. Fuck them, they won’t get my data if they won’t let me do what I want with a product I already paid for.
https://github.com/Andre0512/hon/issues/147#issuecomment-1892738060
Looks like the owner isnt taking it down and will force them to take it down.
I'm curious what the legal reason is for this. They arent actually using any illegal IP right?
- They just don't want to go through the hassle of securing their api, so they're trying to strong arm the devs into dropping the project.
  It would be laughably easy for them to kill this, but maybe their devs aren't competent enough to do it.
  
  This seems like the answer. If there is no proprietary code and they did not actually reverse-engineer patented technology, I doubt they have a leg to stand on.
  It costs nothing to threaten to sue, and it sometimes works.
  
  It would still require a lot of time and hundreds of thousands of dollars in lawyers.
- APIs are, by nature, open. Anyone can use them. The business bros don't like this fact and are using lawyers to express their distaste for people using their product as intended.
Not to excuse this sort of behaviour, but at least they're honest enough to say it's about the money, instead of hiding behind excuses like "bUt sEcuRiTy vUlNeRaBiLiTieS".
We need laws to prevent this kind of anti-consumer bullshit (yeah I know, a pipe dream) and for people to simply not give Haier their money, or data.
- I don't even think this is honest, I doubt that a small FOSS project is causing "significant economic damage" to a company of such size. It's just user-hostility and the wish to control the users and the products they bought and paid for. Unfortunately, this is an increasing trend among companies.
At this point I need a website that tracks companies BS and gives them a grade level. Just too effing many of them.
- Hmmm..... Like the BBB but better? The better BBB? BBBB perhaps... Or B^4...
  
  "Know B^4 you buy"
  
  BBB is run by businesses, for businesses.
  Not a consumer protection agency.
  
  BCFC - By Consumers for Consumers
  
  Just a quick reminder to anybody reading this:
  The BBB is not a government institution. It is nothing but a for-profit company
  
  Hmmm… Like the BBB but better?
  No, I mean like just a static page that lists every company and with a grade to the right of their names, and you click on a company name to drill down to comments about them and their grade. A quick lookup reference that someone can use before purchasing a product.
  Basically like how they have websites for movies, but for companies instead.
  The BBB doesn't have such a thing AFAIK, it's just a place for reporting companies at an individual complaint level.
  
  What do you call supersized legos all painted black?
  Big black blocks.
- There's https://foundation.mozilla.org/en/privacynotincluded/ for privacy, at least.
One thing I find annoying is that there's no way for me to let the company know that this behavior lost me as their customer forever unless they change their tune.
I'm fairly sure I'm the kind of person they'd market those products towards and it hurs them, but there's no wat that I'm aware of to let them know.
If there was a way, and a significant amount of people would do so, maybe the decision makers would understand it's stupid...
- Make a project of getting escalated up to an executive through a chain of emails. LinkedIn provides a good starting point with contact information.
  A while ago, I expressed my desire to tell a Microsoft executive to fuck themselves over a decision that frustrated me and that idea proved fruitful. (Thanks lemmy) Just stay professional until you earn your prize and, at worst, you’ll waste some of their money as your potential entry point wastes time reading your entirely unrelated message. Change emails if you care to cover your tracks.
- That's actually the one thing that Twitter is still good for.
  
  It was the only thing I ever used Twitter for. Then it stopped working as I think a lot of companies stopped caring. Then Musk came along and I closed my account.
- You can contact them https://www.haierappliances.com/support/contact-us
- Sadly, those who care about ethics is a small number. See Reddit as a good example. You and I go "this company sucks, I'll spend my money elsewhere." Most people go "ooh, monkey like shiny" and that's the end of it.
Bullshit from companies continues... someone don't forget to upload all code to the Internet Archive just in case.
- It's pretty easy. Download the repo from GitHub as a .zip and upload that to the archive. Pretty simple. Don't forget to do this for both repos.
  
