Dear Andre,

I'm Gianpiero Morbello, serving as the Head of IOT and Ecosystem at Haier Europe.

 It's a pleasure to hear from you. We just received your email, and coincidentally, I was in the process of sending you a mail with a similar suggestion.

I want to emphasize Haier Europe's enthusiasm for supporting initiatives in the open world. Please note that our IOT vision revolves around a three-pillar strategy:

    achieving 100% connectivity for our appliances,
    opening our IOT infrastructure (we are aligned with Matter and extensively integrating third-party connections through APIs, and looking for any other opportunity it might be interesting),
    and the third pillar involves enhancing consumer value through the integration of various appliances and services, as an example we are pretty active in the energy management opening our platform to solution which are coming from energy providers.

Our strategy's cornerstone is the IOT platform and the HON app, introduced on AWS in 2020 with a focus on Privacy and Security by Design principles. We're delighted that our HON connected appliances and solutions have been well-received so the number of connected active consumers is growing day after day, with high level of satisfaction proven by the high rates we receive in the App stores.

Prioritizing the efficiency of HON functions when making AWS calls has been crucial, particularly in light of the notable increase in active users mentioned above. This focus enables us to effectively control costs.

Recently, we've observed a substantial increase in AWS calls attributed to your plugin, prompting the communication you previously received as standard protocol for our company, but as mentioned earlier, we are committed to transparency and keenly interested in collaborating with you not only to optimize your plugin in alignment with our cost control objectives, but also to cooperate in better serving your community.

I propose scheduling a call involving our IOT Technology department to address the issue comprehensively and respond to any questions both parties may have.

Hope to hear back from you soon.

Best regards

Gianpiero Morbello
Head of Brand & IOT
Haier Europe

If only they would have reached out this way the first time instead of a cease and desist, their brand getting dragged through the mud could have been avoided.

  • @Unchanged3656@infosec.pub
    link
    fedilink
    English
    18010 months ago

    Well, how about having a local API and have no calls at all to your cloud infrastructure? Probably too easy and you cannot lock people into your ecosystem.

    • @helenslunch@feddit.nl
      link
      fedilink
      English
      7610 months ago

      From any practical standpoint, this makes so much sense.

      Sometimes my Tesla fails to unlock for some reason and I have to disable my VPN and then stand next to it like a God damn idiot for 10 seconds while it calls it’s servers in fucking California to ask it to unlock my car.

      • @dual_sport_dork@lemmy.world
        link
        fedilink
        English
        9410 months ago

        As if I needed yet another reason to never ever own a Tesla.

        My car has this crazy technology in it: You can stick the key in the door and twist and it’ll unlock. Even if the network is down or the battery is dead. Arcane, right?

        • Alto
          link
          fedilink
          2410 months ago

          Anyone buying a Tesla at this point either knows they’re buying a shit car purely for the status symbol, or they’re a rube. Fools and their money and all that

          • @helenslunch@feddit.nl
            link
            fedilink
            English
            1
            edit-2
            10 months ago

            Well that’s incredibly presumptive, judgemental and simply untrue. They’re incredibly pragmatic and well-rounded. And relatively inexpensive to boot.

            • Alto
              link
              fedilink
              10
              edit-2
              10 months ago

              My friends base model kia soul from 2013 has less issues with gaps in the body and awful craftsmanship with regards to interior trim than the two model 3s that are in my family. The same has been true for quite literally every car I’ve ever owned, and I’ve owned real pieces of shit. It’s also been in the shop less despite having been around an extra 7 years.

              • @helenslunch@feddit.nl
                link
                fedilink
                English
                6
                edit-2
                10 months ago

                Don’t know what to tell you. I have zero issues with panel gaps. Nor has anyone that I know who actually owns one.

                The only service I have needed in 3 years they came and completed in my driveway while I watched TV. Can’t say that about any other cars I’ve owned.

        • @helenslunch@feddit.nl
          link
          fedilink
          English
          910 months ago

          Haha yeah there are other, more reliable methods but the “phone as a key” is also super convenient when it works properly, which is most of the time. It just would be a lot smarter if it worked locally.

          • @dual_sport_dork@lemmy.world
            link
            fedilink
            English
            1210 months ago

            …Or if there were an alternative option that didn’t rely on software and electronics is my point.

            Cars have had electronic remote keyless entry for decades. It’s not new. Some of them even have phone apps that duplicate that functionality. No one but Tesla has been stupid enough to remove the keyhole, though.

            • @helenslunch@feddit.nl
              link
              fedilink
              English
              1
              edit-2
              10 months ago

              I understood your point. My point is those electronics make it more convenient to use. Would I appreciate ALSO having a physical unlock mechanism? Sure. It also increases the attack surface.

              Cars have had electronic remote keyless entry for decades.

              As does Tesla.

          • @SoleInvictus@lemmy.world
            link
            fedilink
            English
            310 months ago

            Hell yes! My sister-in-law has your same year but the diesel version and that thing is a champ. It’s rated at 45 mpg on the highway but she typically gets 50+, even with nearly 200k miles on it.

            I had a 2004 1.8t Jetta for 12 years but I swapped it for a Prius. I love the Prius features and fuel economy but I miss how damn quick that my Jetta was, plus I loved the interior color scheme.

