Consumer Rights Wiki - User contributions [en]

Eight Sleep

2025-09-12T22:22:28Z

Maria128:

{{InfoboxCompany
| Name = {{PAGENAME}}
| Type = Private
| Founded = 2014
| Industry = Smart Mattresses / Sleep Technology
| Headquarters = New York, NY
| Official Website = https://eightsleep.com/
| Logo = Eight Sleep logo.png
| Key People = Matteo Franceschetti (CEO, Co-founder), Alexandra Zatarain (CMO, Co-founder)
| Valuation = ~$1 billion (est. 2025)
| Total Funding = $260+ million
}}

'''Eight Sleep''' is an American company that develops smart mattresses and mattress covers with temperature control, sleep tracking, and health monitoring capabilities. Founded in 2014 and headquartered in New York City, the company has raised over $260 million in venture funding and has generated over $500 million in cumulative Pod revenue to date.<ref>{{cite web |url=https://news.crunchbase.com/venture/ai-powered-startup-eight-sleep-fitness-funding/ |title=Eight Sleep Lands $100M In Fresh Funding To Help You Get A Better Night's Rest |website=Crunchbase News |date=2025-08-19 |access-date=2025-09-12}}</ref>

==Consumer impact summary==

*'''Retroactive subscription requirement:''' Around 2023, Eight Sleep implemented a mandatory subscription model, placing previously free features behind a paywall ranging from $199 to $299 annually.<ref>{{cite web |url=https://powermoves.blog/health/eight-sleep-review/ |title=Eight Sleep Pod 5 Cover Review: Insights After Four Years as a User |website=Power Moves |date=2025-09-08 |access-date=2025-09-12}}</ref>
*'''Security vulnerabilities:''' Security researchers discovered SSH backdoors and exposed AWS keys in February 2025 that could allow unauthorized access to customers' home networks.<ref>{{cite web |url=https://trufflesecurity.com/blog/removing-jeff-bezos-from-my-bed |title=Removing Jeff Bezos From My Bed |website=Truffle Security Co. |date=2025-02-21 |access-date=2025-09-12}}</ref>
*'''False discount allegations:''' A class action lawsuit filed in 2025 alleges the company engaged in deceptive pricing practices.<ref>{{cite web |url=https://topclassactions.com/lawsuit-settlements/lawsuit-news/eight-sleep-sued-for-alleged-false-discounts-on-luxury-bedding-products/ |title=Eight Sleep sued for alleged false discounts on luxury bedding products |website=Top Class Actions |date=2025-05-09 |access-date=2025-09-12}}</ref>
*'''Consumer complaints:''' The Better Business Bureau profile shows numerous complaints filed against the company, with issues including product failures after warranty expiration and poor customer service.<ref>{{cite web |url=https://www.bbb.org/us/ny/new-york/profile/mattress/eight-0121-166228 |title=Eight - BBB Business Profile |website=Better Business Bureau |access-date=2025-09-12}}</ref>

==Incidents==

===Mandatory subscription model implementation===

Around 2023, Eight Sleep began requiring paid subscriptions to access features that were previously included with the purchase of their products.<ref>{{cite web |url=https://www.eightsleep.com/blog/understanding-the-eight-sleep-membership/ |title=Understanding the Eight Sleep Membership |website=Eight Sleep |access-date=2025-09-12}}</ref> The company introduced three subscription tiers:

====Subscription requirements====
*'''Autopilot Standard''' ($199/year or $17/month): Required for first year of ownership for all new customers<ref>{{cite web |url=https://www.eightsleep.com/app-terms-conditions/ |title=Eight Sleep App Terms and Conditions |website=Eight Sleep |access-date=2025-09-12}}</ref>
*'''Autopilot Enhanced''' ($299/year or $25/month): Includes extended 5-year warranty
*'''Autopilot Elite''' ($399/year or $33/month): Premium features and support