  Indeed it is, I just can't do it right now
- Also fork the repos. Git makes duplicating a repository simple, and preserving history with a fork is way better than uploading a zip snapshot. For best results fork to GitLab, Bitbucket, Codeberg, etc. as well.
  
  Forking yeah, but not by clicking the Fork button on Github. When a repo get DMCA its forks get deleted too...
Isn't the whole point of this to not use their services? As long as Haier's software and servers are not being touched I don't see how they have any legal standing. This guy should speak to a lawyer to verify if this is the case.
Anyhow, the last Haier/GE air conditioner I took apart had a commodity off-the-shelf USB Wi-Fi dongle inside it plugged in via a short USB extension lead to an off-the-shelf microcontroller board to enable its "smart" features. I'll bet you a dime Haier is violating the terms of at least one open source license, possibly more than one, via the software stack they're running in there. So as far as I'm concerned they're free to take a flying fuck at a rolling doughnut.
- The problem is it's a script that logs onto Haier's servers with the user's email and password and starts polling for data. Considering that most designed usage is probably based around users every once in a while checking and adjusting their thermostat, just one user with an HACS install doing a poll every minute is 1440x more usage than the next who checks it once a day. If HACS uses were the majority of traffic for these devices I wouldn't be surprised by that metric.
  That's what probably meant by the ToS because the users using it are probably violating it, and the addon can be considered as something that makes violating it easier (it doesn't have a secondary purpose other than using a set of credentials that are only given after accepting the ToS).
  I've had crappy "Smart" ACs and Samsung was the absolute worst. At random times their AWS instance in Europe would go down or their app wouldn't respond. I gave up and coded my own script to directly interface with the device over the local WiFi. You cut Samsung completely out of the equation. You don't have to worry about their servers not working anymore. That's an ideal way for an add-on to work. Ideally most of the script can be retuned to work directly with the device.
  
  Any appliance made by Samsung is pure garbage. I just got rid of one of their dryers and I'm very glad to have it gone.
  
  Seems like the customer would be violating the TnC, not the repo owner
- Generally, a lot of companies that add "cloud enabled" to their products don't let you access the local device. Home Assistant isn't talking to the air conditioner, it's logging into their web interface. If it's polling 1/minute, that can be a lot of extra traffic, compared to a normal user.
  The better solution is to work with their buyers, not against them. If they provided a local API, then the excess traffic would go away. Theirs no money in that, in the short term, however. So they take the lazy route.
  There's a reason I only buy IoT type devices with a local API. They also have a tendency to turn servers off. Suddenly your smart device is bricked, despite working fine.
- I'm curious about the details, yeah. Maybe they're plugging into some API or something? Breaking some safety measure? Otherwise I really don't see how these threats aren't empty. Suing somebody for breaking EULA terms does not have a great track record, and neither does modifying things you buy or making unauthorized software for computers.
  But hey, if the guy says the project is coming down, then I guess the aggressive language did the thing they wanted it to do, even if it's relatively toothless.
are in violation of our terms and agreements
So what if you dont agree with their terms? What then? Cant you just host the repo and tell them to fuck off since you sisnt agree to anything?
- Not to mention this is being used to control products purchased by individuals. Are they not allowed to use their AC after paying for it because they don't agree to Haiers TOS?
- Did OP even agree to their terms?
  
  Right… a violation of our TnC… doesn’t matter. Maybe for the customer, not the repo owner.
Badwill. Always a bad strategy. Join progress, don't fight it.
I don't have any Haier products but as a Chamberlain/MyQ garage door owner I can relate all too well. At least ratgdo is an option for the garage doors, I doubt there's anything nearly as simple for the Haier users.
Fuck these companies.
This is ridiculous. It is truly ridiculous. How can something that enables the user to efficiently control their AC cause "significant economic harm"???
I assume they have their own app and run ads/user analytics through it that make them money.
I have to wonder if you bought their products on the basis that they worked with HA, if you could have some sort of claim here.
- No, thankfully I don't use any of their products. But I find their statement ridiculous. If I buy something, it's mine, I own it because I paid for it. The manufacturer can fuck off.
  
