Unnecessary/overuse (?) of proxies...

D

Don Y

Guest
Why do most \"smart devices\" seem to (needlessly?) inject a
proxy into their communications with other devices?

Arguable needs could include:
- vendor wants to harvest usage information
- vendor wants to snoop (gain some advantage)
- vendor wants to act as a bastion host
- vendor wants to supply service enhancements (e.g., DDNS)
- vendor wants to keep device current (laughable)

The first two are clearly not value added to the consumer.

The third *could* represent value -- but there\'s no way
of empirically knowing if it is actually happening!

The fourth seems trite -- are those enhancements REALLY
necessary? (do you really need to be able to check to
see if your laundry is done while miles from home? Or,
would an alert that finds you on the other side of the
house be more typical -- handled locally)

The fifth could be empirically verified but I\'d wager
the number of updates pushed is pretty small. Esp if
you consider how often devices are \"no longer supported\".

Any other likely reasons?
 
On 2023-08-01 21:11, Don Y wrote:
Why do most \"smart devices\" seem to (needlessly?) inject a
proxy into their communications with other devices?

Arguable needs could include:
- vendor wants to harvest usage information
- vendor wants to snoop (gain some advantage)
- vendor wants to act as a bastion host
- vendor wants to supply service enhancements (e.g., DDNS)
- vendor wants to keep device current (laughable)

The first two are clearly not value added to the consumer.

The third *could* represent value -- but there\'s no way
of empirically knowing if it is actually happening!

The fourth seems trite -- are those enhancements REALLY
necessary? (do you really need to be able to check to
see if your laundry is done while miles from home? Or,
would an alert that finds you on the other side of the
house be more typical -- handled locally)

The fifth could be empirically verified but I\'d wager
the number of updates pushed is pretty small. Esp if
you consider how often devices are \"no longer supported\".

Any other likely reasons?

- vendor wants to retain the option of billing you

Jeroen Belleman
 
On 8/1/2023 3:26 PM, jeroen wrote:
On 2023-08-01 21:11, Don Y wrote:
Why do most \"smart devices\" seem to (needlessly?) inject a
proxy into their communications with other devices?

Arguable needs could include:
- vendor wants to harvest usage information
- vendor wants to snoop (gain some advantage)
- vendor wants to act as a bastion host
- vendor wants to supply service enhancements (e.g., DDNS)
- vendor wants to keep device current (laughable)

The first two are clearly not value added to the consumer.

The third *could* represent value -- but there\'s no way
of empirically knowing if it is actually happening!

The fourth seems trite -- are those enhancements REALLY
necessary?  (do you really need to be able to check to
see if your laundry is done while miles from home?  Or,
would an alert that finds you on the other side of the
house be more typical -- handled locally)

The fifth could be empirically verified but I\'d wager
the number of updates pushed is pretty small.  Esp if
you consider how often devices are \"no longer supported\".

Any other likely reasons?

- vendor wants to retain the option of billing you

Possible. I wonder how the law would treat charging for
a (presumed) \"included service\" AFTER the purchase?
 
On Tuesday, August 1, 2023 at 6:33:38 PM UTC-4, Don Y wrote:
On 8/1/2023 3:26 PM, jeroen wrote:
On 2023-08-01 21:11, Don Y wrote:
Why do most \"smart devices\" seem to (needlessly?) inject a
proxy into their communications with other devices?

Arguable needs could include:
- vendor wants to harvest usage information
- vendor wants to snoop (gain some advantage)
- vendor wants to act as a bastion host
- vendor wants to supply service enhancements (e.g., DDNS)
- vendor wants to keep device current (laughable)

The first two are clearly not value added to the consumer.

The third *could* represent value -- but there\'s no way
of empirically knowing if it is actually happening!

The fourth seems trite -- are those enhancements REALLY
necessary? (do you really need to be able to check to
see if your laundry is done while miles from home? Or,
would an alert that finds you on the other side of the
house be more typical -- handled locally)

The fifth could be empirically verified but I\'d wager
the number of updates pushed is pretty small. Esp if
you consider how often devices are \"no longer supported\".

Any other likely reasons?

- vendor wants to retain the option of billing you
Possible. I wonder how the law would treat charging for
a (presumed) \"included service\" AFTER the purchase?

You mean like in cars where various functions stop working after a period unless you pay a subscription fee?

--

Rick C.

- Get 1,000 miles of free Supercharging
- Tesla referral code - https://ts.la/richard11209
 
On 02-Aug-23 5:11 am, Don Y wrote:
Why do most \"smart devices\" seem to (needlessly?) inject a
proxy into their communications with other devices?

Arguable needs could include:
- vendor wants to harvest usage information
- vendor wants to snoop (gain some advantage)
- vendor wants to act as a bastion host
- vendor wants to supply service enhancements (e.g., DDNS)
- vendor wants to keep device current (laughable)

The first two are clearly not value added to the consumer.

The third *could* represent value -- but there\'s no way
of empirically knowing if it is actually happening!

The fourth seems trite -- are those enhancements REALLY
necessary?  (do you really need to be able to check to
see if your laundry is done while miles from home?  Or,
would an alert that finds you on the other side of the
house be more typical -- handled locally)

The fifth could be empirically verified but I\'d wager
the number of updates pushed is pretty small.  Esp if
you consider how often devices are \"no longer supported\".

Any other likely reasons?

I think this is, at least in part, related to finding the devices to be
connected in the context of a WiFi network of unknown configuration, and
totally clueless users.

Using an intermediate proxy is likely to work, and becomes the only
means of connection rather than a fall-back.

Then the marketing department realises they can use the data.

Sylvia.
 
On 8/1/2023 5:50 PM, Sylvia Else wrote:
On 02-Aug-23 5:11 am, Don Y wrote:
Why do most \"smart devices\" seem to (needlessly?) inject a
proxy into their communications with other devices?

Arguable needs could include:
- vendor wants to harvest usage information
- vendor wants to snoop (gain some advantage)
- vendor wants to act as a bastion host
- vendor wants to supply service enhancements (e.g., DDNS)
- vendor wants to keep device current (laughable)

The first two are clearly not value added to the consumer.

The third *could* represent value -- but there\'s no way
of empirically knowing if it is actually happening!

