This is a most excellent place for technology news and articles.
The company is offering affected users a 30 percent discount on a new Ecobee thermostat, valid for up to 15 thermostats.
...
Our smart thermostat has never been all that useful to me. The main thing is I don't have to walk over to it to change the temp. But that convenience isn't really worth the $150 I paid for it.
I wouldn’t be surprised if someone reverse-engineers the protocol and codes up their own replacement backend as a one-file Python script in a weekend.
That truly depends on how secure Ecobee made it… I’ve seen some smart devices that use SSL (https) for all communication and do some sort of certificate authentication, making it virtually impossible to decrypt its communication protocol without a valid private key…
Having said that, it’d be nice if Ecobee took the initiative and opened up these older devices, if they could do so without comprising the security of all their others.
In the last 16 years there's been multiple SSL vulnerabilities, so if someone was motivated enough, they could probably hack it, especially considering they'd have physical access. You could probably even dump out the filesystem and overwrite certificates with your own.
A link to the official notice: https://support.ecobee.com/s/articles/Connectivity-and-Support-for-Legacy-Products
(It was the first link in the article, good job The Verge)
That's ok if you ask me, considering that they will still continue to function as regular thermostats
I disagree - definitely not OK by me, though likely legal. People bought this because they wanted and paid extra for an internet connected device, and a regular thermostat is not that. I mean, would you be OK if your TV manufacturer disabled the screen and streamed radio stations instead?
The last TV that would've lasted 16 years was probably made 40 years ago
If my TV was 16 years old, and the manufacturer cut off the internet function to it, id be ok with that.
These thermostats still work as thermostats, just without the smart features. Comparing that to turning a TV to a radio is disingenuous. 16 years is a long time, and there are security protocols amongst other things that go obsolete over time and can't be updated at a certain point on legacy devices.
I honestly can’t understand why anyone would be OK with it. I think our society has been getting trained to just accept whatever they throw at us. “Buying” something no longer means fully owning it, and I’m not OK with that, I just have to live with it.
i say something like this often in real life, but despite it being plainly observable in daily life other people still don't agree.
it's on all scales too, or at least it feels like it. moving everything to streaming, always online, etc. want to play a competitive video game with your friends? give a corporation root-level access to your home computer. ads everywhere some greedy ass in a suit can think to stick them whether you pay or not, yet everyone complies like this is normal and i get singled out for caring about our rights as consumers.
i love capitalism i love money
If you bought one of these because you have a heat pump and want to consider the outside temp, that service is now cut off. Not ideal.
As per the Ecobee notice this only impacts the two original models and they still function as regular thermostats still, they are just not providing any of the smart / cloud features anymore.
Newer units support local homekit control, which can also be paired with open systems like Home Assistant for full local control for automation.
Thermostats are easy to change out. So this isn't a huge deal. But I don't love the idea that tech isn't built to be self-hosted or maintained in any meaningful way. If you're not shipping an open source version of your software when you close up, you're an asshole.
Yeah, self hosting isn't for most lay people if it's just a GitHub repo. But GitHub repos quickly become adopted by nerds like me who build tooling around it that eventually let lay people self host software with the click of a button.
It is also nice that these just degrade to regular thermostats. It isn't like they are completely stopping working. It would be nice if you could swap out the API, or they keep the API running longer (how much work can maintaining it be?). But this sounds like a pretty graceful degradation.
It would be nice to have these speak some common Zigbee protocol or similar. But this isn't the worst behaviour I have seen from companies.
Are you aware of a decent number of mainstream products that didn't go full asshole? I agree with you absolutely, but I feel like the majority of connected products pull this same shit.
Yeah the majority do it and I think it's bad.
Newer versions are Homekit compatible and can be controlled over the local network.
As long as HomeKit remains a thing.
Home assistant can talk to homekit devices without involving Apple, so you can assume it'll be around for a while.
Yeah, 100%. Home assistant can basically connect to any damn thing. Home assistant is going to be the fall back for a lot of legacy iot devices and platforms.
Not quite everything. The stuff that calls home to their own servers can't be saved by home assistant. If you take care to buy stuff that can be controlled locally, you're more likely to have some longevity out of your devices.
It is a standard. I don't know how you can make it not be a thing once it is implemented.
But it’s not an open standard, and all of the 3rd party home kit apps are basically a new client for services that Apple develops.
I say this as someone who sticks with HomeKit because I think it’s one of the better IOT solutions if you care about for privacy and security. My home is all HomeKit compatible. Lutron, Eve, and homebridge for odds and ends.
But I’m fully aware that, if Apple decided to pull the plug, I’d probably be running some sort of local home brewed HomeKit clone on a raspberry pi to keep the network alive.
Yeah, self hosting isn't for most lay people if it's just a GitHub repo...
If ecobee put their backend code on GitHub, I bet it would be self hostable with docker within a week.
16 years old? That thermostat has sure had a run, must have been designed pretty well to last this long without some electronic failure.
Assuming it's cloud connected, anyone aware whether it got updates for the newer versions of TLS and root certificates? As an example I'm aware quite a lot of android and similar devices from that era have expired certificates now, and outdated/vulnerable SSL libraries...
Edit: Edit example
16 years old? That thermostat has sure had a run
I have game consoles that are more than twice that old and still play reliably. Apple really skewed our idea of lifespans for electronics, didn't they? It's a thermostat, they should be designed to install and forget for the next half-century. It's a core part of a house, like the plumbing and breaker box.
Didn’t the pace of change influence our perception more than anything else?
Don’t old computers on old operating systems work as well as they did when support was dropped? Much like your example of consoles?
The rate of software gobbling up newly available resources seems to a big reason people feel the need to move on. But I think that is starting to flatten out as the pace of processor improvements slows.
The bloat on the web is a huge burden on older devices too. Especially for your average person.
The bloat on the web and in native software (and in non-native software that is just another copy of Chrome posing as native software) comes from our newly available resources allowing for “lazy” development practices that prioritize cross platform development and other factors over writing efficient native software for each platform.
There are a lot of factors involved in the rate of device turnover. I don’t think any one factor is consistently forcing people to upgrade hardware. It’s a collective situation.
I use my desktop computers, for work, for nearly 10 years past their introduction date before replacing them. (Three more to go for my current machine). For my gaming computer, I swap a major part every 5-6 years.
And to reiterate, I think this rate of change is slowing down. At least for raw processing power and how long it is relevant. The rate of change over the course of personal computing has been massive. And it’s just starting to slow down.
For a thermostat that's built into a house, 16 years doesn't seem long enough, tbh. A 'dumb' thermostat can easily be in use for 30+ years before anyone would even consider replacing it.
But yeah, as you said, if it's connected to the internet you have to worry about software patches, certificates, etc.
Yeah, the old dumb ones in my house have been there for 50 years.
