Update infos

This commit is contained in:
Andre Basche 2024-01-21 04:03:15 +01:00
parent fcd2f444ec
commit ca101267d4
7 changed files with 98 additions and 25 deletions

View File

@ -1,4 +1,5 @@
## Update: [Answer from Haier](https://github.com/Andre0512/hon/issues/147#issuecomment-1902075829) ## Update: [Answer from Haier](https://github.com/Andre0512/hon/issues/147#issuecomment-1902075829)
## Have a look at [Takedown FAQs](https://github.com/Andre0512/hon/blob/main/takedown_faq.md) and [Timeline of events](https://github.com/Andre0512/hon/blob/main/takedown_timeline.md)
## Announcement: I have to take the project down in the next few days ## Announcement: I have to take the project down in the next few days
> Dear User, > Dear User,
> >

BIN
assets/forks.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 99 KiB

BIN
assets/haier_response.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 389 KiB

BIN
assets/stars.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 99 KiB

12
info.md
View File

@ -1,4 +1,14 @@
## Haier wants to force me to delete this repository, have a look to the [takedown FAQs](https://github.com/Andre0512/hon/blob/main/takedown_faq.md) and [discuss here](https://github.com/Andre0512/hon/issues/147) ## Update: [Answer from Haier](https://github.com/Andre0512/hon/issues/147#issuecomment-1902075829)
## Have a look at [Takedown FAQs](https://github.com/Andre0512/hon/blob/main/takedown_faq.md) and [Timeline of events](https://github.com/Andre0512/hon/blob/main/takedown_timeline.md)
## Announcement: I have to take the project down in the next few days
> Dear User,
>
> We are writing to inform you that we have discovered two Home Assistant integration plug-ins developed by you ( https://github.com/Andre0512/hon and https://github.com/Andre0512/pyhOn ) that are in violation of our terms of service. Specifically, the plug-ins are using our services in an unauthorized manner which is causing significant economic harm to our Company.
> We take the protection of our intellectual property very seriously and demand that you immediately cease and desist all illegal activities related to the development and distribution of these plug-ins. We also request that you remove the plug-ins from all stores and code hosting platforms where they are currently available.
> Please be advised that we will take all necessary legal action to protect our interests if you fail to comply with this notice. We reserve the right to pursue all available remedies, including but not limited to monetary damages, injunctive relief, and attorney's fees.
> We strongly urge you to take immediate action to rectify this situation and avoid any further legal action. If you have any questions or concerns, please do not hesitate to contact us.
>
> Haier Europe Security and Governance Department
# Haier hOn # Haier hOn
[![GitHub all releases](https://img.shields.io/github/downloads/Andre0512/hon/total?color=blue&label=total%20downloads)](https://tooomm.github.io/github-release-stats/?username=Andre0512&repository=hon) [![GitHub all releases](https://img.shields.io/github/downloads/Andre0512/hon/total?color=blue&label=total%20downloads)](https://tooomm.github.io/github-release-stats/?username=Andre0512&repository=hon)

