Partially responsible for this. (Sold Lockitron to Chamberlain in 2017 which became the basis for Amazon Key integrations.)
Contrary to the popular sentiment in a lot of the comments here, there’s not much value in the analytics. As we all painfully found out in the 2010’s, there are only two viable recurring revenue streams in the IoT space - charging for video storage and charging for commercial access. Chamberlain does both with the MyQ cameras and with the garage access program to partners like Amazon and Walmart. Both retailers have a fraud problem (discussed here https://news.ycombinator.com/item?id=38176891). “In garage delivery” promises dropping delivery fraud to zero - ie users falsely claiming package theft. That solution is worth millions to retailers, naturally Chamberlain would like a cut but only if they can successfully defend that chokepoint.
For historical reasons having to do with the security of three or four generations of wireless protocols used in garage doors they can’t (and products like ratgdo and OpenSesame exploit this.) Other industries such as automotive have a more secure chain of control over their encryption keys so one has to (for instance) go to the dealer to buy a replacement key fob for your Tesla for $300 and not eBay for $5.
Given the turnover in leadership there I’m not surprised the new guy needs to put their hand on the plate to see it’s hot, but there’s a reason this wasn’t implemented before and it wasn’t because of lack of discussion. I can see the temptation in going for monetization given their market share but I think this approach was ill conceived rather than fix foundational issues which would allow home users to integrate with 3rd party services and still charge industry partners for reducing incidences of fraud.
Amazon expects me to weaken my physical security posture to help them defend against an activity I don't engage in and is in no way my responsibility?
AND
Chamberlain expects me to weaken my digital security posture so they can run some opaque crap on my network¹ that I have very little observability into and even less control over so they can make money?
Money is one hell of a drug because they are high.
How about amazon builds (at their expense) an amazon controlled box, slap a mcu on, do authentication over nfc, rfid, etc etc. Offer it to customers free of charge, hell throw in a sweetener to get them to adopt.
[1] I have a default deny in AND out isolated vlan for crap like this, even if you don't have a network background try to set one up if your networking equipment is capable.
I find it odd that the standard policy is to leave packages unattended in any form in the first place. This is another one of those things that is not standard globally.
E.g for us in South Africa, this would be unthinkable, regardless of how much time it saves the delivery company. The only time a parcel is left at the door is when it's UberEats. Otherwise delivery is rescheduled if we don't physically collect parcels in person. This is partly an access issue (many houses/apartments/estates have gated access) and largely a trust/crime issue.
But the US still seems to have some remnants of a high trust society, which has been only a temporary thing in many places, if at all.
Not having such a society adds frictions in all kind of interactions. In the end, that means cost. I can understand why people and company try to shift that cost when it comes up in areas where it wasn't present beforehand.
In the US if a package is not left at the door you either have to wait an unknowable amount of time for another attempt, or you'd have to go to a facility to pick it up.
It's difficult to figure out exactly where the facilities are and you're not guaranteed the package won't still be on the original truck or on a new one. The facilities may only be open during the day, while you're at work.
Additionally, it's common that no delivery attempt is made at all -- the delivery driver will walk up to the door with a "we missed you we'll try again someday" slip already filled out and won't even knock.
The main reason we are cool with deliveries being left on the porch isn't that we trust our neighbors, it's that the alternative is so much worse.
Even if you don't fully trust them, it's still just a better way to live - if you have the luxury. I left money - change from a grocery run on my coffee table, and then had some friends over. It's not the remnants of a high trust society that let me not worry about that money being out, but financial privilege. That the < $100 wasn't worth my time to worry about. If one of my visitors took some/any/all of it, I wouldn't have gone hungry. I might not even have noticed. Just thought, huh, that's weird, and gone about my day. Others I know don't have that luxury, and would go hungry if it was their money that had gone missing. They're much less trusting, because they have to be.
If the latest shipment of crap from Amazon/Temu went missing. Annoying, but you'd just tell them the package got stolen and get a replacement sent out.
I live in US suburb and I also trust my neighbors. It's unlikely that my actual neighbors are stealing packages.
The problem is that there are people who drives through residential areas looking for packages to steal, cars to break into, etc. and that occurs quite frequently, as caught on our security camera.
It doesn't take many motorized perpetrators to lower the overall confidence in how secure it is to leave packages outside, given how much range the porch pirates can cover in a single afternoon.
I trust my neighbors and I have a slew of high res cameras monitoring the area. When there is theft my neighbors come to my house (located at the main entrance to the area), and I get them the relevant footage if I can find it. It’s only happened a few times but I think it helps build community trust.
I didn't say high trust is gone (although it certainly is in some areas), I said the reason we are cool with packages being left on our porches is the alternative is inconvenient.
Inconvenient and for much of the country, unnecessary. Even when living in the same county as Detroit (but not in the city limits), porch pirates weren't an issue.
> In the US if a package is not left at the door you either have to wait an unknowable amount of time for another attempt
It's not unknowable; FedEx and UPS at least will reattempt delivery every day for a certain number of days before giving up. At least that's the case in urban and suburban environments. Maybe you live somewhere rural where their policy is less clear?
> It's difficult to figure out exactly where the facilities are
No it's not. The tag they leave behind will often tell you, or you can enter the tracking number online and it'll tell you there. And usually it's the same place every time, so once you figure it out, you're good for future packages.
> and you're not guaranteed the package won't still be on the original truck or on a new one
This is the annoying thing. It's never clear when the package will actually get back to the facility (after they failed to deliver it to you), so you don't actually know if it'll be there when you show up. Many many years ago it was a simple matter of giving them a call, but nowadays you end up in customer support / phone menu hell, and it's incredibly difficult to talk to someone who is actually physically present at the facility.
> The main reason we are cool with deliveries being left on the porch isn't that we trust our neighbors, it's that the alternative is so much worse.
I'm absolutely not cool with this. I trust my neighbors just fine, but I don't trust all the random people who might be walking around, specifically looking for packages to steal.
I'd much rather have to drive over to a facility to pick up the package, or just wait until the next day for another delivery attempt, but most delivery drivers don't give me that choice.
If the package does get stolen (incredibly likely, if it's left outside), I'll usually have to wait several days for the merchant to ship a new one (because they figure it's possible it wasn't stolen, and want me to wait and see if it still gets delivered in a day or two). And then I have to wait for another shipping-time cycle.
> FedEx and UPS at least will reattempt delivery every day for a certain number of days before giving up
They claim this, but my experience is that it's not true. VERY VERY often, it will be multiple days or up to a week before they attempt again. Sometimes they never attempt again, and a week or more later I get the notification that it's available to pick up at their depot. It's certainly not consistent enough to rely on.
Here in Sweden, you can agree to let the delivery company just leave the package by the front door, but it's only common for low value things. Most things are delivered to your nearest post office counter (usually in your closest supermarket) and recently, to a locked postbox nearby which you unlock online with their app.
Here in Berlin Germany, packages are given to whichever neighbor in your apartment building happens to reply to the buzzer fastest, typically the ground floor ones. (Elevators are also uncommon.)
I'm friends with all my neighbors but I find this practice completely bizarre.
Here in Buxtehofen, Bavaria, packages are left dangling from trees with a sign saying "I've hung up your rolex, so it wont be dragged of by boars while you're on vacation".
And when you're back from hiking the Alps your neighbor will have build a shed around it to protect it from the rain and moved in 10 of his pigs to keep it warm.
Unless of course your delivery guy tied your package to a special tree called Maibaum by mistake. Then you'll find a sign telling you that it has been redirected to one of the 5 villages called Kirchberg in your area.
In Belgium the mail carrier is supposed to ring your doorbell and wait x time for you to open it and deliver the package to you.
But instead they just put a piece of paper in your mailbox that says 'you weren't home, we'll come back tomorrow'. Next day same thing. Only then can you go and pick it up at the post office.
Oh and there are many stories of people seeing the mail carrier defaulting to the piece of paper and not even knocking because of time pressure.
If the item fits in your mailbox (letter size), they do that.
If not, they knock, and leave a "we missed you" note if the package is insured. Or leave it on the doorstep if not.