The fourth seems trite -- are those enhancements REALLY
necessary?  (do you really need to be able to check to
see if your laundry is done while miles from home?  Or,
would an alert that finds you on the other side of the
house be more typical -- handled locally)

The fifth could be empirically verified but I\'d wager
the number of updates pushed is pretty small.  Esp if
you consider how often devices are \"no longer supported\".

Any other likely reasons?

I think this is, at least in part, related to finding the devices to be
connected in the context of a WiFi network of unknown configuration, and
totally clueless users.

So, you think this lets the device \"phone home\" and letting the
user contact it VIA HOME instead of being able to resolve a local
name/address?

Clearly this has value if the user wants to access the device
while OFF his \"local subnet\". E.g., check your Ring doorbell
while you are away at work or adjust the temperature in your house
before you return to it (isn\'t the thermostat supposed to KNOW how
to do that??).

But, this embeds much of the devices\' value in the proxy. E.g.,
a ring doorbell that can\'t get out to The Internet is just
an overpriced buzzer. (A thermostat can, at least, fall back
to being a $20 thermostat)

Aquos (\"Smart\") TVs, IIRC, route internet accesses through a central
proxy -- but, you can hack around that so you\'re not reliant on that
proxy for that functionality.

OTOH, most smart TVs rely on services (pay or free) that may or may not
continue to be available. If not, then what value the network connection?
(E.g., I drive all of our TVs as oversized monitors soas not to be reliant
on their out-of-date firmware)

Other services are clearly offered as \"free trials\" so you understand
you\'re not going to be able to KEEP that functionality without paying for
it, later.

Chumby? Sonos? Alexa? What value those devices when the servers go dark?

Using an intermediate proxy is likely to work, and becomes the only means of
connection rather than a fall-back.

Then the marketing department realises they can use the data.

I wonder how much they actually use, though. I can understand cars
reporting traffic delays as a way to drive the data in a traffic
monitoring service (I\'ve been tempted to disable the transmitter
just to screw them... what does the car/driver get from the ability
to send data to someone else??). And, you may want to watch
my purchases (but you don\'t need Alexa for that!).

But, do you really care if I\'m home when I\'ve got the thermostat to
a \"comfortable occupancy temperature\"? Are you going to sell
notifications to door-to-door salesmen that NOW would be a good
time to catch me at home??

And, lots of \"tracking\" is easily defeated. The \"savings cards\"
that most stores offer aren\'t smart enough to realize if you\'ve fed
them a bogus email address, name, etc. (One company here tries to
be clever and tickles the address periodically, discovers it is
bogus and disables the card. Fine, I just set up a new account
an hour before heading to the store -- as part of the process
of checking their current sale items -- and expect it to be
disabled a day or so later. Lather, rinse, repeat.)

I wonder if it simply hasn\'t occurred to the developers that
putting themselves in the loop as a proxy is likely more of a
liability than an asset. (E.g. to use the wireless interface
to our oven, we have to go through the manufacturer\'s proxy.
Imagine that proxy being hacked and every oven told to turn
on, set for 500F. Or, every garage door told to open. Or...)

I would think it better to be able to argue that any security
lapses are solely the responsibility of the user\'s misuse of
the technology...
 
On 8/1/2023 6:32 PM, Don Y wrote:
I think this is, at least in part, related to finding the devices to be
connected in the context of a WiFi network of unknown configuration, and
totally clueless users.

So, you think this lets the device \"phone home\" and letting the
user contact it VIA HOME instead of being able to resolve a local
name/address?

Clearly this has value if the user wants to access the device
while OFF his \"local subnet\".  E.g., check your Ring doorbell
while you are away at work or adjust the temperature in your house
before you return to it (isn\'t the thermostat supposed to KNOW how
to do that??).

But, this embeds much of the devices\' value in the proxy.  E.g.,
a ring doorbell that can\'t get out to The Internet is just
an overpriced buzzer.  (A thermostat can, at least, fall back
to being a $20 thermostat)

IMO, this is where the value to the seller lies as it
effectively locks the device.

The user has physical possession of the device so can
subvert \"most\" any protection schemes (short of custom
silicon). Checksums can be fudged. Signed binaries can
be replaced by unsigned binaries (which may or may not
have the original code embodied within) or kernels altered
to remove the signature check (as is common in many desktop
executables as well as \"appliances\").

[E.g., who *hasn\'t* modded a wireless router? Nest
thermostat? etc. Are all of these manufacturers
just inept?? Your kernel wants to check signatures?
Build a new kernel that doesn\'t!]

OTOH, if a considerable portion of the device\'s *value*
is implemented \"off site\", the user (or counterfeiter)
has to come up with a means of replacing that functionality
in order to sever the tie to the external agency.

[And, a counterfeiter hoping to leverage the external agency\'s
service has to know how to masquerade as a legitimate client.]

But, then you have to truly add value with your service and
not just \"inconvenience certain clients...
 
On 02-Aug-23 11:32 am, Don Y wrote:
On 8/1/2023 5:50 PM, Sylvia Else wrote:
On 02-Aug-23 5:11 am, Don Y wrote:
Why do most \"smart devices\" seem to (needlessly?) inject a
proxy into their communications with other devices?

Arguable needs could include:
- vendor wants to harvest usage information
- vendor wants to snoop (gain some advantage)
- vendor wants to act as a bastion host
- vendor wants to supply service enhancements (e.g., DDNS)
- vendor wants to keep device current (laughable)

The first two are clearly not value added to the consumer.

The third *could* represent value -- but there\'s no way
of empirically knowing if it is actually happening!

The fourth seems trite -- are those enhancements REALLY
necessary?  (do you really need to be able to check to
see if your laundry is done while miles from home?  Or,
would an alert that finds you on the other side of the
house be more typical -- handled locally)

The fifth could be empirically verified but I\'d wager
the number of updates pushed is pretty small.  Esp if
you consider how often devices are \"no longer supported\".

Any other likely reasons?

I think this is, at least in part, related to finding the devices to
be connected in the context of a WiFi network of unknown
configuration, and totally clueless users.

So, you think this lets the device \"phone home\" and letting the
user contact it VIA HOME instead of being able to resolve a local
name/address?

Yes.

