Email or username:

Password:

Forgot your password?
Jess👾

Every internet of shit, phone, tablet, and other sorts of device manufacturers should be required to push/post a root unlock firmware for their devices before they can stop supporting them. There's too goddamn much ewaste from everything already. If they're going to abandon their devices, at least make it easy for people to unlock them and do whatever else they want with them.

82 comments
Indigo

@JessTheUnstill should be required by law to do this within 90 days of end-of-life

thomzane

@JessTheUnstill I am really surprised this is not codified into law yet.

Cegorach

@JessTheUnstill more like forcing them to deposit unlock keys at state (or similar) actors

and auto-releasing those keys after $time without update

Rich Felker

@drazraeltod @JessTheUnstill More like including the keys in the box it's sold in.

Haelwenn /элвэн/ :triskell:
@dalias @drazraeltod @JessTheUnstill Quite like how the good carriers give the PUK code with the sim card.
Jess👾

It's shitty, but I do get that some manufacturers sell the device itself at below cost because people have to pay for the online services. Game console manufacturers have done that for years. If they sold it easy to unlock, people would just buy the hardware, unlock it, and never pay for the service. Which is a shitty and scammy business model, but at least it does make sorta sense.

@dalias
@drazraeltod

Cegorach

@JessTheUnstill @dalias and it much more politics-compatible that way

you can sell it as "it's against cheap foreign vendors that don't supply updates" instead of "it's against you"

well known vendors will always claim that THEIR lock in isn't as bad, because they do $bullshit. So they have a way of keeping that claim.

Meh as a Service

@JessTheUnstill @dalias @drazraeltod true, which is why requiring the unlock on EOL is a more "reasonable" demand (as in, will receive a less extreme lobbyist pushback).

The problem is when EOL of a device corresponds to EOL of the manufacturer. Can't really force a bankrupt entity that has long fired its engineers to unlock anything.

Perhaps the requirement should be to provide secret unlock instructions as a part of a device certification process. But then of course the repository of these secrets becomes a massive attack target.

Still, the amount of e-waste that could easily serve a new purpose if there was any documentation at all is infuriating.

🤔

@JessTheUnstill @dalias @drazraeltod true, which is why requiring the unlock on EOL is a more "reasonable" demand (as in, will receive a less extreme lobbyist pushback).

The problem is when EOL of a device corresponds to EOL of the manufacturer. Can't really force a bankrupt entity that has long fired its engineers to unlock anything.

Jess👾

Most of the time, the update to unlock the firmware wouldn't be especially technically complicated. It just requires access to the source code, build pipeline, and signing keys. So even if it's not kept in a central repo, if codified in law that it is a priority liability against the company assets if they declare bankruptcy to provide access to that information and fund a consultant to compile the firmware update, it wouldn't take all that long per device to compete.

Think when a company that holds toxic waste goes under - there's still liability to remediate it that carries on to whomever buys up the assets, and beyond some point it becomes a Superfund site to remediate.

@virtulis
@dalias @drazraeltod

Most of the time, the update to unlock the firmware wouldn't be especially technically complicated. It just requires access to the source code, build pipeline, and signing keys. So even if it's not kept in a central repo, if codified in law that it is a priority liability against the company assets if they declare bankruptcy to provide access to that information and fund a consultant to compile the firmware update, it wouldn't take all that long per device to compete.

Jerry Orr

@virtulis @JessTheUnstill @dalias @drazraeltod reminds me of how nuclear power plants are required to set aside funding for decommissioning the plant before they are allowed to build it. Obviously there are differences with the risk of software key leaks, but it’s a similar concept

gadgetoid

@JessTheUnstill @dalias @drazraeltod that’s the line- but Nintendo apparently rarely sell at a loss and despite rampant, highly public piracy and the first gen Switch being pwned they are still gangbusters popular.

I’m convinced the “sold at a loss” is a convenient mistruth, perpetrated to help justify high prices, locked-down consoles and mediocre services. None *cough steam deck* of which are needed *cough cough PC* to shift videogames 😫

Kevin Karhan :verified:

@dalias @drazraeltod @JessTheUnstill +9001%

If people are too afraid they could just put it in some sealed envelope on some scratch field and people who never want to mod their devices can just burn it.

Worse is only the purposeful #eWaste generation and literal #theft that #Apple does with #iCloud-Lock, and yet people still defend that shite!
youtube.com/watch?v=ZzS2vwDUO9

#Funfact: this can even be weaponized against unsuspecting users:
youtube.com/watch?v=ifOifNBgyR

Oh and they'll also remotely #brick peoples' devices deliberately after #EndOfLife / #EoL just to be real assholes...
youtube.com/watch?v=UxaCUugPoR

Sadly, these actions don't come up in the #EcoHipster-esque #Greenwashing-Brochures of Apple nor are they being accounted for...

@dalias @drazraeltod @JessTheUnstill +9001%

If people are too afraid they could just put it in some sealed envelope on some scratch field and people who never want to mod their devices can just burn it.

Worse is only the purposeful #eWaste generation and literal #theft that #Apple does with #iCloud-Lock, and yet people still defend that shite!
youtube.com/watch?v=ZzS2vwDUO9

Trent Waddington

@JessTheUnstill if you were going to set up a foundation to enact this policy, what would you call it? Would you walk the sign-ups and logos path or the legislative path?

Jess👾

@quantumg
I am just a bitch who rants on the internet, not a public policy expert. I suspect that it would end up needing some sort of legislation solution because device manufacturers both don't want their old recycled devices continuing to work, and thus, meaning their users can continue to use them longer without replacing them. Also, they might insist on having some waivers of liability after they EOL so users don't come suing them for support or whatever.

Trent Waddington

@JessTheUnstill I too am a bitch on the Internet. 🤣 There's one called Human-I-T that was clearly named by someone's nerdy Dad, that is mostly focused on recycling computers, tablets and phones. Then there's Good Ol' Games and competitors that are all about keeping cultural artifacts available for future generations. Most IoT junk feels like it never should have been made in the first place.. but I love cheap crap.

Jess👾

@quantumg
Yeah, but even most IoT crap, it's gonna probably have some SOC that runs an embedded Linux or BSD that maybe you could do SOMETHING interesting with it.

Trent Waddington

@JessTheUnstill big public database with repurposing cookbooks would be great. I bet there's 12 of them in varying states of decay. Put 'em all together and call it Amalgamated Abandonware.

Roger Moore

@JessTheUnstill @quantumg
The waiver of liability is a nice incentive for companies to participate. You might need to require some minimum notice before EOL to avoid companies suddenly dropping products as soon as they discover a flaw that might trigger lawsuits. There should probably be some kind of notice requirement anyway to protect customers from buying something that has an unreasonably short supported lifetime.

Trent Waddington

@VATVSLPR @JessTheUnstill reasonable 😆 If every tech product had to have a declared support schedule (written on the box, as it were) you could imagine service-oriented junk winning, but also consumers who will only buy zero-service products.

Andreas, DJ3EI, he/him

I very much like this idea of a law forcing manufacturers to provide unlock facilities for devices with built-in computing power upon end of support.

🤔

"Waiver of liability" is clearly needed.

But that translates to "the unlock facilities don't work".

This will be nontrivial to codify...

@JessTheUnstill @quantumg

Chris Downey

@JessTheUnstill needs an escrow system so that we can get the info even if the company just dies; and also do a court could order its release in some circumstances

Pavel Machek
@JessTheUnstill Unlocking bootloader of unsupported devices should be mandatory, yes. Actually, they should be required to release the sources at the time device goes out of support. Ewaste is bad :-(.
buherator
@JessTheUnstill But then how will they make us buy their newer, slightly crappier gadgets?
Kevin Karhan :verified:

@JessTheUnstill nodds in agreement

Or they should be forced to not only take back the device and reimburse the full purchse price + interest but also pay the cost for a functional & technical drop-in replacement with equal or better terms and specs.

THAT is something @EU_Commission should work on instead of copying #Cyberfacism from #Russia and #China...
digitalcourage.social/@echo_pb

Denis :flan_le_french:

@JessTheUnstill Unrooting is not enough. You need documentation and open-source firmwares when a device is abandoned by the manufacturer.

Also you need to define "abandoned". I am sure device makers will never acknowledge the device is EOL. They will always find a good reason why a device will not receive update :)

Niku

@JessTheUnstill But then you Maybe don't need to buy their next generation device :ac_amazed:
That's not how our capitalism works(sadly)

DELETED

@JessTheUnstill I would love this especially for older consoles. I have a perfectly functioning ps3 that would make a great multimedia box if I could only put my own os on it

Jan Penfrat

@JessTheUnstill So true. At @edri we tried getting this idea into the EU's new #CyberResilienceAct, unfortunately without success. Political resistance against such forced exposure of #IP was too great because corporate #property apparently trumps everything, even digital #security 🙄

gjersey999

@JessTheUnstill@infosec.exchange

I recommend learning Assembly. Everything is open source if you can read Assembly.

cybervegan

@JessTheUnstill Of course, they won't WANT to do this because it means less NEW devices well be sold. They rely on the previous generation of electronics going to land fill to make a profit. Think of the poor execs and shareholders! #crapitalism

johnduggins

@JessTheUnstill I appreciate how Google released a firmware for their Stadia controllers after shutting it down. Prior to the update, they could only be used with the service over internet protocols. The update made them standard Bluetooth controllers. I still use mine.

marvin

@JessTheUnstill and escrow final source code and patches, drivers, hardware schematics, cad/cam designs for future spare part manufacturing. Stop offering support and spare parts available at a reasonable price, and it all needs to be public domain

Anton Piatek

@JessTheUnstill I wish!
My phone is perfectly fine but out of support, and if there were a free android port for it I'd flash it on a heartbeat, buts it's Huawei and not supported as all locked down 😔

Jess👾

I would totally buy up 1st gen Alexa or whatever and root them. All I need them to do is run timers and tell me the weather anyways.

Melanie (they, she)

@JessTheUnstill there should be community diy clinics on this.

Bob 🇺🇲♒🐧🪖

@JessTheUnstill

The Google infestation called Android is so out of control, I've not been able to get updates for months. About ready to nuke the phone and get a real Linux OS so I can use it again...

Al Abut

@JessTheUnstill honest question: how do you do that without creating a security nightmare? I’m not a security expert but it seems like it would be just handing out blueprints for more exploits on newer devices built on the same stack.

Jess👾

@alabut
Not really. Most of these devices are just under the covers just running a pretty standard Linux or BSD operating system + whatever drivers are needed for the hardware, so security vulns are all pretty well known. The proprietary application code wouldn't necessarily even need to be included, so long as the bootloader was unlocked so you could do something else with the hardware.

Jess👾

@alabut
In fact, these devices are commonly hacked and exploited by cyber criminals when someone continues to use them after they've stopped being supported because the vendor doesn't bother to patch them anymore despite vulnerabilities being discovered. This has been a huge problem for people's old IOT devices getting added to botnet clusters to be used in DDOS attacks or as a proxy to mask their source IP address. So at least unlocking the boot loader means that it would be more possible for an end user to upgrade their old IOT devices to a community supported release that still gets vulnerability updates.

@alabut
In fact, these devices are commonly hacked and exploited by cyber criminals when someone continues to use them after they've stopped being supported because the vendor doesn't bother to patch them anymore despite vulnerabilities being discovered. This has been a huge problem for people's old IOT devices getting added to botnet clusters to be used in DDOS attacks or as a proxy to mask their source IP address. So at least unlocking the boot loader means that it would be more possible for an...

Al Abut

@JessTheUnstill ...oh the penny dropped for me now. So this is where going open source might also help close up loopholes?

