The ColorHug is an open
hardware and software colorimeter that can be used to calibrate monitor
screens for color matching purposes. It is the brainchild of GNOME and Red
Hat hacker Richard
Hughes, who has put in a rather large investment of time and money to get
the project off the ground.
It was announced back in November
and the first 50 units have rolled off the "assembly line", but Hughes is
concerned that fraudsters may cause him to lose money by claiming they
didn't receive ColorHugs that he shipped. To combat that, he turned to a
technique that many may find surprising: the capability to remotely disable
ColorHugs that were reported lost in shipping.
According to Hughes, it was his bank manager that alerted him to the
problem of people who order things over the internet and then fraudulently
claim that they never received them. Due to a UK "distance selling" law
from 2000, Hughes's company is on the hook to refund the £48 selling
price even if it has reason to believe that the device actually was
delivered. Given that he is funding the company out of his own pocket (and
sweat), Hughes wanted some way to deter would-be fraudsters.
What he came up with is a way to remotely
disable ColorHugs. If the user runs the GUI firmware update
application, it will send the serial number of the ColorHug to a server,
which will check it against a blacklist of serial numbers for ColorHugs that
were reported lost. If the serial number is on that list,
no firmware update will be provided and the ColorHug device will be
disabled by setting a flag in the firmware; it will become a free brick,
rather than the free colorimeter the scammer thought they were getting.
One might guess that the number of scammers interested in free colorimeters
is low, and Hughes essentially agrees, noting that he will likely never use
the feature. But he does believe it will act as a deterrent that protects
him. The bank painted a fairly stark picture that clearly has him
I was advised by my bank manager that a lot of small businesses
without large profit margins do not understand how many people try the
"it didn't arrive" trick, and how many small businesses fail because
of this (he quoted numbers like 80% of business failing in the first 3
years, and much higher than that for new remote sales businesses). I'm
not running a traditional business to make loads of money, but I can't
afford to work for free, and lose money on missing stock.
But, the existence of a remote kill switch—even in the hands of a
longtime free software developer who can be trusted not to abuse
it—makes some people uncomfortable.
It's also unclear that it actually serves as much of a deterrent. It is
fairly simple to avoid using the GUI tool, get a copy of the updated
firmware from somewhere
(like the ColorHug download
page), and use the command-line tools to update the firmware. Even a
"bricked" ColorHug can be restored by flashing a new bootloader (something
any "moderately clever geek" could do, Hughes said). One
could also set the serial number to a non-blacklisted value (unlike
many other blacklists, the ColorHug
blacklist is available for inspection).
One of the obvious choices that would seem to avoid the entire problem is to
ColorHug purchasers to pay for some form of tracked shipping (e.g. FedEx,
UPS, or DHL), though even that may be insufficient. There are, evidently,
folks out there who will sign for a package using someone else's name then
claim the package never arrived. In addition, tracked shipping from
Hughes's UK location to other countries can be expensive, on the order of
£8-9, which represents a 20% surcharge on the device. It also means
that all of the honest customers (presumably the overwhelmingly vast
majority) have to pay more to protect against the unscrupulous minority.
For those reasons, Hughes added the remote disable. When he mentioned
it on the ColorHug Google+ page, reactions were mixed, which seemed to take
Hughes somewhat by surprise. Simo Sorce said "Remote deactivation is a
really nasty feature, but beyond that is going to be a major headache to
maintain." Kay Sievers was even more blunt:
Oh, I thought all that was about calibrating a monitor, and not trying to establish a dictatorship.
Maybe you should just get a few beers and rethink what you are trying to
Others were more understanding. Paweł T. Jochym points out that Hughes is
the one with something to lose: "He is working in real world and had to
invest his own coin. The risk is his not yours." The deterrence
rests on the understanding that the device will be disabled if it is "lost"
in the mail, in much the same way that anti-theft signs at houses work,
John Tamplin said. He continued with some ideas for more active tracking,
but did note the negatives:
If instead you had some way of "phoning home", you could find who has the
"stolen" device and contact them, telling them to give you your money back
or you will file charges (which will likely be successful). The downside is
it requires net connectivity which may be inconvenient for some uses, and
privacy concerns about phoning home.
Phoning home is not going to be a very popular feature with
privacy-conscious users, as Tamplin notes. One might also guess that
scammers who actually want to use the device will find ways around the
There is a real question whether the deterrence will truly be effective.
It's not at all clear that casual scammers will even notice the disablement
feature; anyone who truly wants a free colorimeter is likely to have the
minimal technical skills required to circumvent the problem. In the end
analysis, colorimeters are not likely to be ultra-popular much-sought-after
devices—we aren't talking about music players, tablets, or phone
handsets after all—the resale market will be vanishingly
small, so what's the business model for the scammer?
There is also the logistical overhead of tracking serial numbers, ensuring
that only the right one(s) get on the blacklist, and so on. The remote
disable is not completely risk-free either, and could lead to unhappy
customers if something goes awry. Overall, it seems like a very large
hammer for a fairly small problem. But, as Jochym noted, it is Hughes's
money that is at risk, thus it is his decision to make.
Things like remote disable are generally considered to be "anti-features"
that proprietary companies bake into their products, so it's not surprising
that some open source proponents would find it to be less-than-welcome on
an otherwise open device. But,
schematics and code are available, someone suitably motivated could create
without remote disable and/or build their own ColorHugs and even market
those. Given that Hughes doesn't seem to have a huge profit motive behind
this effort, he might just welcome someone else taking on the burden.
Plenty of other devices are sent from the UK
without a remote disable feature; many are likely to be in more
popular device categories where fraud is a bigger problem than it is in the
colorimeter realm. Presumably,
those companies are pricing their products with this fraud factor in mind,
but Hughes is reluctant to do so because it puts the device "out of
the reach of many students" and may push others toward the
proprietary colorimeters due to the price.
While it may be tempting to take Hughes to task over this (and some are),
it is hard to argue that he should take risks he is unwilling to
take—even if those risks seem fairly miniscule from the outside.
Those who would like a colorimeter, but are unhappy with remote disable, can either hack the firmware or
the GUI tool—or decide not to buy one.
ColorHug itself looks like a very nice piece of hardware that fills a hole
for free desktops that the proprietary alternatives can't. We
review it once we can get our hands on one—the first 50 flew off the
"shelves" before we could do so. Given the overall openness of the device,
and the ability to hack around the remote disable "problem" in various
ways, it is really more of an annoyance than anything else—though one
that many would argue could and should have been avoided.
to post comments)