Topic: Acurite's "Green Dot" Moment

[Bushman]

It occurred to me that maybe this cluster that Acurite has brought on themselves might be Acurite's Green Dot moment.  They are alienating a rather good customer based by essentially extorting money to sell hardware while effectively bricking their old HW.  It will be a loss no matter how it turns out (at least from a marketing standpoint) and I believe the encryption will be broken, just like Davis experienced with their logger.  Oh where are Dekay, RDSMan, Torkelmj etc. 

[DoctorKnow]

Why they want to encrypt our weather station is something that I can't fathom. The only thing I can come up with is they want to sell this data to someone, but even that is a stretch. I don't know who would want to buy it, unless it's media.

[nincehelser]

Why they want to encrypt our weather station is something that I can't fathom. The only thing I can come up with is they want to sell this data to someone, but even that is a stretch. I don't know who would want to buy it, unless it's media.

Probably a few things, like just to say it is "encrypted" for those "encrypt everywhere" folks.  It also gets around the problem of satellite ISPs like Excede that insist on mucking around with your data to save bandwidth.

There doesn't seem to be anything sensitive in the data like logins or passwords.

If they were serious about the encryption nobody could "break", they would tighten it up with cert validation.  Right now you just need to create a "fake" cert to decrypt the stream.

[iszekeres]

Probably a few things, like just to say it is "encrypted" for those "encrypt everywhere" folks.  It also gets around the problem of satellite ISPs like Excede that insist on mucking around with your data to save bandwidth.

There doesn't seem to be anything sensitive in the data like logins or passwords.

If they were serious about the encryption nobody could "break", they would tighten it up with cert validation.  Right now you just need to create a "fake" cert to decrypt the stream.

That is assuming they were competent in setting up the data flow in the first place.

[vreihen]

You need to keep in mind that the web is moving towards HTTPS for privacy reasons.  Google is already weighting SSL web sites higher than non-SSL in their search results, and we are only a few months away from the big web browsers throwing all kinds of scary errors when visiting non-encrypted sites.  If Acu-Rite is using web-based technology for their uploads, it is probably a good thing that they are ahead of the curve with moving to encryption.

The side effect of this decision for a tiny subset of their customer base trying to man-in-the-middle sniff packets for alternate uses are locked out of the data flow.  AFAIK (with a disclaimer that we don't know what the Elite will do) they are not encrypting the OTA packets, so rtl_433 can easily dis-prove the tin foil hat conspiracy theory.....