If you get the note, you have to go the post office in two days, during normal office hours (9-5ish), or Saturday morning (9-12). If you don't make in a few days, they return to sender.
But this is only for USPS. If the package is FedEx/UPS/courier, it's the wild west. Sometimes they leave it. Sometimes they leave a note. Frequently they claim they attempted delivery but didn't. And if they miss you a few times, you have to pick it up at the distribution warehouse which could be a 30 min drive away. This is the worst - even for items you know need a signature, there's no guarantee they'll deliver - we ran into this a few months ago with some jewelry - delivery was schedule Monday 12-5pm, we waited in the living room (right by the door) and nobody came. Their system showed a failed attempt (courier lied). Repeated Tues. Called courier warehouse, they asked if we had doorbell video proving the delivery attempt was never made (WTactualFuck). Repeat on Wed. Item was returned to sender. We called sender, asked them to use USPS because private shipping can be a disaster. USPS is often a day slower, but it's fairly reliable.
Some areas have problems with package theft. Fortunately mine isn't one of them, so I'm ok with packages being left.
This is how it works with the French Post, with the exception that they never come back. Other providers do their own thing, and are more or less scrupulous. Some won't even bother to come over, they'll just say nobody was home and won't even leave a slip.
Anecdotally, in France, the parcels "delivered by Amazon" have hands down the best service. They're the only ones who've ever actually delivered the parcel to my door (I live in an apartment). If they can't leave the parcel in the mailbox, they'll call me up and ask what to do, usually offering to come back some other day if I'm not at home.
My case, they're often either not delivered at all (returned to sender or kept at a random Filiale) or if they are delivered it's to a different building that DHL guessed might have been mine.
This is one of several reasons I no longer buy anything from Amazon. Not even if it's the cheapest source. Even if it gets to a Filiale, those are further than most of the shops that would sell similar items.
Amazon doesn't usually ship with DHL in France. But there's another comically bad company, not sure how they're still in business.
It's rare the Amazon sends something via them, but whenever they do, I expect to not get the package. And when I don't, I just call up Amazon support and complain about them and make it a point to mention I often have issues with that specific company. They usually offer to cancel the shipment and reship overnight. Don't know if they can actually control it or if it's coincidence, but all reshipments have been via Amazon.
> But the US still seems to have some remnants of a high trust society
It varies greatly depending on where you live. My sister lives in suburban Maryland, and leaving a package outside on a porch is just no big deal. The probability that it gets stolen is actually ridiculously low. In this case the high trust is completely warranted.
I live in San Francisco, and if a delivery person ever leaves a package outside, it's always a scramble to either get there to take it in, or find a neighbor who can do it for you. (I live in a 4-unit condo building, so we all try to look out for each other's packages when this happens.) It's just bizarre to me that delivery people aren't specifically instructed to never leave packages outside here. I suspect they may be, but they're overworked and don't want to have to add yet another package to their delivery schedule for the next day. And/or they may be evaluated on number of completed deliveries, no idea.
(On the flip side, there are some neighborhoods in SF where it's ok for a package to sit on a doorstep for a while. Not many, but... they exist.)
First sentence was really surprising to me (Aussie), until you mentioned later that you're a Saffa. My in-laws took years to adjust after emigrating.
To put things in perspective, it's common over here for people selling things on Facebook/Gumtree to just leave the item outside and have the buyer slide the cash under the doormat. It's less secure but way more convenient, since you don't need to be home to complete the transaction.
I've left tools and other semi-valuables in my unsecured carport, in clear sight from the street, on a main road, for years now and they've never gone missing.
My sister in law lost her iPhone in a public bathroom and got it back simply by calling it and working out a time and location to meet up with the person who found it.
These aren't just freak anecdotes, by the way, they're the norm.
You should really consider coming over here. We need more Saffas in Australia!
Local post office evolved in Ireland recently and started offering parcel boxes to be installed next to the door. There are 2 keys and one of them allows the post office worker to open the box and put the parcel in.
This obvs does not work for other delivery companies but now you can see an option in the order forms to allow the delivery company leave the package at the door (e.g. IKEA). Otherwise, it is just unthinkable that someone would leave the package at the door without ringing you and agreeing in advance.
The main function is to obscure whether a package has been left or not, since the master keys were available online before An Post starred selling the boxes. Some DPD drivers use them too.
Physically, they're about as secure as an Amazon cardboard box.
A small level of friction can reduce a lot of issues though. Without being able to tell that a package has been delivered they have to break into or open random boxes and hope there's a package inside increasing the chances they're caught and wasting their time. It's the same kind of thing proof of work anti spam measures can work under, it adds a tiny friction to legitimate users but illegitimate users have to do tons of work to send their spam or in this case open a lot of boxes.
> I find it odd that the standard policy is to leave packages unattended in any form in the first place. This is another one of those things that is not standard globally.
Not sure what effect this has but I live in an area with a lot of Ring (or other) front door cameras which is a rather severe disincentive to theft of packages left at the door (as well as mishandling of package delivery by the driver)
Its a huge pain though. You have to be home all day waiting for a package or the delivery drivers have to work evenings/nights only or you have to go somewhere to pick it up. Drop off is much better if there's no obstacles like access or theft.
> How about amazon builds (at their expense) an amazon controlled box, slap a mcu on, do authentication over nfc, rfid, etc etc. Offer it to customers free of charge, hell throw in a sweetener to get them to adopt.
I mean, they already do exactly this — this is what Amazon Lockers are. It's just only seemingly worth it to Amazon to deploy them to commercial customers, e.g. at post offices, in front of Whole Foods locations, in some very large apartment building complexes, etc.
(My own guess as to why the economics don't work out for individual residences, is that a hypothetical smaller locker — one small enough to fit on a porch — would also inherently be lightweight enough for thieves to just cart away wholesale.)
And yet somehow here in Poland we have like 5+ companies (InPost, Allegro, several delivery services and even Orlen - the gas station operator - of all things!) one-upping each other in placing parcel lockers on every flat piece of land that's too small for developers to build an apartment block on. I have 10+ of such lockers within 5 minutes walk of my apartment. Now how is that possible?
You're talking about the commercial parcel lockers — the ones that fit a whole neighbourhood's deliveries, that are therefore essentially big sturdy metal storage racks underneath — too big and heavy to just pick up and walk away with.
Every country has these to some degree; I imagine they're most popular in places that 1. have colder climates, but 2. where people don't tend to drive (like Poland?) The US has some, but the suburban long-distance-commute car culture + generally not-too-bad climate, means that people in the US generally expect to pick up packages from further away, and so implementation of these in the US has lagged behind other countries.
However, my comment, and the one it was replying to, are talking about something else — a hypothetical concept of small lockers that serve single homes, given to the homeowner, to be located near the home's mailbox/mailslot. (Basically, logistics-provider-provided versions of these things that you can technically buy online — but where I've never seen anyone with one: https://www.amazon.ca/WeHere-Package-Delivery-Anti-Theft-Pas...).
And the thing about these is... they really aren't a good idea. They're not too big and heavy to just steal. Anyone who can walk up to your porch with a moving dolly can walk away with it.
Fair enough. I got confused because you mentioned Amazon Lockers, which to my understanding, are the proper brand name of the kind of parcel lockers I mentioned, as deployed by Amazon.
I agree that per-household lockers are... tricky at best. But then, if we're talking homes, and thus presumably lawns in front of them, I wonder what are the difficulties of selling a multi-slot locker that would be bolted down to the ground (or perhaps a bunch of concrete filling a hole in the ground), and thus as easy to steal as a thick fence post or an ATM? Is this too expensive for homeowners?
As others have pointed out in this thread, the "porch pirate" problem is just kind of not a problem for most people/places. I've never heard of anyone I know having a package stolen off their porch. This is even living in relatively high-density (for the US) apartment complexes. Leaving stuff on the porch is basically good enough, so nobody is in a hurry to "fix" anything about it, except maybe Amazon themselves because even something that happens 0.1% of the time is a big enough problem when you operate at their scale.
I suspect that some of the the same reasons that lockers aren't economically feasible in most of the US is the same reason that the theft isn't a problem: low density. If you're a porch pirate, you need to expect that the value of your stolen goods covers at least your gas and time driving around stealing stuff, plus some risk premium for doing the crime. If the average value of a package is below this amount, the crime doesn't pay. There will still be instances where people haven't done this math, or crimes of opportunity, or just dense stretches where it does make sense depending on the price of gas, but it isn't a nationwide problem.
I get hundreds of packages per year (not an exaggeration) and as far as I know, exactly zero have ever been stolen. Missing packages are invariably delivered to someplace else that must have had a better vibe for the driver that day. (I’ll get pics of proof of delivery with a package that is clearly not at my house.)
In that environment, what problem do I have that could be solved by this, and how much effort (and aesthetics) am I willing to spend to solve it?
Now, if my house shared a wall with two other houses and people walked by my front door all the time, maybe I’d have a theft problem due to greater opportunities for it to happen.
Places with lawns probably don’t have nearly as much package theft just due to less foot traffic.
I'm in the US. Our neighborhood has a multi-slot locker like you describe. It has a small box per house and two larger boxes. The whole thing gets broken in to every couple years, after which the post office will not deliver anything until they fix it weeks later (and they're the only ones allowed to try).
When this happens you have to go to a post office to get your mail.
Some older houses have passthroughs built into the walls for deliveries of milk or coal or ice. I’m surprised this feature hasn’t been resurrected for package deliveries.
Dude you just replied to a comment about Amazon Lockers, one of many locker services that do exactly what you described in the US. If you combine all the companies (I dunno why you would), there's a lot more than 10 per 5 minute walk in a city
They're ubiquitous, but few prefer them over the convenience of delivery to the doorstep. Buyers are never responsible for missing packages so there's little incentive to use lockers unless you're buying a secret gift or live in a very sketchy neighborhood or your home is so far from the warehouses that same-day delivery is only available at the locker
I was going to counter it, but I guess same-day delivery is what makes this different from my experience. As a buyer, I'm incentivized to not miss packages, because I've already waited between 2 to 7 days for it, and I don't fancy doubling that time over a delivery dispute. But if my packages were all same-day delivered, I suppose I would give less of a damn.
Well not all of them, but I'd say half my packages are delivered same-day in the bay area and most of the rest are 1 day. It depends on your shopping habits and what products are popular in your area. "essentials" like cables, snacks, batteries, hot sauce, etc are always same-day while large items like microscopes can take 2 days
Regarding missed packages, are you talking about stolen packages? I've had a few cases where delivery was one day late and one time I got the wrong order (but got to keep the free groceries along with a full refund for my actual order) but I've never had a package just disappear altogether. Even Aliexpress orders that take 2-4 weeks from China eventually show up.
By missing here I meant missing the delivery, and having the package returned to sender, and/or stashed at the logistics center somewhere in the ass-end of a gravel road far out of town.
I've had a single-digit number of packages never delivered, most of them years ago, from Aliexpress (which, at least back then, had a very buyer-favoring dispute process, so I would get my money back with three clicks or so).
If a parcel I ordered to my house gets sent to a pickup point, there’s an extremely good chance that the sender will be taking that parcel back and I’ll do without or order another one.
Only if I really needed that specific thing pretty badly today would I spend a few bucks and 20 minutes to drive over to come get it.
I ordered some physical thing, not that thing and a quest.
Wait you have to be home for every delivery? How would someone with an on-site day job receive packages?
In the US all carriers drop packages at door (or in the building's locker if you live in an apartment complex). Some packages need to be signed (alcohol, nicotine, gun ammo, etc) but the vast majority of deliveries involve zero human interaction
> Wait you have to be home for every delivery? How would someone with an on-site day job receive packages?
Sort of. Note that I'm a city dweller, living in a flat in an apartment block.
This is a real problem; classical solutions involve having another household member receive the parcel, asking the delivery person to deliver to a neighbor who you know is OK with it (since I started working remotely, I frequently am that neighbor), having them drop the package in front of your door (undesirable, but works in case where there's an extra door between your flat and the staircase), or putting your place of work as delivery address (if your company is happy about it; some are not). Dedicated "package send/receive" stores became a thing, then started disappearing as grocery store chains became package drop points. And then came the parcel lockers.
I imagine this problem was the primary driver of mass, enthusiastic adoption of parcel lockers - for the last decade, I've had at least one within 5 minutes of home, and this let me pick the parcel up at my leisure.
These days, most packages we order go through lockers; the ones are don't are usually medical or plain heavy (10-20kg worth of cat litter, soft drinks, etc.). This works because I work remotely, and my wife is yet to return to work after post-partum period.
> They're ubiquitous, but few prefer them over the convenience of delivery to the doorstep. Buyers are never responsible for missing packages so there's little incentive to use lockers unless you're buying a secret gift or live in a very sketchy neighborhood or your home is so far from the warehouses that same-day delivery is only available at the locker
Then why so much effort is needed to stop package theft to the point of giving access to your house to strangers? Apparently getting package on your doorstep is not as convenient as you would like others to believe. Using such lockers is convenient and secure, giving package to recipient hands is secure but not convenient, leaving package at doorstep* is neither.
*or any other place convenient for whomever is delivering it
I gave several reasons why someone would want garage delivery. Services like walmart InHome are fairly common in the US. Consumers are willing to pay extra for the service and retailers like not having to refund stolen packages in sketchy neighborhoods
They'd be pretty easy to secure on a wood porch and only require minor power tools on a concrete porch to bolt down. Even if you only chained or cabled it to the railing that'd do a lot. Don't forget thieves won't know until they move the thing if there's even a package to steal.
Are you upset with Amazon for hypothetically refusing to deliver to your home unless you give them a virtual key fob to your garage?
Let’s just take a step back here and recognise that we’re asking online retailers to leave our deliveries outside our homes, with direct access to members of the public, but we’re also asking for them to assume responsibility if the packages are stolen.
Morally, in isolation, it’s not a very defensible position for the consumer to take. I personally don’t feel so bad about it when it’s Amazon — they can afford it, basically — but in general it’s not realistic for porch pirates to be anyone else’s problem except the consumer’s.
I think the point is that there's little reason to trust that you would not simply be robbed either by them leaving the garage open, or robbing it themselves.
If Amazon want to leave packages securely, then I am more then happy for them to partner with mail carriers and other delivery services and come up with a common standard for an externally secure lockbox system*. But they're not getting an open door into my house.
The problem in the delivery space is everyone does whatever - there's no standard or common code for communicating secure delivery logic for a premises. You can come up with whatever and it just won't be used. But "give me access to inside your private property" is one of the more insane solutions given that a garage is not an unvaluable area, nor necessarily a non-hazardous one.
If I order something for delivery, it is the retailer's responsibility to deliver it to me. If they leave it where it is stolen before it's in my posession than that is not my problem.
Were it any other way I would not order anything online!
something like 50% of the time I try to redirect a fedex package to walgreens (local drugstsore) the retailer has that feature disabled. I'm sure they have a great reason for it but it seems that putting the package unsigned on my doorstep is specifically the service that they are choosing and I do not have a choice nor do I get to find out about it until after the order has shipped.
> Amazon expects me to weaken my physical security posture to help them defend against an activity I don't engage in and is in no way my responsibility?
Most people get quite irked when someone steals their Amazon package between the time it was left at their door and the time they actually try to get the package. Hence for most people who occasionally receive Amazon packages when no one is home to quickly take it inside a way to let Amazon put the package in their locked garage is a benefit.
> How about amazon builds (at their expense) an amazon controlled box, slap a mcu on, do authentication over nfc, rfid, etc etc. Offer it to customers free of charge, hell throw in a sweetener to get them to adopt.
Like Amazon Lockers? That's not as convenient as delivery to your home. Or do you mean they should provide lockers to individual homes?
I'm not sure that would work. If the home locker was not very heavy or very securely attached to something immovable package thieves would just steal the lockers.
> I'm not sure that would work. If the home locker was not very heavy or very securely attached to something immovable package thieves would just steal the lockers.
How expensive pouring some concrete into a small hole in the ground would be? Or would this become real estate then, or otherwise require a construction permit?
Don't be lazy - if renters offered a few grand to their landlord then they could; plus the cost of construction materials, inspection and labor.
