It's a Christmas miracle: Logitech backs down from Harmony home hub API armageddon
It was The Reg wot won it?
Logitech has backed down from screwing over its smart home Harmony Hub loyalists after an outpouring of anger from customers.
Last week, the gizmo manufacturer put out a firmware update for the hub that disabled its external software interfaces (aka its APIs) citing security concerns. But that approach had the impact of rendering many of customers' custom smart home setups unusable. Punters had used the XMPP-based APIs to control non-Logitech devices and equipment around their homes from their Harmony Hubs, until the firmware update killed off the interfaces.
The biz seemed to be taking a firm line. "Logitech takes our customers’ security seriously, and we work diligently to fix these kinds of issues as they’re discovered," it stated.
It also made it clear that it knew what the impact would be: "We are aware that some customers using undocumented Harmony APIs for local home control were affected as a side-effect of our closing these vulnerabilities," it said. "These private local control APIs were never supported Harmony features. While it is unfortunate that customers using these unsupported features are affected by this fix, the overall security of our products and all of our customers is our priority."
A year after Logitech screwed over Harmony users, it, um, screws over Harmony users: Device API killed offREAD MORE
Unsurprisingly, its customers were not very impressed and started complaining, including sharing workarounds, bypasses, and various other hacks to keep their systems working despite Logitech's actions. Nonetheless, the company stood firm. "Currently, we do not plan to add support for local control," reiterated a senior product manager on Twitter.
And so we wrote a story about it, which, judging from the number of readers and emails we've had about it, hit a nerve. Fast-forward one day, and Logitech has done the smart thing for its smart home smart gear, and backtracked, quick smart.
"We've heard your concerns," reads an updated notice on the company's noticeboard. "We understand that some customers are frustrated with the recent security fix we put in place, as it closed access to private local API controls. While security continues to be a priority for us, we are working to provide a solution for those who still want access despite the inherent security risks involved."
That solution is "an XMPP beta program, which will allow access to local controls." In effect, the company has written in a hasty workaround that the tech-savvy can tap to get their systems working. And then, Logitech notes: "Over the coming weeks, we will qualify a regular firmware release that still allows XMPP control for those who need it. We expect to send out an update that will be available to all Harmony customers in January."
Which is an early Christmas present for smart home enthusiasts who were looking at having to rebuild their entire home networks. And hopefully a lesson for Logitech, although we should note it pulled off a similar shutdown-and-backtrack last year when it killed off its Link hub and offered a 35 per cent discount on its new Hub, only to face customer ire and offer it for free.
The responses to its announcement are all positive though with a skeptical eye. "This is definitely a GREAT first step to mending your relationship with our communities! Thank you for listening... Now as others have posted, please do not let us down again!" reads one.
Hopefully Logitech's New Year resolution will be to forge a closer relationship with its passionate fans and learn that it can make a better product with their help, rather than cut them out. ®
Sponsored: Beyond the Data Frontier