Hacker News new | past | comments | ask | show | jobs | submit login
Wattvision (YC W09) Now Shipping (wattvision.com)
162 points by savrajsingh on Oct 15, 2010 | hide | past | favorite | 70 comments

Ping confirmed that you are using google appengine.

>ping www.wattvision.com PING ghs.l.google.com ( 56(84) bytes of data.

When you use federated login, google appengine is behaving as if request came from the same google assets. This is a major hole. However it is recommended you use following login method.


EDIT: Just reported the bug with appengine groups. http://groups.google.com/group/google-appengine-python/brows...

>>> UPDATE: Google confirms (see post by sean_lynch below): Google here, confirming this is an issue with the Users API on App Engine. On-call team is working on the fix now. <<<

>>> They rolled out a fix at 12:30PT. <<<

Ok will read up on that, thanks for confirming. We still cannot repro the exact issue, however.

Here are our repro steps:

- Inside an Incognito Window in Chrome, created a new Gmail account, signed out, signed in and checked "remember me". - In another tab, visited wattvision. Clicking my house brings up "wattvision uses google accounts for sign in" log-in window which asks for password.

Thanks for your help and support here!


Just use a different browser for the new account that you created. So many users reported the problem.

Incognito mode is not the one you should test with.

I was logged into my gmail account and after visiting this site, without signing up for anything I get a welcome email, WTF?

That's not the expected behavior. We use Google Accounts for Sign In, but it should present you with a window that says "sign in to wattvision" and ask you for your password again, even if you are already logged in to Gmail. We'll confirm / try to repro on our end. Any other info you have is appreciated.

UPDATE: We definitely want to fix this, we do not want to surprise or inadvertently sign up users. That's not our intention and we're not that kind of company!

UPDATE 2: Ok it looks like Google has updated their "federated login" http://code.google.com/apis/accounts/docs/OpenID.html since we implemented our login system, so we'll check against that and see what's up?

If anyone from Google is reading this and can comment/help, please email us at founders@wattvision.com.


My navigation was:

- home page - /house - /info/sensors - /house/add

I went to the last page because I was curious that you had to register _before_ buying.

At this last page I saw my gmail username pre-populated in the form automatically which freaked me out (I didn't even know grabbing a visitor's google account name was possible) and I closed the page, I did not submit (voluntarily) any info. Then within a couple of minutes I got in my gmail account a welcome email.

I think this is way worse than spam, fix asap.

  (I didn't even know grabbing a visitor's google account
   name was possible)
I didn't either, but it seems you can simply use Google's API to allow a user to sign in, where the user name of the user that signs in (or is already signed in!), is reported to the user of the API via a callback. The request after you sign in has a 'continue' HTTP header that says something like:

  DTEVMCX16p4&Email=<your gmail address>&Passwd=<your_password>

same here.. Are you using appengine? There is a recommended way to get the login implemented from appengine.


I am not sure if you wanna do federated login on appengine.

Confirmed: I just replicated this behavior.

And me as well.


Email sent. Google here, confirming this is an issue with the Users API on App Engine. On-call team is working on the fix now.

Edit: As of 12:30PM PST, we are now rolling out the fix. This should be relatively instantaneous.

Thats not how it is working. I clicked "Sign In" and was immediately logged into your site.

Just tried it now and it's exactly as described.

Seriously guys how have you managed to get around Google's protections here? ;)

Same for me.

Same here.

Why do you require a Google account to sign up?

Because its the easiest way on GAE I suppose?

How is that even possible? So if I'm signed into my gmail, a site can detect my email address? This seems like a huge privacy bug on googles behalf if this is actually happening.

We're investigating, its certainly not our intention. See my comments above.

Same thing for me. Whatever you're doing, you need to stop it, or else you'll have worse things to worry about than complaining HN users ;).

Yes, we hear you, please see my comments above.

I think that they are just using oauth and not doing anything nasty. In my case it asked me for my google account password.

This looks like a nice tool to have (if a bit expensive), but seriously, a bug like that is a real deal killer. Having my house appear after clicking a link freaked me out.

Having your house appear? Did they somehow pull your physical address info?

Ha. If only we were that good. ;) We try to figure out the city you're from using Geo IP (maxmind.com, for example) and then draw a Google Map. Down the line, we want to use the city you're from to compare use with other users from the same city/region. We're not interested in your exact street address.

Are there privacy settings available?

To add to this info, clicking your Sign Out link logs me out of my Google account.

ish, same here. Marked as spam...

To everyone complaining about the Google account login on wattvision.com: this looks like a major Google bug, not a WattVision problem. Even if they were evil, this should not be possible.

In the end, it was a Google bug, and they fixed it at 12:30PT.