Clearly this has value if the user wants to access the device
while OFF his \"local subnet\".  E.g., check your Ring doorbell
while you are away at work or adjust the temperature in your house
before you return to it (isn\'t the thermostat supposed to KNOW how
to do that??).

But, this embeds much of the devices\' value in the proxy.  E.g.,
a ring doorbell that can\'t get out to The Internet is just
an overpriced buzzer.  (A thermostat can, at least, fall back
to being a $20 thermostat)

I\'m not saying its desirable, just that from the point of view of the
manufacturer, it\'s simple, and avoids the cost of providing support to
help people get things running, and also avoids comment in social media
about how it \"doesn\'t work.\"

If the manufacturer goes out of business and no longer pays for the
proxy, then everyone\'s devices are more or less bricked, but the
manufacture has gone, and doesn\'t care.

Sylvia.
 
On 8/1/2023 8:32 PM, Sylvia Else wrote:
On 02-Aug-23 11:32 am, Don Y wrote:
On 8/1/2023 5:50 PM, Sylvia Else wrote:
On 02-Aug-23 5:11 am, Don Y wrote:
Why do most \"smart devices\" seem to (needlessly?) inject a
proxy into their communications with other devices?

Arguable needs could include:
- vendor wants to harvest usage information
- vendor wants to snoop (gain some advantage)
- vendor wants to act as a bastion host
- vendor wants to supply service enhancements (e.g., DDNS)
- vendor wants to keep device current (laughable)

The first two are clearly not value added to the consumer.

The third *could* represent value -- but there\'s no way
of empirically knowing if it is actually happening!

The fourth seems trite -- are those enhancements REALLY
necessary?  (do you really need to be able to check to
see if your laundry is done while miles from home?  Or,
would an alert that finds you on the other side of the
house be more typical -- handled locally)

The fifth could be empirically verified but I\'d wager
the number of updates pushed is pretty small.  Esp if
you consider how often devices are \"no longer supported\".

Any other likely reasons?

I think this is, at least in part, related to finding the devices to be
connected in the context of a WiFi network of unknown configuration, and
totally clueless users.

So, you think this lets the device \"phone home\" and letting the
user contact it VIA HOME instead of being able to resolve a local
name/address?

Yes.

I\'d buy that for devices that one has to \"reference\" (i.e., name)
This avoids the problem of users not having a local name service
AND not wanting to deal with non-static RFC1918 addresses.

But, there\'s no real need for that in devices that you *don\'t*
have to address (e.g., a TV resolving a URL through a proxy
instead of directly)

Clearly this has value if the user wants to access the device
while OFF his \"local subnet\".  E.g., check your Ring doorbell
while you are away at work or adjust the temperature in your house
before you return to it (isn\'t the thermostat supposed to KNOW how
to do that??).

But, this embeds much of the devices\' value in the proxy.  E.g.,
a ring doorbell that can\'t get out to The Internet is just
an overpriced buzzer.  (A thermostat can, at least, fall back
to being a $20 thermostat)

I\'m not saying its desirable, just that from the point of view of the
manufacturer, it\'s simple, and avoids the cost of providing support to help
people get things running, and also avoids comment in social media about how it
\"doesn\'t work.\"

If the manufacturer goes out of business and no longer pays for the proxy, then
everyone\'s devices are more or less bricked, but the manufacture has gone, and
doesn\'t care.

I can\'t imagine manufacturers make such decisions *thinking* they
may go out of business (and washing their hands of the consequences,
therefore). Rather, it would seem that a manufacturer would be
concerned that they would have ongoing costs even after the
product was no longer generating revenue.

E.g., how long will MS keep the activation servers running for
old versions of the OS/apps? (You\'d think they would publish
some universal keys, after a while, so they could shut down
those servers)
 
On 2023-08-02 07:13, Don Y wrote:
On 8/1/2023 8:32 PM, Sylvia Else wrote:
On 02-Aug-23 11:32 am, Don Y wrote:
On 8/1/2023 5:50 PM, Sylvia Else wrote:
On 02-Aug-23 5:11 am, Don Y wrote:
Why do most \"smart devices\" seem to (needlessly?) inject a
proxy into their communications with other devices?

Arguable needs could include:
- vendor wants to harvest usage information
- vendor wants to snoop (gain some advantage)
- vendor wants to act as a bastion host
- vendor wants to supply service enhancements (e.g., DDNS)
- vendor wants to keep device current (laughable)

The first two are clearly not value added to the consumer.

The third *could* represent value -- but there\'s no way
of empirically knowing if it is actually happening!

The fourth seems trite -- are those enhancements REALLY
necessary? (do you really need to be able to check to
see if your laundry is done while miles from home? Or,
would an alert that finds you on the other side of the
house be more typical -- handled locally)

The fifth could be empirically verified but I\'d wager
the number of updates pushed is pretty small. Esp if
you consider how often devices are \"no longer supported\".

Any other likely reasons?

I think this is, at least in part, related to finding the devices to be connected in the context of a WiFi network of unknown configuration, and totally clueless users.

So, you think this lets the device \"phone home\" and letting the
user contact it VIA HOME instead of being able to resolve a local
name/address?

Yes.

I\'d buy that for devices that one has to \"reference\" (i.e., name)
This avoids the problem of users not having a local name service
AND not wanting to deal with non-static RFC1918 addresses.

But, there\'s no real need for that in devices that you *don\'t*
have to address (e.g., a TV resolving a URL through a proxy
instead of directly)

Clearly this has value if the user wants to access the device
while OFF his \"local subnet\". E.g., check your Ring doorbell
while you are away at work or adjust the temperature in your house
before you return to it (isn\'t the thermostat supposed to KNOW how
to do that??).

But, this embeds much of the devices\' value in the proxy. E.g.,
a ring doorbell that can\'t get out to The Internet is just
an overpriced buzzer. (A thermostat can, at least, fall back
to being a $20 thermostat)

I\'m not saying its desirable, just that from the point of view of the manufacturer, it\'s simple, and avoids the cost of providing support to help people get things running, and also avoids comment in social media about how it \"doesn\'t work.\"

If the manufacturer goes out of business and no longer pays for the proxy, then everyone\'s devices are more or less bricked, but the manufacture has gone, and doesn\'t care.

