Vacuum bricked after user blocks data collection – user mods it to run anyway
Mood
heated
Sentiment
negative
Category
tech
Key topics
IoT security
device ownership
smart home privacy
A smart vacuum was remotely disabled after its owner blocked data collection, but the owner modded it to run offline, sparking debate about device ownership and IoT security.
Snapshot generated from the HN discussion
Discussion Activity
Very active discussionFirst comment
1d
Peak period
100
Day 5
Avg / period
21.7
Based on 130 loaded comments
Key moments
- 01Story posted
11/1/2025, 5:25:00 PM
17d ago
Step 01 - 02First comment
11/2/2025, 5:36:08 PM
1d after posting
Step 02 - 03Peak activity
100 comments in Day 5
Hottest window of the conversation
Step 03 - 04Latest activity
11/9/2025, 8:29:13 PM
9d ago
Step 04
Generating AI Summary...
Analyzing up to 500 comments to identify key contributors and discussion patterns
We should probably update this story to link directly to the hackers blog, they deserve the credit! https://codetiger.github.io/blog/the-day-my-smart-vacuum-tur...
[0] https://valetudo.cloud/pages/general/supported-robots.html
Ability is a matter of patience and persistence. And both are the results of motivation. Anyone can learn anything as long as they really want it. (barring disabilities like depression that destroy motivation. But some people use even that as an opportunity to learn new skills that in turn help them recover.) But Time is an entirely different matter. You can find time if you really want to, but life has other priorities too - including time doing nothing (rest). Finding the extra time in between all that will depend on your craftiness. That's the true skill here.
I don't own a smart vacuum cleaner because the trouble is not worth it to me. However, I can see smart vacuum cleaners being very good for elderly or disabled people, or someone who has very limited free time and could let the robot clean the house on its own while the owner is out. It is really disgusting that scumbag manufacturers are exploiting those people.
You see the same everywhere. Lawnmowers even. A goat is more user friendly.
What what makes you think it was manual?
> That makes me think that this device was doing something malicous to their servers, enough to trip an alert.
Sounds like a them problem, and not a problem that should affect the consumer (beyond losing functionality directly tied to the server, which bricking of any kind goes far beyond)
The article said that someone from the company logged in to his device and edited a file on it to disable it. Even if it was automatic someone would manually have to write a script to login and edit a file.
I can't find that in the article. Could you quote it?
The closest I got to finding this is:
> The manufacturer added a makeshift security protocol by omitting a crucial file, which caused it to disconnect soon after booting, but Harishankar easily bypassed it.
> deep in the logs of his non-functioning smart vacuum, he found a command with a timestamp that matched exactly the time the gadget stopped working. This was clearly a kill command
> So, why did the A11 work at the service center but refuse to run in his home? The technicians would reset the firmware on the smart vacuum, thus removing the kill code, and then connect it to an open network, making it run normally. But once it connected again to the network that had its telemetry servers blocked, it was bricked remotely because it couldn’t communicate with the manufacturer’s servers.
Which to me reads 'automatic script on the server tells device to delete file and reboot, causing it to brick', using the same kind of mechanism that an automatic firmware update would use, not 'human at company logs into device and tells it to brick'.
He should make these and sell them. It would be worth it to just drive it in "discovery" mode and give it the exact path to follow while cleaning. The constant inability to learn the floor plan is beyond annoying.
This shit is absolutely dystopian. The law must not just be reversed, manufacturers need to be taken to court for shoddy software. Insecure data collection and transmission should be treated the same as having unsafe electrical wiring. It is a defect that needs to be either fixed or the product recalled. As long as manufacturers are not just allowed to but rewarded for selling defective products this won't change. I expect the moment unsolicited data collection becomes a liability manufacturers will drop it like a hot potato.
Possession of the data needs to be illegal.
Here's how it could work. It's similar to how copyrights for music are enforced. A person whose data are found in someone's files or server can sue for "statutory" damages, which are levied on a per-offense basis.
In other words, I find this a silly suggestion as it's just never going to work in the real world.