      • @morph3ous@lemmy.world
        link
        fedilink
        English
        310 months ago

        The issue you are experiencing likely has nothing to do with the VPN. Network connectivity is not needed to unlock the car. I have been in places with no cell phone signal and it still works.

        I do sometimes experience the same issue you are. If I wake up my phone, then it works. So it may be working for you not because you disabled the VPN, but because you woke up your phone and it then sent out the bluetooth signal to let the car know you were nearby.

        • @helenslunch@feddit.nl
          link
          fedilink
          English
          2
          edit-2
          10 months ago

          When I have the VPN on I get nothing but a “Session Expired” notice for several months at a time.

          • @psivchaz@reddthat.com
            link
            fedilink
            English
            310 months ago

            It’s a bit of both! Certain commands to the car can be done locally via Bluetooth OR via Tesla servers. The tricky bit is that status always comes from the server. If you are on a VPN that is blocked (like I use NordVPN and it is often blocked) then the app can’t get status and as long as it can’t get status it may not even try a local command. It’s unclear to me under what circumstances it does local vs cloud commands, and it may have to do with a Bluetooth LE connection that you can’t really control.

            When you don’t have service, or you’re on VPN, it may be worthwhile to try disabling and reenabling Bluetooth. I have had success with this before. If you’re using android, it seems like the widget also uses Bluetooth, so you could try adding the widget to your home screen and using that. You can also try setting the Tesla app to not be power controlled, so it never gets closed.

            Either way, there’s a definite engineering problem here that feels like it should be fixed by Tesla. But I can at least confirm that, even in situations with zero connectivity, you should be able to perform basic commands like unlock and open trunk without data service.

      • 0x0A
        link
        English
        3
        edit-2
        10 months ago

        Can’t you just put the key in? Do they even have physical keys?

        • Neuromancer
          link
          fedilink
          English
          310 months ago

          The physical key is a smart card. The size of a credit card

            • @AbidanYre@lemmy.world
              link
              fedilink
              English
              4
              edit-2
              10 months ago

              The are a bunch of wrong ways to do that without needing the Internet too. Requiring a network connection for it is a special kind of stupid.

            • @dual_sport_dork@lemmy.world
              link
              fedilink
              English
              310 months ago

              If it’s implemented correctly, a physical metal key does not require electricity or a functioning computer to work, either…

            • @DreadPotato@sopuli.xyz
              link
              fedilink
              English
              110 months ago

              Tesla’s implementation of both card and phone key doesn’t require internet connection. It’s all local and offline. Phone key uses BT and card is simply RFID.

              • @helenslunch@feddit.nl
                link
                fedilink
                English
                1
                edit-2
                10 months ago

                Not that simple. You don’t need internet connectivity for auto unlock with the phone. Only manual unlock.

                • Neuromancer
                  link
                  fedilink
                  English
                  -110 months ago

                  Thats what I said. I’ve had a Tesla for years. Only the app requires the internet

                  • @helenslunch@feddit.nl
                    link
                    fedilink
                    English
                    210 months ago

                    No what you said was that the phone doesn’t require internet connectivity to unlock. It does if you’re doing it manually. That’s the point.

      • @Bazoogle@lemmy.world
        link
        fedilink
        English
        210 months ago

        I think it could definitely be possible to do locally, and I wouldn’t want a car where I have to connect to servers to connect to it. But I am also not sure I want a car that can be opened with a command on the car itself. The code to access your CAR being stored locally on the car itself, with no server side validation, does seem kinda scary. It’s one thing for someone to manage to get into your online login where you can change the password, it’s another for someone to literally be able to steal your car because they found a vulnerability. It being stored locally would mean people would reverse engineer it, they could potentially install a virus on your car to be able to gain access. Honestly, as a tech guy, I don’t trust computers enough to have it control my car.

    • Rentlar
      link
      fedilink
      English
      1810 months ago

      Someone tell Gianpiero! You could save up to 20% on Amazon fees in just 5 minutes. Commit to a Local API today!

      • @Unchanged3656@infosec.pub
        link
        fedilink
        English
        410 months ago

        Probably more. Your app can use the local API then as well. And AWS is insanely expensive, especially if you forget to block log ingestion to Cloudwatch (ask me how I know).

        • @jkrtn@lemmy.ml
          link
          fedilink
          English
          110 months ago

          I’m cynical so I assume they are turning a profit selling user data. So the lost money is not from AWS expenses but from not having installed apps to steal more data.

    • @Auli@lemmy.ca
      link
      fedilink
      English
      610 months ago

      Yep people should only purchase things that don’t require the cloud. Local control is the best.

    • @jkrtn@lemmy.ml
      link
      fedilink
      English
      410 months ago

      I’m glad the people with this device are getting traction on using it with their HA, but holy hell this is a complete non-starter for me and I cannot understand why they got it in the first place. There’s no climate automation I would ever want that is worth a spying device connected to the internet and a spying app installed on my phone.

      • @ikidd@lemmy.world
        link
        fedilink
        English
        310 months ago

        Extend this to robot vacuums. I have no clue in hell why anyone would want their vacuum connecting to a cloud service that won’t be there in 2 years.