Developer Unlocks Newly Enshittified Echelon Exercise Bikes But Can't Legally Release Software (404media.co) 105
samleecole shares a report from 404 Media: An app developer has jailbroken Echelon exercise bikes to restore functionality that the company put behind a paywall last month, but copyright laws prevent him from being allowed to legally release it. Last month, Peloton competitor Echelon pushed a firmware update to its exercise equipment that forces its machines to connect to the company's servers in order to work properly. Echelon was popular in part because it was possible to connect Echelon bikes, treadmills, and rowing machines to free or cheap third-party apps and collect information like pedaling power, distance traveled, and other basic functionality that one might want from a piece of exercise equipment. With the new firmware update, the machines work only with constant internet access and getting anything beyond extremely basic functionality requires an Echelon subscription, which can cost hundreds of dollars a year.
App engineer Ricky Witherspoon, who makes an app called SyncSpin that used to work with Echelon bikes, told 404 Media that he successfully restored offline functionality to Echelon equipment and won the Fulu Foundation bounty. But he and the foundation said that he cannot open source or release it because doing so would run afoul of Section 1201 of the Digital Millennium Copyright Act, the wide-ranging copyright law that in part governs reverse engineering. There are various exemptions to Section 1201, but most of them allow for jailbreaks like the one Witherspoon developed to only be used for personal use. [...] "I don't feel like going down a legal rabbit hole, so for now it's just about spreading awareness that this is possible, and that there's another example of egregious behavior from a company like this [...] if one day releasing this was made legal, I would absolutely open source this. I can legally talk about how I did this to a certain degree, and if someone else wants to do this, they can open source it if they want to."
App engineer Ricky Witherspoon, who makes an app called SyncSpin that used to work with Echelon bikes, told 404 Media that he successfully restored offline functionality to Echelon equipment and won the Fulu Foundation bounty. But he and the foundation said that he cannot open source or release it because doing so would run afoul of Section 1201 of the Digital Millennium Copyright Act, the wide-ranging copyright law that in part governs reverse engineering. There are various exemptions to Section 1201, but most of them allow for jailbreaks like the one Witherspoon developed to only be used for personal use. [...] "I don't feel like going down a legal rabbit hole, so for now it's just about spreading awareness that this is possible, and that there's another example of egregious behavior from a company like this [...] if one day releasing this was made legal, I would absolutely open source this. I can legally talk about how I did this to a certain degree, and if someone else wants to do this, they can open source it if they want to."
right to repair should give the right to post that (Score:5, Interesting)
right to repair should give the right to post that alt firmware!
Re: right to repair should give the right to post (Score:2)
It should do, but DMCA is toxic enough to trump that and it isnâ(TM)t as if right to repair in the US is robust enough to clarify that need.
My pessimistic self also doubts the current administration would care enough to address this in a meaningful way.
Re: (Score:2)
Fuck you, you stupid 19 year old faggot. If you're going to make Slashdot headlines NSFW with swear words, I'm going to go to town on your gay asses. Literally NSFW. B-I-Z-X *ruined* this site.
Oh, Belgium!
Re: (Score:2)
Yes, the AC is a troubled troublemaker :-/
Re: (Score:1)
Midnight Thunder has been posting here for over 16 years.
Presumably more. MT's user ID is from the 90s.That's when I signed up.
Re: (Score:1)
1998 I think.
Re: (Score:2)
Anyone recall what the cutoff date for Slashdot posting history is? From when the entire db of posting history was lost?
Re: (Score:1)
i don't really think "right to repair" fits this. what about not buying this sort of crap in the first place? there's no need for a right to repair what can't break.
i understand some people have it hard to find places where to workout or ride a bike, but all this gamification nonsense has little to do with health and it should be public knowledge already that hardly any company going this route will abstain from playing these cheap games at some point, so it's really asking for it. just show them the finger
Re:right to repair should give the right to post t (Score:5, Insightful)
>what about not buying this sort of crap in the first place?"