The problem is that it's prohibitively expensive compared to just eating the cost of any thefts, keeping an eye on pickup times so you (or a family member) can take the package inside ASAP, and using pick-up for any truly expensive ($1k+) items when possible.
It's a feature that benefits Amazon more than the customer, but that's OK. Problem is, it comes with significant undisclosed extra costs, that GP listed. Were Amazon and Chamberlain to honestly disclose these costs, I doubt anyone would be willing to adopt this "feature" - which should be quite telling.
Labelling the garage delivery as only to Amazon's benefit is a bit disingenuous. Package theft is a pretty bad issue in many places so having deliveries dropped behind a locked door is also a benefit to the user.
As for your security concern it's not unfounded but if your garage is built like most in the US there's probably already a locking exterior grade door between it and the outside because a garage door isn't that great as a security barrier to begin with unless you remove the pull cord that unlocks the door from the carrier.
I also find a bit of irony given how much fraud there is on Amazon's own website. There's got to be far cheaper solutions that result in far higher revenues. Of course Chamberlain doesn't have access to this revenue stream, but I'm sure there are other things that they can do like charging for an API key or better yet, charging Amazon for an enterprise token (which users can disable!). Since it seems they're willing to take on the security risks... because the current solution clearly doesn't actually resolve the issue. I can't imagine anyone that understands how to use HA wouldn't understand how to use ratgdo so I'm not sure they're realistically changing revenue outcomes.
About Amazon, how fucking hard is it to use a fucking Naive Bayes classifier to just check if product title or description changes significantly? Hell, do it with Babbage or some other (not L)LM that's cheap as fuck. We already have clear leaks showing that they fuck over sellers with their price lockins, are you really hurting them more by dropping all those product reviews? You can also do way better by using an image classifier. I have a hard time believing a company that's bragging about how many robots it uses in its warehouses and replaces shitty support with even shittier LLMs is not going to actually result in higher profits by doing this. A few returns probably covers the cost because shipping is expensive (something they already don't get right. Haven't had 2 day prime delivered in 2 days since 2018...)
Also, anyone else find it weird that stores on Amazon don't list all their products? Like you can click on the store page from the product and then that product is nowhere to be found. Want to reduce scams? Force the listing of their entire product directory. I already can't rely on reviews, you just are making it harder to trust you.
I really do wish there was a halfway decent alternative to Amazon. Even Target and Walmart's online stores are more attractive, just limited. But this seems to be a generally sucky space and I don't understand why. Don't even get me started on NewEgg...
> Money is one hell of a drug because they are high.
They're so high they're even turning down higher profits. But I guess the issue is caring FAR more about short term profits (quarterly statements) than long term (hell, even a fucking year). I really don't get this metric hacking bullshit bureaucracy we've built (and its not just isolated to the US or the West).
> But [online retail] seems to be a generally sucky space and I don't understand why.
Because the margins are incredibly low (thanks, Walmart and Amazon?), which means you need capital-heavy hyperefficient warehousing/distribution to even compete, which means you need scale, which means there's little competition to make things better.
Oh I 100% agree. Natural monopolies are real things, and things I wish we would discuss a bit more seriously. Especially with their growing prevalence in the modern age. We still seem to be caught up in this dream that small startups can displace giants in every market. But you can't in things like online marketplaces, social media, ISPs, insurance (of any form), cell phones, streaming services, etc. Because when the product is the network, natural monopolies are going to rise and you can't really go around monopoly busting without just destroying the product itself. We've used monopolies in the past (e.g. AT&T gave us Bell Labs due to this deal), but we don't seem to take this seriously anymore and idk if we just don't have the energy or attention span to get even a little bit nuanced (which to be fair, we're often arguing before we can even introduce nuance despite that being needed to not fight). I mean to me it even seems like politics get shittier with scale due to natural monopolies (I don't want to hear how Europe has "multiple parties" they still only have 2 coalitions which is what US parties are actually closer to).
I'd love to see logistics shorn off from point of sale.
I think there'd be a lot of room for innovation if you turned Amazon/Walmart/Home Depot's logistics into their own companies, then allowed people to put whatever between that and the customer that they wanted to.
Which is essentially what Amazon does now... the only difference is they get to control that link and the revenue flow from it.
Segregating market functions forevermore would go a long way towards returning competition to marketplaces, imho. (E.g. logistics|retail, advertising|everything, etc.)
Lockitron! I remember chatting with your engineer about the WiFi radio we used in Twine. Good insight.
Ah, chokepoint capitalism. The problem with every company becoming a tech company is that they all expect unsustainable tech company growth. The strip mining of customers is also scaling up, so efficient that industries will destroy themselves. Can't wait until private equity owns the radios in my home, and controls not just the output but inputs.
Twine! You guys single handedly snowballed the Kickstarter revolution! Huge inspiration for us and Pebble in 2012 directly.
Your campaign felt like a “butterfly flapping its wings causing a hurricane” kind of moment. You inspired so many entrepreneurs of that time to take a risk and crowd fund which then inspired another generation. Some of whom ended up huge and going public like Peloton.
Regarding choke points - I don’t think they’re all bad. Sometimes certainly, but others it’s a defensible moat that forces an industry to specialize into various key players that serve integral roles. I’m thinking specifically of semiconductors with companies like Western Digital locking up storage, Qualcomm with radios, ARM with compute, Samsung/Hynix with memory, etc This creates a stable enough ecosystem to build various software abstractions on top.
The stability is nice, agreed, but it's inevitable that monopoly/monopsony gets abused. Samsung/Hynix were part of a price fixing cabal, Qualcomm's IP has been a boot on the neck of innovation, Western Digital has suffered multiple disasters that caused global storage shortages, and ARM is currently flipping the table with its licensing changes. We can have stability with open standards, too.
That's cool to hear—I didn't consider we had that influence, though should've realized it after chatting with y'all, Ring/Doorbot, Particle/Spark, Pebble, etc.
Guess it took two generations to shake out the hardware startup mistakes. We were early and naïve, but we did ship, and the Twine servers remain up. You learned to focus the use case, and I still haven't. Go figure, I think there's still a space for a general-purpose physical computer, so we're doing it again: https://supermechanical.com/pickup
Funny that Kickstarter's history since is a hindrance, and we might go the Selfstarter route to produce the experience we want next time.
So you're saying that retailers will pay Chamberlain to act as more or less a clearinghouse for package deliveries in my garage, and that in order to successfully operate this model Chamberlain needs to funnel all users through their proprietary channels in order to fully vet the delivery transaction? Or at least to prevent HA users from nibbling at Chamberlain's lunch with DIY equivalents? Do you think that they will pull back from this move given the pushback?
For retailers I want someone to verify that they are legitimate. I don't want random people in my garage. If someone enters my garage when I'm not home they better really be agents for WalMart/Amazon/target/UPS (as opposed to WolMort/Amozan/targit/USP...) , and whatever company does that does background checks on drivers. Probably they also need to have other cameras in their vehicles so that drivers trying to steal whatever valuables I have are not stolen. (as already pointed out, most people have an unlocked door from the garage to the house)
But that can be achieved by giving the retailer a one-off access code/secret which will be handed to the delivery driver by the retailer's company?
At no point does "preventing random people in your garage" required a greedy middleman in the path between you and whoever you want to give your garage door access code.
Many people already have a keypad mounted outside that will open the garage door. You can set up a guest code there and give to Amazon, or anyone you want. There is zero need for internet-enabled smartness in the garage door opener here.
I gave amazon my code for a Christmas present that absolutely could not have been stolen from my porch (as many other recently had). As a working man, I couldn't sit at home to wait for it. I was a little nervous, but I have cameras at least. I then removed all reference to this code from my account. Then, one driver entered while I was going about my day in there and saw me waiting with a hockey stick, as I was wondering who was breaking and entering, and Amazon wrongfully told him what my code was to get in and that it was OK to go in without my permission. I quickly understood what was happening and I think he did too, so I dropped the stick and he dropped the package. No harm, no foul.
