I can't bring myself to be bothered by this - and wouldn't be even if I were using these devices.
For crying out loud, equipment with unique recorded serial numbers was stolen, so the company is blocking the specific stolen devices. That makes perfect sense to me. Objecting to how they do it (bulking up software with a list of serials, requiring software to phone home, whatever) is fine and their customers have a legit basis to be unhappy if it's impacting their use, but people with the stolen devices? Those aren't SDRPlay's customers because SDRPlay hasn't been paid for those devices.
Quoting from the article: In a PR disaster the manufacturer gives "Because we can" as an explanation to make end user devices worthless.
I'll note that this complaint very carefully leaves out a key word: STOLEN. I'm not seeing the PR disaster except that it's going to seriously hurt their image in the community of people who steal stuff from warehouses. tiny violin plays sad music
If you've purchased one of these, as I said above you're not a customer of SDRPlay or one of its distributors because payment is part of a vendor-customer relationship. You're someone who bought "Bose" speakers out of the back of a white van in a parking lot. Get your money back from the seller - you may even be able to get the police report from SDRPlay if you need it for a chargeback - and tell SDRPlay where you bought it so they can try to track down the thieves.
Edit: reading the original SDRPlay forum posts, they ID the specific ebay sellers, note that this is the third time they've had things stolen like this and sold by the same accounts, and note that "We will NOT penalise innocent people so that assumption that this is our intent is frankly WRONG!!" Basically they're likely looking for anything like saved packaging, shipping return addresses, etc. to be turned over to the police. Also, this whole thing is about (in this case at least) a total of 39 devices. We're not talking about thousands of people affected.
How far can we take this? Theft is a big deal for manufacturers. They spend good money on preventing it. But will they continue to spend good money on prevention if instead they can just brick any lost devices? The nightmare is a manufacturer turning to a whitelist model, one where post-purchase the consumer must legitimize their purchase before use of the device. That DRM. There is massive overlap between the community of people who purchase SDR products and the group that will riot in the streets in protest of DRM.
Anyone who purchases tech devices owns some "pirate" content. When you buy a motherboard you don't know the pedigree of its hundreds of components. Trace each one and you will find a licensing or counterfeit issue somewhere. Should everyone be able to automagically brick counterfeit or stolen devices when those devices have been integrated, resold three times, and are now in the hands of innocent consumers? There are policy-based principals in western law that have long prevented such behavior in other arenas.
While I agree with you mostly, this is really a basic issue - devices stolen from the manufacturer are still owned by the manufacturer. They are, and should be, free to do with them however they please. It's a basic question of ownership and control over one's property in here.
I'd have to know more about the "theft". I suspect that this wasn't a robbery in the dead of night.
UCC § 2-403 states: When goods have been delivered under a transaction of purchase the purchaser has such power even though ... the delivery was procured through fraud punishable as larcenous under the criminal law.
Basically, if an employee to other person who was "entrusted" with these goods by the manufacturer sells them, then innocent purchasers take full legal title. The good-faith purchaser is now the legal owner even if they purchased the goods from someone who wasn't a legal owner. The goods don not belong to the manufacturer. This is specifically to protect innocent people from debates between manufacturers and distributors, even where those distributors have stolen goods.
The knock-on effect of this is that people who buy things in good faith from distributors don't have to worry about manufacturers (or police) raiding their homes ... which appears to be exactly what this manufacturer is doing by bricking these devices.
(1) A purchaser of goods acquires all title which his transferor had or had power to transfer except that a purchaser of a limited interest acquires rights only to the extent of the interest purchased.
The part you're quoting refers to the recipient being the fraud, not the seller. The recipient never acquires more rights than the seller had. This is why stolen goods can be seized by police, even from innocent purchasers.
[Edit:] Actually more complicated than that. The provision contemplates the middle-man acquired the rights to the goods sold through fraudulent means. In this case, it still requires the middle-man to have acquired the rights from the original seller in a transaction in which the seller gave up the rights to the goods. I.e., theft by fraud would suffice but mere theft would not. It's hard to explain theft by fraud. In a nutshell, the original seller is deceived as to one or more details of the transaction itself, such as price, identify of the seller, or even as to what they are exchanging. The UCC expects all parties to a contract governed by the UCC to exercise due diligence with respect to a contract, so if the transaction includes the "stolen" goods, the UCC doesn't provide any relief. Generally in a situation like this, it would happen where the language of the transaction clearly would include the goods at issue, but the middleman misrepresents to the original seller that those goods aren't included in the contract.
"Suppose Ed takes his bicycle to Merv, a bicycle dealer, for repairs, but instead of making repairs Merv sells the bicycle to Betty. Who now owns the bicycle? Section 2-403(2) states that "[a]ny entrusting of possession of goods to a merchant who deals in goods of that kind gives him power to transfer all rights of the entruster to a buyer in ordinary course of business." Ed has entrusted possession of goods to Merv, a merchant dealing in goods of that kind. Assuming Betty is a buyer in the ordinary course of business (BIOC), Merv now has the power to transfer all of Ed's rights in the bicycle to Betty. Betty now owns the bicycle, and Ed cannot validly assert any ownership claim against her. Ed's only remedies would be against Merv."
Guys, the UCC isn't the only law that applies to the situation...
Ed might not have rights under the UCC, assuming it applied to the transaction, which is questionable since Ed does not appear to be a merchant. He would have rights under state laws that override the provisions of the UCC.
[Edit] Most states actually override this provision of the UCC to define entrusting narrowly. See, e.g, California's provision:
3) “Entrusting” includes any delivery and any acquiescence in retention of possession for the purpose of sale, obtaining offers to purchase, locating a buyer, or the like; regardless of any condition expressed between the parties to the delivery or acquiescence and regardless of whether the procurement of the entrusting or the possessor's disposition of the goods have been such as to be larcenous under the criminal law.
(2) Any entrusting of possession of goods to a merchant who deals in goods of that kind gives him power to transfer all rights of the entruster to a buyer in ordinary course of business
We need to know more about how the seller acquired the goods. Often such ebay sales are by people who had legitimate possession, just not any right to sell them. This is why experimental and demo electronics aren't normally investigated as stolen goods. Nobody should be selling them, nobody had the right to sell them, but a great many merchants do legitimately possess them.
We need know nothing about the person selling the stuff on ebay. It's irrelevant how the ebay merchant got the goods, what matters is how the manufacturer gave up the goods.
If it was theft--easy case. Stolen property is not covered by UCC. (It's the Uniform Code of Contracts, so there must be a chain of contracts connecting the property from the manufacturer to the innocent buyer for the UCC to apply.)
If it was theft by fraud--now we're talking. This could mean, for example, that the eBay merchant ordered the goods from the manufacturer but then never paid, or lied about who they were, or some other such misrepresentation or fraud or crime. In this case, there's a chain of contracts, so an innocent buyer from the eBay merchant would be protected by the UCC. (Note that if the eBay merchant knowingly does not pay, it could be both theft or theft by fraud depending on the jurisdiction and specific circumstances.)
No. It has to be things that someone can clearly possess, something movable. The seller also has to be someone authorized to possess the thing and deals with such things regularly.
The standard scenario: You take your guitar to a music store to be fixed. Some evil sale guy at the store instead deliberately sells your guitar. Your issue is now with the store. You cannot go after the guy who bought and is how holding "your" guitar. It isn't yours anymore. You have to sue the store for money and the store is free to try and buy the guitar back.
What you're ignoring is that the guitar guy never had the ownership rights to your guitar, and thus could not give the ownership rights to the buyer. The UCC only allows the middleman bad actor to pass on the rights they actually had. The provision you quoted early merely contemplates that the middleman acquired ownership rights through deceptive means (i.e., fraud), which isn't the case here. The guitar guy acquired custodial rights, but not ownership.
Thus, in pretty much every state in the US, you go to the police, and they take the guitar back, and the buyer has to go back to the store and get refunded.
