**This Group Pays Bounties to Repair Broken Devices—Even if the Fix Breaks the Law**
Imagine buying a new device, only to find out that its manufacturer has intentionally made it difficult or impossible to repair or modify. This is a reality for many consumers, who are often forced to discard broken devices and buy new ones, rather than attempting to fix them themselves. But there's a group of individuals and organizations that are fighting back against this trend, by offering bounties to those who can figure out how to disable unpopular features or bring discontinued products back to life.
Meet Fulu, a nonprofit organization that has been making waves in the world of consumer electronics. Fulu stands for "Freedom from Unethical Limitations on Users," and its mission is to spotlight the ways companies can slip consumer-unfriendly features into their products. The group offers cash rewards in the thousands of dollars to anyone who can successfully disable an unwanted feature or revive a discontinued product.
"We want to be able to show lawmakers, look at all these things that could be out in the world," says Kevin O'Reilly, a right-to-repair advocate and Fulu cofounder. "Look at the ways we could be giving device owners control over their stuff."
Fulu has already awarded bounties for two fixes. One revives an older generation of Nest Thermostats no longer supported by Google. And just yesterday, Fulu announced a fix that circumvents restrictive digital-rights-management software on Molekule air purifiers.
The basic concept of Fulu is to work like a bug bounty, where developers offer prize money to people who find and fix bugs in operating systems. But Fulu adopts this model, but the bounty it offers is usually meant to "fix" something the manufacturer considers an intended feature but turns out to be detrimental to the user experience.
That can mean a device where the manufacturer has put in restrictions to prevent users from repairing their device, blocked the use of third-party replacement parts, or ended software support entirely. "Innovation used to mean going from black-and-white to color," says Louis Rossmann, Fulu cofounder and YouTube personality. "Now innovation means we have the ability to put DRM in an air filter."
Fulu offers up a bounty of $10,000 to the first person to prove they have a fix for the offending feature of a device. Donors can also pool money to help incentivize tinkerers to fix a particular product, which Fulu will match up to another $10,000. The pot grows as donations roll in.
Bounties are set on devices that Rossmann and O'Reilly have deemed deliberately hostile to the owners that have already paid for them, like some GE refrigerators that have DRM-locked water filters, and the Molekule air purifiers with DRM software that blocks customers from using third-party air filters. A bounty on the XBox Series X seeks a workaround to software encryption on the disk drive that prevents replacing the part without manufacturer approval.
Thanks to donations, the prize for the Xbox fix has climbed to more than $30,000. Sounds like a sweet payout for sure, but there is risk involved. Fixing devices, even ones disabled and discontinued by the manufacturer, is often in direct violation of Section 1201 of the Digital Millennium Copyright Act, the 1998 US law that prevents bypassing passwords and encryption or selling equipment that could do so without manufacturer permission.
Break into a device, futz with the software inside to keep it functional, or go around DRM restrictions, and you risk running afoul of the likes of Google's gargantuan legal arm. Fulu warns potential bounty hunters they must tackle this goal knowing full well they're doing so in open violation of Section 1201.
"The dampening effect on innovation and control and ownership are so massive," O'Reilly says. "We want to prove that these kinds of things can exist."
In October, Google ended software support for its first- and second-generation Nest thermostats. For lots of users, the devices still worked but couldn’t be controlled anymore, because the software was no longer supported. Users lamented that their fancy thermostats had now become hunks of e-waste on their walls.
Fulu set up a bounty that called for a software fix to restore functionality to the affected Nest devices. Cody Kociemba, a longtime follower of Rossmann’s YouTube channel and a Nest user himself, was eager to take the bounty on. (He has “beef with Google,” he says on his website.)
After a few days of tinkering with the Nest software, Kociemba had a solution. He made his fix publicly available on GitHub so users could download it and restore their thermostats. Kociemba also started No Longer Evil, a site devoted to his workaround of Nest thermostats and perhaps hacks of future Google products to come.
“My moral belief is that this should be accessible to people,” Kociemba says.
Kociemba submitted his fix to Fulu, but discovered that another developer, calling themselves Team Dinosaur, had just submitted a fix slightly before Kociemba did. Still, Fulu paid out the full amount to both, roughly $14,000 apiece.
O'Reilly says that while they probably won't do double payouts again, both fixes worked, so it was important for Fulu’s first payout to show support for the people willing to take the risk of sharing their fixes. “Folks like Cody who are willing to put it out there, make the calculated risk that Google isn't going to sue them, and maybe save some thermostats from the junk heap and keep consumers from having to pay $700 or whatever after installation to get something new,” O'Reilly says.
This week, Fulu announced it had paid out its second-ever bounty. It was for a Molekule Air Pro and Air Mini, air purifier systems that used an NFC chip in its filters to ensure the replacement filters were made by Molekule and not a third-party manufacturer. The goal was to disable the DRM and let the machine use any filter that fit.
Lorenzo Rizzotti, an Italian student and coder who had gone from playing Minecraft as a kid to reverse engineering and hacking, submitted proof that he had solved the problem, and was awarded the Fulu bounty. “Once you buy a device, it's your hardware, it's no longer theirs,” Rizzotti says.
"You should be able to do whatever. I find it absurd that it's illegal," Rizzotti adds.
Unlike Kociemba, he wasn’t about to share the fix. Though he was able to fix the problem, he doesn’t feel safe weathering the potential legal ramifications that he might face if he released the solution publicly. “I proved that I can do it,” he says. "And that was it."
O'Reilly says the goal of the project is less about getting actual fixes out in the world, and more about calling attention to the lengths companies are allowed to go to wrest control from their users under the auspices of Section 1201.
"We need to show how ridiculous it is that this 27-year-old law is preventing these solutions from seeing the light of day," O'Reilly says. "It's time for the laws to catch up with technology."