I can\'t imagine manufacturers make such decisions *thinking* they
may go out of business (and washing their hands of the consequences,
therefore). Rather, it would seem that a manufacturer would be
concerned that they would have ongoing costs even after the
product was no longer generating revenue.

E.g., how long will MS keep the activation servers running for
old versions of the OS/apps? (You\'d think they would publish
some universal keys, after a while, so they could shut down
those servers)

They\'ll just announce the end of support for the old OS/aps and
invite you to spend some on an \"upgrade\". Easy. And that trick
is getting common for all sorts of devices, not just computers
and software. That is the _real_ motivation for the internet of
things.

Jeroen Belleman
 
On 8/2/2023 1:00 AM, jeroen wrote:
E.g., how long will MS keep the activation servers running for
old versions of the OS/apps?  (You\'d think they would publish
some universal keys, after a while, so they could shut down
those servers)

They\'ll just announce the end of support for the old OS/aps and
invite you to spend some on an \"upgrade\". Easy. And that trick
is getting common for all sorts of devices, not just computers
and software. That is the _real_ motivation for the internet of
things.

I am actually surprised at how *long* MS has continued to
support their activation servers.

Assuming that folks will willingly accept being \"cheated\" a second
time is dubious. They can just as easily take the obsoleting of the
existing kit to be an opportunity to discard or replace it with
something else (FROM someone else!).

I don\'t know anyone who has \"upgraded\" their thermostat, doorbell,
security camera, baby monitor, etc. because the original stopped
working (due to a service shutdown).

[I *do* know of devices that have experienced hardware failures
and been retired simply because of the impracticality of repair
of \"inexpensive\" devices]

TVs, IMO, are the quickest to be \"left behind\" in terms of the
services they can access, media formats they can process, etc.
Along with them, STBs. (Yet some services still remain
accessible -- I was playing with a Roku XD a few nights back
and found that some channels still worked)

SOHO networking kit is always going obsolete as security
protocols are improved along with available bandwidth.
But, the old kit still works -- albeit with the same limitations
that it had originally (not surprisingly).
 
Don Y <blockedofcourse@foo.invalid> wrote:
On 8/1/2023 8:32 PM, Sylvia Else wrote:
On 02-Aug-23 11:32 am, Don Y wrote:
On 8/1/2023 5:50 PM, Sylvia Else wrote:
I think this is, at least in part, related to finding the devices
to be connected in the context of a WiFi network of unknown
configuration, and totally clueless users.

So, you think this lets the device \"phone home\" and letting the
user contact it VIA HOME instead of being able to resolve a local
name/address?

Yes.

I\'d buy that for devices that one has to \"reference\" (i.e., name)
This avoids the problem of users not having a local name service AND
not wanting to deal with non-static RFC1918 addresses.

But, there\'s no real need for that in devices that you *don\'t* have
to address (e.g., a TV resolving a URL through a proxy instead of
directly)

Now you delve back into the area where the manufacturer sees an
after-sale revenue stream from the sale of \"usage/monitoring\" data to
advertisers. A TV that directly resolved a URL would not give the
manufacturer \"usage/monitoring\" data that they could monetize by
selling it to advertisers. Having the TV resolve all URL\'s via a proxy
does give the manufacturer that data stream they can then monetize.

As well, going through a proxy also provides some \"plug and play\"
ability when the TV is installed on a local network that does not have
any local nameservice setup due to lack of knowledge on the part of the
owner, or lack of doing so on the part of the ISP installer who
installed the network access point for the customer. So the TV maker
can attempt to \'explain away\' the monitoring as seemingly necessary for
it to work in a wider array of missconfigured network situations (and
sadly, the non-technical user would buy such an explanation).

Clearly this has value if the user wants to access the device while
OFF his \"local subnet\".  E.g., check your Ring doorbell while you
are away at work or adjust the temperature in your house before you
return to it (isn\'t the thermostat supposed to KNOW how to do
that??).

But, this embeds much of the devices\' value in the proxy.  E.g., a
ring doorbell that can\'t get out to The Internet is just an
overpriced buzzer.  (A thermostat can, at least, fall back to being
a $20 thermostat)

I\'m not saying its desirable, just that from the point of view of
the manufacturer, it\'s simple, and avoids the cost of providing
support to help people get things running, and also avoids comment
in social media about how it \"doesn\'t work.\"

If the manufacturer goes out of business and no longer pays for the
proxy, then everyone\'s devices are more or less bricked, but the
manufacture has gone, and doesn\'t care.

I can\'t imagine manufacturers make such decisions *thinking* they may
go out of business (and washing their hands of the consequences,
therefore). Rather, it would seem that a manufacturer would be
concerned that they would have ongoing costs even after the product
was no longer generating revenue.

More likely the decision is made for a combination of several reasons:

1) more likely to \"just work\" in a plug-and-play mode given a
non-technical user and in a wider array of miss-configured network
situations

2) less support calls from non-technical users (translation: less cost
to in providing any after-sales support)

3) the datastream provides \"side-channel\" monetization to the
manufacturer via sales to advertising companies in some way

4) the \"forced obsolescence\" factor when the manufactuer decides to
remove the \"proxy\" is seen as providing future sales that might not
otherwise happen as users replace their now non-functioning devices.
(This one may or may not often factor in, numbers 1-3 above would
likely be sufficient to convince most of there being value in the
\"go through a proxy always\" operation method). Esp. #3 where the
manufacturer gets some level of revenue stream even after the
initial device sale.
 
On 8/2/2023 6:34 AM, Bertrand Sindri wrote:
But, there\'s no real need for that in devices that you *don\'t* have
to address (e.g., a TV resolving a URL through a proxy instead of
directly)

Now you delve back into the area where the manufacturer sees an
after-sale revenue stream from the sale of \"usage/monitoring\" data to
advertisers. A TV that directly resolved a URL would not give the
manufacturer \"usage/monitoring\" data that they could monetize by
selling it to advertisers. Having the TV resolve all URL\'s via a proxy
does give the manufacturer that data stream they can then monetize.

How often do folks *really* use their TV to surf the web?
You DL *content* through the various services installed on
the TV (and they can directly monitor your consumption
of each, individually; the TV manufacture could conceivably
monitor which of them you use/avoid.)

As well, going through a proxy also provides some \"plug and play\"
ability when the TV is installed on a local network that does not have
any local nameservice setup due to lack of knowledge on the part of the
owner, or lack of doing so on the part of the ISP installer who
installed the network access point for the customer. So the TV maker

The TV is a \"pull\" device wrt network addressing. Even screencasting
is handled through the UI provided *in* the TV. And, because it
is on 24/7 (even if \"sleeping\"), it never needs to surrender a lease.

can attempt to \'explain away\' the monitoring as seemingly necessary for
it to work in a wider array of missconfigured network situations (and
sadly, the non-technical user would buy such an explanation).

I would more buy the idea that the TV itself would be vulnerable to
changes in web technology, exploits and other things that could make
it misbehave or fail to render a site properly. A *smart* proxy
could conceivably address these issues (or, at least, protect the
device/network)

Clearly this has value if the user wants to access the device while
OFF his \"local subnet\".  E.g., check your Ring doorbell while you
are away at work or adjust the temperature in your house before you
return to it (isn\'t the thermostat supposed to KNOW how to do
that??).

But, this embeds much of the devices\' value in the proxy.  E.g., a
ring doorbell that can\'t get out to The Internet is just an
overpriced buzzer.  (A thermostat can, at least, fall back to being
a $20 thermostat)

I\'m not saying its desirable, just that from the point of view of
the manufacturer, it\'s simple, and avoids the cost of providing
support to help people get things running, and also avoids comment
in social media about how it \"doesn\'t work.\"

If the manufacturer goes out of business and no longer pays for the
proxy, then everyone\'s devices are more or less bricked, but the
manufacture has gone, and doesn\'t care.

I can\'t imagine manufacturers make such decisions *thinking* they may
go out of business (and washing their hands of the consequences,
therefore). Rather, it would seem that a manufacturer would be
concerned that they would have ongoing costs even after the product
was no longer generating revenue.

More likely the decision is made for a combination of several reasons:

1) more likely to \"just work\" in a plug-and-play mode given a
non-technical user and in a wider array of miss-configured network
situations

Yet damn near every user has a (wireless) router that suffers from
the same configuration issues, lack of intuitive UI, etc. And,
folks all rely on them for *all* their access...

2) less support calls from non-technical users (translation: less cost
to in providing any after-sales support)

Except when the proxy is not available or fails (or is discontinued).
As it is an integral part of the service, at those times, the user
MUST contact support.

3) the datastream provides \"side-channel\" monetization to the
manufacturer via sales to advertising companies in some way

4) the \"forced obsolescence\" factor when the manufactuer decides to
remove the \"proxy\" is seen as providing future sales that might not
otherwise happen as users replace their now non-functioning devices.
(This one may or may not often factor in, numbers 1-3 above would
likely be sufficient to convince most of there being value in the
\"go through a proxy always\" operation method). Esp. #3 where the
manufacturer gets some level of revenue stream even after the
initial device sale.

Do you really think people are happy with \"forced obsolescence\"?
To the extent that they would re-up with the same supplier to
reward him for treating them thusly?

It\'s one thing to have a \"free trial\" period expire and be
faced with the question of \"do I want to PAY for that service
that I\'d previously had for free\". It\'s another to have
something that you feel you *have* paid for taken away, \"arbitrarily\".

\"What\'s to keep them from doing this, again, NEXT year? How much
time do I want to spend repurchasing something that I already
*owned*?\"

Are you going to \"rent\" your software tools -- after having become
accustomed to *owning* them (under license)? Are you going to
rent your music after having purchased a collection of titles?
 
Don Y <blockedofcourse@foo.invalid> wrote:
On 8/2/2023 6:34 AM, Bertrand Sindri wrote:
But, there\'s no real need for that in devices that you *don\'t* have
to address (e.g., a TV resolving a URL through a proxy instead of
directly)

Now you delve back into the area where the manufacturer sees an
after-sale revenue stream from the sale of \"usage/monitoring\" data
to advertisers. A TV that directly resolved a URL would not give
the manufacturer \"usage/monitoring\" data that they could monetize by
selling it to advertisers. Having the TV resolve all URL\'s via a
proxy does give the manufacturer that data stream they can then
monetize.

How often do folks *really* use their TV to surf the web?

For the non-technical crowd (i.e., the 98 percentile of users, the
answer is likely \'surprisingly often\'. Granted, the use very well may
be: 1) youtube 2) porn 3) latest cat video from FB/instagram/etc vs. TI
chip datasheets.

You DL *content* through the various services installed on the TV
(and they can directly monitor your consumption of each,
individually; the TV manufacture could conceivably monitor which of
them you use/avoid.)

They (the manufacturer) could know everything about your usage of the
\"TV\", as they provide the OS, and can add whatever additional
monitoring hooks they want.

As well, going through a proxy also provides some \"plug and play\"
ability when the TV is installed on a local network that does not
have any local nameservice setup due to lack of knowledge on the
part of the owner, or lack of doing so on the part of the ISP
installer who installed the network access point for the customer.
So the TV maker

The TV is a \"pull\" device wrt network addressing. Even screencasting
is handled through the UI provided *in* the TV. And, because it is
on 24/7 (even if \"sleeping\"), it never needs to surrender a lease.

DHCP lease vs. \'nameserver IP\' are two different things. If it uses a
proxy for all network coms. (and has the proxy\'s IP addresses already
stored) it can operate in a network that has only DHCP providing only
an IP for the device and a gateway IP. It won\'t care, nor need, the
DHCP server to also indicate a nameserver to utilize. Thereby making
it slightly more \"plug-and-play\" as I said.

can attempt to \'explain away\' the monitoring as seemingly necessary for
it to work in a wider array of missconfigured network situations (and
sadly, the non-technical user would buy such an explanation).

I would more buy the idea that the TV itself would be vulnerable to
changes in web technology, exploits and other things that could make
it misbehave or fail to render a site properly.

Yes, this will happen, and from the manufacturer\'s perspective simply
means the device is likely to be replaced sooner rather than later,
keeping the new sales treadmill running.

A *smart* proxy could conceivably address these issues (or, at least,
protect the device/network)

Possibly -- but given the crap quality of most of the software on most
smart tv\'s, I very much doubt the maker is concerned with \'fixing\'
broken renderings or with \'protecting\' the device.