  If you dig just below the surface, you will find that the very philosophical concept of "ownership" comes with terms and conditions.
  
  But they want you to use their app.
  And they've decided if you have a HA plugin, you won't.
  So we do our research, and avoid scumbag companies when making purchasing decisions, or more likely, pick the lesser of a several evils.
- Hell's Angels? Because it feels like everything works with Hell's Angels now.
GitHub also has a legal defense fund for developers. GitHub lists it on their DMCA takedown page.
When GitHub processes a DMCA takedown under our circumvention technology claim review process, we will offer the repository owner a referral to receive independent legal consultation through GitHub’s Developer Defense Fund at no cost to them.
They created this fund after claims were made against a YouTube downloader from a third party. (not Google)
I don’t know if this would be an anti-circumvention claim, but it doesn’t sound like a bad idea to ask.
- Isn't GitHub Microsoft owned now? Or am I missing something?
  
  It is owned by Microsoft.
As if I needed another reason not to buy their shitty appliances.
reminds me of the DMCA form letters. full of scary empty threats. paid legal dept. earning their keep. mgmt doesn't realize the freely developed stuff makes their products more desirable when it does a better job than their own software. may they flounder in ignorance
MY ECONOMIC HARM!
So, is the code in question using a publicly accessible API of theirs? If so it'd be a shame if something were to access that API more than anticipated..
Hmm, so anyone want to fork the project? I don't own their devices so have never signed their ToS. I'd love to see how they'd reason I'm breaking some law by hosting the code.
I live in caveman times. I turn my lights on with a light switch, and I turn my AC on with the power button on the unit.
- I can see where some automation would be really nice. I don't want to remember to turn the heat down at night when I'm already covered in blankets and don't need it as warm. I could use a automation to dim the lights when it gets late as another indicator that it's time to head to bed
  
  Nearly all window air conditioner units have a built in programmable timer that allows you to do just this, and if your system is central you can spend all of $20 on an electronic programmable thermostat that's a plug-in replacement for your old one and doesn't require being connected to the internet.
  Just saying, this functionality already existed and worked just fine before everything had to be on the fucking "cloud."
- 🆗🆒
- If it works it works I guess.
I laughed when I saw "significant economic harm"
- Because that statement is really ridiculous.
Boycott Haier
- You should do that anyway; they're a bag of dicks. I have to deal with them at work.
  Note also that Haier includes GE Appliances and their subsidiaries GE Profile, Cafe, and Hotpoint since Haier acquired the GE Appliances division in 2016. Fisher and Paykel is also owned by Haier now, too. So if you're gotten the feeling that your GE appliances are crap now compared to the ones your parents had, it's not just a feeling and you're right: They're crap now since Haier has been cutting corners all over the place to chase a dollar.
- Are you saying things were better before? Because I feel like things have never been better! I'm a CEO of a F500 company though.
Never considered buying Haier anyway, but i am looking specifically for appliances that have HAOS support. So them pulling this shit will put them on my black list for ever. I get why Mazda did it, but the car doesn't need the app to be useful, i can just ignore that part. But this is an home appliance that looses a big part of it's usefulness...
Here is an alternative Piped link(s):
https://piped.video/RcSnd3cyti0
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I'm open-source; check me out at GitHub.
Hey, also, just btw, as an aside, apropos...
If you use "smart devices" in your home, you're a fucking moron.
- If you use ~~"smart devices"~~ cheap Chinese garbage that requires a 24/7 connection to some random insecure cloud server in your home, you're a fucking moron. But there are some great solutions that run entirely locally and enable you to do some really cool home automation. Check out the !homeautomation@lemmy.world community, as well as !homeassistant@lemmy.world. Home Assistant is probably the best piece of software for building an actually smart home, that's also sovereign and not reliant on an internet connection or some company and their infrastructure.
  
  Yeah I know, I should have worded myself less aggressively.

134 comments