You should include a link to your site from the blog. I was borderline interested in the product, wanted to see what it was about and went hunting for a link and then became uninterested after I couldn't find one.

I think this was just discussed on HN too. There may be better input on that thread.

Can you point us to that thread? Good feedback, yes, we'll add the links.

I noticed that the URL was "blog.wattvision.com" and replaced the "blog" with "www". Worked like a charm ...

Sweet! We installed one at Anybots and it's surprisingly useful to know how much power the building is using. You make what you measure, or in this case use less of what you measure.

I suspect that this sort of device could be removed by the power company should they discover it.The homeowner/tenant does not, in most cases, own the meter and some power companies could consider this a modification of the meter and have it removed. Heck, they might even bill you for the removal.

I'm speculating, of course, but it seems like a real risk to me.

Either that, or the power company might start an investigation with law enforcement to determine if you have fitted the power meter with a device that misrepresents your electricity use.

I can only imagine the look on my meter reader's face if he saw a device like that attached to the meter.

One would hope that Wattvision launched(s) an education campaign aimed at the power companies to let them know of this device.

I think this is incorrect speculation. Black&Decker, for example, sells a similar looking device. I've had one on my meter for months and no one's said anything.

Straight from B&D's site:

The reference to specific manufacturers is for informational purposes only and does not represent that the Power Monitor has been approved or endorsed by the manufacturer or your local power company.


I will give you this one though. My local power company indicates that the meter is property of the customer. Perhaps this is more common that I initially thought:


Wow looking at the ranking page here http://www.wattvision.com/rankings Mark's House use about 10 times energy as comparable size homes. Is it a house or an open air furnace?

It's just a regular house with a nice big garden ... in the basement.

Nice, I knew it.

I like it. Will you be shipping internationally? Just a note, the size comparison is not very useful since I:

1) Do not know how large that particular candy bar is. It could be a tiny one or it could be a huge one. 2) I have no idea how large that Reddit toy is.


I never knew this thing would sign me in to google without my permission.. and even register for subscription.. WTF?!

creates a bad impression for otherwise reputed YC startups..

Has that sensor been tested in winter conditions? I know my power meter usually ends up having a foot of snow on it for most of the winter.

Yes, it has. The sensor survived the harsh winter storm that dumped a couple feet of snow last winter in the Northeast.

What about other forms of harsh winter conditions - extremely low temperatures (including wind chill)?

Wind chill doesn't affect things that don't attempt to maintain a warmer temperature than the environment.

Wind chill is the effect of cool air passing by a warm object taking away it's heat energy more rapidly than stagnant cool air surrounding the object.

Wind does not cause an object to get colder than the air around it.

I'm interested in this kind of product, but I live in an apartment and don't have access to my electric meter (or if I do, I definitely can't install things on it). Is there something like this I could use on individual outlets?

If you have a breaker panel you can measure at that point: http://www.theenergydetective.com/store/ted-5000

Depending on what state you live in, your apartment building is required to give you access to the meter that measures your apartment (to verify that you're getting charged correctly). If you ask nicely you might be able to convince your landlord to let you hang one of these (especially if the meter is indoors). I proposed such a thing to my landlord and they were interested in knowing more.

Dammit Savraj, in one fell swoop you not only brought out a super-cool greet tech appliance but also realised the dream that Clickpass never could - true seamless sign-on. The King is dead, long live the King!

Hahah! Thanks Peter. And thanks for the escalation to your google contact, they totally fixed the issue. ;)

Pretty neat. It will be possible to determine if a house is occupied, by looking at the current and historical power usage data. You've still got to find the address though.

Awesome tech, Will be very interesting to put on my folks house which has historically had really odd utilities spikes. I can finally debug :).

Congrats! Does this hardware work with more meter types than the beta hardware? My meter was not one of those that it initially worked with, so I sent in a picture of it, and I would very much like to get this working.

Yes. Please ping us at info@wattvision.com

I wasn't able to find the cost until I signed in.


$239 for hardware sensor $8.99/mo for historical data

You don't need to sign in to view the link you posted or the pricing page. Also note that 'monthly plan' doesn't start until April 15, 2011.

Do the WattVision guys have plans to create sensors that can replace light switches and receptacles? Perhaps with wireless mesh networking? That would be sweet :~).

Our current release is "minimum viable product" ;)

Sure I understand... I guess what I was asking is if you had any plans to create the products I mentioned above.

Any plans to go international? I would bite your hand off for something like this in the UK :D

Apparently they already are: http://www.wattvision.com/browse/by_location

Login issues aside (I realise they are significant but they're very well covered here)...

This is a great product. I'm delighted for you that you've launched it as a shipable unit after what I'm sure was epic work. But you just cannot sell to consumers on a website that look like that. Your homepage consists of a graph, for crying out loud.


very cool!

Very cool!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact