Google assimilated and ruined the brand Nest. I don’t know who created the thermostats, but they will be shut down, like all the others, once the enshittified products generate too little income.
Edit: These are not ‘just thermostats’. These are computers that are meant to connect to the Internet. 11 years of support for a computer is a long time.
When a computer’s support reaches EoL, it’s no longer secure. You don’t want devices that are vulnerable to connect to your servers, so from a SecOps standpoint blocking their access makes sense.
It’s not like these thermostats are going to be useless. You can still use them as thermostats, just not with the cloud service.
But I get it. Any logic or reason that disagrees with the hive mind craving to hate literally anything a company does will get downvoted to hell.
I agree with almost everything you said, save for the ‘cloud service’. Simply, the only thing any device needs to connect to for me is either my router or my Home Assistant instance. On a related note, I’m tired of being farmed for data, especially when I don’t use advertising or any kind of invasive technique to make purchasing decisions. As for bug fixes thanks to anonymous data, if I see any issues I’ll go to the devs. If it isn’t broken I don’t need a fix.
I can think of many times being connected to external servers have been detrimental. I definitely don’t want any half-baked features/enshittification like AI detection, I just want CCTV (Reolink); I don’t want good features that I use to be removed just because the majority never used Snap, and voice control was great until ‘Xbox’ became ‘Hey Cortana’ then removed (Xbox).
Cloud connection does far more than give users external connectivity and cool stuff like remote control with your phone. It brings unwanted extras. The other issue is I bet there is no way for a consumer to replace the cloud service with their own, personal system (therefore extremely safe from hacks compared to a centralised system).
My current thermostat is at least 20 years old. What’s your point? That we should accept big tech telling us to throw our devices away long before they’ve outlived their usefulness because their programmers can’t do their jobs without an ever growing 16-layered ball of code that performs like crap?
20 year old code can work as well as the day it was written. This is tech companies tying hardware to cloud services that they have no interest in supporting 10 years after they sold it to you.
Working as well and being secure are two different things. Smart devices are computers that connect to the Internet, and devices that no longer receive security updates are attack vectors.
From a SecOps standpoint, it’s perfectly reasonable to block such devices from hitting your servers.
These thermostats still work as thermostats, you just can’t use the cloud service.
I see you’re getting downvoted but it’s a reasonable take. I fired from the hip thinking this was like most IoT garbage these days that is bricked without a connection to the server.
Why would you care about an insecure device connecting to your servers if the server is connected to the internet?
Any packet can be from an attacker and your server has to deal with that regardless if the computer you’ve sold is the one attacking.
Sounds like security through obscurity. Or some shit manufacturer says to force users to upgrade.
You might argue it’s there to protect the user from state actors attacking during winter. Which would be fair. But they did not disclose the actual reason why they EoL’d the device as insecure, seems shady.
Still the correct response should be retuning probably half of the money for the device to any user that proves ownership, instead of this entrapment. No one buying a thermostat expects it to work for only 5-11 years.
Because in cyber security minimizing your attack surface is a big deal. The server is hardened against the public Internet, but it has to allow devices to connect to it. If those devices have been compromised, they can compromise your whole infrastructure, especially if it’s from a device that hasn’t had any vulnerabilities patched because they were end of lifed.
And there can be legitimate reasons to EoL a product. Certain pieces of hardware could have unpatchable vulnerabilities, or an older security standard, or an encryption algorithm might be compromised and the hardware literally can’t run the new cyphers.
The thermostats still work as thermostats, you just can’t connect to their servers to control them remotely.
No, it’s a computer that controls relays. Computers that connect to the Internet need security updates to not be attack vectors. Blocking insecure devices from connecting to your servers is good security.
The devices aren’t bricks. They still function as thermostats. You just can’t use their cloud service with them.
It’s a thermostat, my parents still have one of those goldtone Honeywell ones with a dial from like the 1960’s. The only reason the app won’t work is because they can’t be bothered to support it. Stop making things obsolescent, make it mandatory that all this crap has a set support time after which it must be open sourced.
So fucking what? Stop repeating this shitty, weak argument over and over again.
There is absolutely no logical reason why they can’t continue to support it, no matter how old it gets. A 20-year-old computer can run modern Linux just fine with security updates, why can’t a 12-year-old thermostat that is also running on a heavily modified Linux?
Because you have to pay developers to maintain it. Developers are expensive. At some point it doesn’t make sense to keep doing that, so products are end of lifed.
You’re more than welcome to attempt to flash a custom firmware on it, though. I’m sure there are devs working on it.
Also, that 20 year old computer is running a general purpose OS that is designed to work on just about any system. The OS on a smart device, especially one from 2014, is heavily customized
We shouldn’t be forced to replace tech this frequently. If you are comfortable shelling out money for the next big thing that is on you. The rest of us want functioning products that last.
Devices that connect to the Internet need continuous updates to not become vulnerable to attacks. At some point it’s perfectly reasonable to end of life a product, and I think over a decade of supporting a computer is reasonable.
Also, they aren’t bricking these thermostats. You can still use them locally.
Google assimilated and ruined the brand Nest. I don’t know who created the thermostats, but they will be shut down, like all the others, once the enshittified products generate too little income.
Dude, they’re 11 years old.
Edit: These are not ‘just thermostats’. These are computers that are meant to connect to the Internet. 11 years of support for a computer is a long time.
When a computer’s support reaches EoL, it’s no longer secure. You don’t want devices that are vulnerable to connect to your servers, so from a SecOps standpoint blocking their access makes sense.
It’s not like these thermostats are going to be useless. You can still use them as thermostats, just not with the cloud service.
But I get it. Any logic or reason that disagrees with the hive mind craving to hate literally anything a company does will get downvoted to hell.
I agree with almost everything you said, save for the ‘cloud service’. Simply, the only thing any device needs to connect to for me is either my router or my Home Assistant instance. On a related note, I’m tired of being farmed for data, especially when I don’t use advertising or any kind of invasive technique to make purchasing decisions. As for bug fixes thanks to anonymous data, if I see any issues I’ll go to the devs. If it isn’t broken I don’t need a fix.
I can think of many times being connected to external servers have been detrimental. I definitely don’t want any half-baked features/enshittification like AI detection, I just want CCTV (Reolink); I don’t want good features that I use to be removed just because the majority never used Snap, and voice control was great until ‘Xbox’ became ‘Hey Cortana’ then removed (Xbox).
Cloud connection does far more than give users external connectivity and cool stuff like remote control with your phone. It brings unwanted extras. The other issue is I bet there is no way for a consumer to replace the cloud service with their own, personal system (therefore extremely safe from hacks compared to a centralised system).
I don’t need this much assistance.
I agree. Not being able to connect to their cloud service would be an upgrade in my book.
HiVe MiNd.
No, you’re just a dumbass.
No, I just understand smart devices and cyber security.
Yikes
My current thermostat is at least 20 years old. What’s your point? That we should accept big tech telling us to throw our devices away long before they’ve outlived their usefulness because their programmers can’t do their jobs without an ever growing 16-layered ball of code that performs like crap?
20 year old code can work as well as the day it was written. This is tech companies tying hardware to cloud services that they have no interest in supporting 10 years after they sold it to you.
Working as well and being secure are two different things. Smart devices are computers that connect to the Internet, and devices that no longer receive security updates are attack vectors.
From a SecOps standpoint, it’s perfectly reasonable to block such devices from hitting your servers.
These thermostats still work as thermostats, you just can’t use the cloud service.
I see you’re getting downvoted but it’s a reasonable take. I fired from the hip thinking this was like most IoT garbage these days that is bricked without a connection to the server.
Your current thermostat isn’t a computer that connects to the Internet, is it?
The thermostats still work locally.
Why would you care about an insecure device connecting to your servers if the server is connected to the internet?
Any packet can be from an attacker and your server has to deal with that regardless if the computer you’ve sold is the one attacking.
Sounds like security through obscurity. Or some shit manufacturer says to force users to upgrade.
You might argue it’s there to protect the user from state actors attacking during winter. Which would be fair. But they did not disclose the actual reason why they EoL’d the device as insecure, seems shady.
Still the correct response should be retuning probably half of the money for the device to any user that proves ownership, instead of this entrapment. No one buying a thermostat expects it to work for only 5-11 years.
Because in cyber security minimizing your attack surface is a big deal. The server is hardened against the public Internet, but it has to allow devices to connect to it. If those devices have been compromised, they can compromise your whole infrastructure, especially if it’s from a device that hasn’t had any vulnerabilities patched because they were end of lifed.
And there can be legitimate reasons to EoL a product. Certain pieces of hardware could have unpatchable vulnerabilities, or an older security standard, or an encryption algorithm might be compromised and the hardware literally can’t run the new cyphers.
The thermostats still work as thermostats, you just can’t connect to their servers to control them remotely.
It’s a fucking thermostat my dude that’s not very old have you ever been in a house
No, it’s a computer that controls relays. Computers that connect to the Internet need security updates to not be attack vectors. Blocking insecure devices from connecting to your servers is good security.
The devices aren’t bricks. They still function as thermostats. You just can’t use their cloud service with them.
And still work fine.
And? If your device is no longer receiving security updates, it’s perfectly reasonable to not allow it to access your servers.
It’s a thermostat, my parents still have one of those goldtone Honeywell ones with a dial from like the 1960’s. The only reason the app won’t work is because they can’t be bothered to support it. Stop making things obsolescent, make it mandatory that all this crap has a set support time after which it must be open sourced.
Agreed. If copyrights expire, then why not for proprietary software, especially when it’s no longer supported?
No, it’s a computer that runs a thermostat.
And you generally don’t allow devices that aren’t receiving security updates to continue accessing servers.
I do agree with making them open source it, though.
But they also aren’t bricking the devices. They still work as thermostats.
So fucking what? Stop repeating this shitty, weak argument over and over again.
There is absolutely no logical reason why they can’t continue to support it, no matter how old it gets. A 20-year-old computer can run modern Linux just fine with security updates, why can’t a 12-year-old thermostat that is also running on a heavily modified Linux?
Because you have to pay developers to maintain it. Developers are expensive. At some point it doesn’t make sense to keep doing that, so products are end of lifed.
You’re more than welcome to attempt to flash a custom firmware on it, though. I’m sure there are devs working on it.
Also, that 20 year old computer is running a general purpose OS that is designed to work on just about any system. The OS on a smart device, especially one from 2014, is heavily customized
We shouldn’t be forced to replace tech this frequently. If you are comfortable shelling out money for the next big thing that is on you. The rest of us want functioning products that last.
You’re not being forced to replace anything. The thermostats still operate as thermostats. You just can’t use their cloud service.
Devices that connect to the Internet need continuous updates to not become vulnerable to attacks. At some point it’s perfectly reasonable to end of life a product, and I think over a decade of supporting a computer is reasonable.
Also, they aren’t bricking these thermostats. You can still use them locally.