Internet of dead bikes, etc

wolfliving:

*Stacey Higginbotham:


Plan for death at the start of building your connected device

This week brings us the tale of yet another connected device that may become a useless chunk of scrap because its maker is going out of business. In this case, the affected product is the VanMoof e-bike, which cost buyers $5,000 and requires a working app for many of the bike’s functions.

VanMoof has gone into the Dutch version of bankruptcy, and owners of the product have been told that if the servers shut down, users will have no way to get a security key needed to operate many of the bike’s features. For buyers of connected products ranging from home hubs to sous vide cookers, the end of a connected device company often means the end of a functioning product.

But it doesn’t have to be this awful for consumers. By planning for failure, startups (and large companies like Amazon or Facebook) can kill their products better.

— VanMoof promises users that their connected bikes will get “better and better” through software updates. What they don’t advertise is that without their servers, the bike may not even work. 


In the case of VanMoof, a rival connected e-bike company has created an app that will purportedly unlock the VanMoof bikes and provide some functionality. But relying on a competitor to hack together some software to control a device made by another vendor and hoping that, as a user, you can download your security key from the VanMoof servers, before those servers are shut down, is not an ideal scenario.

It’s the equivalent of rushing through your home as a fire burns, trying to grab people, pets, important papers, and heirlooms while the walls crumble. Folks with go bags or even a sense of what to take first are in a far better position if the worst happens. And by now, every company building a connected device needs the equivalent of a go bag or at the very least, a checklist.

Design your business model and device differently

It starts with the design. When designing the physical product, designers need to think about graceful degradation. Put physical buttons on the device. Make sure the product functions as a bike, a juicer, an oven, or whatever else even if the additional software-based or connected features fail. When it comes to making decisions about the chips and services used in the hardware, consider ongoing maintenance costs and how long that hardware will get necessary security updates.

I’ve seen startups run into issues after they chose a hardware platform that required monthly payments that increase based on the device usage. One of the services was associated with keeping the product secure, so the device makers had the best goals in mind but realized too late that the initial design decision obligated the company to make annual payments that would rise as more people purchased and then used their devices.

Understanding the cloud architecture costs and decisions made when designing a connected device’s software and apps also matters. Unlike with dumb physical hardware, where calculating the cost of any good sold ends once the device ships, connected devices have a continued ongoing cost more commonly associated with software.

Software gets around the ongoing cost issue by charging a licensing fee or charging for the product as a service. Hardware providers are trying to offset these ongoing costs with additional subscriptions, or in some cases by offering a SaaS model and throwing in hardware as part of a monthly fee.

Escrow funds, not source code

Any company selling a connected device should understand the monthly cost of supporting their servers and apps, and set aside the appropriate dollar amount to ensure that service providers get paid — even if the company runs into trouble. This means any product must have an escrow account with six months or a year of ongoing device upkeep fees allocated.

This means if a startup goes out of business, it has the funds to notify people that the connected device they spent money on will stop working after a set time as opposed to it just going dark on a random April night (hello, Insteon). Bigger companies may not need an escrow fund, but they, too, should kill underperforming devices with long lead times, discounts, and perhaps even refunds. Those strategies should be part of any initial planning for a new connected device.

We often hear of users demanding that companies put the source code for connected devices into escrow, so that users can run the code on their own servers and keep their devices operational. This strategy has three flaws.

The first is that the source code may not be enough to keep a device running, especially as elements like secure keys and certificate subscriptions are now part of connected device designs.

The second flaw is that not every device is suited for some side-loaded open source code. Meta is dealing with this as it pulls back from its connected video calling device, the Portal. Because the Portal has mics and cameras that a hacker might want to use to spy on users, Meta doesn’t want to let people load software onto the product to keep it working; it represents too much risk. Instead, it would rather shut the devices down entirely.

Third, opening up the source code may make it easy for a select few to run a device, but it’s not something the average consumer can or will do. So when thinking about escrow, think funds, not source code.

Learn from Amazon and others

There are examples of device deaths done right. Amazon actually provided a good example this year when it announced the end of its Halo wellness devices. Amazon made the announcement in April, and told consumers that 96 days later, the devices would stop working.

This was a relatively short amount of time, but Amazon promised full refunds to anyone who had purchased any of the devices within the prior 12 months, and immediately stopped charging subscription fees associated with Halo devices. It also refunded any unused prepaid Halo subscription fees and said it would delete all data associated with Halo devices without requiring the consumer to take any additional steps.

The ease of refunding customers was only available to Amazon because it was the sole retailer of the Halo devices, which isn’t the case for every connected product, but it was clear that Amazon wanted to get out of the Halo business quickly and with minimum consumer fuss. So it made it incredibly easy.

Finally, Amazon asked consumers to ship the devices back for recycling and made doing so free, going far beyond what most companies are doing with dead devices.

Amazon isn’t the only company that has ended its products’ lives early. The German company behind the Neato vacuum, Vorwerk, shut down the vacuum division this year. But it also said it would maintain a staff of 14 people for the next five years to ensure the security and functioning of the vacuum’s cloud software and app. Vorwerk further said that it would provide replacement parts for up to five years.

I’ve seen other companies kill their devices with discounts for replacement gear and long lead times. That’s the bare minimum, but it can still be frustrating for consumers. For example, I own a set of Arlo connected video cameras I purchased in the summer of 2017. In January of this year Arlo said it would classify my cameras as end of life as of April 2023, which means they would lose several features including free 7-day video storage, firmware updates, and email notifications.  

Since the reason I chose those cameras in the first place was that I got a 7-day window to see my videos before they were deleted without paying for a subscription, I was nonplussed about the short notice but frustrated that my cameras were going to die after only six years. After user outrage, Arlo said that it would continue with 7-day video storage until July 2024 before the devices would lose security updates and that functionality. For me, this means the cameras I paid $220 for in 2017 would work for seven years.

Expiration dates for smart devices

Had I know all of that when buying my cameras, I probably would have been fine with the cost/benefits tradeoff. But others may not have. And this is why in today’s day and age, every single device should come with a guarantee that the device will work for a set number of years.  

Companies can go beyond this date, but they need to establish minimums that get displayed on the box and for devices sold online, at the point of sale. This includes how long the device will get new features and essential security updates. The UK has already enshrined this idea in regulations that will take effect in April next year.

Additionally, knowing the device expiration date can help companies figure out how much money they should set aside in the escrow accounts. It also ensures that when another company buys a connected device maker, they can’t simply shut it down. Connected devices have been around long enough that we understand the challenges they pose for business models and the challenges that result when those companies fail.

It’s past time we start doing something about it.