Well, they put these new requirements and restrictions AFTER people bought the equipment. Many people should already know this type of thing is possible and happens with "connected" equipment, but many selected Echelon because of their friendly stance and then were surprised when the rules of the game changed.
And you can bet every user signed "OK" on the fine print that probably said the company was free to change the way it connects and shares or doesn't share data at any time. But almost nobody reads it, or if they do read it they don't understand it, or feel like they have no choice (other than to return the equipment if it is still in the return window).
Re: (Score:1)
Re: (Score:2)
Yes exactly this, post it anonymously via some site hosted in a far away country well outside the jurisdiction of DMCA or similar rules. It's not like they will be able to do anything about a site hosted in russia or china.
Re: (Score:2)
Re: (Score:2)
That sounds like what he's going for. "I can't legally post it, but I can tell someone else how I did it if they'd like to post it."
Re: (Score:1)
Well, they put these new requirements and restrictions AFTER people bought the equipment.
There ought to be a lawsuit against the manufacturer over this. Similar to as there was against Sony when they tried to remove OtherOS support from the Playstation 3.
Re: (Score:2)
So file one.
Re: (Score:2)
The problem is, while we can complain about these practices, probably no one complaining here has one of these bikes. Pretty much all of us know better than to buy a pre-comprimised device like this in the first place if we can avoid it. So, no standing to sue.
Re: (Score:2)
favorite tool when crap like this happens - credit card charge back... the seller failed to deliver services as agreed. It really does destroy the seller and their reputation with payment processors to the point where they stop being supported... best benefit of using a credit card for purchases. This has the benefit of also being cheaper and faster than a lawyer.
Re: (Score:3)
favorite tool when crap like this happens - credit card charge back
That *might* work if you bought your bike in the last four months, but after 120 days chargebacks typically can't be filed.
I would guess that option is off-the-table for most people.
Re: (Score:2)
Echelon bikes mainly sold through physical retail locations. Considering it's a $800+ item.. It is very unlikely they will let you get away with simply charging it back. Particularly since they can verify you received the correct item and it is in working condition at the time of sale. The store will definitely have the signed receipts and possibly video footage of the person physically checking out with the items.
You chargeback half a grand worth from a Walmart, and you're liable to find police at y
Re: (Score:2)
You may have the physical product, but if the vendor fails to provide the service that was to come with that product at time of payment... they are still not delivering the thing you paid for...
The charge back is not for not getting the product... it's for not getting the product you were sold and what you paid for. Never suggested saying it was a fraudulent transaction and that it wasn't you doing the transaction. That would be fraud on your part. Holding the vendor accountable for their failure to prov
Re: (Score:3)
It's a consumer law issue. If a product is enshittified after you bought it, there should be a right to return it, or at least a substantial partial refund for the lost functionality. If they go subscription then the refund should be the expected cost of the sub over the reasonable lifetime of the product.
Re: (Score:3)
It should be a criminal case, they wilfully sabotaged equipment that someone has bought and paid for.
Re: (Score:1)
Re: (Score:2)
Makes me wonder if the dev could release the 'fix' under Norway's jurisdiction
Re: (Score:2)
>what about not buying this sort of crap in the first place?"
Well, they put these new requirements and restrictions AFTER people bought the equipment. Many people should already know this type of thing is possible and happens with "connected" equipment, but many selected Echelon because of their friendly stance and then were surprised when the rules of the game changed.
And you can bet every user signed "OK" on the fine print that probably said the company was free to change the way it connects and shares or doesn't share data at any time. But almost nobody reads it, or if they do read it they don't understand it, or feel like they have no choice (other than to return the equipment if it is still in the return window).
Also a lot of the time the end user isn't informed until they've already purchased the product. In some countries you're able to return them as "not fit for purpose" but even these laws have limits.
And people are pretty thick (British term for dumb). We should be labelling these things as restrictive "Will not work without an Internet connection", "functionality may be later degraded by manufacturer", "Requires a subscription" and the like but it can't be in size 0.000001 font on the bottom of the box hi
Re: (Score:2)
Well, they put these new requirements and restrictions AFTER people bought the equipment.