Jess👾

@alabut
At least it would provide a pathway for someone to update their device without having to replace the hardware (normal caveats - the user would have to have enough tech know how and time to switch it to a different firmware, and there would have to be some community that maintains said firmware, but at least it would be possible)

JL Johnson :veri_mast:

@JessTheUnstill @linuxfiend I could totally get behind some regulation for that.

cuan_knaggs

@JessTheUnstill and all consumer devices should be required to have a service manual available for download and for any device over x value purchase should include a printed copy

A Sensual Mind

@mensrea @JessTheUnstill And competently translated into the user's language by a native speaker, please. A function that's incomprehensibly explained can't be used in some cases, so effectively doesn't exist.

Piper

@JessTheUnstill *stares silently at my beloved Blackberry Passport, which has sat in a drawer since 2019*

yeeeeup. agree. 100%

Ac1d D4ddy

@JessTheUnstill Internet of shit is my new favorite term

Ac1d D4ddy

@JessTheUnstill you sent me down a rabbit hole I was not prepared for. Always knew IoT was shit but never knew people actually use these devices. smh my head

Rage Rumbles 🏴‍☠️🫂 🔞

@JessTheUnstill I get what you're saying but, of course, it misunderstands what the capitalist is doing when they make a device. What they are doing is obligating you to an ecosystem. Giving you freedom to manipulate that yourself (or even opt out of it) is totally contrary to their interests. They just want people forced to come to them. All capitalists do.

Dr. Ohm⚡️🚧:archlinux:

@JessTheUnstill Or they should be obliged to support their devices as long as there is even a single damn user. Then they will voluntarily opt for a more open usage.

I once bought a surveillance camera. It only ran through a cloud. The cloud got shut down, and the camera itself would still work perfectly fine... but now I have electronic waste. A waste of money and resources.

run_atalanta

@JessTheUnstill waving in agreement from a linux phone.

jtgd

@JessTheUnstill

And how would that get you to buy a new phone?

#capitalism

Full Metal Archaeopteryx

@JessTheUnstill
Unfortunately, we're such laws enacted, those asshats would put in a kill code that would make the device unusable within so many days after EoL

DELETED

@JessTheUnstill You’re missing the point. The planned obsolescence is meant to get you to buy a new one. They won’t make money if you continue to use the old phone.

HyperSoop :spinny_cat_aroace: :spinny_fox_agender:

@JessTheUnstill why is it even normal for phones and tablets to be jailed by default. it's a feckin' computer, let me do computer things with it as easily as on a desktop

like are you saying I can't install a different OS on a phone I've paid [4-digit amount of $] for? that's some bullshit of the highest order

沙弥香

@soop@wetdry.world
@JessTheUnstill@infosec.exchange isn't a lot of the reason it's like that because it's not paid off up front?

Proxfox Virtual Environment 🦊

@JessTheUnstill the problem is that vendors will never officially stop supporting anything, which would be even worse of a scenario because people who don't know better will be sold old products that barely work because they're still officially supported

gocu54

@JessTheUnstill @Firlefanz NOw that'd be nice. It'd save us a whole hell of a lot of cash and keep E-waste down.

rooktallon

@JessTheUnstill @gocu54 Try telling that to Apple. the mere suggestion would kill Tim Cook.

spv :verified:

@JessTheUnstill whatever brings more doom ports is fine with me

otto

@JessTheUnstill for some of my devices that microsoft is hellbent on putting in a landfill, there is still Linux.

penryu

@JessTheUnstill @xxv

ngl, until I got to "...before they can stop supporting them", I thought this was the FBI/San Bernardino lawsuit stuff

Cora Hex

@JessTheUnstill the malicious compliance companies would perform to not have to unlock anything would be both sad and infuriating

Brian McKenna

@JessTheUnstill I want a list of hardware vendors to use and which to avoid. I started one a while ago: trello.com/b/BXxe1Rf5/device-v

Alonely0 🦀

@JessTheUnstill that's not good enough for me. All devices by law, that their tampering would not pose a direct risk to human life (e.g., medical devices and heavy machinery), ought to be jailbreakable, period.

F4GRX Sébastien

@JessTheUnstill no manufacturer will ever pay for that because they wont profit from it. And it would be shitty. I would be happy with full development docs instead.

Go Up