Are you concerned about the long-term viability of devices that fall under the loose notion of the Internet of Things (IoT), in which a cloud connection is required to keep devices functioning? If so, a move by Eye-Fi, which makes SD cards that can automatically transfer newly taken photos to a cloud service, should give you pause. It sure did for me.
In September 2016, the company will discontinue support for features and Web apps for every model of card it shipped from its launch in 2007 up to the X2 models introduced in 2011 and sold through retail channels until March 2015. Only its Mobi line, introduced in 2013, will retain active support. Eye-Fi said in an email to customers the impetus for this move is the obsolescence of “Internet security and authentication mechanisms that were state-of-the-art in 2007 when we built them into our products but have since proven to be vulnerable.” Because these are hardware problems, the company can’t just release firmware upgrades.
I have long been dubious about devices that require the continuous operation of Internet-connected services to function. I don’t expect relatively inexpensive hardware to remain useful and work forever, of course. But while Eye-Fi says it began to phase out the last products that are affected starting in 2012, it allowed them to remain in retail sales channels until March 2015. The company should have taken more ownership of the situation around products sold in the last five years.
I’ve owned three Eye-Fi cards, starting with the original model, and I used them extensively for a few years. However, when memory card capacity dropped in price, I stopped worrying about filling up a card. I found some of Eye-Fi’s features awkward for my non-professional purposes and would instead transfer images by card to an iPad or Mac, and then sync or upload the ones I needed. As a result, I never purchased a new enough Eye-Fi to feel like this end-of-life policy is unfair. (I’ve lost track of one of my Eye-Fi cards and sent another to TidBITS Managing Editor Josh Centers — who was unable to get it to work! I have no horse in this particular race.)
Buh-Bye, Most Eye-Fi — Eye-Fi’s cards are tiny, networked computers that fit into the SD card format. Because there’s no physical interface, you must connect them to a network for configuration. Earlier models and firmware could be configured via a computer as well when plugged into a card reader; later ones switched to full-on cloud support to change any setting. The cards would then automatically connect to configured networks, including those that required a password. You could then turn on a feature called “endless storage,” which automatically deleted photos from the card after it confirmed that Eye-Fi’s servers had received the files.
Eye-Fi’s X2 series, which debuted in 2010, added Direct Mode in 2011, which turned the card into a tiny hotspot, enabling iOS and Android devices to connect using apps, making it easier to review and selectively upload photos. Eye-Fi later added geotagging to some X2 models, using Wi-Fi positioning to estimate the location when photos were synced. (Incidentally, the market position for Eye-Fi exists only because Wi-Fi support in cameras is so terrible — something I’ve written about for years and years and years.)
On 16 September 2016, when Eye-Fi plans to pull the plug, affected cards will continue to work, but in an extremely limited mode. All kinds of things will break or be in an indeterminate state:
- Cards will stop connecting to Eye-Fi Center, the company’s Web app for managing and sharing photos. Eye-Fi will migrate files for active paid users to its new Eye-Fi Cloud system free of charge, however.
- Relayed uploads, geotagging, and direct FTP transfers will stop working.
Account notifications about uploads and other issues will halt.
Eye-Fi mobile and desktop apps will no longer be updated.
Wi-Fi hotspot and base station connections may work, but if they don’t, there’s no way to fix them.
Eye-Fi says that owners can configure their cards before the cutoff date to use selective transfers (which lets you use a camera interface to mark which photos to upload) and the mini-hotspot Direct Mode, but then those options can never be changed later. Direct Mode isn’t guaranteed to keep working, either.
As recompense for removing these features, Eye-Fi is offering a paltry 20 percent discount for up to three cards purchased directly from its Web site until 15 September 2016. This is chintzy, even though the company described it as a “deep discount.” First, hardware makers often have hard costs that are only half of a product’s retail price; a one-for-one 50 percent discount should have been the starting point for people who bought X2 products. Second, anyone who purchased an X2 in the last five years that was still functional should have been offered a mail-in 100 percent swap for the lowest-end Mobi model. Eye-Fi has tarnished its reputation far more than the cost of swapping out what is likely a relatively small number of cards.