Of course, I changed my code after that, but drivers still tried to get in with my code code. I opened countless tickets with Amazon to get this reference to my code removed from their system. They gaslit me many times saying it was removed. They were incredibly rude to me when told them they were lying to me, and now I sometimes get delivery drivers getting pissed off at me (for some reason) that the code doesn't work after they ring my doorbell.
What I want people to get from this story is, don't give Amazon your code. Get a separate delivery box instead or even a storm door works to hide most packages.
> and now I sometimes get delivery drivers getting pissed off at me (for some reason) that the code doesn't work after they ring my doorbell
Since Amazon clearly has no idea what they are doing, I would put up a note next to the keypad saying “Amazon drivers: just drop the package, there is no code”
I've got this large delivery box on my porch. Right next to the door. You see it when coming up the steps. About 1/3 of the time packages are left on the porch next to the box that has inch-high letters spelling "Deliveries". The page on Amazon for "delivery instructions" changes frequently, but there's no way to put on there anything about "delivery box". At least they now come to the correct door of the house - there's a place for that.
Amazon's problem is that they outsource the delivery and there is such a terrible turn-over problem with delivery drivers (and delivery contracting companies) that nothing works at their scale.
Circa 2010-2014ish, I had the same Amazon delivery driver for several years, and it was awesome! It was just this one guy who delivered all the Amazon packages to my neighborhood. Same guy in the same truck every time, and he got to know my family and we would chat and he would help me with gardening and give me advice on how to prune my trees.
Someone else said they put a sign requesting not to ring the doorbell. No, that doesn't work. My solution was to adhere a plastic cover to my doorbell so people can no longer press the button. Problem solved - mostly.. doesn't stop people from squeezing the plastic cover lol.
As if amazon drivers read the notes. I once left a giant note saying in capital letters "DO NOT RING DOORBELL, SLEEPING BABY AT HOME" and of course the absolute knobhead from Amazon had to ring the doorbell. Literally never shouted at anyone in my life before this.
A few times I've left a very big note that says "PLEASE KNOCK LOUDLY" while sitting in my livingroom facing the door just to never see the UPS or FedEx delivery person approach but get a text message about "no one responding" so they reschedule the pickup (and I can't pick it up at the hub a few miles down the road because it's closed...). One time I chased a driver who literally just threw a note on my door (no sign like other time) and very clearly did not knock. I mean I watched them... They just walked up, box in hand, put the note on the door, and walked away. Rushing. USPS also often won't deliver small packages that fit in my mailbox because "a car was in the way" (definitely not true) despite delivering larger packages to my apartment's office the same day/time...
I'm not sure what hell these jobs are that turns drivers into such shitty people, but I feel pretty confident that it is the system turning them into shitty delivery drivers rather than exclusively shitty people applying for delivery jobs.
Probably they are getting squeezed to deliver an impossible number of packages during their shift. Hence the stories about drivers peeing in bottles and such.
It seems to be a local branch culture thing. You see it with USPS offices too.
Some are amazing, mail is delivered perfectly, etc.
Others cannot for the life of them match number to address, and it doesn't seem to matter who is delivering as the attitude spreads across the office.
I think a huge part of this is missing actionable feedback messages.
If USPS/UPS/FedEx had better channels for "my mail was screwed up" reporting, to a granularity necessary to isolate bad branches, I think things would clean themselves up.
As-is, customers learn to live with it and the mothership is unaware the branch is screwing up.
I've watched the Fedex truck pull up to my house and the guy walk up to the door and slap a sticker on it for missed delivery. Didn't even bother to bring the box, knock, or ring the bell despite my car being in the driveway.
You see, a note may not prevent amazon drivers from doing what they do, but they lose their moral ground. Now they can be shouted at if they rang a doorbell or tried to use a code for a garage door.
No more anything like this "I sometimes get delivery drivers getting pissed off at me (for some reason) that the code doesn't work. You can cut into any their speech with "English, m****r, do you read it?".
If you've ever added "delivery notes" to an order, they're automatically shared with every subsequent order. Clear out the delivery notes on your next order.
> On a side note, Amazon's interface is so much worse than Allegro
No kidding. Allegro isn't perfect, and seems to get worse every iteration, but they're miles ahead. Amazon - they're down there with eBay, worse than AliExpress. I literally only order Kindle books from Amazon, and that's only because I mastered the "google a book, switch to Kindle edition, click the 'buy with one click' button" flow, which they managed to not break just yet.
I expect it's probably cached in some downstream sub-contractor's system.
Ergo, both things can be true: Amazon cleared it on their side (customer support sees it cleared) and the delivery drivers still see it (using the subcontractor's system).
Probably because nobody at the sub-contractor's (outsourced) IT/system saw fit to implement a "As a customer, I want to change my note after initially setting it" user story.
Could you have instead changed your code? It's generally best to assume that it's not possible to delete secrets once they are shared (after all, in worst case, the driver could have just remembered the code from the previous visit)
You’ve glossed over the most complicated part of this: “give it to Amazon”. There are so many things involved in that portion of the process that an internet enabled garage door solves, most importantly: not having a single code that can be used by anybody at any point in time until I manually go back and remove it.
You still need an API for getting new codes. If you're willing to switch apps and manually generate a new code every time you order something online, you likely don't order often enough to be relevant to any e-commerce company
The problem should be inverted - use the package tracking number as code. This way, every code is unique, hard to guess, and the delivery person has it literally printed on the box. Being able to update the lock with expected tracking numbers is something that could be done simply and via local network.
This is fairly complicated to do locally and securely. If any e-commerce website/app could add tracking numbers as PINs to your smart lock via the local network, that would be a security nightmare. You'd also have to provision domains for every smart lock so that every lock can get Let's Encrypt certs and accept requests from web browsers without configuration. Not to mention most tracking numbers are easily guessable because they consist of a destination code and an auto-increment integer.
Also a lot of companies don't assign a tracking number until the package gets transferred to the last mile carrier. Again, if you're willing to manually copy-paste the tracking number after you get the shipping notification every single time you order something, you're clearly not part of the target demographic
It’s not complicated at all. I get shipment notification from Amazon, tap in, copy tracking then paste into browser interface of iot thingy. I think you might be one of those guys who types 500 lines of code when 50 will do the job.
No you don’t. I enter code into browser of iOt thingy, set to expire midnight on delivery day, copy/paste to Amazon when placing order. NBD. I could even reuse the same one over and over if I want, just enable it when a delivery is due.
Okay, but the adoption rate of "let me create a code for my packages and give it to the Amazon person" is perhaps two or three orders of magnitude lower than if Amazon shows a bunch of call-to-actions for "link your myQ account for secure deliveries".
And if Chaimberlain charges Amazon $0.50 per door opened to enable that feature (which steers buyers towards Amazon and away from the manufacturer website, Walmart/target/eBay/random competitor that doesn't have that feature) that might be a bigger, recurring, higher-margin revenue stream than all of Chaimberlain's traditional manufacturing profits. Which would you rather have - $200 revenue for a $100 cost once in 20 years, or $0.50 per week for a few packets of data?
They could afford to give away the openers if they could win that revenue stream.
And Amazon would dump them in a second if consumers could instead click "Link your Home Assistant for secure deliveries and get $0.30 digital credit". Or more likely, Amazon would throw directly wired Dash buttons at consumers to enable secure deliveries.
That sounds plausible in theory, but it's still pretty weird to me though because Home Assistant is exclusively the domain of home automation geeks. There isn't even an off-the-shelf turnkey device to get into the ecosystem, you have to know what computers are (including scary things like "operating system" and "IP address") to even get started.
I don't know what Chamberlain has to gain by sticking it to that particular demo. For HA to be a threat to the "partnerships" like Amazon, it would have to have an audience sizeable enough that Amazon would consider incentivizing adoption.
I would say it seems dumb to piss off the most passionate fans of home automation when you're a vendor of equipment that such people might want to buy, but Chamberlain has such a stranglehold on the market that I think they figure that even if they royally piss off that 5% of the garage door opener market, those suckers (or their garage door installers) will be forced to buy the gear from them anyway.
> There is zero need for internet-enabled smartness in the garage door opener here.
Yes and no. At the scale Amazon operates, I can see value in being able to automate the process rather than requiring each driver to find and operate the keypad for each garage.