Clearly this has value if the user wants to access the device
while OFF his \"local subnet\".  E.g., check your Ring doorbell
while you are away at work or adjust the temperature in your
house before you return to it (isn\'t the thermostat supposed to
KNOW how to do that??).

But, this embeds much of the devices\' value in the proxy.  E.g.,
a ring doorbell that can\'t get out to The Internet is just an
overpriced buzzer.  (A thermostat can, at least, fall back to
being a $20 thermostat)

I\'m not saying its desirable, just that from the point of view of
the manufacturer, it\'s simple, and avoids the cost of providing
support to help people get things running, and also avoids comment
in social media about how it \"doesn\'t work.\"

If the manufacturer goes out of business and no longer pays for
the proxy, then everyone\'s devices are more or less bricked, but
the manufacture has gone, and doesn\'t care.

I can\'t imagine manufacturers make such decisions *thinking* they
may go out of business (and washing their hands of the
consequences, therefore). Rather, it would seem that a
manufacturer would be concerned that they would have ongoing costs
even after the product was no longer generating revenue.

More likely the decision is made for a combination of several reasons:

1) more likely to \"just work\" in a plug-and-play mode given a
non-technical user and in a wider array of miss-configured
network situations

Yet damn near every user has a (wireless) router that suffers from
the same configuration issues, lack of intuitive UI, etc. And, folks
all rely on them for *all* their access...

And for a huge segment of that population, that wireless router was
installed and configured by \"the cable guy\" and was never touched by
the end user again for any configuration.

You are viewing the world from a \"I know how it works, and I can
change/reconfigure it\" viewpoint. 98% of the general public can just
barely handle plugging the power brick into the wall outlet and into
the box, and pressing the \"on\" button. They operate in a very
different world from the one you inhabit.

2) less support calls from non-technical users (translation: less
cost to in providing any after-sales support)

Except when the proxy is not available or fails (or is discontinued).
As it is an integral part of the service, at those times, the user
MUST contact support.

No, because for a large segment, they will presume the device has
failed and proceed to go buy another. Esp. if their cellphone/tablet
still works while the TV has quit.

3) the datastream provides \"side-channel\" monetization to the
manufacturer via sales to advertising companies in some way

4) the \"forced obsolescence\" factor when the manufactuer decides to
remove the \"proxy\" is seen as providing future sales that might
not otherwise happen as users replace their now non-functioning
devices. (This one may or may not often factor in, numbers 1-3
above would likely be sufficient to convince most of there being
value in the \"go through a proxy always\" operation method). Esp.
#3 where the manufacturer gets some level of revenue stream even
after the initial device sale.

Do you really think people are happy with \"forced obsolescence\"?

Those of us technical enough to understand it, no, we are not happy
with it. For the 98% non-technical \"plug-and-play\" users, they don\'t
see it as \"forced obsolescence\" but as \"the dang TV\'s quit working\".
If it is outside the warranty period they then go looking to replace
it.

To the extent that they would re-up with the same supplier to reward
him for treating them thusly?

When all the suppliers are treating you the same way, who you gonna
call? They might swap to a different brand, but then a customer of
that other brand swaps to this brand for the same reason, and both
brands see \"an additonal sale\" and see the sales treadmill keep on
spinning.

It\'s one thing to have a \"free trial\" period expire and be faced with
the question of \"do I want to PAY for that service that I\'d
previously had for free\". It\'s another to have something that you
feel you *have* paid for taken away, \"arbitrarily\".

For the non-technical user base, they don\'t understand that the TV quit
because the manufacturer decided they wanted to turn off the proxy
server supporting the TV. They just see that the TV quit. Not \"quit\"
as in the push button screen remains dark type, but as in \"won\'t play
youtube\" or \"won\'t play pornhub\" or whatever they were going to watch.
So they will chalk things up to \"it\'s broke\" and toss it out to the
curb to be replaced by another one.

> \"What\'s to keep them from doing this, again, NEXT year?

Nothing.

How much time do I want to spend repurchasing something that I
already *owned*?\"

Me, zero. But you and I understand how this stuff works. Most
purchasers don\'t and simply see it as \"it broke\".

Are you going to \"rent\" your software tools -- after having become
accustomed to *owning* them (under license)?

Me, no. I don\'t buy software anymore either -- there\'s enough
GPL/OpenSource that I have not purchased anything for a couple decades
now.

But, given the number of folks signing up for Adobe studio or all the
other \"rent your software forever\" offerings, a huge number of folks
have no problem with renting their software forever.

Are you going to rent your music after having purchased a collection
of titles?

Again, no. All mine is mp3/aac\'s on a local filesystem, without any
DRM.

But, given the number of folks subscribing to music streaming services,
a huge number of people have no problem renting music as well, even
after they likely purchased a CD, and before than a Cassette, and
before that a vinyl record, of the same music.
 
On 8/2/2023 3:17 PM, Bertrand Sindri wrote:
Don Y <blockedofcourse@foo.invalid> wrote:
On 8/2/2023 6:34 AM, Bertrand Sindri wrote:
But, there\'s no real need for that in devices that you *don\'t* have
to address (e.g., a TV resolving a URL through a proxy instead of
directly)

Now you delve back into the area where the manufacturer sees an
after-sale revenue stream from the sale of \"usage/monitoring\" data
to advertisers. A TV that directly resolved a URL would not give
the manufacturer \"usage/monitoring\" data that they could monetize by
selling it to advertisers. Having the TV resolve all URL\'s via a
proxy does give the manufacturer that data stream they can then
monetize.

How often do folks *really* use their TV to surf the web?

For the non-technical crowd (i.e., the 98 percentile of users, the
answer is likely \'surprisingly often\'. Granted, the use very well may
be: 1) youtube 2) porn 3) latest cat video from FB/instagram/etc vs. TI
chip datasheets.

I know of exactly one \"average joe\" who gets content over the internet.
All others use cable. (but, most of the folks I know are older and
have stable viewing habits -- not fad driven)

You DL *content* through the various services installed on the TV
(and they can directly monitor your consumption of each,
individually; the TV manufacture could conceivably monitor which of
them you use/avoid.)

They (the manufacturer) could know everything about your usage of the
\"TV\", as they provide the OS, and can add whatever additional
monitoring hooks they want.