View File

@ -1,22 +1,43 @@
# Takedown Notice FAQs ## Takedown FAQs
_Last update: 2024-01-19_ _Last update: 2024-01-21_
### What did Haier wrote? ### What did Haier wrote?
Until now, I got only the [known mail from Haier](assets/takedown.eml): Haier Europe wrote me on 2024-01-15 [this email](assets/takedown.eml):
![Screenshot of mail](assets/takedown.png) ![Screenshot of mail](assets/takedown.png)
In the course of public interest, I am taking the risk of publishing the e-mail without Haier's consent. In the course of public interest, I am taking the risk of publishing the e-mail without Haier's consent.
### Is Haier's claim true? ### Is Haier's claim true?
I think the points are very questionable, but I'm a software developer and not a lawyer or judge. So I can only try to explain here what the plugin does, but the legal assessment must be made by others. I think the points are very questionable, but I'm a software developer and not a lawyer or judge. So I can only try to explain here what the plugin does, but the legal assessment must be made by others.
### What did you answer Haier?
**2024-01-15**
In the first moment of getting the mail I was absolutely shocked, I didn't think that someone cares about me and my little plugin and I know Haier is a billion dollar company, so I answered
![answer 1](assets/answer_1.png)
after that i announced to take it down and then you guys happened.
**2024-01-19**
I'm getting so much support, and you started a huge wave, I mean we are now an example for the [Streisand effect on wikipedia](https://en.wikipedia.org/wiki/List_of_Streisand_effect_examples#By_businesses) xD
I wrote another mail on and tried to get some clarification and reach some agreement:
![answer 2](assets/answer_2.png)
### What was Haier's reaction?
**2024-01-19**
[Haier US answered](https://www.reddit.com/r/homeassistant/comments/19a615l/haier_us_supports_home_assistant_and_open_iot/) that they have nothing to do with it and support open IOT platforms.
Haier Europe created [a blog post](https://corporate.haier-europe.com/press-release/hon-app-a-message-about-our-iot-and-ecosystem-vision/) and said they are _committed to enhancing the smart home scenarios in line with authorized usages and intellectual property rights of Haier Europe._
**2024-01-20**
Gianpiero Morbello, Head of Brand & IOT Haier Europe, wrote this mail:
![haier response](assets/haier_response.png)
### Are you in concat with Home Assistant?
The Home Assistant team got in touch with me and will be part of a conversation with Haier.
### Did you agree to Haier's tos?
To create an account for Haier hOn you have to accept the terms of service. Without it, you can't connect your appliances to hOn and so you can't use Andre0512/hon.
### How does Haier hOn works? ### How does Haier hOn works?
Haier sells home appliances with internet connection and offers the free hOn app. As far as I can see, there is no ads, no subscription and nothing else obvious to generate money with it. Haier sells home appliances with internet connection and offers the free hOn app. As far as I can see, there is no ads, no subscription and nothing else obvious to generate money with it.
The connection only works with the Haier servers, so your appliance sends data to the cloud and the hOn app communicates with it, there is no direct connection. The connection only works with the Haier servers, so your appliance sends data to the cloud and the hOn app communicates with it, there is no direct connection.
### Did you agree to the tos?
To create an account you have to accept the terms of service. Without it you can't connect your appliances to hOn and so you can't use Andre0512/hon
### How was the plugin created? ### How was the plugin created?
I used [HTTP Tookit](https://httptoolkit.com/) to monitor the HTTP requests between hOn and the Haier servers and then rebuilt the requests in Python (with aiohttp). This takes me a few days to figure out and rebuild the necessary requests and I can now also explain why the hOn app is so extremely slow. The login alone hammers ~20 requests to the servers and also the communication with the devices is made of super many requests (at least at the time of my analysis). I used [HTTP Tookit](https://httptoolkit.com/) to monitor the HTTP requests between hOn and the Haier servers and then rebuilt the requests in Python (with aiohttp). This takes me a few days to figure out and rebuild the necessary requests and I can now also explain why the hOn app is so extremely slow. The login alone hammers ~20 requests to the servers and also the communication with the devices is made of super many requests (at least at the time of my analysis).
The pretty complex login can be found in [auth.py](https://github.com/Andre0512/pyhOn/blob/main/pyhon/connection/auth.py) and the API requests that I have adopted as relevant for the integration are these [api.py](https://github.com/Andre0512/pyhOn/blob/main/pyhon/connection/api.py). The pretty complex login can be found in [auth.py](https://github.com/Andre0512/pyhOn/blob/main/pyhon/connection/auth.py) and the API requests that I have adopted as relevant for the integration are these [api.py](https://github.com/Andre0512/pyhOn/blob/main/pyhon/connection/api.py).
@ -51,21 +72,3 @@ Requesting every 5 seconds is a bit much (even if the app makes more requests mo
### Are there some secret keys stored in the repository? ### Are there some secret keys stored in the repository?
There is a constant for a [client ID](https://github.com/Andre0512/pyhOn/blob/main/pyhon/const.py) and an [api key](https://github.com/Andre0512/pyhOn/blob/main/pyhon/const.py). They seems to be static because they are the same for requests from every account I saw. There is a constant for a [client ID](https://github.com/Andre0512/pyhOn/blob/main/pyhon/const.py) and an [api key](https://github.com/Andre0512/pyhOn/blob/main/pyhon/const.py). They seems to be static because they are the same for requests from every account I saw.
The client id is necessary for doing the OAuth of the login process. The api key is to get some static data (the readable names of the programs etc) and would not necessarily be included in the release. The client id is necessary for doing the OAuth of the login process. The api key is to get some static data (the readable names of the programs etc) and would not necessarily be included in the release.
### What did you answer Haier?
In the first moment of getting the mail I was absolutely shocked, I didn't think that someone cares about me and my little plugin and I know Haier is a billion dollar company, so I answered
![answer 1](assets/answer_1.png)
after that i announced to take it down and then you guys happened.
I'm getting so much support and you started a huge wave, I mean we are now an example for the [Streisand effect on wikipedia](https://en.wikipedia.org/wiki/List_of_Streisand_effect_examples#By_businesses) xD
And so I wrote another mail and tried to get some clarification and reach some agreement, it's worth a try
![answer 2](assets/answer_2.png)
### What was Haier's reaction?
Haier didn't answer me, after their first mail they didn't respond on any channel. None of us has received an answer yet.
Only [Haier US answered](https://www.reddit.com/r/homeassistant/comments/19a615l/haier_us_supports_home_assistant_and_open_iot/) that they have nothing to do with it and support open IOT platforms.
### When will you delete the repositories?
I will now wait how Haier reacts to my questions and all the riot you make. I'm a 27-year-old software developer who make these plugins in my free time as a little hobby and haven't the resources so I hope you understand if I can't go all in. But I will try to keep it online for as long as possible.
### Can't Home Assistant do anything?
The Home Assistant team got in touch with me and is actively trying to get Haier to rethink its position.