And THAT is exactly how you know that your government does not work for you, but for businesses. Fucking thieves.
Re:right to repair should give the right to post t (Score:5, Interesting)
https://www.youtube.com/watch?... [youtube.com]
Basically, the gist is that the owner of the Echelon bike had a perfectly working product, at which point the manufacturer *broke* it by forcing defective firmware onto the device, and the owner thereby needs a legal means of recourse to "fix" it by removing the defective firmware.
Re: (Score:2)
What I am wondering is, since this is an exercise bike, what actual features does it have that aren't just physical hardware? I mean, what does it actually have in it terms of hardware that actually interfaces with any sort of controller? Presumably the pedals have some sort of resistance control and sensors to detect the motion of the pedals. Then of course there will be a display, but what the hell else is there? Maybe there's computer controlled hardware to adjust seat height, angle, as well as handle he
Re: (Score:2)
I know that it has become impossible to tell, but I think it was meant as a joke. If so, it's making the pertinent point that "right to repair" is not a real "right" because companies have opposed it and managed to limit it, even in the few places where there are laws trying to protect it.
Re: (Score:3)
Re: (Score:2)
I know, I know, don't feed the trolls ...
While not explicitly listed it could be argued that it is implicitly listed via:
1. The Constitutions' Ninth Amendment:
2. The Bill of Rights' Tenth Amendment
Re: right to repair should give the right to post (Score:2)
Re: (Score:1)
Re: (Score:2)
Re: right to repair should give the right to post (Score:1)
Re: (Score:2)
Re: (Score:2)
European Union? (Score:5, Insightful)
Given that it has been demonstrated that it can be jail broken, what are the chances someone in the EU, or elsewhere, will try the same and release it on a server outside of the US?
Re:European Union? (Score:5, Insightful)
What he should have done is to jail break, shut up and release the code on any darknet corner, or on a Russian forge. But no, he chose to take the sweet bounty money and now nobody gets to see the code, ever.
Re: (Score:2)
Re: (Score:1)
Re: (Score:2)
What he should have done is to jail break, shut up and release the code on any darknet corner, or on a Russian forge. But no, he chose to take the sweet bounty money and now nobody gets to see the code, ever.
This was actually pretty common during the heyday of iOS jailbreaks that a developer would brag about having a jailbreak they didn't want to release.
Re: (Score:2)
"What he should have done was <something illegal that comes with no reward to him>."
"But no, he chose to <gain a profit from his efforts, in a perfectly legal way>."
I am sorry to put it so brusquely, but he has no moral obligation to work for free, and certainly not when doing so is also illegal.
Re: (Score:2)
I am sorry to put it so brusquely, but he has no moral obligation to work for free, and certainly not when doing so is also illegal.
And we have no obligation to assume he is a better person than those at "Echelon" who decided to "perfectly legally" diddle their customers for profit.
Re: (Score:2)
What he should have done is to jail break, shut up and release the code on any darknet corner, or on a Russian forge. But no, he chose to take the sweet bounty money and now nobody gets to see the code, ever.
We know there's an exploit now. If anyone cares everyone wins. Money often wins over altruism.
Re: (Score:2)
What he should have done is to jail break, shut up and release the code on any darknet corner, or on a Russian forge. But no, he chose to take the sweet bounty money and now nobody gets to see the code, ever.
That was exactly my first thought when reading this, too. Someone with truly altruistic motives would have many possibilities to spread such software without publicly taking credit for it. And to leave the political activism for a true right to repair to others.
Re: (Score:2)
I mean... it's probably sitting in his GitHub account somewhere. The security and sharing settings on those can be kind of obtuse. And it's a microsoft product, so you can count on it to be about as "secure" as a slice of Swiss cheese even if the user did everything right.
Or, really, he should have just some GPL code himself, that way he'd be obligated to open the code.
Re: (Score:1)
EU has similar digital lock laws.
Re: (Score:2)
Maybe you're thinking about laws individual member states have passed. The EU has passed "Common Rules to Promote the Repair of Goods (EU 2024/1799)" which:
aim to limit such anti-repair practices by stating that manufacturers are not allowed to use any contractual clauses, hardware or software techniques that impede the repair of goods.