====Features moved behind paywall====
According to user reports and product documentation, the following features that were previously free now require an active subscription:<ref>{{cite web |url=https://yawnder.com/can-you-use-eight-sleep-without-subscription/ |title=Eight Sleep: Exclusive Insights on Using It Without Subscription |website=Yawnder |date=2024-07-16 |access-date=2025-09-12}}</ref>
*Autopilot (automatic temperature adjustments based on sleep patterns)
*Scheduled temperature changes
*Sleep stage tracking and metrics
*Heart rate and respiratory rate monitoring
*Health reports and sleep insights
*Vibration and thermal alarms
*Software updates and new features

Without a subscription, users can only manually adjust temperature through the mobile app.<ref>{{cite web |url=https://powermoves.blog/health/eight-sleep-faq/ |title=Eight Sleep FAQs: 2025 Pod 5 Buyer's Guide |website=Power Moves |date=2025-07-21 |access-date=2025-09-12}}</ref>

====Consumer response====
The subscription requirement has generated significant criticism from consumers. Common complaints documented on Reddit and review sites include:<ref>{{cite web |url=https://mattressdigest.com/can-you-use-eight-sleep-without-subscription/ |title=Can You Use Eight Sleep Without Subscription? |website=Mattress Digest |date=2024-10-14 |access-date=2025-09-12}}</ref>
*Frustration that features advertised as included are now subscription-only
*The high cost of subscriptions on top of the initial purchase price ($2,000-$6,000)
*Inability to use basic features without maintaining internet connectivity
*Concerns about the product becoming unusable if the company discontinues service

====Industry comparison====
Eight Sleep's subscription model contrasts with competitors in the smart mattress market. Competitor Sleepme (makers of Chilipad and Dock Pro) explicitly markets their products as subscription-free alternatives.<ref>{{cite web |url=https://sleep.me/chilipad-vs-eight-sleep |title=Chilipad vs. Eight Sleep Pod - Bed Cooling Systems |website=Sleep.me |access-date=2025-09-12}}</ref>

===Security vulnerabilities discovery===

In February 2025, security researcher Dylan Ayrey of Truffle Security published findings revealing multiple security vulnerabilities in Eight Sleep smart beds.<ref>{{cite web |url=https://trufflesecurity.com/blog/removing-jeff-bezos-from-my-bed |title=Removing Jeff Bezos From My Bed |website=Truffle Security Co. |date=2025-02-21 |access-date=2025-09-12}}</ref>

====Key findings====
*'''SSH Backdoor:''' The firmware contains code allowing remote SSH access to customer devices through remote-connectivity-api.8slp.net, with public keys associated with eng@eightsleep.com, suggesting all engineering staff potentially have root access to customer devices.<ref>{{cite web |url=https://www.hackster.io/news/dylan-ayrey-has-a-sleepless-night-thanks-to-an-ssh-backdoor-in-eight-sleep-smart-mattress-covers-d01055e4e1c6 |title=Dylan Ayrey Has a Sleepless Night Thanks to an SSH Backdoor in Eight Sleep Smart Mattress Covers |website=Hackster.io |date=2025-02-24 |access-date=2025-09-12}}</ref>

*'''AWS Key Exposure:''' A valid Amazon Web Services key was discovered hardcoded in the firmware, accessible to anyone who downloaded it. While the key was revoked after disclosure, researchers noted it could have been used to access customer data or rack up significant AWS charges for the company.<ref>{{cite web |url=https://cybernews.com/security/smart-bed-eight-sleep-contains-backdoor/ |title=$2,000 Eight Sleep bed contains hidden backdoors |website=Cybernews |date=2025-02-27 |access-date=2025-09-12}}</ref>

*'''Network Security Risks:''' The vulnerabilities could allow attackers to use the bed as a gateway device for lateral network attacks, potentially accessing other devices on the customer's home network.<ref>{{cite web |url=https://cybersecuritynews.com/vulnerability-in-internet-connected-smart-beds/ |title=Vulnerability in Internet-Connected Smart Beds Let Attackers Access Other Devices in Network |website=Cybersecurity News |date=2025-02-24 |access-date=2025-09-12}}</ref>

====Technical implications====
According to the security researchers, the SSH backdoor enables:<ref>{{cite web |url=https://www.tomshardware.com/tech-industry/cyber-security/security-researcher-finds-vulnerability-in-internet-connected-bed-could-allow-access-to-all-devices-on-network |title=Security researcher finds vulnerability in internet-connected bed, could allow access to all devices on network |website=Tom's Hardware |date=2025-02-23 |access-date=2025-09-12}}</ref>
*Remote code execution on customer devices
*Monitoring of sleep patterns and bed occupancy
*Access to biometric data collected by the device
*Potential pivot point to access other networked devices

The researchers compared the access level to Uber's controversial "God Mode," noting that any Eight Sleep engineer could theoretically monitor when customers are sleeping, detect multiple occupants, or determine when beds are unoccupied.<ref>{{cite web |url=https://www.techradar.com/pro/company-that-reportedly-supplied-doge-and-elon-musk-with-sleeping-solutions-found-to-have-huge-vulnerability-in-its-beds |title=Backdoor access and exposed key: Eight Sleep beds seemingly suffer some serious security liabilities |website=TechRadar |date=2025-03-01 |access-date=2025-09-12}}</ref>

====Company response====
Eight Sleep provided a statement to Hackster.io on February 24, 2025, claiming that the researcher's findings "do not reflect a legitimate security vulnerability but rather speculation without real-world implications." The company stated that "Eight Sleep devices are impenetrable to unauthorized individuals" but did not deny the presence of the SSH backdoor that would allow access by Eight Sleep's own engineers. The company added: "That said, we appreciate the work that security researchers do to ensure that companies continue to follow the best-in-class protocols for consumer safety."<ref>{{cite web |url=https://www.hackster.io/news/dylan-ayrey-has-a-sleepless-night-thanks-to-an-ssh-backdoor-in-eight-sleep-smart-mattress-covers-d01055e4e1c6 |title=Dylan Ayrey Has a Sleepless Night Thanks to an SSH Backdoor in Eight Sleep Smart Mattress Covers |website=Hackster.io |date=2025-02-24 |access-date=2025-09-12}}</ref>

The company did not indicate whether it planned to remove the SSH backdoor in future firmware updates, unlike competitor Sleep Number, which had removed similar backdoors after they were discovered in 2024.<ref>{{cite web |url=https://www.kaspersky.com/blog/how-to-hack-a-smart-mattress/53232/ |title=How to hack an Eight Sleep smart mattress "Pod" |website=Kaspersky |date=2025-03-26 |access-date=2025-09-12}}</ref>

===False discount pricing lawsuit===

In 2025, consumers Tushar Chopra and Brian Delshad filed a class action lawsuit against Eight Sleep Inc. in California federal court, alleging the company engaged in deceptive pricing practices.<ref>{{cite web |url=https://topclassactions.com/lawsuit-settlements/lawsuit-news/eight-sleep-sued-for-alleged-false-discounts-on-luxury-bedding-products/ |title=Eight Sleep sued for alleged false discounts on luxury bedding products |website=Top Class Actions |date=2025-05-09 |access-date=2025-09-12}}</ref>

====Allegations====
The lawsuit alleges that:
*Eight Sleep displays false reference prices on its website to create the illusion of discounts
*Products are listed with "continuous discounts" ranging from $50 to $200
*The reference prices used for comparison were never actual selling prices
*The scheme has affected hundreds of thousands of customers nationwide

The plaintiffs seek to represent a California class of consumers who purchased Eight Sleep products at represented discounts from inflated reference prices. They are suing for violations of California's unfair competition law, false advertising law, and consumer legal remedies act, as well as fraud.

==Company profile==

===Funding and valuation===
Eight Sleep has raised over $260 million across multiple funding rounds:<ref>{{cite web |url=https://tracxn.com/d/companies/eight-sleep/__ES61NxOdtnaTPJG1gRZ86OKdaWqyKWGA6Vfecz3FolE/funding-and-investors |title=Eight Sleep - 2025 Funding Rounds & List of Investors |website=Tracxn |date=2025-08-19 |access-date=2025-09-12}}</ref>
*Series D (August 2025): $100 million led by HSG
*Series C (August 2021): $86 million led by Valor Equity Partners
*Total funding: $260+ million
*Valuation: Approximately $1 billion (doubled since 2021)

Notable investors include Founders Fund, Y Combinator, SoftBank, Khosla Ventures, and athletes including Formula 1 drivers Charles Leclerc and McLaren CEO Zak Brown.<ref>{{cite web |url=https://techcrunch.com/2025/08/19/eight-sleep-grabs-100m-to-bring-ai-into-your-bed/ |title=Eight Sleep raises $100M to expand its AI-powered sleep tech |website=TechCrunch |date=2025-08-19 |access-date=2025-09-12}}</ref>

===Product line and pricing===
As of September 2025, Eight Sleep's main product is the Pod 5, launched in May 2025:<ref>{{cite web |url=https://www.tomsguide.com/mattresses/eight-sleep-launches-pod-5-ultra |title=Eight Sleep launches new Pod 5 Ultra — a world-first fully immersive sleep system |website=Tom's Guide |date=2025-05-14 |access-date=2025-09-12}}</ref>
*Pod 5 Core (cover and hub): $2,849-$3,199
*Pod 5 Plus (adds blanket): $4,099-$4,599
*Pod 5 Ultra (adds adjustable base): $5,849-$6,099

All models require a first-year subscription starting at $199 annually.

==Consumer complaints and reviews==

===Better Business Bureau===
Eight Sleep has received numerous complaints through the Better Business Bureau as of September 2025. The company is not BBB accredited. Common complaint themes include:<ref>{{cite web |url=https://www.bbb.org/us/ny/new-york/profile/mattress/eight-0121-166228/complaints |title=Eight - BBB Complaints |website=Better Business Bureau |access-date=2025-09-12}}</ref>
*Products failing shortly after warranty expiration
*Difficulty obtaining warranty service
*Poor customer service response times
*Issues with subscription billing and cancellation

===Product reliability concerns===
Multiple consumer reports document recurring issues with product durability:<ref>{{cite web |url=https://www.bbb.org/us/ny/new-york/profile/mattress/eight-0121-166228/customer-reviews |title=Eight - BBB Reviews |website=Better Business Bureau |access-date=2025-09-12}}</ref>
*Water leaks in the Pod cover system
*Hub failures after 2-3 years of use
*WiFi connectivity problems
*Temperature control malfunctions

The company's standard warranty is 2 years, which some consumers have criticized as insufficient for a product costing $2,000-$6,000. Extended warranties are available only through higher-tier subscriptions.<ref>{{cite web |url=https://powermoves.blog/health/eight-sleep-faq/ |title=Eight Sleep FAQs: 2025 Pod 5 Buyer's Guide |website=Power Moves |date=2025-07-21 |access-date=2025-09-12}}</ref>

==See also==

*[[Retroactively amended purchase]]
*[[Subscription creep]]

==References==
{{reflist}}

==External links==
*[https://www.eightsleep.com Official website]
*[https://trufflesecurity.com/blog/removing-jeff-bezos-from-my-bed Truffle Security's security analysis]
*[https://www.bbb.org/us/ny/new-york/profile/mattress/eight-0121-166228 Better Business Bureau profile]

[[Category:Smart home companies]]
[[Category:Sleep technology]]
[[Category:Subscription services]]
[[Category:Internet of Things]]
[[Category:Consumer electronics companies of the United States]]
[[Category:Companies based in New York City]]
[[Category:2014 establishments in New York (state)]]

Reverse engineering vs illegal hacking

2025-07-22T23:54:37Z

Maria128: Created page with "'''DMCA 1201 and the Right to Reverse Engineer''' refers to the ongoing conflict between technology companies' use of Section 1201 of the Digital Millennium Copyright Act to prevent consumers from accessing devices they own, blurring the line between illegal hacking and legitimate reverse engineering to maintain control over products after their sale. ==Background== '''Section 1201 of the Digital Millennium Copyright Act''' (DMCA 1201), enacted in 1998, prohibits the c..."

'''DMCA 1201 and the Right to Reverse Engineer''' refers to the ongoing conflict between technology companies' use of Section 1201 of the Digital Millennium Copyright Act to prevent consumers from accessing devices they own, blurring the line between illegal hacking and legitimate reverse engineering to maintain control over products after their sale.

==Background==

'''Section 1201 of the Digital Millennium Copyright Act''' (DMCA 1201), enacted in 1998, prohibits the circumvention of digital rights management (DRM) technologies that protect copyrighted works. While originally intended to prevent piracy of movies, music, and software, companies have increasingly weaponized this law to prevent consumers from exercising ownership rights over devices they have purchased.

The law makes it illegal to bypass DRM protections regardless of intent, and also prohibits manufacturing or distributing tools that enable circumvention. However, it includes exemptions for activities like security research, accessibility modifications, and educational uses, though these exemptions have periodic reviews by the Library of Congress.

==Legal reverse engineering vs. illegal hacking==

There is a legal distinction between reverse engineering and illegal hacking that companies often deliberately try to blur to maintain control over devices.

===Reverse engineering===

'''Reverse engineering''' is the legal practice of analyzing a product to understand how it works, typically through examination of its behavior, disassembly of hardware, or analysis of software interfaces. In the United States, reverse engineering has been protected under copyright law when done for legitimate purposes such as:

*Understanding how a device functions for personal use
*Creating interoperable software or hardware
*Security research and vulnerability findings
*Academic research and education
*Repairing devices you own

Courts have upheld the right to reverse engineer products, recognizing it as essential for innovation, competition, and consumer rights.

===Illegal hacking===

'''Illegal hacking''' involves unauthorized access to computer systems, networks, or data belonging to others. This includes activities such as:

*Breaking into computer networks without permission
*Accessing confidential data on systems you don't own
*Distributing pirated copyrighted content
*Using reverse engineering knowledge to commit crimes

The key distinction is that illegal hacking involves accessing systems or data you don't have rights to, while reverse engineering involves analyzing products you already own.

==How companies blur the distinction==

Large technology companies have worked to confuse legal reverse engineering with illegal hacking to prevent consumers from exercising ownership rights over purchased devices.

===Weaponizing DMCA 1201===

Companies embed DRM technologies in devices and then claim that any attempt to understand or modify these devices violates DMCA 1201. This strategy allows them to:

*Prevent third-party repairs by claiming repair tools "circumvent" DRM
*Block connectivity with competing products
*Force consumers into expensive subscription services
*Maintain control over devices after the sale

===Misleading terminology===

Technology companies frequently use inflammatory language to describe legitimate consumer activities:

*Calling device modification "jailbreaking" or "rooting" to suggest criminal activity
*Referring to reverse engineering as "hacking" to imply illegality
*Claiming that accessing firmware constitutes "piracy"
*Describing interoperability efforts as "unauthorized access"

This deliberately misleading terminology conflates legal consumer activities with criminal hacking to discourage consumers from exercising their rights.

==A real world example: the Futurehome case==

The Norwegian smart home company Futurehome provides a clear example of how companies use technical restrictions and legal intimidation to undermine consumer ownership rights, while deliberately mischaracterizing legitimate reverse engineering as "illegal hacking."

===The ownership model bait-and-switch===

Futurehome originally sold its Smarthub as a one-time purchase with full functionality included.<ref>{{cite web |url=https://support.futurehome.no/hc/en-no/articles/28158944965277-FAQ-Subscription |title=FAQ Subscription - Futurehome |access-date=2025-07-14}}</ref> After the company declared bankruptcy in May 2025, the new owners FHSD Connect AS imposed a mandatory annual subscription fee of 1,188 NOK (approximately $117 USD) to continue using devices customers had already purchased.<ref>{{cite web |url=https://www.tek.no/nyheter/nyhet/i/alMe04/rasende-kunder-opplever-smarthjem-utpressing |title=Rasende og fortvile Futurehome-kunder: – Oppleves som utpressing |website=Tek.no |language=norsk |access-date=2025-07-14}}</ref>

Customers who refuse to pay the subscription lose access to:
*Mobile app functionality
*Automations and smart features
*Cloud-based controls
*Third-party integrations

The devices revert to basic manual operation only, making the smart home systems basically useless despite customers having paid for the hardware.

===Creating artificial dependence===

Futurehome uses several technical mechanisms to enforce subscription dependence that go beyond legitimate security concerns:

*'''Cloud-only authentication''': The devices cannot authenticate locally, requiring internet connectivity and Futurehome's servers to function
*'''Software locks''': Firmware prevents local control interfaces from operating without cloud verification
*'''API restrictions''': Third-party integrations are disabled without active subscriptions
*'''Encrypted protocols''': Local communication uses proprietary encrypted protocols that prevent alternative software

These restrictions serve no consumer benefit and exist solely to maintain subscription revenue. The devices are physically capable of operating locally, as evidenced by their ability to function during the initial setup period before cloud connectivity is established.

===The false "hacking" narrative===

In response to customer complaints and reverse engineering efforts, Futurehome CEO Øyvind Fries told Norwegian media that unauthorized access to their software would be considered "illegal hacking" and could result in criminal prosecution.<ref>{{cite web |url=https://www.tek.no/nyheter/nyhet/i/alMe04/rasende-kunder-opplever-smarthjem-utpressing |title=Rasende og fortvile Futurehome-kunder: – Oppleves som utpressing |website=Tek.no |language=norsk |access-date=2025-07-14}}</ref> This statement deliberately conflates:

*'''Legitimate activity''': Customers analyzing their own devices to restore paid-for functionality
*'''Illegal activity''': Unauthorized access to Futurehome's servers or networks

This mischaracterization exemplifies how companies weaponize DMCA 1201 and anti-hacking laws to prevent consumers from exercising ownership rights over products they have purchased.

===The bounty controversy===

The situation escalated when consumer rights activist Louis Rossmann offered a $5,000 bounty to anyone who could "crack the firmware" to make the devices work independently of Futurehome's subscription service.<ref>{{cite web |url=https://www.tek.no/nyheter/nyhet/i/nP4d/lover-50000-kroner-for-aa-gjore-futurehome-gratis |title=Lover 50.000 kroner for å knekke kildekoden til Futurehome |website=Tek.no |language=norsk |access-date=2025-07-14}}</ref> Rossmann clarified that he wanted to see if anyone could circumvent the software restrictions that prevent customers from using devices they had purchased.

Futurehome's management characterized this as offering payment for "illegal hacking," despite the fact that:

*Customers legally own the physical hardware
*The intent is to restore functionality customers had already paid for
*No unauthorized access to Futurehome's servers or networks would be involved
*The activity would constitute legitimate reverse engineering of owned devices

This represents a clear example of how companies mischaracterize legitimate consumer activities by using inflammatory "hacking" terminology to discourage people from exercising their ownership rights.

===Why the "illegal hacking" claim is false===

Futurehome's characterization of reverse engineering efforts as "illegal hacking" is legally and factually incorrect:

'''What would actually be illegal:'''
*Breaking into Futurehome's corporate networks or servers
*Stealing proprietary code from Futurehome's systems
*Using reverse engineering knowledge to attack third-party systems
*Distributing Futurehome's copyrighted software

'''What is legal reverse engineering:'''
*Analyzing network traffic on your own local network
*Examining firmware extracted from devices you own
*Creating alternative software to control your own hardware
*Publishing information about how your devices work

The key distinction is ownership and intent. Customers who reverse engineer devices they purchased to restore functionality they paid for are exercising legitimate ownership rights, not committing crimes.

==The broader pattern==

Futurehome's tactics represent a widespread industry pattern of using technical restrictions and legal threats to maintain control over consumer devices.

===Subscription conversion schemes===

Many technology companies have adopted similar strategies:

*'''Smart home devices''' that lose functionality without cloud subscriptions
*'''Automotive systems''' that require ongoing payments for features built into the hardware
*'''Medical devices''' that become unusable without service agreements
*'''Gaming hardware''' that is "bricked" when online services are discontinued

===Legal intimidation===

Companies routinely threaten consumers and researchers with DMCA 1201 violations for activities that should be protected under ownership rights:

*Analyzing firmware to understand device operation
*Creating tools to enable local device control
*Developing alternatives
<references />