This article just screams rage-bait. Not that I am against making people aware of this kind of privacy invasion, but the authors did not bother to do any fact checking.
Firstly, they mention that the vacuum was “transmitting logs and telemetry that [the guy] had never consented to share”. If you set up an app with the robot vacuum company, I’m pretty sure you’ll get a rather long terms and services document that you just skip past, because who bothers reading that?
Secondly, the ADB part is rather weird. The person probably tried to install Valetudo on it? Otherwise, I have no clue what they tried to say with “reprinting the devices’ circuit boards”. I doubt that this guy was able to reverse engineer an entire circuit board, but was surprised when seeing that ADB is enabled? This is what makes some devices rather straight forward to install custom firmware that block all the cloud shenanigans, so I’m not sure why they’re painting this as a horrifying thing. Of course, you’re broadcasting your map data to the manufacturer so that you can use their shitty app.
The part saying that it had full root access and a kill-switch is a bit worse, but still… It doesn’t have to be like this. Shout-out to the people working on the Valetudo project. If you’re interested in getting a privacy-friendly robot vacuum, have a look at their website. It requires some know-how, but once it’s done, you know for sure you don’t need to worry about a 3rd party spying on you.
I have a friend who set up a Dreame L10s Ultra. I helped them solder the breakout board, and was there when they flashed the new firmware. Relatively straight forward! Just follow the guide on the website and you should be good.
The robot is now accessible only on the local network, and they got it working in Home Assistant. The only feature that is missing now is direct camera view, which the original robot had. Basically, you could get a live feed of the robot’s camers at any time. Looked fun, but it was not necessary.