59
takedown_timeline.md Normal file
View File

@ -0,0 +1,59 @@
## Timeline of events
### 2024-01-15
hon | 98 Stars | 23 Forks
pyhOn | 17 Stars | 5 Forks
- Haier wrote the takedown mail
- Replied that I take it down in the next days
- Updated the README of Andre0512/pyhOn and Andre0512/hon
- Created a [new release](https://github.com/Andre0512/hon/releases/tag/v0.11.0) with takedown info, so people know why it was removed
- Posted the info to the [community board](https://community.home-assistant.io/t/integration-with-haier-hon-app/322490/159?u=andre0512)
- Talked to some friends that convinced me to not give up
- Asked on the home assistant discord to how to handle this, got the info on discord that my integration does not violate the law
- [Extreme79](https://github.com/Extreme79) created an [the issue #147](https://github.com/Andre0512/hon/issues/147) to disscuss how to help
- Talked to my law insurance and after a talk with a general lawyer I have been given permission to consult a lawyer of my choice
### 2024-01-16
hon | 100 Stars | 32 Forks
pyhOn | 18 Stars | 13 Forks
- People in [#147](https://github.com/Andre0512/hon/issues/147) started to write their opinion on all available channels
- [u/Waluicel](https://www.reddit.com/user/Waluicel/) created [a post](https://www.reddit.com/r/homeassistant/comments/197xc0m/haier_is_shutting_down_the_hacs_integration_hon/) on [r/homeassistant](https://www.reddit.com/r/homeassistant) that got 400+ comments
- People started to contact journalists and organizations to help
- I had a call with an IT lawyer who pointed out many of the risks I was exposing myself to despite having insurance
### 2024-01-18
hon | 122 Stars | 103 Forks
pyhOn | 23 Stars | 64 Forks
- Louis Rossmann [created a video](https://www.youtube.com/watch?v=RcSnd3cyti0) and calls for "not" forking
- Forks and stars of the repos started to blow up
- BleepingComputer published an [article about the topic](https://www.bleepingcomputer.com/news/security/haier-hits-home-assistant-plugin-dev-with-takedown-notice/)
- Home Assistant team got in touch with me
- I wrote Haier another mail and tried to get some clarification and reach some agreement
- [l00ps](https://github.com/l00ps) pointed out [who's the opponent](https://github.com/Andre0512/hon/issues/147#issuecomment-1899191758)
### 2024-01-19
hon | 321 Stars | 711 Forks
pyhOn | 121 Stars | 552 Forks
- Tech sites in many countries start to report about it eg [Hackaday](https://hackaday.com/2024/01/19/haier-threatens-legal-action-against-home-assistant-plugin-developer/), [Tweakers](https://tweakers.net/nieuws/217750/haier-stuurt-takedownverzoek-aan-home-assistant-plug-inontwikkelaar.html), [ilSoftware](https://www.ilsoftware.it/focus/smart-home-offline-per-svincolarsi-dagli-ecosistemi-chiusi-dei-singoli-produttori/) and [Caschys Blog](https://stadt-bremerhaven.de/home-assistant-haier-geht-gegen-plugin-entwickler-vor/)
- The Wikipedia articles of [Haier](https://en.wikipedia.org/wiki/Haier#Controversy) and [List of Streisand effect examples](https://en.wikipedia.org/wiki/List_of_Streisand_effect_examples#By_businesses) gets updated
- [LauLaman](https://github.com/LauLaman) started [a petition in the Netherlands](https://www.petitie24.nl/petitie/5069/smart-home-lokaal-continu%C3%AFteit-en-veiligheid) _to force manufactories to provide local APIs and forcing them to opensource firmware as soon as they stop supporting devices_
- Linus Tech Tips [talks about it in his WAN Show](https://www.youtube.com/watch?v=FBQVPOSeRe8&t=6580s)
- Haier US [answered on X](https://www.reddit.com/r/homeassistant/comments/19a615l/haier_us_supports_home_assistant_and_open_iot/) that they have nothing to do with it and support open IOT platforms
- Haier Europe [created a blog post](https://corporate.haier-europe.com/press-release/hon-app-a-message-about-our-iot-and-ecosystem-vision/) and said they are _committed to enhancing the smart home scenarios in line with authorized usages and intellectual property rights of Haier Europe._
- Mark Atwood, Principal Engineer in the Open Source Program Office at Amazon offers free consultant
### 2024-01-20
hon | 562 Stars | 1555 Forks
pyhOn | 228 Stars | 1199 Forks
- Got an answer from Head of Brand & IOT Haier Europe, he proposed _scheduling a call involving our IOT Technology department to address the issue comprehensively and respond to any questions both parties may have._
## Stats
![Forks](assets/forks.png)
![Stars](assets/stars.png)