That's not how copyright lawsuits work though. For the typical person torrenting, it's because they were caught in the act of torrenting (eg. they had a torrent client in the swarm connecting from an ip that was assigned to them). Otherwise it's a DMCA takedown and companies don't even bother suing. Nobody is getting their hard drives searched for illegal music and getting sued as a result.
https://www.copyright.gov/1201/2024/
I see in the "final rule" for 2024 (PDF) a section titled "11. Computer Programs—Repairs of Devices Designed Primarily for Use by Consumers", although it seems to indicate that nothing changed, as opposed to telling you what stayed the same.
They have a list of supported vacuums
I'm reminded of when AWS us-east-1 went down and all the beds made by EightSleep (business model: Juicero for beds) became disabled. EightSleep put all the significant control for their beds in the cloud, doubtless because they couldn't or didn't know how to hire embedded engineers, and the only devs they could find were node.js flunkies who only knew how to do cloud. Looks like the makers of this vacuum did the same thing; they didn't know how or didn't want to build just enough smarts to do the localization and mapping itself, and said "fuck it, we'll do it in the cloud".
Clearly automatic beds have some degree of embedded software. The decision to put the controls in the cloud was certainly a conscious one.
Isn't that the inverse of the Hanlon's razor? But I agree - the Occam's razor says that the inverse Hanlon's razor is most likely the case here.
I haven't tried it personally because my particular model of vacuum has some complicated and potentially destructive procedure to get the required access, but there's quite a few models where it can be installed easily.
If that's the case what guarantees do I have there's no "funny business" on the image?
Which you cant do with the 1st party apps. This alone is enough for me.
The private builder is not great, but the reason are understandable, it is what it is.
Since the robots got cameras and microphones, it's a no-go for me to have it in my home connected to some cloud.
It's little bit challenging to orient oneself in the project (tip: read a couple of the last release notes), but once you do, it's great.
I bought a new robot vacuum that was specifically recommended by the Valetudo project (Dreame L10s Pro Ultra Heat). The rooting was straightforward and non-destructive. The robot works great.
And the usage is much better even for non-developer people (i.e. my wife), as the UI is simple, not constantly changing under your hands, no ads, no upseling. It's a tool as it should be.
This right there is the root of the entire problem. We had IBM PC clones that you could recover and keep running for decades by easily replacing expansion cards, HDDs, RAM sticks, peripherals and even circuit components like caps, ICs and batteries. We used to partition our 50 GB HDD into a dozen little partitions and multiboot every conceivable OS out there. Now we have an oligarchic dystopia where even RAMs and batteries are soldered on and bonded with single-use resins instead of age-old screws. Even if you get through, you can't salvage or swap ICs because they're paired individually at device level. You can't reach the boot partition without a Ph.D in RevEng and a risk of still bricking the device 3 out of 4 times. And that's all for technological progress and security, they say! Those claims have as much credibility as their claims to making an honest living. It's weasel-speak, not engineering insight.
Modifying the device that you paid for should never be this complicated. Those greedy corpos are usurping the consumer's rights and wealth, plain and simple.
Maybe it is just me, but surely would be less effort to hire a cleaner and they can do more than just vacuuming.
Robovacuums don't cost £150 an hour. If you buy one for £500 and run it every day for two years, you're paying ~70p per hour. Are there any cleaners who charge less than £1 per visit?
I used to pay my Spainish cleaners about €20 euros a week for two cleaners. Granted that was while ago, but it was peanuts.
Also I'd rather have cleaner do it properly, than by a robovac that (as everyone says on the sibling comments) does half a job.
You save the 20 minutes once a week.
That's it. That is the whole point. A slight convenience. I use one in a 1 bedroom apartment.
I have a dog and need to vacuum at least once a day, currently.
Without a robot vacuum, Id go crazy.
You just schedule it and forget it. As everyone says it doesn't do as good of a job as you do but the main benifit is it's consistent about doing that job more frequently.
Ever been to Chesterton's Fence?