It’s hard to know how much these policies would cost the privately held company: it has never disclosed sales figures. But generally, only a fraction of owners take advantage of trade-ins, making a generous offer more affordable than it might seem and engendering significant good will, along with future hardware purchases and recurring subscription fees.
The Danger of Living in the Cloud — Eye-Fi isn’t the first and won’t be the last cautionary tale. A few months ago, Alphabet-owned Nest announced that it would shut down service for Revolv, a $300 hub for smart home devices. Nest bought Revolv in October 2014 and stopped selling new models, but continued to support the product. In April 2016, Nest said it would brick the Revolv on 16 May 2016 — it used more polite language — making the device worthless within about two years of release.
The response from owners and unrelated parties alike was negative. Nest suffered from internal dissension and malaise, and its head, former Apple exec Tony Fadell, “left” his position just months later. Within a few weeks of the April announcement, Nest pushed the shutdown to 19 June 2016, and offered full refunds to owners who contacted the company.
Nest also suffered from outages (in November 2015 and January 2016), as well as an automatically pushed software upgrade that resulted in some owners being unable to control the temperature.
Many lesser known and less expensive IoT devices, which can include home routers and video-streaming boxes, stop receiving firmware upgrades and remain insecure or stop working consistently. This kind of routine behavior receives much less attention.
The Federal Trade Commission has expressed ongoing concern about the security of IoT devices and settled an action against Asus in 2016 based on a hack in 2014 for misrepresentation in its marketing. But the FTC can typically intervene only if a company engages in deceptive or unfair practices. If a company doesn’t promise support for a particular length of time, the FTC has little to no power to engage.
Eye-Fi doesn’t have the excuse of an acquisition or bankruptcy to justify dropping support for even its relatively recent cards. The company did sell the newer photo-sharing part of its business, Eye-Fi Cloud, to Ricoh, which will expand the service and continue to allow Eye-Fi Mobi customers to use it.
But that’s hardly an excuse. If supporting the X2 line for years longer was too much of a burden, swapping them out would have been a more prudent move.
Let the Cloud Rain Down Software — Eye-Fi has been in business for almost a decade. Nest, now a division of Google’s restructuring into the Alphabet holding company, is part of an organization that has been around for over 15 years. If these companies can’t manage a soft landing for a troubled IoT device, what about startups that have just a few months or years under their belts, haven’t turned a profit, and have proprietary hardware and software?
As Cory Doctorow noted in his Boing Boing post on this shutdown:
The Internet of Things bubble is based on startups with six months to one year of runway, making hardware with sub-2% margins (if it’s not being made at a loss), which has zero use if the company’s server shuts down.
The odds of most of these companies failing or being acquired and then shut down — like Revolv — are extremely high. It used to be that when you were an early adopter of hardware, the worst you’d experience was a failure to get new drivers or updated apps for new releases of operating systems. Or you’d no longer be able to get parts, supplies, or repairs. Now, early adopters are risking investing in an expensive brick. Whether you back a crowdfunding campaign or you buy from an established company, the risk seems about the same.
There is something that could be done, and some companies are doing it. Eye-Fi could have eased the pain by releasing all the code necessary to allow configuration, whether through a user-run cloud service or locally run apps, under an open-source license. Eye-Fi is likely not using that code in a substantive way as it moves forward, or it would be able to continue supporting these older products.
A Seattle firm, Glowforge, has promised that when it ships its cloud-controlled 2D laser cutter, it will also release the product’s firmware under a GPL license, which will allow what it calls an “escape hatch” if the company or product fails to continue to be viable. (Disclosure: I have friends who co-founded and work at Glowforge.) This is what happened with the Chumby line of hardware, an open-development bedside clock-ish device that was well ahead of its time, when its maker had to shut down.
Releasing the code as open source won’t make a difference unless some other party picks up the ball, but it’s better than nothing. As more stories of stranded IoT devices stack up, companies may have to put more promises in place, including potentially escrowed funds to run basic services if they go under, to keep early adopters happy. Early adopters provide the funds and market excitement necessary for new products to succeed.
For now, though, we ignore the lessons of Eye-Fi, Revolv, and others at our peril. If the Internet of Things is to be more than a flash in the pan, companies will have to acknowledge the full life cycle of their products, even when that continues beyond a firm’s interest or even its demise.