134

This Group Pays Bounties to Repair Broken Devices—Even If the Fix Breaks the Law (www.wired.com)

submitted 7 hours ago by zdhzm2pgp@lemmy.ml to c/technology@lemmy.ml

12 comments fedilink hide all child comments

Companies tend to be rather picky about who gets to poke around inside their products. Manufacturers sometimes even take steps that prevent consumers from repairing their device when it breaks, or modifying it with third-party products.

But those unsanctioned device modifications have become the raison d'être of a bounty program set up by a nonprofit called Fulu, or Freedom from Unethical Limitations on Users. The group tries to spotlight the ways companies can slip consumer-unfriendly features into their products, and it offers cash rewards in the thousands of dollars to anyone who can figure out how to disable unpopular features or bring discontinued products back to life.

“We want to be able to show lawmakers, look at all these things that could be out in the world,” says right-to-repair advocate and Fulu cofounder Kevin O’Reilly. “Look at the ways we could be giving device owners control over their stuff.”

Fulu has already awarded bounties for two fixes. One revives an older generation of Nest Thermostats no longer supported by Google. And just yesterday, Fulu announced a fix that circumvents restrictive digital-rights-management software on Molekule air purifiers.

Fulu is run by O’Reilly and fellow repair advocate and YouTuber Louis Rossmann, who announced the effort in a video on his channel in June.

The basic concept of Fulu is that it works like a bug bounty, the long running practice in software development where devs will offer prize money to people who find and fix a bug in the operating system. Fulu adopts that model, but the bounty it offers is usually meant to “fix” something the manufacturer considers an intended feature but turns out to be detrimental to the user experience. That can mean a device where the manufacturer has put in restrictions to prevent users from repairing their device, blocked the use of third-party replacement parts, or ended software support entirely.

“Innovation used to mean going from black-and-white to color,” Rossmann says. “Now innovation means we have the ability to put DRM in an air filter.”

Fulu offers up a bounty of $10,000 to the first person to prove they have a fix for the offending feature of a device. Donors can also pool money to help incentivize tinkerers to fix a particular product, which Fulu will match up to another $10,000. The pot grows as donations roll in.

Bounties are set on devices that Rossmann and O’Reilly have deemed deliberately hostile to the owners that have already paid for them, like some GE refrigerators that have DRM-locked water filters, and the Molekule air purifiers with DRM software that blocks customers from using third-party air filters. A bounty on the XBox Series X seeks a workaround to software encryption on the disk drive that prevents replacing the part without manufacturer approval. Thanks to donations, the prize for the Xbox fix has climbed to more than $30,000.

Sounds like a sweet payout for sure, but there is risk involved.

Fixing devices, even ones disabled and discontinued by the manufacturer, is often in direct violation of Section 1201 of the Digital Millennium Copyright Act, the 1998 US law that prevents bypassing passwords and encryption or selling equipment that could do so without manufacturer permission. Break into a device, futz with the software inside to keep it functional, or go around DRM restrictions, and you risk running afoul of the likes of Google's gargantuan legal arm. Fulu warns potential bounty hunters they must tackle this goal knowing full well they're doing so in open violation of Section 1201.

“The dampening effect on innovation and control and ownership are so massive,” O’Reilly says. “We want to prove that these kinds of things can exist.” Empty Nest

In October, Google ended software support for its first- and second-generation Nest thermostats. For lots of users, the devices still worked but couldn’t be controlled anymore, because the software was no longer supported. Users lamented that their fancy thermostats had now become hunks of e-waste on their walls.

Fulu set up a bounty that called for a software fix to restore functionality to the affected Nest devices. Cody Kociemba, a longtime follower of Rossmann’s YouTube channel and a Nest user himself, was eager to take the bounty on. (He has “beef with Google,” he says on his website.) After a few days of tinkering with the Nest software, Kociemba had a solution. He made his fix publicly available on GitHub so users could download it and restore their thermostats. Kociemba also started No Longer Evil, a site devoted to his workaround of Nest thermostats and perhaps hacks of future Google products to come.

“My moral belief is that this should be accessible to people,” Kociemba says.

Kociemba submitted his fix to Fulu, but discovered that another developer, calling themselves Team Dinosaur, had just submitted a fix slightly before Kociemba did. Still, Fulu paid out the full amount to both, roughly $14,000 apiece. Kociemba was surprised by that, as he thought he had lost the race or that he might have to split the prize money.

O’Reilly says that while they probably won't do double payouts again, both fixes worked, so it was important for Fulu’s first payout to show support for the people willing to take the risk of sharing their fixes.

“Folks like Cody who are willing to put it out there, make the calculated risk that Google isn't going to sue them, and maybe save some thermostats from the junk heap and keep consumers from having to pay $700 or whatever after installation to get something new,” O’Reilly says. “It's been cool to watch.”

This week, Fulu announced it had paid out its second-ever bounty. It was for a Molekule Air Pro and Air Mini, air purifier systems that used an NFC chip in its filters to ensure the replacement filters were made by Molekule and not a third-party manufacturer. The goal was to disable the DRM and let the machine use any filter that fit.

Lorenzo Rizzotti, an Italian student and coder who had gone from playing Minecraft as a kid to reverse engineering and hacking, submitted proof that he had solved the problem, and was awarded the Fulu bounty.

“Once you buy a device, it's your hardware, it's no longer theirs,” Rizzotti says. “You should be able to do whatever. I find it absurd that it's illegal.”

But unlike Kociemba, he wasn’t about to share the fix. Though he was able to fix the problem, he doesn’t feel safe weathering the potential legal ramifications that he might face if he released the solution publicly.

