valutarin/hon
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
main
hon/takedown_faq.md
Andre Basche 9f136c1feb add takedown faqs
2024-01-20 00:42:51 +01:00

6.2 KiB
Raw Permalink Blame History

Takedown Notice FAQs

Last update: 2024-01-19

What did Haier wrote?

Until now, I got only the known mail from Haier: Screenshot of mail In the course of public interest, I am taking the risk of publishing the e-mail without Haier's consent.

Is Haier's claim true?

I think the points are very questionable, but I'm a software developer and not a lawyer or judge. So I can only try to explain here what the plugin does, but the legal assessment must be made by others.

How does Haier hOn works?

Haier sells home appliances with internet connection and offers the free hOn app. As far as I can see, there is no ads, no subscription and nothing else obvious to generate money with it.
The connection only works with the Haier servers, so your appliance sends data to the cloud and the hOn app communicates with it, there is no direct connection.

Did you agree to the tos?

To create an account you have to accept the terms of service. Without it you can't connect your appliances to hOn and so you can't use Andre0512/hon

How was the plugin created?

I used HTTP Tookit to monitor the HTTP requests between hOn and the Haier servers and then rebuilt the requests in Python (with aiohttp). This takes me a few days to figure out and rebuild the necessary requests and I can now also explain why the hOn app is so extremely slow. The login alone hammers ~20 requests to the servers and also the communication with the devices is made of super many requests (at least at the time of my analysis).
The pretty complex login can be found in auth.py and the API requests that I have adopted as relevant for the integration are these api.py.
Beyond that, there is no communication with the hOn servers in the code.

Why is the plugin divided into two repositories?

Andre0512/pyhOn: Is a python library that I publish in the python package index (pip). The library is used for communication with the Haier's hOn api.
Andre0512/hon: is the integration for home assistant. This is the part that for official integrations is located in homeassistant/core. Here I have defined how the data (which is read out by pyhOn) is displayed in home assistant.

This division is common for home assistant and hacs repositories and is helpful to include Andre0512/hon in homeassistant/core at some point.
In my opinion, it would be much more difficult for Haier to enforce claims to Andre0512/hon. So Mazda also only claimed the library, but without Andre0512/pyhOn, Andre0512/hon becomes useless.

How does the plugin uses the api?

This are all requests the plugin sends to Haiers servers

Restart of Home Assistant or manual reload of the plugin

  • Authentication to the Haier api with the stored username and password
  • Loading of all appliance functions (In hon-test-data you can have an overview of which data this is for each appliance)

Status polling

  • 1 request every 5 seconds to fetch the current state for each appliance (something like this)

Triggering action

  • If any action is triggerd, e.g. start some appliance or set a new a/c mode, some data have to be posted

Creating a new releases

  • If I create a new release, program names and translations in all languages are fetched from the api and loaded to the translation folder

What could bother Haier?

Requesting every 5 seconds is a bit much (even if the app makes more requests more frequent, but only in use). With a poorly implemented application, this could perhaps provide some load. The default interval for most integrations is 10 seconds. I would totally understand if haier wanted a higher value here and would increase it, I have already asked them suggest a poll interval.

Are there some secret keys stored in the repository?

There is a constant for a client ID and an api key. They seems to be static because they are the same for requests from every account I saw. The client id is necessary for doing the OAuth of the login process. The api key is to get some static data (the readable names of the programs etc) and would not necessarily be included in the release.

What did you answer Haier?

In the first moment of getting the mail I was absolutely shocked, I didn't think that someone cares about me and my little plugin and I know Haier is a billion dollar company, so I answered answer 1 after that i announced to take it down and then you guys happened.
I'm getting so much support and you started a huge wave, I mean we are now an example for the Streisand effect on wikipedia xD
And so I wrote another mail and tried to get some clarification and reach some agreement, it's worth a try answer 2

What was Haier's reaction?

Haier didn't answer me, after their first mail they didn't respond on any channel. None of us has received an answer yet. Only Haier US answered that they have nothing to do with it and support open IOT platforms.

When will you delete the repositories?

I will now wait how Haier reacts to my questions and all the riot you make. I'm a 27-year-old software developer who make these plugins in my free time as a little hobby and haven't the resources so I hope you understand if I can't go all in. But I will try to keep it online for as long as possible.

Can't Home Assistant do anything?

The Home Assistant team got in touch with me and is actively trying to get Haier to rethink its position.