Haier hits Home Assistant plugin dev with takedown notice

IMHO Avoid buying any of their brands as the Haier corporation appear to be hostile against communities like us.

They own a lot of brands though. So you have to research ahead of time. It’s not at all obvious a lot of the time that it’s a Haier brand you are purchasing. In the US, long standing household names like GE and Hoover are owned by Haier.

It’s really not clear to me what the problem was. They site “violation of terms of service” but that’s really vague.

According to our friends at OpenAI, these are the primary brands to avoid:

Haier, a global appliance manufacturer, markets its products under several brand names, including:

1. Haier: The primary brand, known for a wide range of consumer electronics and home appliances like refrigerators, air conditioners, washing machines, televisions, and more.
2. GE Appliances: Acquired by Haier in 2016, GE Appliances continues to be a major American brand known for its range of appliances, including refrigerators, dishwashers, ovens, and air conditioners.
3. Candy: An Italian brand specializing in home appliances, Candy was acquired by Haier in 2018. It is known for its washing machines, dishwashers, and refrigerators.
4. Fisher & Paykel: Based in New Zealand, Fisher & Paykel is known for its innovative home appliances, especially refrigerators and washing machines. It was acquired by Haier in 2012.
5. AQUA: A brand particularly popular in Japan, AQUA specializes in home appliances such as washing machines and refrigerators.
6. Leader: This brand focuses on refrigerators and freezers, catering primarily to the commercial market.
7. Casio: A lesser-known brand under Haier, Casio is mainly focused on small home appliances.

These brands reflect Haier’s diverse global presence and its strategy of operating multiple brands to cater to different market segments and regions.

I take a slightly different perspective. It’s not that they’re hostile against communities like us–it’s that they’re prioritizing people who aren’t us. Specifically:

1. Consumers who only want to use Haier’s apps and Alexa/Google/Siri.
2. Hackers.

It would be great if more commercial companies provided APIs for third-party use, but that costs money. If they think that the vast majority of customers probably won’t ever use it, an API is more “nice to have” than “crucial to sales/retention”.

In contrast, it’s easy to justify spending time and money spent on security, and I think that’s what often drives this sort of response. If they don’t do anything and there’s a security breach, the consequences could be massive for them and their customers.

To be clear, I’m not saying that the Home Assistant plugin would definitely lead to a security breach; I’m saying that the mere possibility is (and should be) enough to scare the company. So they have to do something to minimize liability, which often results in actions that appear hostile: a firmware update that kills connectivity or a threat of legal action.

In theory, Matter will fix all this…if companies start buying into it. The Matter launch has been a disaster, but I want to believe that Haier and others will move toward it over the next few years. Of course, that doesn’t change where we are today.

I think consumers should keep three things in mind as more products become dependent on apps, clouds, and software updates:

1. Buy products for what they already do, not for future updates that may never come.
2. Don’t assume that the free services a company provides for a product will continue to be free…or continue to exist.
3. If you’re using the product in an unsanctioned and unsupported way (such as a Home Assistant plugin or openHAB binding) don’t expect it to always work.

If this means boycotting Haier, so be it. I just think it’s less about them being “hostile” and more about not trusting them to make decisions that in our favour.

Hmm, I disagree with your stance WRT to hostility.

It should be very clear that, if you use a ‘controller’ other than the manufacturer’s, you are accepting implicitly all risks that go with it.

Like others said "I bought their stuff, because it integrates with my automation system’. And since I have been using OH (since v1) I am very conscious to avoid anything proprietary (or non-integrate-able).

If I hack my car, than this is my right; if I repair it, it is too. But doing so, transfers all risk to me; that is, if what I have done is related to the risk.

Haier’s brands are now on my ‘never to purchase’ list; not only for products that can be automated/integrated, but for all their products. And I will tel my ‘friends’ too.

Another rule I have: don’t buy or use anything that uses the cloud or needs a connection to the manufacturer. One reason, I will get rid of my Zappi.

Aside from that, it sounds like we generally agree. Buyer beware.

I agree that the approach they took was harsh and strong-arm tactics like that should be avoided. I also think even with all the HA folks as well as other Home Automation groups such as this one boycotting their products reality is in the big scheme of things It will not even be a blimp on their sales reports.
How ever from a possible financial impact to them as a corporation I can see how they could have in fact incurred some financial losses if say they have a cloud presence that auto scales and if the software that was released did not have throttling or request limits set by default in it and was hammering their servers. Because with enough folks using it in a wide open manner resulting in up scaling their foot print into some insane astronomical size that could get expensive quickly. I know I have torn developer teams apart at my day job many times for over polling Jenkins controllers and triggering insane numbers of builds in a short period of time. I have also had to turn down ports on a few development servers due to the software going into a runaway condition that effectively saturated the network and created a DDOS scenario, so it does happen. Now if they went to the developer and asked him to adjust his code to limit the number of requests and he refused then well if I was in charge of that corporation or managed that network, I would take drastic action as well. Actually, come to think of it I have been that bad guy that developers cussed out many times in my day job for them not being resource friendly.
The right approach should be Companys providing the documentation or even partnering with dev folks like us and HA and the other home automation solutions to ensure that we meet the guidelines they have for using api calls and such connectivity then they will reap benefits of us making the products they sell more desirable for the public overall.

I don’t think anyone here is thinking that a boycott is going to change anything on their side. But it is an important move to protect ourselves.

There are a lot of unanswered questions to me that makes it difficult to judge their actions.

• Does Haier provide an API? If so what are the terms of services for that API? The legal takedown sited violation of terms of service. Are they going after the wrong person? The author of the code likely did not violate any terms by merely publishing code to access that published API. It’s the individuals who use that code in unallowed ways that violate the terms. If I configure the OWM binding to poll the API every second, that’s on me, not the OWM binding author, if I violate the terms of service.

• If they do not provide a published API, was the API reverse engineered? If so why didn’t they go after the author for an IP violation instead of a terms of service violation?

The whole thing smells of going after the single person they can find rather than after the people who are actually violating the terms of service. Or it’s a case of a poor implementation on their side (lack of rate limits perhaps?) and they did not properly budget for the popularity of the HA integration. In short they are mad that the HA integration made it too easy and they didn’t budget for their API becoming popular.

Over all, once the lawyers get involved reasonableness and common sense fly out the window. And they don’t even have to have a good faith expectation that a law or contract term was violated to send a cease and desist order like that. It may have been an empty threat (the vagueness of the letter points that way). Spend a couple hundred bucks for the lawyer to send a threatening letter and hope the other side just gives in. Problem solved.

That right there sums it up.
My point is this should be a reminder to us all that if you code something insure you are using best practices which from what I have seen in the OpenHAB space is done pretty consistently.
Reality is you do not need to poll your washing machine, dish washer or A/C every one second to see if the cycle is done or if the temperature has risen a 10th of a degree.
That is not “mission critical data”
Unlike checking a smoke alarm or home entry monitor were missing that data could possibly put life or property at risk.

I also agree with this.

There has been some new developments on this and I think it’s worth brining in some of the details to this thread.

1. The legal threat came from Haier Europe. Haier North America is a separate entity, is not a party to the legal threat, and does not support it.

2. Haier Europe has had second thoughts and is backing off on the threat.

3. The GE brand actually uses a different API and supports an all local API.

This topic was automatically closed 41 days after the last reply. New replies are no longer allowed.