Automation, if implemented perfectly (which it obviously won't be) also prevents one form of bad actor. An Amazon delivery driver who uses your code in the future to gain unauthorized access to your garage. Automation allows this code to be limited to a single use.
> as already pointed out, most people have an unlocked door from the garage to the house
Not sure where you live, but every house I've lived in (USA, a few different states) during my entire life has had an exterior-quality door with exterior-quality lock, including deadbolt, between the house and garage.
In the one house I lived in that had a security system, that garage-to-interior door was also wired into the system and arming it would treat it like an exterior door.
Having said that, I still wouldn't want random delivery people entering my garage without my knowledge.
> Not sure where you live, but every house I've lived in (USA, a few different states) during my entire life has had an exterior-quality door with exterior-quality lock, including deadbolt, between the house and garage.
Likewise, but even if it's actually locked, no lock is impenetrable, and a closed garage provides a thief with the privacy to pick it at leisure or even break down the door. Burglary deterrence advice sometimes includes tips like adjusting your landscaping so your front door is visible from the street and locking gates to your back yard. Letting the thief into your garage thoroughly defeats the point of that...
Also, I keep stuff (bikes) in the garage that I don't want stolen.
This makes me feel like the whole thing is, in large part, meant as complementary product to security cameras. For example Ring cameras, oh so conveniently owned by Amazon.
Yeah I think people just aren't getting it and don't understand what all the data does and means. More importantly, I think they can't see that there are other options, which in some/many cases there realistically isn't (hacking your own solution doesn't count. Needs to be unskilled)
I've been thinking lately about how quickly the world has changed and I think it's a bit underappreciated. I mean cellphones only became a household item 20 years ago, smart phones about 15. Or closer to home, at least for me, generative models went from barely making small black and white human faces (Goodfellow invented GANs mid 2014) to being able to create some fucking good quality images on consumer hardware in a few minutes (not counting all the prompt engineering required. But unconditional is still pretty good). Not to mention that access to these things isn't homogeneously distributed and so rural and poorer regions tend to get thrown into the deep end rather than wade their way in. I think from that perspective a lot of drama makes sense. Especially when we're talking about how people are not very tech literate. Hell, I have a hard time convincing people in my CS PhD department that hate Facebook's spying to switch to Signal or even switch to FF (we see the same stuff here on HN. More excuses than explanations). If the "friction" (even if 90+% mental) is high among tech experts idk how novices can handle all this. At least with my family they're more willing to believe Facebook's app uses an always listening microphone rather than believe me when I explain that they can figure out you're friends and interested in gardening if you just stand next to someone or walk around with them for 30 minutes in the gardening section of Home Depot ¯\_(ツ)_/¯ (sorry, this took a tangent, but I know you think about some of these things too)
Maybe, but (and I say this as the author of an NVR [1]) security cameras only accomplish so much. It helps that in this case Amazon/etc. theoretically knows who opened your garage so with their cooperation (not a given), you should be able to match the video to the suspect, but even then it may not provide the expected standard of proof much less get your stuff back...
I think parent comment was saying the door exists, but many people leave it unlocked. I grew up leaving that garage-interior door open because that's where we put the litter box, at several different houses.
>every house I've lived in (USA, a few different states) during my entire life has had an exterior-quality door with exterior-quality lock, including deadbolt, between the house and garage.
Sure, but I've probably locked it barely more than twice.
> Not sure where you live, but every house I've lived in (USA, a few different states) during my entire life has had an exterior-quality door with exterior-quality lock, including deadbolt, between the house and garage.
I don't know if that would do much.
It's one thing to be sawing up a front door that is in plain sight of the street -- passer-bys might call the cops if they saw that.
But if you're doing it from inside a garage? You could shut the garage door and saw away. Nobody would report saw noises coming from a garage because that's super normal.
My in-laws have this, but mine, my parents, my siblings, my wife's siblings, and my neighbor all have a big window in that door. And none of them are ever locked.
How old are those houses? They probably are not compliant with current building codes[1], many places require your garage doors (and ceilings) to have higher fire resistance than the rest of the house. In my experience, fire-resistance correlates to sturdiness in doors.
1. I know it's a broad generalization, also location-dependant
Latest codes have backed off of that. Doors that can meet the old fire doors had closing springs set so strong the elderly couldn't open them (or couldn't get in with packages after getting it open)
I don't see anything in your comment that suggests the latest codes have backed from high fire resistance - which was the thrust of the comment you replied to (garage doors have become sturdier, and glass has low fire resistance)
Background checks don’t ensure trustworthy staff, they just select for only criminals who are slick enough to not get caught doing crime, or criminals who haven’t been caught yet. Their effectiveness is overstated.
I don't think they care about HA at all, but they do care about Amazon not going through them to get access, and from the API server's perspective, both look identical.
Personally, I hope that Amazon doesn't play ball. You can TRY and seek rent from the world's largest retailer, but you need them, they don't need you.
My main takeaway is that Amazon should offer a discount to deliver packages to buildings with staff to accept the packages. They never go missing, so less refunds, and the building staff does not charge Amazon to receive packages.
The business dynamics are pretty interesting, though. It could be that paying this company reduces missing packages so much that it actually saves Amazon money, which they pass on to consumers in terms of lower prices. Or, it could be that they charge $1 per access, and Amazon passes that on to the customer, and then people are disincentivized from using Amazon. Meanwhile, a competitor (say, Walmart?) brokers a deal where they hide that fee, and take enough customers away from Amazon that Amazon has to play ball (and now the price is $2 per access). Costs go up for everyone.
The phenomenon of partnerships like my hypothetical above are very interesting to me. Every so often I check what I can use my credit card rewards points for, and most of the offers, to me, seem like "failing retailer desperately needs a customer" rather than anything I actually want. Thus, the partnerships must be a pretty important tool for companies that are not in first place.
Finally, I think about the long term effects of this sort of thing. Everyone wants a % of every transaction. "Oh, you turned your lights on when someone came to deliver a package? Pay the manufacturer of the light bulb $1 and your electric company an extra $1." This will look like "economic growth" to each of those intermediaries, but in the end, they just devalued the dollar. ("Inflation.") We end up with bigger numbers, but actually decrease the amount of "value" floating around.
Curiously in this case, the impetus seems to be a problem that stems primarily from delivery companies squeezing their drivers to near-breaking point. In other words, we're talking about things becoming $1 or $2 more expensive overall, to feed a side industry dedicated to offsetting the negative consequences of exploiting delivery drivers.
The only term that comes to my mind here is cancer.
I am suspicious of the idea that fraud could somehow be reduced by allowing gig workers access to the interior of my home. Somehow this seems an awful lot like a multibillion dollar company offloading work on me.
> Somehow this seems an awful lot like a multibillion dollar company offloading work on me.
That's most of the tech industry in a nutshell. From the office suite through all the "self-service" web/mobile interfaces, self-service checkouts in stores, to stuff like this - it's all making you do the work that was previously done by full-time professionals. It's a net loss of efficiency, and it only looks otherwise because salaries of full-time professionals are legible to bean-counters, while the same workload redistributed in tiny bits to masses of people is invisible in balance sheets.
In short: I'm starting to believe that most of the "improvements" that came with software are actually just accounting tricks, and this is why actual performance gains don't seem to track expected gains.
Have gains not been accounting tricks since the 90s?
I would say that almost all of it is, eg, disassembling our manufacturing and shipping it over seas - which ultimately eroded the middle class and jeopardized national security. But neither of those is on the balance sheets of the relevant company.
Anti-social short-term metricized business is the ultimate form of Taylorism — and in three generations, we can see that it’s an abysmal failure.
Sprinkling math on top doesn’t make reckless greed a good idea.
> Have gains not been accounting tricks since the 90s?
Quite possibly. I only thought this through wrt. software, as this is my field, but the overall method seems universal: turn concentrated work into disperse work, and throw it over the organizational boundary, so it looks like you've made the costs go away.
Add to it the time lost because software tends to be less reliable than its counterpart because multiple software interfaces tend to increase complexity. There are some things that software is wonderful for improving. But I don’t need a IoT stick of deodorant.
> go to the dealer to buy a replacement key fob for your Tesla for $300 and not eBay for $5.
Off topic, but FWIW: Teslas don't in general use fobs (maybe you get one with an S or X?). You can buy one for $175 if you want, but in general the primary unlock mechanism is the app on your phone, with the effective root of trust held in an RFID wallet card (of which you can buy extras for $20 each).
That's a terrible idea, and it requires you to have both a smart phone and to have it charged and working to get into your own car. An phone crash can leave you stranded.
Why should the garage door manufacturer take a cut if a third-party wants to use/access my garage door (which sells for real money and isn't advertised as a rental).
If a homeowner wants to let Amazon, Walmart, etc to open their garage door, it should be up to him to provide them with an access token/secret/etc to enter, just like you can put a door keycode in the order notes. The interaction should be purely between him and the retailer and there is absolutely no need for some rent-seeking scum to be involved.
The disgusting business model you seem to be justifying is akin to house builders/contractors being perpetually owed a cut every time you invite over a guest into your house or they switch on the lights.
2. Through research they find user wants to interact with their smart device while outside of range of wifi/bluetooth.
3. Company builds device firmware and cloud infrastructure to support this goal.
4. Company wants to simplify business logic and doesn't provide local (wifi/bluetooth/zigbee) support. Online only can service both on-premise and off-premise.
5. Company needs to reduce costs and justify ongoing operational costs of supporting this cloud + device service.
7. insecure, opaque devices that have always-on internet connections, that owners cannot upgrade/fix/defend against and require external actors to protect (ISP's blackholing bad traffic)
Remember, the S in IoT is for Security.
They could simplify their business logic by making sure local first is reliable, and internet access can be turned off, and supporting vendors making (user-controlled, upgradeable, etc) gateways that handle the cloud/internet/local handoff
I don't disagree with you, since the company I work for supports both local network access to their devices as well as cloud access for when you are outside the home. But supporting both does not simplify business logic, it increases complexity. It introduces more states and failure points that your firmware devs and app devs need to account for.
A solution to that is to make the cloud-based service as dumb as possible, only operating as a NAT traversal helper and/or TURN relay, over which the local-only protocol is tunnelled.
I appreciate your response, and don't want to go too far off the thread here, but as a software developer/architect myself, how can that possibly be true?
The state of the environment that the IoT device is sensing or controlling, has to match local reality. Therefore, the state that's actually on the IoT's MCU is the true state that matters. (Any state stored cloud-side could be stale if the MCU is disconnected, or misses updates) Ergo, if the cloud service is showing or manipulating the state of the IoT device, it has to read or command the IoT in near realtime, implying some kind of constant/realtime connection.
This would be the same mechanism a local-first connection would use, right? What am I missing here?
Aside from all the small added complexities of swapping between local http polling vs mqtt pub/sub for both apps and devices, the big complexity is managing authorization. Think about how simple the device firmware gets to be if the only access pattern is a single secured mqtt channel for processing commands. Anything coming down that pipe comes from a cloud provider that has already negotiated who can and can't send those commands. When you open up local access the device itself now needs more code to manage authorization and all the attack surfaces that come along with that.
I'll argue the fucking garage opener shouldn't even be connected to the internet. It, like every other "smart home" device should be connected to a zigbee/z-wave/thread gateway that can be replaced when it gets old and the manufacturer can't/won't support the gateway anymore.
What's interesting is the "ongoing operational costs" should be calculated to NPV and rolled into the cost of the garage door one-time-purchase. We're talking about a $3-400 garage door opener not a $20 echo dot.
I don't actually find this model so disgusting as long as it's implemented in a non-restrictive way.
If a garage door manufacturer offers me a (free, local) API to fully control my door and allows me to check a box to let Amazon in, what, exactly, is the problem? Sure, I could also allow Amazon in without checking the box (assuming Amazon offers the appropriate integration and I'm willing to deal with maintaining my side of it), but it also seems okay for Amazon to pay the garage door opener company for the first-party version. Everybody wins.
Forcing the actual device owner to use a crappy cloud service is an entirely different story, but it's not required for the Amazon business model. Similarly, many video recording devices support ONVIF and have an optional paid first-party video storage. (And I imagine that quite a few commercial users demand the former -- no one who operates a concierge/security desk or a serious office building or a warehouse or an industrial site has the slightest interest in using four different first-party cloud offerings from four different vendors of their various gizmos that contain cameras. They are going to run one NVR, possibly with off-site backup, with one integrated system for viewing and analyzing the feeds. And they will pay handsomely for that, and they're paying that money to one of several established companies in the space, all of whom require at least token ONVIF or RTSP compliance, and they aren't about to kick any of that money over to the camera makers, because there is no shortage of competing camera makers.)
They are not giving me a free, local API. They are doing everything possible to make the API unusable except by their application, and they are throwing ads all over their app and using dark patterns to hid the open/close buttons until you scroll past the ads.
I just connected my garage door opener to Home Assistant by taking apart a paired remote and wiring the button to a Zigbee relay. They can't stop me, no part of this is connected to their cloud. In any case, smart home stuff should never rely on the cloud.
This is genius. As someone who is familiar-enough with minor electronics to fuck something up, but not confident enough to look at this photo and go for it—what am I trying to learn here? What are the terms I'm trying to google to figure out how to connect <electronic board> to <electronic board> via <wires>?
One of the articles on this mentioned "ratgdo" as a simple board to do most of the "make a button wirelessly available to homeassistant", I haven't tried it but searching on it gets you a lot of reasonably specific articles and videos.
The pictured solution is very easy and comes with directions (ratgdo).
However, if even that is too much you can make a Switchbot do almost anything. It's just an actuator that pokes buttons and is a premade product with a shell rather than a DIY thingy.
Maybe? How many people are switching out their garage door specifically for Key? Every new home I've experienced has no choice for which brand of garage door opener they use, the builder has standardized to a specific brand and often only updates the model whenever forced to.
Apartments? Businesses? Yeah, Chamberlain only sells garage door openers BUT Chamberlain Group[0] owns Chamberlain, LiftMaster, Merlin, and Grifco (I think they missed a "t" there).
Literally the bottom of the Chamberlain website reads
> The Chamberlain Group LLC, the corporate parent company to LiftMaster, Chamberlain, Merlin and Grifco, is a global leader in access solutions and products. __We design and engineer residential garage door openers, commercial door operators and gate entry systems.__
Garage doors openers have a life of 10-20 years. There are many many millions of existing homes that need new openers every year.
Also, openers are also a common up-sale when other components are serviced or replaced. For example, if you get a garage door replaced, the installer will often recommend a new opener at the same time.
Thanks for Lockitron, I still use it! Probably one of the few. At least Chamberlain has kept it running, which honestly I'm surprised at. I have been looking at other ones, and with this news I think it's time to do that.
> They are afraid a potential partner will use the automation meant for customers.
But isn't the door property of the customer? In this case it is perfectly the customer's choice and right if they want to use the customer-facing API to let a delivery company in.
A stressed out underpaid and overworked delivery driver is the last person I want in my garage. Verified deliveries are left at the wrong house, or the driver simply takes it with them after posting the porch picture. And I've seen boxes arrive that were forced open and the contents pulled out. But sure, it's the customers who are untrustworthy not the delivery people.
> A stressed out underpaid and overworked delivery driver is the last person I want in my garage.
Same, but this is irrelevant to the point GP was making. Some minority of people do want Amazon Key (and similar services), and those people are now unable to claim their package wasn't delivered once they sign up for the service.
Add those people up and you have something worth millions, even if there aren't many of them.
I live in a townhouse and I _love_ the Key deliveries into my garage. I've been using it since it was a closed beta, and I haven't had a problem with it.
It provides a convenient service for both parties.
True. Delivery drivers consistently deliver to my neighbor instead of myself. The last three digits of our addresses are 885 and 855, and they consistently confuse the two. They’re tired, overworked, underpaid, and I honestly don’t blame them. But I wouldn’t trust anyone in my garage/home when I’m not home. Not sure why these companies think that will actually work.
They think it will work because if you refuse to do it they won't refund your stolen package unless you file a police report, and convenience with huge downsides wins with consumers 99% of the time over effort with no downsides.