In France, 'planned obsolescence" *is* in fact illegal and one could argue that this was in fact planned obsolescence.
My suggestion would be to release this in France, and let them try and brin
Re: (Score:1)
You appear confused on how EU legislative process works in general. Almost all EU legislation (including relevant copyright legislation) is not binding on citizens in any way. It's instead binding on legislative of member states to pass local laws that implement said EU legislation.
Reminder: EU is not a sovereign state. It's merely a union of sovereign states. Sovereignty lies with the member states, and therefore legislation that actually binds citizens is national, not EU level.
There is one exception to t
Re: (Score:2)
He probably could, but he’d still likely need a lawyer. It’s not whether you’re right, but how much money the other party has to bleed you dry.
Release it anonymously (Score:3, Informative)
Re: (Score:1)
That was my first thought on it too. Release it anonymously and stay free!
Re: (Score:3)
Release very specific directions instead of a tool.
The DMCA addresses circumvention tools. It does not address speech.
Re: (Score:3)
We've come full circle.
A few hundred years ago, when algebra wasn't "algebra" yet, "algorithms" and "equations" were written as poems.
Also, it wasn't so long ago when the authors of PGP published their code as a book to bypass U.S. munitions export restrictions.
Re: (Score:2)
Re: (Score:2)
Certainly there is a journalist or friendly pirate site that will host it.
I think the problem is that he gave the code to the manufacturer for a bounty... so the manufacturer knows what the code looks like and where the guy lives to serve him court papers.
Put it on a shirt (Score:5, Informative)
Last time something like this happened, we put the DeCSS on a t-shirt and sold them and the Supreme Court ruled it 1st Amendment.
https://en.wikipedia.org/wiki/... [wikipedia.org]
Re: (Score:2)
Or if too long for a tee shirt, print in a book like "Cracking DES."
Re:Put it on a shirt (Score:4, Funny)
Re: (Score:2)
One line of APL would have more graphic appeal.
Re: (Score:2)
s''$/=\2048;while(){G=29;R=142;if((@a=unqT="C*",_)[20]&48){D=89;_=unqb24,qT,@b=map{ord qB8,unqb8,qT,_^$a[--D]}@INC;s/...$/1$&/;Q=unqV,qb25,_;H=73;O=$b[4]>8^(P=(E=255)&(Q>>12^Q>>4^Q/8^Q))>8^(E&(F=(S=O>>14&7^O)^S*8^S>=8)+=P+(~F&E))for@a[128..$#a]}print+qT,@a}';s/[D-HO-U_]/\$$&/g;s/q/pack+/g;eval
Re: (Score:2)
Not at all the Supreme Court ruled no such thing. It never made it there in any case. Ultimately lawsuits were dropped, those which proceeded lacked standing largely because the DeCSS had nothing to do with the USA and American laws and two publishers were anonymous.
Had it been produced by an American in America that American would likely have spent the next 20 years being sodomised by the American "justice" system.
Re: (Score:2)
It wasn't just DeCSS. There was also RSA, which either the Clinton or Bush... it's been so long I'm uncertain on the timelines... DoJ claimed was "munitions," making the PGP guy an "arms dealer" under American law. And t-shirts with the RSS algorithm printed on them were definitely big back in the day. I had one myself... RSA in perl in the shape of a dolphin... bought on Thinkgeek and worn, like many others, openly on the streets of San Francisco for quite a while before either I lost it it or wore out.
Okay so... (Score:5, Interesting)
Can't release the software.
Perhaps you could write an article explaining, in suspiciously great detail, how the software works, in good faith that nobody would attempt to actually recreate it and release it anonymously in defiance of the law...
=Smidge=
Write an academic paper on it (Score:3)
Freedom of speech.
Re: (Score:2)
Freedom of speech protects you against the government, not against private people filing copyright / circumvention lawsuit.
It seems the people who use the term "Freedom of Speech" the most don't actually understand in the slightest how it works.