EDIT: The following provision is why the guitar guy never gets ownership. (From California's Commercial Code, but most states have made the same change to the UCC text in redefining what "entrusting" means):
3) “Entrusting” includes any delivery and any acquiescence in retention of possession for the purpose of sale, obtaining offers to purchase, locating a buyer, or the like; regardless of any condition expressed between the parties to the delivery or acquiescence and regardless of whether the procurement of the entrusting or the possessor's disposition of the goods have been such as to be larcenous under the criminal law.
That is absolutely not true. If you found the guy with your guitar you can take it back(without harming that person in the process, obviously!), the ownership has never transferred from the store to the buyer because the store never had it in the first place.
Sounds like a reasonable thing for any manufacturer to do if your supply pipeline is prone to large-scale theft and your goal is to deter further incidents. The best option obviously is to fix the pipeline, but that takes time and not always doable in practical terms.
Caveat emptor. Buying from a 3rd party and presumably at a deep discount always carries a risk of goods being stolen.
PS. FTDI case is of no relevance here - they were bricking devices of _other_ vendors, not their own.
My company did something very similar when we had a customer make a large order shipped overseas, which turned out to be with a stolen credit card. They didn't realize that since our hardware requires a service plan to even operate, we could just put a note in our system that these were stolen and inform everyone that tried to use them that they had purchased stolen goods and that they should return it (and report stolen goods on eBay).
Yeah, the burden is on the buyer not to purchase stolen goods. The manufacturer is certainly under no obligation to support them. In many states even unknowing possession of stolen goods is a crime, so many of the "users" here are in fact getting off lightly.
> Yeah, the burden is on the buyer not to purchase stolen goods.
1 party has 100% of the information, 1 party has 0% of the information, and the burden is on the party with 0% information. That's absurd.
> The manufacturer is certainly under no obligation to support them.
Not support and bricking are two different things.
> In many states even unknowing possession of stolen goods is a crime
Generally the state has to prove the defendant took receipt of the items for an unlawful purpose. Ohio is an exception, but I'm not sure if there is another one.
> so many of the "users" here are in fact getting off lightly.
You use "many" incorrectly here: Very, very few are. Because very, very few jurisdictions make it a crime to unknowingly receive stolen property and even fewer would actually press charges even if allowed.
His post is mostly nonsense, but not entirely. First while the burden of proof is not necessarily on the purchaser, if you have in fact purchased stolen goods, you must still forfeit them to law enforcement. There are no jurisdictions that let you keep stolen goods. In most jurisdictions you then need to get restitution from whomever sold you the device, and they can obviously face charges.
The manufacturer can definitely brick, or do whatever they want. The devices are still their rightful property, this isn't a gray area, they were stolen, no one has rightful claim to them except the owner, who was the manufacturer.
> Not support and bricking are two different things.
I wouldn't expect a stolen car to be maintained for me, and I would expect it to be stopped by the police and taken away - which I would consider to be effectively bricking it. This would still, and sadly does regularly happen, even if I didn't know it was stolen when I bought it. It doesn't need to be stolen too, if the owner is in fact still a finance company (for example) and it was sold to me without their agreement - they would be within their rights to take it away, and as I understand it without any police involvement (if it's publicly accessible and they don't use force)
Possession of stolen goods[1] is a crime USA-wide, and in many other countries. The rationale behind is ability to prosecute fences[2] - people who act as intermediaries and a layer of security between thieves and end-users, providing the thieves with option for easy cash-out.
Edit:
As a counter-point, at least in Poland, while obtaining stolen goods is an offense ("paserstwo"[3]), the buyer of any good or service that has a "legal defect" - including having been stolen, IIRC - has a valid legal case to demand recourse from the seller. The goods are nonetheless subject to forfeiture.
"A person can be found guilty of that offense only if all of the following facts are proven:
The person received or concealed or stored or disposed of items of stolen property.
The items were moving as, or constituted a part of, interstate commerce.
The items had a value in excess of $5,000.
The person acted knowingly and willfully."
