“My moral belief is that this should be accessible to people,” Kociemba says.
Kociemba submitted his fix to Fulu, but discovered that another developer, calling themselves Team Dinosaur, had just submitted a fix slightly before Kociemba did. Still, Fulu paid out the full amount to both, roughly $14,000 apiece. Kociemba was surprised by that, as he thought he had lost the race or that he might have to split the prize money.
O’Reilly says that while they probably won’t do double payouts again, both fixes worked, so it was important for Fulu’s first payout to show support for the people willing to take the risk of sharing their fixes.
“Folks like Cody who are willing to put it out there, make the calculated risk that Google isn’t going to sue them, and maybe save some thermostats from the junk heap and keep consumers from having to pay $700 or whatever after installation to get something new,” O’Reilly says. “It’s been cool to watch.”
This week, Fulu announced it had paid out its second-ever bounty. It was for a Molekule Air Pro and Air Mini, air purifier systems that used an NFC chip in its filters to ensure the replacement filters were made by Molekule and not a third-party manufacturer. The goal was to disable the DRM and let the machine use any filter that fit.
Lorenzo Rizzotti, an Italian student and coder who had gone from playing Minecraft as a kid to reverse engineering and hacking, submitted proof that he had solved the problem, and was awarded the Fulu bounty.
“Once you buy a device, it’s your hardware, it’s no longer theirs,” Rizzotti says. “You should be able to do whatever. I find it absurd that it’s illegal.”
But unlike Kociemba, he wasn’t about to share the fix. Though he was able to fix the problem, he doesn’t feel safe weathering the potential legal ramifications that he might face if he released the solution publicly.
“I proved that I can do it,” he says. “And that was it.”
Still, Fulu awarded him the bounty. O’Reilly says the goal of the project is less about getting actual fixes out in the world, and more about calling attention to the lengths companies are allowed to go to wrest control from their users under the auspices of Section 1201.
“We need to show how ridiculous it is that this 27-year-old law is preventing these solutions from seeing the light of day,” O’Reilly says. “It’s time for the laws to catch up with technology.”