Manufacturer 'make worthless' users devices after some stolen from a warehouse(phasenoise.livejournal.com) |
Manufacturer 'make worthless' users devices after some stolen from a warehouse(phasenoise.livejournal.com) |
For crying out loud, equipment with unique recorded serial numbers was stolen, so the company is blocking the specific stolen devices. That makes perfect sense to me. Objecting to how they do it (bulking up software with a list of serials, requiring software to phone home, whatever) is fine and their customers have a legit basis to be unhappy if it's impacting their use, but people with the stolen devices? Those aren't SDRPlay's customers because SDRPlay hasn't been paid for those devices.
Quoting from the article: In a PR disaster the manufacturer gives "Because we can" as an explanation to make end user devices worthless.
I'll note that this complaint very carefully leaves out a key word: STOLEN. I'm not seeing the PR disaster except that it's going to seriously hurt their image in the community of people who steal stuff from warehouses. tiny violin plays sad music
If you've purchased one of these, as I said above you're not a customer of SDRPlay or one of its distributors because payment is part of a vendor-customer relationship. You're someone who bought "Bose" speakers out of the back of a white van in a parking lot. Get your money back from the seller - you may even be able to get the police report from SDRPlay if you need it for a chargeback - and tell SDRPlay where you bought it so they can try to track down the thieves.
Edit: reading the original SDRPlay forum posts, they ID the specific ebay sellers, note that this is the third time they've had things stolen like this and sold by the same accounts, and note that "We will NOT penalise innocent people so that assumption that this is our intent is frankly WRONG!!" Basically they're likely looking for anything like saved packaging, shipping return addresses, etc. to be turned over to the police. Also, this whole thing is about (in this case at least) a total of 39 devices. We're not talking about thousands of people affected.
SDRPlay: https://www.sdrplay.com/community/viewtopic.php?f=6&t=3225
Anyone who purchases tech devices owns some "pirate" content. When you buy a motherboard you don't know the pedigree of its hundreds of components. Trace each one and you will find a licensing or counterfeit issue somewhere. Should everyone be able to automagically brick counterfeit or stolen devices when those devices have been integrated, resold three times, and are now in the hands of innocent consumers? There are policy-based principals in western law that have long prevented such behavior in other arenas.
See: https://www.law.cornell.edu/ucc/2/2-403
Not exactly on point, but an example of how we protect good-faith purchasers, even black-market purchase of "stolen" goods.
https://www.cultofmac.com/246755/why-ios-7s-activation-lock-...
Which in typical Apple whining style complains how the sky will fall due to this new feature. And then it didn’t.
Caveat emptor. Buying from a 3rd party and presumably at a deep discount always carries a risk of goods being stolen.
PS. FTDI case is of no relevance here - they were bricking devices of _other_ vendors, not their own.
The database behind that is apparently shared internationally between mobile networks, and most people would find a phone unable to connect to anything but WiFi useless.
After slowly getting into the manufacturing game myself and after USPS auctioned some of my cute early engineering samples that ended up on ebay, I definitely think this is totally reasonable from the manufacturer. Also the title of the article is already attacking the manufacturer. If you brick the devices, you hurt the person stealing and indeed it seems that this wasn't the first time it happened to them. On the consumer side maybe a discount would also be a nice gesture.
if i'm understanding you correctly, the postal service somehow ended up in possession of your early prototypes and they sold them to somebody who then re-listed them on ebay. was this a lost parcel situation?
After a month went by (adding to the already another month of delay) they said its on its way, etc. We randomly searched ebay with our brand name and saw an active listing with our prototypes in it. Other things in the box like our gopro were gone, but at least we found the prototypes and contacted the seller. The seller said that she got the items at an auction for items that couldnt be delivered a MONTH earlier, while USPS was telling us it was on the way.
Seller ended up giving us the prototypes for a small fee.
The reasons for this are obvious - to make it as hard as possible to sell stolen goods. The effects encourage the innocent purchasers to have some level of caution when looking at buying goods.
Does that mean they'll unbrick their hardware? That's about the only sympathy I'd expect after purchasing a product in good faith, and discovering that it was bricked or disabled by the manufacturer.
The one I bought came delivered in a plastic baggie in a padded envelope. It could have been stolen for all I know.
Is there a way to check which serial numbers were stolen? Can I demand a seller post a picture of the device with the serial number so I can check? How can I be sure they won't lie?
There isn't really a centralized or standardized way to do this, though. I guess if I'm buying some smart-ish hardware, I just have to google around for the company and hope I did a good job.
If you buy stolen good, you don't get to keep them. These are stolen goods, why would you ever expect the company to simply allow you to use it?
But you're right, in the end they are stolen goods.
> Back in October 2014, the FDTI manufacturer shipped a device driver that ... would make any operating system stop seeing the device by setting its USB product ID to 0 , basically killing the USB device.
Well, if that id can be set to 0, it can also be set back to original value, isn't it?
It’s not like this is a cellphone sold to my mom. It’s an extremely specialist product aimed at a group of users with vast electronics and reverse engineering knowledge. Probably won’t be long before one of them reverse engineers the device and releases the code to ignore the blacklisting.
Anyone know the technical details of how the blacklisting works?
In my experience, the kind of person who buys an SDR is (a) unlikely to appreciate a $400 device that phones home on boot, and (b) likely to reverse engineer the blacklisting code simply for the fun of it.
Everything I've learned, is that for capabilities like this, the good reasons are the justifications, and then the owners migrate to less good reasons. The overall distrust I have with these kinds of systems are that they are Treacherous Software/Hardware. This capability is something that shouldn't be implemented. No user in their right mind would - but the companies that wish to retain ownership rights after sale do.
I would also object to this 'hacking of these devices' as violations of CFAA. Yes, the devices had lost chain of custody, and were reported as stolen. That doesn't allow any entity to then engage in more illegal behaviors exigent to the initial situation. If I am being robbed, I am allowed to defend myself and my goods. However I cannot stalk the robber, and then bash his/her kneecaps in after the fact. 2 wrongs, separated by time, do not make a right.
1 party has 100% of the information, 1 party has 0% of the information, and the burden is on the party with 0% information. That's absurd.
> The manufacturer is certainly under no obligation to support them.
Not support and bricking are two different things.
> In many states even unknowing possession of stolen goods is a crime
Generally the state has to prove the defendant took receipt of the items for an unlawful purpose. Ohio is an exception, but I'm not sure if there is another one.
> so many of the "users" here are in fact getting off lightly.
You use "many" incorrectly here: Very, very few are. Because very, very few jurisdictions make it a crime to unknowingly receive stolen property and even fewer would actually press charges even if allowed.
Your post is nonsense.
I've never heard of this. Source?
At least until Apple totally shuts down DIY repairs by authenticating the LCD, MAC, keyboard etc. upon startup.
Not if they’ve been resold since then. Then it’d just look like any other device on the used market.
The manufacturer can definitely brick, or do whatever they want. The devices are still their rightful property, this isn't a gray area, they were stolen, no one has rightful claim to them except the owner, who was the manufacturer.
As I know the law requires you to return stolen goods even if you didn't know they were stolen. So this sounds fair.
I wouldn't expect a stolen car to be maintained for me, and I would expect it to be stopped by the police and taken away - which I would consider to be effectively bricking it. This would still, and sadly does regularly happen, even if I didn't know it was stolen when I bought it. It doesn't need to be stolen too, if the owner is in fact still a finance company (for example) and it was sold to me without their agreement - they would be within their rights to take it away, and as I understand it without any police involvement (if it's publicly accessible and they don't use force)
What? How does that make any sense. Someone stole their property, it's still theirs, of course they have a say in what happens to it. "Finders Keepers" is not how the world works...
Edit: As a counter-point, at least in Poland, while obtaining stolen goods is an offense ("paserstwo"[3]), the buyer of any good or service that has a "legal defect" - including having been stolen, IIRC - has a valid legal case to demand recourse from the seller. The goods are nonetheless subject to forfeiture.
[1] https://en.wikipedia.org/wiki/Possession_of_stolen_goods
"A person can be found guilty of that offense only if all of the following facts are proven: The person received or concealed or stored or disposed of items of stolen property. The items were moving as, or constituted a part of, interstate commerce. The items had a value in excess of $5,000. The person acted knowingly and willfully."
So that doesn't really answer the question asked, because it's only a federal crime if the goods are known to be stolen and a part of "interstate commerce."
Now, at the state level, this may differ. But neither of us has that information.
>All US states also have laws regarding receipt of stolen property; however, there usually is no minimum dollar amount in many jurisdictions, and, of course, the requirement in Federal law regarding interstate commerce does not apply.
i.e., USA-wide
>Also, in many states (Ohio, for example), the burden to prove criminal intent is not as stringent or is nonexistent.
i hereby rest my case.
It's a risk when you buy anything from eBay or the like, but the overall risk is small enough that the savings are justified usually.
UCC § 2-403 states: When goods have been delivered under a transaction of purchase the purchaser has such power even though ... the delivery was procured through fraud punishable as larcenous under the criminal law.
https://www.law.cornell.edu/ucc/2/2-403
Basically, if an employee to other person who was "entrusted" with these goods by the manufacturer sells them, then innocent purchasers take full legal title. The good-faith purchaser is now the legal owner even if they purchased the goods from someone who wasn't a legal owner. The goods don not belong to the manufacturer. This is specifically to protect innocent people from debates between manufacturers and distributors, even where those distributors have stolen goods.
