Friday, December 12, 2025
From Wired Magazine: This groups pays bounties to repair borken devices--Even if the the fix breaks the law.
This Group Pays Bounties to Repair Broken Devices—Even If the Fix Breaks the Law
Fulu sets repair bounties on consumer products that employ sneaky features that limit user control. Just this week, it awarded more than $10,000 to the person who hacked the Molekule air purifier.
Photograph: DragonImages/ Getty Images
Companies tend to be rather picky about who gets to poke around inside their products. Manufacturers sometimes even take steps that prevent consumers from repairing their device when it breaks, or modifying it with third-party products.
But those unsanctioned device modifications have become the raison d'ĂȘtre of a bounty program set up by a nonprofit called Fulu, or Freedom from Unethical Limitations on Users. The group tries to spotlight the ways companies can slip consumer-unfriendly features into their products, and it offers cash rewards in the thousands of dollars to anyone who can figure out how to disable unpopular features or bring discontinued products back to life.
“We want to be able to show lawmakers, look at all these things that could be out in the world,” says right-to-repair advocate and Fulu cofounder Kevin O’Reilly. “Look at the ways we could be giving device owners control over their stuff.”
Fulu has already awarded bounties for two fixes. One revives an older generation of Nest Thermostats no longer supported by Google. And just yesterday, Fulu announced a fix that circumvents restrictive digital-rights-management software on Molekule air purifiers.
Fulu is run by O’Reilly and fellow repair advocate and YouTuber Louis Rossmann, who announced the effort in a video on his channel in June.
The basic concept of Fulu is that it works like a bug bounty, the long running practice in software development where devs will offer prize money to people who find and fix a bug in the operating system. Fulu adopts that model, but the bounty it offers is usually meant to “fix” something the manufacturer considers an intended feature but turns out to be detrimental to the user experience. That can mean a device where the manufacturer has put in restrictions to prevent users from repairing their device, blocked the use of third-party replacement parts, or ended software support entirely.
“Innovation used to mean going from black-and-white to color,” Rossmann says. “Now innovation means we have the ability to put DRM in an air filter.”
Fulu offers up a bounty of $10,000 to the first person to prove they have a fix for the offending feature of a device. Donors can also pool money to help incentivize tinkerers to fix a particular product, which Fulu will match up to another $10,000. The pot grows as donations roll in.
Bounties are set on devices that Rossmann and O’Reilly have deemed deliberately hostile to the owners that have already paid for them, like some GE refrigerators that have DRM-locked water filters, and the Molekule air purifiers with DRM software that blocks customers from using third-party air filters. A bounty on the XBox Series X seeks a workaround to software encryption on the disk drive that prevents replacing the part without manufacturer approval. Thanks to donations, the prize for the Xbox fix has climbed to more than $30,000.
Sounds like a sweet payout for sure, but there is risk involved.
Fixing devices, even ones disabled and discontinued by the manufacturer, is often in direct violation of Section 1201 of the Digital Millennium Copyright Act, the 1998 US law that prevents bypassing passwords and encryption or selling equipment that could do so without manufacturer permission. Break into a device, futz with the software inside to keep it functional, or go around DRM restrictions, and you risk running afoul of the likes of Google's gargantuan legal arm. Fulu warns potential bounty hunters they must tackle this goal knowing full well they're doing so in open violation of Section 1201.
“The dampening effect on innovation and control and ownership are so massive,” O’Reilly says. “We want to prove that these kinds of things can exist.”
Empty Nest
In October, Google ended software support for its first- and second-generation Nest thermostats. For lots of users, the devices still worked but couldn’t be controlled anymore, because the software was no longer supported. Users lamented that their fancy thermostats had now become hunks of e-waste on their walls.
Fulu set up a bounty that called for a software fix to restore functionality to the affected Nest devices. Cody Kociemba, a longtime follower of Rossmann’s YouTube channel and a Nest user himself, was eager to take the bounty on. (He has “beef with Google,” he says on his website.) After a few days of tinkering with the Nest software, Kociemba had a solution. He made his fix publicly available on GitHub so users could download it and restore their thermostats. Kociemba also started No Longer Evil, a site devoted to his workaround of Nest thermostats and perhaps hacks of future Google products to come.
“My moral belief is that this should be accessible to people,” Kociemba says.
Kociemba submitted his fix to Fulu, but discovered that another developer, calling themselves Team Dinosaur, had just submitted a fix slightly before Kociemba did. Still, Fulu paid out the full amount to both, roughly $14,000 apiece. Kociemba was surprised by that, as he thought he had lost the race or that he might have to split the prize money.
O’Reilly says that while they probably won't do double payouts again, both fixes worked, so it was important for Fulu’s first payout to show support for the people willing to take the risk of sharing their fixes.
“Folks like Cody who are willing to put it out there, make the calculated risk that Google isn't going to sue them, and maybe save some thermostats from the junk heap and keep consumers from having to pay $700 or whatever after installation to get something new,” O’Reilly says. “It's been cool to watch.”
This week, Fulu announced it had paid out its second-ever bounty. It was for a Molekule Air Pro and Air Mini, air purifier systems that used an NFC chip in its filters to ensure the replacement filters were made by Molekule and not a third-party manufacturer. The goal was to disable the DRM and let the machine use any filter that fit.
Lorenzo Rizzotti, an Italian student and coder who had gone from playing Minecraft as a kid to reverse engineering and hacking, submitted proof that he had solved the problem, and was awarded the Fulu bounty.
“Once you buy a device, it's your hardware, it's no longer theirs,” Rizzotti says. “You should be able to do whatever. I find it absurd that it's illegal.”
But unlike Kociemba, he wasn’t about to share the fix. Though he was able to fix the problem, he doesn’t feel safe weathering the potential legal ramifications that he might face if he released the solution publicly.
“I proved that I can do it,” he says. “And that was it.”
Still, Fulu awarded him the bounty. O’Reilly says the goal of the project is less about getting actual fixes out in the world, and more about calling attention to the lengths companies are allowed to go to wrest control from their users under the auspices of Section 1201.
“We need to show how ridiculous it is that this 27-year-old law is preventing these solutions from seeing the light of day,” O’Reilly says. “It's time for the laws to catch up with technology.”
Subscribe to:
Comments (Atom)