Six right-to-repair advocates assembled on Friday morning to present Repair.org's second annual Worst in Show Awards, a selection of the "the least private, least secure, least repairable, and least sustainable gadgets at CES."
In a presentation streamed on YouTube, author and activist Cory Doctorow presided over the condemnation session. He said that he has been attending the Consumer Electronics Show for decades and vendors will gladly enumerate the supposed benefits of their products.
"But what none of those people will ever do is tell you how it will fail," said Doctorow. "And that's kind of our job here today, to talk about the hidden or maybe not so hidden and completely foreseeable failure modes of these gadgets."
Kyle Wiens, co-founder of iFixit, gave the new Mercedes EQS EV the award for the worst product in terms of repairability. Showing a slide of the warning screen the car presents to its driver, he said, "You cannot open the hood of the car. It is locked, warning of accident, warning of injury if you open the hood. Mercedes' perspective is, 'Hey, this is an electric car. There's nothing the owner needs to do under the hood of this car."
Wiens said this is not the first time Mercedes has gone down this road, noting that a few years ago the company removed the dipstick from its C-class vehicles, arguing that only an authorized technician should change the oil.
"So this is everything that is wrong with the future," he said.
Cindy Cohn, executive director of the Electronic Frontier Foundation, gave the award for the worst privacy to the Sengled Smart Health Monitoring Light.
"This is a light bulb that is supposed to be monitoring your health, but really is monitoring the humans in the room," explained Cohn.
The idea, she said, is that the device can track your sleep, heart rate, body temperature, and can do so all over the house if multiple units are used.
"These are one of these things where …some people are like, 'we can do this thing now let's find a need for it' and then I guess the need for it was in case grandma falls down," she said. "Of course, grandma has all sorts of other ways to tell you that she's fallen down, that are really only about surveilling her and that she can control as opposed to this one, which is outside of grandma's control."
Cohn said the idea that you need your light bulb to monitor your heart rate is just creepy, weird, and unnecessary. And what's more, she added, it's not clear what happens to the data the device gathers, where it gets stored, and who has access to it.
NFTs at a price
Nathan Proctor, national campaign director for public interest non-profit USPIRG, bestowed his disdain on Samsung's new NFT Aggregation Platform.
"One of the beautiful things about the digital age is that the marginal cost of sharing and making copies of things is pretty close to zero," he explained.
"But there are just some people who have a hard time rolling with that kind of sharing. So we are so used to value that's derived from scarcity that we have to inject scarcity into the digital world where it's totally unnecessary and serves no purpose other than to create uniqueness, for things that are actually truly not unique.
If you don't know what an NFT is, I am honestly jealous of your life
"This brings me to my selection for the worst in class for the environment," Proctor continued. "Samsung's new TV NFT aggregation platform, a way to buy, sell and display your NFT artwork from your huge ginormous OLED Samsung TV."
"If you don't know what an NFT is, I am honestly jealous of your life," he said. "But let me explain poorly, because there's no way to actually explain it without boring you to death. It stands for Non-Fungible Token and it's a piece of digital media with some kind of permanent, non-transferable marker attached to it, which kind of confirms it's, you know, been attributed to you in some way. It's basically a way to create scarcity for digital images that would otherwise not have that as part of their existence."
NFTs, Proctor said, are sold on markets as if they were collectibles, "sort of like a Beanie Baby craze for crypto tech bros – if Beanie Babies required massive continual energy consumption on a warming planet to remain corporeal."
They're bought and sold, he said, using Ethereum, noting that one researcher recently calculated that an artist selling two pieces of artwork used 176 megawatt hours of electricity, creating greenhouse gas emission equivalent to 21 years of average US household energy use.
- While the iPhone's repairability is in the toilet, at least the Apple Watch 7 is as fixable as the previous model
- Apple says it will no longer punish those daring to repair their iPhone 13 screens
- Battery in 2021 MacBook Pro way easier to replace, says iFixit – shame about the rest
- Smart things are so dumb because they take after their makers. Let's fix that
Paul Roberts, founder of securerepairs.org, cautioned that since he hadn't had hands-on time with the products he considered, the award he bestowed is speculative. Nonetheless, he chose industrial equipment maker John Deere's fully autonomous 8R tractor, not because of known vulnerabilities but because of the way the company engages with the security community and the inevitability of bugs in the software governing such a complicated machine.
"Any company that makes any software, let alone again, multi-ton robotic equipment with … millions of lines of code is going to encounter security problems," he explained. "Cybersecurity issues and vulnerabilities are just a byproduct of how much code you write. So Deere, like every other device maker, is going to encounter security issues and vulnerabilities, some of them very serious."
The issue for Roberts is Deere's corporate security culture, which he contends is insufficiently responsive to the research community. He points to the disclosure in April last year of vulnerabilities that allowed security researchers to penetrate the company's corporate website and operations center website.
"Deere's response to this has been lacking. It really boils down to what I would consider security washing. They launched a bug bounty program with HackerOne, they sent their CISO out on a press tour and talked about how seriously they take security," he said.
"But in reality, there's very little to show for that. The bug bounty program exempted hardware from the types of things that researchers were invited to to scrutinize. They've had 100 reports since it launched but only 40 are resolved, so they've got 60 unresolved issues sitting in the queue."
Gay Gordon-Byrne, executive director of Repair.org, revealed that the Community Choice poll for Worst in Show also went to John Deere, noting her organization is fighting the company in every state legislature to make its products easier to repair.
"It's nice to see that the broad public is getting the message that allowing one giant union-busting, profit-taking rapacious ag tech company to corner the market on how we get our food and then just turning them loose to do whatever they want with the machines that are necessary is probably not the path we need to a better future," Doctorow observed before presenting his pick for the overall Worst in Show: Lenovo's new Smart Clock Essential with Alexa.
"This is a device that you put next to your bed, that if you make an unintelligible random sound, turns on and starts listening to everything you say," Doctorow said, pointing to the work of security researchers who have looked into the data captured by Amazon's smart speaker system and the company's use of contractors who review captured audio to assure transcription quality. "And that just feels to me like one of those things that right out of the gate we should be able to spot is not something that we want in our homes."
"We are long overdue in this country for federal privacy law with a private right of action, the kind of thing that might discipline one of these companies and you know, here we are…here's the example of why we need firms to go beyond self regulation and to be regulated by democratically accountable lawmakers that think about the public interest." ®
- Black Hat
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- Identity Theft
- Palo Alto Networks