The knock-on effect of this is that people who buy things in good faith from distributors don't have to worry about manufacturers (or police) raiding their homes ... which appears to be exactly what this manufacturer is doing by bricking these devices.
It actually says:
(1) A purchaser of goods acquires all title which his transferor had or had power to transfer except that a purchaser of a limited interest acquires rights only to the extent of the interest purchased.
The part you're quoting refers to the recipient being the fraud, not the seller. The recipient never acquires more rights than the seller had. This is why stolen goods can be seized by police, even from innocent purchasers.
[Edit:] Actually more complicated than that. The provision contemplates the middle-man acquired the rights to the goods sold through fraudulent means. In this case, it still requires the middle-man to have acquired the rights from the original seller in a transaction in which the seller gave up the rights to the goods. I.e., theft by fraud would suffice but mere theft would not. It's hard to explain theft by fraud. In a nutshell, the original seller is deceived as to one or more details of the transaction itself, such as price, identify of the seller, or even as to what they are exchanging. The UCC expects all parties to a contract governed by the UCC to exercise due diligence with respect to a contract, so if the transaction includes the "stolen" goods, the UCC doesn't provide any relief. Generally in a situation like this, it would happen where the language of the transaction clearly would include the goods at issue, but the middleman misrepresents to the original seller that those goods aren't included in the contract.
"Suppose Ed takes his bicycle to Merv, a bicycle dealer, for repairs, but instead of making repairs Merv sells the bicycle to Betty. Who now owns the bicycle? Section 2-403(2) states that "[a]ny entrusting of possession of goods to a merchant who deals in goods of that kind gives him power to transfer all rights of the entruster to a buyer in ordinary course of business." Ed has entrusted possession of goods to Merv, a merchant dealing in goods of that kind. Assuming Betty is a buyer in the ordinary course of business (BIOC), Merv now has the power to transfer all of Ed's rights in the bicycle to Betty. Betty now owns the bicycle, and Ed cannot validly assert any ownership claim against her. Ed's only remedies would be against Merv."
https://scholarship.law.campbell.edu/cgi/viewcontent.cgi?art...
(2) Any entrusting of possession of goods to a merchant who deals in goods of that kind gives him power to transfer all rights of the entruster to a buyer in ordinary course of business
We need to know more about how the seller acquired the goods. Often such ebay sales are by people who had legitimate possession, just not any right to sell them. This is why experimental and demo electronics aren't normally investigated as stolen goods. Nobody should be selling them, nobody had the right to sell them, but a great many merchants do legitimately possess them.
The standard scenario: You take your guitar to a music store to be fixed. Some evil sale guy at the store instead deliberately sells your guitar. Your issue is now with the store. You cannot go after the guy who bought and is how holding "your" guitar. It isn't yours anymore. You have to sue the store for money and the store is free to try and buy the guitar back.
Ed might not have rights under the UCC, assuming it applied to the transaction, which is questionable since Ed does not appear to be a merchant. He would have rights under state laws that override the provisions of the UCC.
[Edit] Most states actually override this provision of the UCC to define entrusting narrowly. See, e.g, California's provision:
3) “Entrusting” includes any delivery and any acquiescence in retention of possession for the purpose of sale, obtaining offers to purchase, locating a buyer, or the like; regardless of any condition expressed between the parties to the delivery or acquiescence and regardless of whether the procurement of the entrusting or the possessor's disposition of the goods have been such as to be larcenous under the criminal law.
Thus, in pretty much every state in the US, you go to the police, and they take the guitar back, and the buyer has to go back to the store and get refunded.
EDIT: The following provision is why the guitar guy never gets ownership. (From California's Commercial Code, but most states have made the same change to the UCC text in redefining what "entrusting" means):
3) “Entrusting” includes any delivery and any acquiescence in retention of possession for the purpose of sale, obtaining offers to purchase, locating a buyer, or the like; regardless of any condition expressed between the parties to the delivery or acquiescence and regardless of whether the procurement of the entrusting or the possessor's disposition of the goods have been such as to be larcenous under the criminal law.
If it was theft--easy case. Stolen property is not covered by UCC. (It's the Uniform Code of Contracts, so there must be a chain of contracts connecting the property from the manufacturer to the innocent buyer for the UCC to apply.)
If it was theft by fraud--now we're talking. This could mean, for example, that the eBay merchant ordered the goods from the manufacturer but then never paid, or lied about who they were, or some other such misrepresentation or fraud or crime. In this case, there's a chain of contracts, so an innocent buyer from the eBay merchant would be protected by the UCC. (Note that if the eBay merchant knowingly does not pay, it could be both theft or theft by fraud depending on the jurisdiction and specific circumstances.)