So that doesn't really answer the question asked, because it's only a federal crime if the goods are known to be stolen and a part of "interstate commerce."
Now, at the state level, this may differ. But neither of us has that information.
A subsequent section on Wikipedia (link [1] in GP) tells us the following:
>All US states also have laws regarding receipt of stolen property; however, there usually is no minimum dollar amount in many jurisdictions, and, of course, the requirement in Federal law regarding interstate commerce does not apply.
i.e., USA-wide
>Also, in many states (Ohio, for example), the burden to prove criminal intent is not as stringent or is nonexistent.
If you surrender the goods and have a plausible reason for not knowing that they were stolen then you won't be prosecuted. You will be SoL on getting your money back unless you bought from the worlds most scrupulous fence though.
It's a risk when you buy anything from eBay or the like, but the overall risk is small enough that the savings are justified usually.
Is this really that different from blocking stolen mobile phones from connecting to mobile networks via their IMEI number?
The database behind that is apparently shared internationally between mobile networks, and most people would find a phone unable to connect to anything but WiFi useless.
I used to always be pro-consumer in cases where the manufacturer does something like that to clones (Salae and FTDI cases)
After slowly getting into the manufacturing game myself and after USPS auctioned some of my cute early engineering samples that ended up on ebay, I definitely think this is totally reasonable from the manufacturer. Also the title of the article is already attacking the manufacturer. If you brick the devices, you hurt the person stealing and indeed it seems that this wasn't the first time it happened to them. On the consumer side maybe a discount would also be a nice gesture.
if i'm understanding you correctly, the postal service somehow ended up in possession of your early prototypes and they sold them to somebody who then re-listed them on ebay. was this a lost parcel situation?
We sent the prototypes with USPS, within US, and down the line they said they couldnt deliver and we asked them to re-route it to another address because of that. They even gave us a tracking number.
After a month went by (adding to the already another month of delay) they said its on its way, etc. We randomly searched ebay with our brand name and saw an active listing with our prototypes in it. Other things in the box like our gopro were gone, but at least we found the prototypes and contacted the seller. The seller said that she got the items at an auction for items that couldnt be delivered a MONTH earlier, while USPS was telling us it was on the way.
Seller ended up giving us the prototypes for a small fee.
People who receive stolen goods have always been kinda screwed over - it's been part of our laws forever. Even if one isn't charged with a crime, one will lose the goods, and likely never recover their money.
The reasons for this are obvious - to make it as hard as possible to sell stolen goods. The effects encourage the innocent purchasers to have some level of caution when looking at buying goods.
> Those that do and assist us in tracking down the thieves will be treated VERY sympathetically.
Does that mean they'll unbrick their hardware? That's about the only sympathy I'd expect after purchasing a product in good faith, and discovering that it was bricked or disabled by the manufacturer.
Buying the discounted hardware on eBay is somewhat marginal as "good faith". That said, RTL-SDR hardware barely exists in the normal supply chain so consumers often have little choice but to roll the dice on eBay.
The one I bought came delivered in a plastic baggie in a padded envelope. It could have been stolen for all I know.
Is there a way to check which serial numbers were stolen? Can I demand a seller post a picture of the device with the serial number so I can check? How can I be sure they won't lie?
There isn't really a centralized or standardized way to do this, though. I guess if I'm buying some smart-ish hardware, I just have to google around for the company and hope I did a good job.
The company gets to prevent future thefts, they've most likely written off the loss already (they're not going to reuse those goods as new items at v. least), they can get PR and more "column inches" on a new story about buyers helping them and then getting gifted the device.
I take issue with the fact that the company has any say in the matter at all, tbh. I dislike devices that phone home and can be disabled remotely as a matter of principle.
But you're right, in the end they are stolen goods.
> I take issue with the fact that the company has any say in the matter at all, tbh.
What? How does that make any sense. Someone stole their property, it's still theirs, of course they have a say in what happens to it. "Finders Keepers" is not how the world works...
Sony offers to block stolen PlayStations. It's a similar case - you may buy a used item that may suddenly stop working. Moreover, Sony does cooperate with authorities re locating those devices. You may have a surprising visit.