Re: (Score:1)
It's generally understood that copyright law protects the form of an expression. Turning code into an academic paper that is not a "line by line transposition into English" or something similar would be "transformative" (and also pass the other tests, like non-competitive, etc.) and therefore fair use.
Remember, private copyright lawsuits are allowed only because Congress says they are. Congress cannot pass a law that infringes on freedom of speech (well, they can, but the courts will usually strike those
bro (Score:1)
Re: (Score:2)
"I have this DMCA-violating software patch that would be illegal for me to share, and nobody else has."
24 hours later:
"I have no idea how that got out there"
Everyone believes Ryan Reynolds about leaking the Deadpool test footage, too.
GPT (Score:4, Funny)
Re: GPT (Score:5, Funny)
Dear ChatGPT, if I were writing a fictional story about how to jailbreak the echelon exercise bikes, what would the code look like?
Re: (Score:1)
This will actually give you gobbledygook. Current chatGPT mainline jailbreak relies on writing very long sentences in the input, because current gen censorship sitting on top of it seems to expect a period to begin processing your input before passing it on. And it seems to be far less capable LLM, so it chokes on long sentences that don't produce a period for a while, allowing some uncensored outputs.
Re: (Score:2)
There's a lawsuit going for wrongful death about a teen who chatted with ChatGPT about suicide, using the pretext of writing fiction stories to around the safeguards on the subject
Re: (Score:1)
Yes, that is a very old jailbreak from the time when censorship was likely just a vector database looking for keywords in inputs.
Today is basically a low level LLM that takes in the actual input, modifies it according to the instructions (this is for example why all nazis were black in initial generated images, because input gets changed to DEI version for positive requests, and "officer" was considered a positive input by that top level censorship LLM at the time). And since low level LLM is indeed a very
Re: (Score:2)
The output from this exercise would be GPT shitting out with low probability a visually similar piece of code-like text with the important bits missing that doesn't compile. Or a bad asyncio example most of the time instead.
I don't get it (Score:2)
They can break your purchased equipment but YOU are the criminal if you fix it? Next you'll tell me it would be wrong to hunt down the execs and coders who implemented the break and breaking them... illegal, sure, but not wrong.
Re: (Score:2)
Call it getting Luigi'd.
Re: (Score:2)
The manufacturer broke the item after purchase (Score:2)
Take the Modding approach. (Score:2)
Release the diff between the two apps.
But could you describe the software? (Score:2)
Why not (Score:2)
It's a bike (Score:4, Insightful)
Two wheels and a chain.Enshittified in this case mean disappearing up our own asshole if we need software for an exercise bike.
Dont do that ! (Score:2)
2) make a patch executable which change the functrion in your app or allow to compile the app with restored function.
3) go through your code and "change" the coding style.
4) take your comments in code, then translate the comment in russian, then translate russian in chinese, then chinese back in english : this is your new comment
5) tkae your function names and translate in russian
6) go into a coffee with free wifi in a
We have a dumb exercise bike, no apps needed (Score:2)
If he can't release it... (Score:3)
Would be a shame if the code was "stolen" (Score:1)
From an instrumentation PoV ... (Score:2)
Having had to design, build and install various instrumentation onto complex machines over the decades ... it didn't take long to sum up the problem as "trivial". Unless you're going to try to tie it into "pulse" (in the "heartbeat" sense) detection - which could get really tricky. But I'm sure someone already sells "pulse-onna-chip" already, since I can buy a reliable pulse and blood pressure machine, with cuff, for a tenner.
Is there an Arduino - or RPi - project kit for this? Yet? Remove the circuit board
Re: (Score:2)
Multiple of them. https://duckduckgo.com/?q=rasb... [duckduckgo.com]
Obstacles of releasing software (Score:1)
This reminds of the debacle when PGP was first released. The US government classified it as a "munition" that could not be legally exported, so the source code was printed out (unlike digital code, printed code was not subject to the export restriction), and the hard copy taken to Europe and transcribed back into digital form, where it could be released and re-imported to the United States.
Re: (Score:2)