“I proved that I can do it,” he says. “And that was it.”

Still, Fulu awarded him the bounty. O’Reilly says the goal of the project is less about getting actual fixes out in the world, and more about calling attention to the lengths companies are allowed to go to wrest control from their users under the auspices of Section 1201.

“We need to show how ridiculous it is that this 27-year-old law is preventing these solutions from seeing the light of day,” O’Reilly says. “It's time for the laws to catch up with technology.”

top 12 comments

sorted by: hot top controversial new old

[-] davel@lemmy.ml 3 points 3 hours ago

Robert De Niro to the rescue

[-] captainastronaut@seattlelunarsociety.org 16 points 6 hours ago

This is badass. I love hearing about this. And what a smart model, let people with the devices contribute to the bounty and things that have a lot of demand and will help a lot of people have bigger bounties.

[-] toothbrush@lemmy.blahaj.zone 4 points 5 hours ago* (last edited 5 hours ago)

But unlike Kociemba, he wasn’t about to share the fix. Though he was able to fix the problem, he doesn’t feel safe weathering the potential legal ramifications that he might face if he released the solution publicly. “I proved that I can do it,” he says. “And that was it.” Still, Fulu awarded him the bounty. O’Reilly says the goal of the project is less about getting actual fixes out in the world, and more about calling attention to the lengths companies are allowed to go to wrest control from their users under the auspices of Section 1201.

And thats where they lost me. The project isnt about actually fixing things? Its just to show the lawmakers that made fixing stuff illegal that stuff can still technically be fixed? Great...?

Fixing something that was obviously hostile in design, and then getting sued for fixing is a much stronger political signal than saying "it can be fixed :)" in a press release! People even get awarded a big chunk of money for it! The foundation seems to have a lot of money, they granted the first bounty to 2 people simultaneously, and they match all bounties up to 10000$ so they could support lawsuits that challenge stuff like this, but instead award money to secret solutions that help nobody.

This is frustrating to read, so close to challenging big tech without actually doing anything!

[-] tabular@lemmy.world 8 points 3 hours ago

"People could fix this but cannot because this law prevents it" is a simple message for law-makers to understand and this program proves the claim. What does being in jail do? Keep in mind that asking others to break the law is legally questionable but it is an unfair risk to put on others if we want them to aim to win the bounty.

[-] toothbrush@lemmy.blahaj.zone 6 points 3 hours ago

Being in jail because you fixed an air filter is a much stronger message people could rail against.

I see that its not feasible for the nonprofit to invite breaking the law, but the law seems ill defined in this case, and perhaps a lawsuit that goes to the top could change things. I think lawmakers dont actually care about fixable devices, and proving they can be fixed doesnt change this. Saving someone from prison by way of closing a loophole(DRM to prevent repairs, replacement parts) is something much more actionable for polititians I think.

If I had the kind of money that they seem to have I would try this instead, is all I was trying to say.

[-] jjagaimo@sh.itjust.works 9 points 4 hours ago

Sharing the fix is what lands you in prison, in part because of dmca. The company arguments include circumvention under dmca, protecting copyright holders, that its "illegal hacking" (its not, its reverse engineering) and that no one wants to do it. This is tangible evidence that there are devices which were sold working, were remotely bricked, and could and would be working today if customers had ownership of the products that they paid for, and it can be done without proprietary information of the companies

https://youtu.be/_gZrvHCO83I

[-] toothbrush@lemmy.blahaj.zone 2 points 3 hours ago

I think the company perspective "breaking a security chip to allow installation of other airfilters being in violation of copyright" is flimsy at best. No intellectual property is being protected with it, thats why I think putting the fix online and fighting the potential lawsuit is a better strategy. But I see why they wouldnt do that.

[-] jjagaimo@sh.itjust.works 2 points 54 minutes ago

I doubt any of their lawyers believe a single thing they say, but if it gets the courts and lawmakers to side with them, then they'll say it. Most individuals don't have the capital to fight it, so building up a ton of evidence beforehand to use if they have to defend against one of those lawsuits is probably a good strategy, even if it means holding off on publicly disclosing the solutions and fixes for now

[-] Eheran@lemmy.world 5 points 5 hours ago

It is illegal in the USA, you go into prison. That is the reason they can not publish it openly. Watch some of Rossmanns videos for details.

[-] optissima@lemmy.ml 1 points 5 hours ago

Okay then share it outside the united states? This is constantly circumvented

[-] SreudianFlip@sh.itjust.works 5 points 3 hours ago

Yes, go ahead. The parties in question in the article all live under the yoke of the DMCA, with vigorously litigious corporations patrolling the streets.

[-] Eheran@lemmy.world 3 points 3 hours ago

So people should just leave their home to publish some minute detail about some device? Sounds reasonable.

this post was submitted on 13 Dec 2025

134 points (100.0% liked)

Technology

40520 readers

255 users here now

This is the official technology community of Lemmy.ml for all news related to creation and use of technology, and to facilitate civil, meaningful discussion around it.

Ask in DM before posting product reviews or ads. All such posts otherwise are subject to removal.

Rules:

1: All Lemmy rules apply

2: Do not post low effort posts

3: NEVER post naziped*gore stuff

4: Always post article URLs or their archived version URLs as sources, NOT screenshots. Help the blind users.

5: personal rants of Big Tech CEOs like Elon Musk are unwelcome (does not include posts about their companies affecting wide range of people)

6: no advertisement posts unless verified as legitimate and non-exploitative/non-consumerist

7: crypto related posts, unless essential, are disallowed

founded 6 years ago

MODERATORS

MinutePhrase@lemmy.ml