QZ's Creator on Echelon's Firmware Lockout: When 'Smart' Hardware Becomes Dumb Without Permission

In September 2020, Roberto Viola began building QZ (qdomyos-zwift) with a simple mission: liberate fitness hardware from corporate walled gardens. At the time, Echelon's bikes, treadmills, and rowers were locked exclusively to their proprietary app, forcing users to accept whatever experience the company dictated. Viola saw an opportunity to bridge this gap, creating software that would let Echelon devices work seamlessly with popular platforms like Zwift, Peloton, and Kinomap.

What started as compatibility enhancement quickly evolved into something more sophisticated. QZ added auto-resistance features that sometimes delivered smoother experiences than Peloton Bike+ itself. The app expanded to support Echelon rowers and treadmills, becoming a comprehensive solution that unlocked the full potential of hardware users had already purchased. For five years, this ecosystem thrived. QZ helped people extract more value from their equipment while ironically driving tens of thousands of Echelon bike sales. Viola even recommended Echelon as the best indoor bike on the market specifically because of its excellent QZ integration.

Everything changed in July 2025 when Echelon pushed a firmware update that fundamentally altered the relationship between users and their devices. This wasn't a feature upgrade—it was a lockdown. The new system requires devices to authenticate with Echelon's servers just to boot up. On startup, each device must log in and receive a temporary, rotating unlock key. Without this server handshake, the hardware becomes completely unusable—no manual workouts, no Bluetooth pairing, nothing.

This server-based lockout creates three critical problems that extend far beyond mere inconvenience. First, it eliminates offline functionality entirely. No internet connection means no workout, even for basic manual operation. Second, it creates permanent obsolescence risk. If Echelon ever shuts down its servers—a scenario that has happened repeatedly across the IoT industry—expensive fitness equipment becomes worthless metal and plastic. Third, and most devastating for QZ users, third-party apps can no longer function because devices actively refuse to communicate unless Echelon grants permission.

The implications reach beyond fitness equipment. This represents a growing pattern in the IoT world where cloud-only hardware creates artificial dependencies. Hive smart cameras and sirens will stop working in August 2025 due to backend shutdowns. Insteon smart home hubs went dark overnight in 2022, stranding entire homes. VanMoof smart bikes bricked after company troubles, eliminating remote unlock and tracking features. Even Google's Android Things, once positioned as a flagship IoT platform, was quietly discontinued by 2022.

Viola's request to Echelon is remarkably modest given the circumstances. He's not asking for open-source code or deep system access. Instead, he proposes a basic fallback mechanism: allow devices to send encrypted data locally even without internet connectivity. This would preserve user control and prevent devices from becoming useless if servers disappear. It's not about undermining Echelon's business model—it's about ensuring that expensive hardware remains functional and that users retain genuine ownership.

The situation raises fundamental questions about what it means to "own" smart devices in an increasingly connected world. When functionality depends entirely on corporate servers, ownership becomes conditional permission rather than actual control. This model benefits companies by creating vendor lock-in and recurring dependencies, but it shifts all risk onto consumers who have already paid for the hardware.

For current Echelon users, the stakes are immediate and irreversible. The firmware update is non-reversible—once installed, there's no way to roll back to previous versions. Devices that update will require constant internet connectivity, refuse to work without server validation, and completely block third-party applications like QZ. The message is clear: if you value device freedom, offline workouts, or open compatibility, avoid all firmware updates and disable automatic update features.

This conflict between open compatibility and closed ecosystems reflects a broader tension in technology. QZ was built with passion, not profit, to empower users and unlock hardware potential. It helped companies grow by making their products more valuable to consumers. Yet the new model—where ownership requires ongoing permission from remote servers—creates dangerous dependencies that threaten both user autonomy and long-term device utility.

The solution seems straightforward: implement local fallback modes that preserve basic functionality without internet connectivity. This wouldn't prevent Echelon from offering premium cloud features or maintaining their app ecosystem. It would simply ensure that hardware remains usable even if the company faces financial difficulties, changes strategic direction, or experiences technical outages.

As an Italian who values beautiful, functional things that last, Viola emphasizes that technology should serve users, not create artificial dependencies. The question isn't whether companies can build locked-down systems—clearly they can. The question is whether they should, knowing the risks this creates for consumers who have invested in their hardware.

Echelon still has an opportunity to address these concerns before more users update their firmware and lose control permanently. The request isn't revolutionary—it's a basic safeguard that respects both the company's business interests and users' legitimate expectations of ownership. In a world where IoT devices increasingly depend on cloud services, ensuring local fallback options isn't just a nice feature—it's becoming essential for responsible product design.

For now, Echelon users face a stark choice: maintain their current firmware and preserve compatibility with QZ and offline functionality, or update and accept permanent dependence on Echelon's servers. The decision they make today will determine whether their expensive fitness equipment remains a tool for health and wellness or becomes another example of how cloud-only hardware can transform ownership into temporary permission.