My point was that \"Netflix\" has no way of knowing what you are consuming
on \"Amazon\" ... or VUDU or ... Unless the manufacturer has agreed to
share this information with them, they don\'t even know if you\'ve been
*watching* TV!

And, a TV displaying content sourced via cable tells the manufacturer
*nothing* of your viewing habits.

As well, going through a proxy also provides some \"plug and play\"
ability when the TV is installed on a local network that does not
have any local nameservice setup due to lack of knowledge on the
part of the owner, or lack of doing so on the part of the ISP
installer who installed the network access point for the customer.
So the TV maker

The TV is a \"pull\" device wrt network addressing. Even screencasting
is handled through the UI provided *in* the TV. And, because it is
on 24/7 (even if \"sleeping\"), it never needs to surrender a lease.

DHCP lease vs. \'nameserver IP\' are two different things. If it uses a

Of course. But, a numeric IP that \"rarely changes\" is as good as a
static IP. And, a static IP is as good as a name.

Given that most homes have few IP devices competing for addresses
and that DHCP servers will tend to reoffer the same IP to a \"repeat
customer\" (assuming the TV gets shut off for many lease times),
a dynamic address can be as good as a static one.

[My NASs each take leases. Yet, I can find them reliably because
their IPs don\'t really change.]

proxy for all network coms. (and has the proxy\'s IP addresses already
stored) it can operate in a network that has only DHCP providing only
an IP for the device and a gateway IP. It won\'t care, nor need, the
DHCP server to also indicate a nameserver to utilize. Thereby making
it slightly more \"plug-and-play\" as I said.

can attempt to \'explain away\' the monitoring as seemingly necessary for
it to work in a wider array of missconfigured network situations (and
sadly, the non-technical user would buy such an explanation).

I would more buy the idea that the TV itself would be vulnerable to
changes in web technology, exploits and other things that could make
it misbehave or fail to render a site properly.

Yes, this will happen, and from the manufacturer\'s perspective simply
means the device is likely to be replaced sooner rather than later,
keeping the new sales treadmill running.

That\'s a gamble on the manufacturer\'s part. MS thought they could move
past XP just by declaring that a new OS was available. Yet, folks
clung to XP. (Ditto W7)

Granted, XP continued to work so they weren\'t forced to make a choice.
But, if they had been, do you think it wouldn\'t have prompted folks to
look into alternatives -- Linux, OSX, android (\"let\'s get rid of this
big, klunky laptop\")

Why not issue a new product annually and \"train\" folks to replace
even more often? Ans: because each time they have to replace something
is an opportunity for them to decide NOT to replace with YOUR product.

A *smart* proxy could conceivably address these issues (or, at least,
protect the device/network)

Possibly -- but given the crap quality of most of the software on most
smart tv\'s, I very much doubt the maker is concerned with \'fixing\'
broken renderings or with \'protecting\' the device.

Clearly this has value if the user wants to access the device
while OFF his \"local subnet\".  E.g., check your Ring doorbell
while you are away at work or adjust the temperature in your
house before you return to it (isn\'t the thermostat supposed to
KNOW how to do that??).

But, this embeds much of the devices\' value in the proxy.  E.g.,
a ring doorbell that can\'t get out to The Internet is just an
overpriced buzzer.  (A thermostat can, at least, fall back to
being a $20 thermostat)

I\'m not saying its desirable, just that from the point of view of
the manufacturer, it\'s simple, and avoids the cost of providing
support to help people get things running, and also avoids comment
in social media about how it \"doesn\'t work.\"

If the manufacturer goes out of business and no longer pays for
the proxy, then everyone\'s devices are more or less bricked, but
the manufacture has gone, and doesn\'t care.

I can\'t imagine manufacturers make such decisions *thinking* they
may go out of business (and washing their hands of the
consequences, therefore). Rather, it would seem that a
manufacturer would be concerned that they would have ongoing costs
even after the product was no longer generating revenue.

More likely the decision is made for a combination of several reasons:

1) more likely to \"just work\" in a plug-and-play mode given a
non-technical user and in a wider array of miss-configured
network situations

Yet damn near every user has a (wireless) router that suffers from
the same configuration issues, lack of intuitive UI, etc. And, folks
all rely on them for *all* their access...

And for a huge segment of that population, that wireless router was
installed and configured by \"the cable guy\" and was never touched by
the end user again for any configuration.

You are viewing the world from a \"I know how it works, and I can
change/reconfigure it\" viewpoint. 98% of the general public can just
barely handle plugging the power brick into the wall outlet and into
the box, and pressing the \"on\" button. They operate in a very
different world from the one you inhabit.

I think you underestimate the resources that folks have
available to them. EVERYONE knows some neighborhood kid
who\'s \"a whiz with computers\" (it may even be their
own kid!). Or, can quiz the IT-guy at work for advice.
Or...


2) less support calls from non-technical users (translation: less
cost to in providing any after-sales support)

Except when the proxy is not available or fails (or is discontinued).
As it is an integral part of the service, at those times, the user
MUST contact support.

No, because for a large segment, they will presume the device has
failed and proceed to go buy another. Esp. if their cellphone/tablet
still works while the TV has quit.

I see TVs replaced because someone wanted bigger/better.
This is especially true around the holidays and Superbowl.
If 40 inches was good, 50 will be better. And 60 is better
than 50. And...

Most people, here, have multiple TVs in their homes and
an \"overflow\" TV out in the garage. \"Wow! 4K! The picture
is *so* much better!!\" \"Gee, a CURVED screen! No more
head swiveling to see both sides of the screen!\"

People spend (a lot) on \"entertainment\" (of which the
phone is a big part) and rationalize those \"costs\" as
essential. Canvas your friends and neighbors (including
that \"98 percent)) and see what they spend on phone, cable,
internet each month. How many TVs they have.

Clearly, they can economize on those things -- yet choose not
to. How many have the latest iPhone -- despite the fact
that the previous *8* models all still work!