Seems totally acceptable to me. The comparison with the FTDI incident is not really applicable here because those were not stolen parts, just replica/clone parts.
Those who bought stolen devices should return them and ask for a refund from EBay. You are generally not allowed to resell stolen goods, although I am not sure if EBay is liable here.
> Back in October 2014, the FDTI manufacturer shipped a device driver that ... would make any operating system stop seeing the device by setting its USB product ID to 0 , basically killing the USB device.
Well, if that id can be set to 0, it can also be set back to original value, isn't it?
Linux was able to allow connections to VID:0 PID:0 for usbserial.h about 3 days after the initial reports. From there, it was possible to rewrite the FTDI firmware to restore functionality.
Wouldn’t it be pretty trivial to remove the blacklisting code?
It’s not like this is a cellphone sold to my mom. It’s an extremely specialist product aimed at a group of users with vast electronics and reverse engineering knowledge. Probably won’t be long before one of them reverse engineers the device and releases the code to ignore the blacklisting.
Anyone know the technical details of how the blacklisting works?
The blacklisting code is in every device, even those sold legitimately. That is, the device “phones home.” Some users may not be okay with that.
In my experience, the kind of person who buys an SDR is (a) unlikely to appreciate a $400 device that phones home on boot, and (b) likely to reverse engineer the blacklisting code simply for the fun of it.
No. There is a simple explanation too. Once a valid sale happens ownership changes. They still own these devices, because they were stolen. That means they can do whatever they please, the devices are still theirs.
If they can do this before it is sold (eg: theft) and remotely prevent the device from working, how do users defend against having this done later for more capricious reasons?
Everything I've learned, is that for capabilities like this, the good reasons are the justifications, and then the owners migrate to less good reasons. The overall distrust I have with these kinds of systems are that they are Treacherous Software/Hardware. This capability is something that shouldn't be implemented. No user in their right mind would - but the companies that wish to retain ownership rights after sale do.
I would also object to this 'hacking of these devices' as violations of CFAA. Yes, the devices had lost chain of custody, and were reported as stolen. That doesn't allow any entity to then engage in more illegal behaviors exigent to the initial situation. If I am being robbed, I am allowed to defend myself and my goods. However I cannot stalk the robber, and then bash his/her kneecaps in after the fact. 2 wrongs, separated by time, do not make a right.
For crying out loud, equipment with unique recorded serial numbers was stolen, so the company is blocking the specific stolen devices. That makes perfect sense to me. Objecting to how they do it (bulking up software with a list of serials, requiring software to phone home, whatever) is fine and their customers have a legit basis to be unhappy if it's impacting their use, but people with the stolen devices? Those aren't SDRPlay's customers because SDRPlay hasn't been paid for those devices.
Quoting from the article: In a PR disaster the manufacturer gives "Because we can" as an explanation to make end user devices worthless.
I'll note that this complaint very carefully leaves out a key word: STOLEN. I'm not seeing the PR disaster except that it's going to seriously hurt their image in the community of people who steal stuff from warehouses. tiny violin plays sad music
If you've purchased one of these, as I said above you're not a customer of SDRPlay or one of its distributors because payment is part of a vendor-customer relationship. You're someone who bought "Bose" speakers out of the back of a white van in a parking lot. Get your money back from the seller - you may even be able to get the police report from SDRPlay if you need it for a chargeback - and tell SDRPlay where you bought it so they can try to track down the thieves.
Edit: reading the original SDRPlay forum posts, they ID the specific ebay sellers, note that this is the third time they've had things stolen like this and sold by the same accounts, and note that "We will NOT penalise innocent people so that assumption that this is our intent is frankly WRONG!!" Basically they're likely looking for anything like saved packaging, shipping return addresses, etc. to be turned over to the police. Also, this whole thing is about (in this case at least) a total of 39 devices. We're not talking about thousands of people affected.
SDRPlay: https://www.sdrplay.com/community/viewtopic.php?f=6&t=3225