Hypothetically, some people who own such an idiotic device might have pets that bring in lots of dirt from the fields, lose lots of hair, and get a little bit agitated by the normal vacuum cleaner but more or less ignore the robot vacuum.
Additionally much like people ubering a McDonalds when the drive through is less than a 2 minute drive away. It actually causes additional headaches (food is more likely to come col and/or incorrect) and complications that don't exist with simply just spending a few minutes not being lazy is actually easier.
It's not the same as a full vacuum run. But it's god as what they are designed to do. Clean a bit every single day.
All the crumbs that fall down in the kitchen over a day, don't get chance to get stamped into the floor. Noticeable less dust buildup on top of counters. I come home and it's done. Mental load removed.
It's neat. And you can get them from 80 EUR. Even if they only last 5 years, that's 16 EUR per year, but saves you maybe 8h per year. Maybe it's because I live in a relative rich country, but here that is not decadent. People buy cars for 50 000 EUR :3
It is like having a smart fridge or something that produce ice-cubes for me and loads of other stupid kitchen gadgets. I didn't feel the need to have a robot vacuum cleaner in the past and I don't feel the need to have one now. Especially with all the iffy spying stuff that it might be doing.
Also any of these things that is less than 100 euros is likely to be crap. I just got rid of a lot of old electronics tat.
I'm not trying to convince you to buy one, I'm trying to explain why you have one. Because YOU said that you don't understand it. I'm trying to explain my needs. No need to shame me.
Of all the household items i have, the robot vacuum I would certainly buy again.
You obviously don't have a pet or a baby.
Make that 15 minutes of vacuuming AND mopping 3 times a day for a baby. Suddenly it seems very attractive to have a clean house while not having to find the time during the baby's sleep and nap time to do it manually.
You could argue the same for a dishwasher: I used to only use a single fork, glass and pot (eat out of the pot). A dishwasher seemed like the most idiotic device anyone could own if that's all you need to rinse every day. Until of course you add more people to that equation...(and maybe cook more than just pasta)
But even with a magic baby and magical dogs, you mentioned only spending 10 minutes a week vacuuming. I have no idea how that is possible with babies and dogs unless your threshold for when something requires cleaning is extremely high.
Before having a robot vacuum/mop I would have to go and pick up every piece of food and wipe the floor after every meal. Sure, the whole kitchen didn't technically need a mop, but there's usually also food in other places simply through the action of cooking. We cook every meal for the baby and most meals for ourselves.
Do you just leave the food and crumbs on the floor until your weekly 10 minute vacuum? In which case, yes, the notion of a robot vacuum must feel idiotic to you. The notion of a vacuum would also feel idiotic to me in that scenario as you can surely just use a broom and a dustpan for such a small amount of cleaning.
I don't like it either but here we are
Likewise, there are a whole lot of products that don't have an "unsubsidized" version that I simply refuse to purchase (or have purchased and returned after confirming that they will not work when locked in IOT jail where they can't talk to the internet.)
Didn't they already remove the option for a completely ad free prime video experience or am I hallucinating that? They have such a ridiculous hold on the e reader market I feel like it is just matter of the next down quarter.
Ironically they did that to 1984 book.
A couple of years ago, I subscribed to Peacock Premium (or whatever it was called). The selling point was access to all their library.
At that time, it was ad-free.
It is now packed with ads, and they want me to upgrade to “Peacock Squeal Like A Pig,” or whatever they call it.
Instead, I just canceled my subscription, and avoid any Peacock stuff, which isn’t difficult. They don’t have much I want to see.
I have a friend who pirates everything. I have always believed in paying for my media, but it’s become such a clusterfuck, that I can sympathize.
Does the ad-free version not collect your data too?
I care if I see ads, even if I "don't read them". And when it comes to other devices, like IP security cameras I might care a lot more about whether the manufacturer has access to the device once it's set up.
My goal was just to point out that there is at least one existing case where you can pick between a subsidized and unsubsidized (or less subisdized if you prefer) product, and having the choice is strictly better than not having the choice.