3) the datastream provides \"side-channel\" monetization to the
manufacturer via sales to advertising companies in some way

4) the \"forced obsolescence\" factor when the manufactuer decides to
remove the \"proxy\" is seen as providing future sales that might
not otherwise happen as users replace their now non-functioning
devices. (This one may or may not often factor in, numbers 1-3
above would likely be sufficient to convince most of there being
value in the \"go through a proxy always\" operation method). Esp.
#3 where the manufacturer gets some level of revenue stream even
after the initial device sale.

Do you really think people are happy with \"forced obsolescence\"?

Those of us technical enough to understand it, no, we are not happy

Those of us who understand it can usually work around it. TV
can\'t handle MKVs... but, the little media player I\'ve connected
to it can.

with it. For the 98% non-technical \"plug-and-play\" users, they don\'t
see it as \"forced obsolescence\" but as \"the dang TV\'s quit working\".

The dang TV doesn\'t quit working because the content is delivered
by the cable box -- and the cable company has an incentive to
keep that hardware running. The TV gets replaced out of vanity.

The phone gets replaced for similar reasons.

We\'ve not updated the maps in the car\'s GPS in ~10 years.
Why? Because there\'s no need to spend $100/yr to cover the
two or three *new* roads that may have been paved in that
time (and businesses go out of business often enough that
even an annual update wouldn\'t guarantee accuracy).

The GPS isn\'t \"entertainment\" so isn\'t high on folks\' priority
list.

If we had to replace the audio head in the car to continue to
receive radio broadcasts, play CDs and MP3s, we\'d not consider
it -- the cost would be outrageous (labor alone) so we\'d find
a way of playing whatever the latest audio encoding was (by
recoding the files)

If it is outside the warranty period they then go looking to replace
it.

To the extent that they would re-up with the same supplier to reward
him for treating them thusly?

When all the suppliers are treating you the same way, who you gonna
call? They might swap to a different brand, but then a customer of
that other brand swaps to this brand for the same reason, and both
brands see \"an additonal sale\" and see the sales treadmill keep on
spinning.

People get off treadmills when they get tired/bored of them.
Broadcast media used to have a monopoly hold on their audience
and could squeeze as many \"adverts\" into a show as they wanted.
Then, viewers moved to cable. Cable engages in similar behavior
and people move to other media sources (we watch almost *0*
TV weekly -- but the TV is on for many hours as we watch DVDs
and other \"local content\")

Soon, we\'ll be purchasing \"commercial detector AIs\" that will
accurately screen content to our liking. What will the content
providers do when folks stop watching commercials?

There\'s always an alternative. If the alternative is easily
embraced, then the previous patterns are at risk (watching
a VHS tape was considerably harder than watching a broadcast
movie; watching a DVD a bit less so; a DVR? an integrated
media tank??)

It\'s one thing to have a \"free trial\" period expire and be faced with
the question of \"do I want to PAY for that service that I\'d
previously had for free\". It\'s another to have something that you
feel you *have* paid for taken away, \"arbitrarily\".

For the non-technical user base, they don\'t understand that the TV quit
because the manufacturer decided they wanted to turn off the proxy
server supporting the TV. They just see that the TV quit. Not \"quit\"

The only folks who will \"see\" this are folks who are using the
services made available via that proxy. If you are served via
cable and the \"TV quit\", then you\'ll call the cable company,
not buy a new TV. If you were surfing the web via your
TV, you\'ll switch to another device -- even if only temporarily.
If this proves NOT to be inconvenient, you won\'t worry about
finding a replacement TV that has that capability.

You don\'t want to put customers into positions where they have
to make decisions. People are lazy. They will keep doing what
they HAVE been doing because they are \"too busy\" to deal with
researching/deciding alternatives.

This is why changes in service terms, pricing, obsolescence,
etc. are downside risks.

Do you really want to buy another home security system?
Thermostat? Microwave oven (or other major appliance)?

Buying a new phone is like a trip to the toy store.
Buying a new thermostat is like a trip to the stationer\'s
(something visited so infrequently that each visit comes with
apprehension as to what you \"don\'t know\")

as in the push button screen remains dark type, but as in \"won\'t play
youtube\" or \"won\'t play pornhub\" or whatever they were going to watch.
So they will chalk things up to \"it\'s broke\" and toss it out to the
curb to be replaced by another one.

\"What\'s to keep them from doing this, again, NEXT year?

Nothing.

How much time do I want to spend repurchasing something that I
already *owned*?\"

Me, zero. But you and I understand how this stuff works. Most
purchasers don\'t and simply see it as \"it broke\".

Are you going to \"rent\" your software tools -- after having become
accustomed to *owning* them (under license)?

Me, no. I don\'t buy software anymore either -- there\'s enough
GPL/OpenSource that I have not purchased anything for a couple decades
now.

But, given the number of folks signing up for Adobe studio or all the
other \"rent your software forever\" offerings, a huge number of folks
have no problem with renting their software forever.

Adobe offers value for money. And, targets a different segment of the
population. Does MSOffice (compared to some older version thereof)
any moreso than Open/LibreOffice?

The dwindling number of \"home users\" of computers have turned them
into \"WWW browsers\" and \"Notepad/Wordpad\" appliances. SWMBOs
artist friends use some piece of software that (only!) runs on iPads.
(who the hell would want to deal with a 10 inch screen??)

The software market is now the business market. \"How much will
it cost me to purchase licenses for 3000 seats? And, how much
will it cost me to support those licenses?\"

Are you going to rent your music after having purchased a collection
of titles?

Again, no. All mine is mp3/aac\'s on a local filesystem, without any
DRM.

But, given the number of folks subscribing to music streaming services,
a huge number of people have no problem renting music as well, even
after they likely purchased a CD, and before than a Cassette, and
before that a vinyl record, of the same music.

Young people likely \"chase the latest\" and haven\'t yet learned to
collect music (in anticipation of that day when their tastes
will \"stagnate\" and they\'ll frown on whatever is contemporary).

[Young people chase the latest in MANY things -- clothing, fashion,
social trends, etc. -- so are poor examples of durable behaviors...
witness how having a phone in their hands changed behaviors that
were the norm just prior!]

They also are less likely to have other places to spend their
monies (homes, families, retirement savings, etc.) and can easily
indulge the present without worrying about making long term
choices. (Do I want THIS refrigerator or THAT -- given that
I will likely be living with it and RELYING on it for many years?)
 

Welcome to EDABoard.com

Sponsor

Back
Top