This is just conjecture, btw, I have no authoritative knowledge of their plans to do anything.
As things are, missing packages are not really a police matter for the recipient. Recipients don't actually know that a package was stolen, since it never made it into their possession. Amazon could certainly file police reports, but that requires a higher bar of evidence than throw-and-go delivery service provides, and either way it Doesn't Scale (TM).
I'd guess it's more likely the opposite dynamic, where they'll get a bunch of early adopter types to sign up without thinking through the ramifications. And then after the honeymoon period, Amazon will start demanding those users file police reports for missing packages since from their system it now looks much more airtight that the package must have been stolen from the buyer.
That’s not true, the garage typically has a full outdoor door with standard security (dead bolts, wired into the security system) the same as any other door as the interface door between the garage and the house. This is a code thing for a variety of reasons but primarily because the outdoor door is weatherized and provides a barrier against CO, but also for the precise reason that the garage door is not considered secure. The protocols for opening the door wirelessly are known insecure and municipalities have required outdoor doors at the interface due to the number of home invasions and burglaries through the garage.
Agreed. Our garages have always had three entries: one from the house, one via garage door, and a side door. Side door was always locked, garage door always closed (never locked though), and the door between house and garage not only almost never locked, but often flat out open because that's where we put the litter box.
It's functionally true. Thinking off the top of my head I can come up with at least a dozen examples growing up of friends w/ these doors. Not a single one was ever locked. Most of the time w/ school-age kids they would be left purposefully unlocked so the kids could let themselves in after school w/ the garage door PIN code.
I honestly can't think of a single person I know who routinely locks those doors.
I've lived in many houses in the US (eight, some new, some older, in five states) and only one had a deadbolt on the door from the garage to the house interior. All have had normal locks and were exterior-door-quality. So, definitely not a universal truth.
Not to mention... a car, as there's a car theft crisis nearly everywhere in the past 2-3 years. I consider the garage just another room in my home. I consider entering my garage akin to entering my house
This would work with only humans involved, but nearly everybody runs addresses through standardization now, and they would reject all of those as an incorrect address and usually require the user to enter a conforming one, including the (otherwise very clever) apartment number hack.
This is the same thing that continuously requires me to use my "ZIP+4" for absolutely everything, even though as far as i can tell, there is zero point in ever using it unless one is literally doing metered US Mail.
I'm sure that sometimes happens successfully as you describe, but having worked in ecommerce for a long time, many larger retailers will throw addresses like that either back at the customer until they "fix it" or to a queue where customer service will attempt to "fix it" including by calling you. The carriers (like FedEx etc.) really like standardized addresses. So this could result in delays in getting your order.
I've got an 80% hit rate at best across all carriers (in the US). I'm constantly trading mail with my neighbors due to mis-deliveries. It's a good thing we now have the option to go mostly paperless for important documents at least..
Subject to location service accuracy, which as we know, is ±1m... in movies, ±10m in reality... except more often it's ±50m or worse, because who knows why.
This can happen. A delivery person comes to a door, presses the button in their app, and nothing happens. So it's immediately obvious that they are at a wrong location.
And they know that they can't just leave the package there, they have to find the correct door. And there's a flow in the Amazon delivery app to mark an incorrect geolocation, so they won't be penalized for taking longer time.
The app also has pictures of the location in question, to minimize the confusion.
From the homeowner's side, the garage door will be open for half a minute or so with nobody nearby. It's possible for a burglar to use this time to quickly run inside. But the probability of that is pretty low, and there'll be a camera recording of that.
> And they know that they can't just leave the package there, they have to find the correct door.
Except that's not true at all. Amazon had my new house geolocated wrong (think robin instead of arden st in their system, even though I put the address in correct and it read back correct).
First delivery came, "delivered", not at my door... Contact CS, get a refund, continue.
"Ok, I'll setup key so they know it's wrong and deliver it in my garage."
Pieced together from video:
Second delivery arrives at wrong location, garage door opens...and was never closed. "delivered"
Took me contacting CS 5 times, with 5 failed deliveries, and doing an email bomb to get them to update my geo-location. Turned out it was literally across the fucking city, ~8 miles away.
Not at all. Since the app is linked to a system that opens your specific garage door, it will be obvious because they push the button and the door in front of them does not open.
My point is Amazon is blaming customers for fraud when it's the fault of a delivery mistake such as dropping the package at the wrong address. Or the drivers themselves stealing the packages.
This is infinitely more sensible than some crazy internet connected garage door opener scheme. Somehow I think it's far to sensible for modern culture though. Everyone's lost their minds.
I know it's a distraction and orthogonal to your point, but your statement of a "key fob for your Tesla for $300" is fallacious and incorrect. Tesla uses Phone Key with with the Tesla app as your primary method of unlocking the car, with a $20 NFC card as fallback, and the limit of paired phones is above any practical real-world use. If you want a keyfob as a status symbol, it's $175. (Mine is a desk ornament, it doesn't get used.)
Swap in a more traditional automaker, and your point remains correct.
Since you noted it, it’s actually very much part of my point. Tesla engages in price segmentation for replacement key fobs because they have key control. Perhaps even more aggressively than most other automakers short of VW Group. When done well it’s invisible to the user. I suspect by your (polite) comment that you may not be aware that’s going on here.
Premium users pay $300 to replace the fob on their Model S / Model X. Mid users pay $175 to replace the fob on the Model 3 / Model Y. And an entry level option exists for the cards. Plus programming fee. Handling fee. Local taxes. Processing fee. Etc :-)
Without control of their PKI anyone could self program a replacement for a few dollars as is the case with the garage door market.
As an aside, I find the fob useful for booting the car up prior to getting in, rather than waiting 40 seconds before the fly-by-wire shifter starts responding to commands to put it in gear.
> And an entry level option exists for the cards. Plus programming fee. Handling fee. Local taxes. Processing fee. Etc :-)
Cards are $20. No programming fee, no handling fee, no processing fee. Yes, there are taxes and yes shipping things generally costs money. Users program keys themselves.
> As an aside, I find the fob useful for booting the car up prior to getting in, rather than waiting 40 seconds before the fly-by-wire shifter starts responding to commands to put it in gear.
Keys are for valet and I keep mine in my glove box. The car boots up almost instantly.
> If you want a keyfob as a status symbol, it's $175. (Mine is a desk ornament, it doesn't get used.)
The keyfob is super-useful. It fits perfectly into that small jeans pocket (that was originally meant for watches), so you can trigger the trunk/frunk opening without taking the fob (or phone) out.
Yes, I mean surely Chamberlain could maintain a correct and official API endpoint for HomeAssistant users for the kopecks it would cost. It’s all a big money grab.
I was burned by this change. I don’t know if anyone at Chamberlain is reading this, but you guys have neighbors, users just wanna keep their home safe. You’re one TikTok away from a crisis when you do stuff that is anti-consumer.
Contrary to the popular sentiment in a lot of the comments here, there’s not much value in the analytics. As we all painfully found out in the 2010’s, there are only two viable recurring revenue streams in the IoT space - charging for video storage and charging for commercial access. Chamberlain does both with the MyQ cameras and with the garage access program to partners like Amazon and Walmart. Both retailers have a fraud problem (discussed here https://news.ycombinator.com/item?id=38176891). “In garage delivery” promises dropping delivery fraud to zero - ie users falsely claiming package theft. That solution is worth millions to retailers, naturally Chamberlain would like a cut but only if they can successfully defend that chokepoint.
For historical reasons having to do with the security of three or four generations of wireless protocols used in garage doors they can’t (and products like ratgdo and OpenSesame exploit this.) Other industries such as automotive have a more secure chain of control over their encryption keys so one has to (for instance) go to the dealer to buy a replacement key fob for your Tesla for $300 and not eBay for $5.
Given the turnover in leadership there I’m not surprised the new guy needs to put their hand on the plate to see it’s hot, but there’s a reason this wasn’t implemented before and it wasn’t because of lack of discussion. I can see the temptation in going for monetization given their market share but I think this approach was ill conceived rather than fix foundational issues which would allow home users to integrate with 3rd party services and still charge industry partners for reducing incidences of fraud.