Visa knows you bought a book. That's all they know. Amazon knows that you actually read the book (or didn't), how long it took you to read the book, how many times you read it, every date/time when you opened it, what specific pages you flip to and re-read later, etc. Maybe you consider that data to be "nothing of significance", but Amazon doesn't see it that way. They spend a lot of time and money collecting, storing, and analyzing that data and it isn't because they didn't think it's worth anything.
I do wonder how many people would buy non-spy versions of devices given the option. More specifically, what that differential in price would be too. At worst it would be interesting to have a price explicitly stating what our data is worth. Many people actually internalize that it's not that valuable, but doing this would make it explicit.
Depending on the discount for the spyware version, I'd guess close to zero. The general public has become completely numb to being spied on. It's hard to get someone to give up $50 (a real cost) for something nebulous like "very slightly less of your life is known by marketing companies".
> It's hard to get someone to give up $50 (a real cost) for something nebulous like "very slightly less of your life is known by marketing companies".
It's easy to make claims like yours without the real world data. To believe that things are the way they are because that's the most efficient way. Back justification is not logical. Idk about you, but I frequently make mistakes and need to redo things. I'm pretty confident it's just because I'm human and not an omniscient god.
Also, I'd suspect it might be more than $50. We didn't create a surveillance capitalist economy with trillion dollar businesses that resulted in everything including your vacuum spying on you because your data isn't valuable. Clearly it is...
The problem more is that people don't understand how that data is used and can be used. Which I don't blame anyone for that. It's abstract and honestly sounds like the stuff of tin foil hat conspiracy theorists. But at the same time, here we are. The point of ads is to manipulate you to buy things. Which isn't always bought with money. We have several multi trillion dollar companies and I'm pretty sure they don't exist for nothing
So yeah, reversing this would make the most sense. The default is: local data only and not connected. They need to pay me to get data.
Just like car companies, phones, etc, should be forced to do that as well.
And no, they shouldn't be allowed to set the price. If I buy a license from Steam, I can't name my price, so I don't see why these companies should either. If they want my data, then they'll either pay the money I demand or they won't get the data at all. Cutthroat, perhaps, but necessary.
If you work in a tech field, there is simply no reason for such ignorance.
It's akin to cheating in financial markets. Hedge funds will gladly commit fraud or other cheating methods as long as the fine is less than the income gained.
If you're buying a service and not a product, then the consumer has a right to know!
I want to buy privacy, but it's not offered.
Good. You bought it, you own it.
(I have no skin in this game --- my vacuum is as dumb as they come, and can be fixed with basic machine shop tools.)
The real question is, is that still an option? If it is, then for how long? Sadly, there are several other product lines that have entirely crossed that line a while ago.
Smart things are the worst shit ever. They make everything take longer, given the debugging/upgrading overhead. Not buying into that. What would be smart, would be a washing machine that cleans, dries, sorts and folds my clothes. Without talking to facebook. I would buy into that, but I don't need to share my washing machine status on instagram
Perfect! I wish a large enough section of the population took this principled stance. Those greedy corpos wouldn't be abusing their customers so much if the latter were united in denying them the market and the opportunity. Those 'smart devices' really need and deserve a lobotomy.
Here we are 10-15 years later and I see no reason to change that view in the slightest.
It surprises the none-techies I know that I don't have any smart devices in my home because they assume I would been a computer geek but its because I'm a computer geek that I don't.
My hoover is a switch connected to an electric motor, I can service it with a phillips screwdriver.
Even my TV is just a fedora box connected to a regular Samsung TV (which has never been on the network and never will).
I bought a robot vac (after owning an early roomba for some time) - Opened it up, ready to use it - instructions said download the app to make it work.
It's back in it's box somewhere around here and never used.
https://news.ycombinator.com/item?id=45503560
which points to the actual blog of the author on github, instead of a news coverage of it.
37 more comments available on Hacker News
Want the full context?
Jump to the original sources
Read the primary article or dive into the live Hacker News thread when you're ready.