Hello from VON in Boston. I spent some time today at the “unconference”, and really enjoyed myself. It was great to see in person all the bloggers I’ve been reading over the last year. It’s strange: I thought they were all taller. 
As the new guy in town, I mostly just observed but — as promised — it was a genuine interactive environment. That’s a nice escape from the standard session format.
Dennis Peng, co-founder of Ooma, took the stage for what turned out to be quite a grueling session. This was a tough crowd. (Other coverage from Thomas and Alec.)
Some of the issues that came up:
* Who’s life is it anyway?
Aswath Rao challenged the statement that they give you phone service “for life” in exchange for a one time cost of $400. “It’s really the lifetime of the box, isn’t it?” he asked. Dennis confirmed that yes, when your Ooma box dies, you have to buy a new one.
* Biz Model
Carl Ford took a few swings at their business model. I loved this line: “I smell head count. Which means I smell burn rate. How are you going to monetize these customers down the road?”
* Ease of Use
Carl also warned about run-away customer support costs. Dennis replied with some interesting stats that I hadn’t heard before: “60% of their users were able to do the install in 15 minutes. 90% within 30.” That’s impressive. For comparison, here is a video showing a PhoneGnome installation.
* Watch the fine print
Andy Abramson was very critical of Ooma for downplaying some major T’s and C’s till the end of the sign-up process. I didn’t follow all of the details there but, apparently, the small print allows them to take over as your long distance provider and change settings on your phone service.
* Ooma-tapping
I asked about a security matter: “Can I listen in on conversations from other Ooma users flowing through my Ooma box?” (See here for some background on the issue.) That set the room twittering (the old verbal kind, not the online kind). Dennis repeated the corporate line several times: “We take the security of our customers very seriously.” but that didn’t seem to placate the crowd.
* Bigger picture
What I found most interesting was Dennis downplaying their distributed termination technology. And although my inner geek thinks it’s really really cool, I have to admit it’s starting to look like more trouble than it’s worth. He called it a “short term solution” along the way to “an all-peered approach.” He wants us to focus instead on the built-in features of the system (instant second line, smart answering-machine) and the potential of this platform for the future.
For the record, let me say that I’m a big fan of the Ooma. After Jon and Alec, I think I’m the 3rd guy in Canada to have one. And, more importantly, I want them to succeed as a platform because I want to use the Ooma network to get FonCloud features out to consumers. (It will be a heck of a lot easier than doing carrier deals.)
Sadly, the lively discussion got cut short by the next presentation. The intention (well-placed) was to show how cool Adhearsion is, but it killed the buzz for me. Yes, I get it: high level languages let you put together simple apps quickly. But I don’t need to see it … being…. typed… in… real… time.
I’m looking for someone in the DC/Baltimore area with an Ooma Hub connected to their own phone line who would like to host a demonstration showing how easy it is to tap conversations going through the hub. We’ll settle this issue once and for all.
I will provide the (simple) circuit.
Years ago (early 90’s when long distance was expensive) a friend of mine found that he could tap into his neighbors’ phone lines from the big green box located on his street. He made a call to me while I was on vacation in a different State. Our POTS lines are easily tappable, but this Ooma debacle sounds like it is an order of magnitude bigger. When you tap into a local circuit you know who you are monitoring. If I understand the Ooma issue clearly, you can now theoretically tap into an area code. Wow.
Great review Shai … wished I could have been there. Looking forward to your review of the Ooma box
Gad: If you tap a regular POTS line you get the listen in on the conversations from one particular household, but you need to physically be there (and probably be trespassing). You can tap an Ooma box from the comfort of your own homw, but you will only get to hear random conversations being routed through your house to other numbers in your area code. Without any context (you don’t know who the caller is) I don’t see it being anything other than entertainment. In that sense, your call is “safe” in the same way that your conversation in a coffee shop is safe: the guy at the next table can easily snoop, but he doesn’t know you, so the info is useless.
In this case, with relatively simple equipment to decode the DTMF tones, you can determine who the called party is. Besides, people in public places probably won’t discuss sensitive information where they can obviously see that others may overhear.
I just want Ooma to admit that it is possible for someone to eavesdrop in this simple way (without trespassing), rather than continuing to insist that it is not possible.
@Mike:
“… simple equipment to decode the DTMF tones, you can determine who the called party is”
You still need that number to have a white pages listing to be useful. And you still don’t know who the caller is. And even if the call recipient is someone you’re interested in, there’s no guarantee that the next call between these two parties will go through your box. It might go through another Ooma box in your area code. So again, all you can do is “chance snooping”.
Now, you still can’t say such calls are “secure”, but you can argue that their security is in the same ballpark as the security of the PSTN in general.
> “I just want Ooma to admit…”
Yes, they may be better off “coming clean” about the issue. But I imagine that, internally, they are weighing the benefit of assuaging some uber-nerd bloggers versus the cost of a bunch of headlines that read “Ooma admits security is an issue”.
I hate to say it, but if I were Ooma, I would probably stay the course and wait for this issue to blow over.
Shai says:
„And even if the call recipient is someone you’re interested in, there’s no guarantee that the next call between these two parties will go through your box. It might go through another Ooma box in your area code. So again, all you can do is “chance snooping”“
I think that’s not true. On the contrary!
Remember, Shai, that you are only the 3rd guy in Canada to have an Ooma. So probably all Ooma calls in your area code go through your box. It should be easy to install the „simple equipment to decode the DTMF tones“, that Mike Pierce mentiones, and listen to your ex girlfriend’s conversations with her new lover.
It’s unpleasent that Ooma leaves the experts crowd waiting so long for answers to the security questions. „We take the security of our customers very seriously”, is not enough of an answer. It sounds like these phone voices who say „your call is very important to us“ and then they leave you waiting for another hour .
So, has anyone even gotten an answer from Ooma that was anything beyond the usual PR crap?
I put my web site at ooma-revealed.info back on the air to document why ooma is failing.
Comments please.
Wow, Mike.
As an outsider peering in on this situation, you seem like a bitterly determined person with a strange loathing for Ooma. Why is this? The ‘typical’ consumer simply isn’t in-tune with, nor worried about the issues you’re targeting here. You realize the security threat, but the average person doesn’t…and frankly, it’s just not that important of a threat to begin with. The chances of becoming anyone’s eavesdropping subject is literally minute for most anyone.
I’m really just curious about your hatred for this company. I’m doing a little research in considering Ooma service for myself and I’ve now found your comments in two different articles looking for someone to help you tap a line just to make a point. I’m pretty sure that if what you say is possible, Ooma knows it is. They just aren’t saying…and as someone already mentioned earlier, from a business standpoint, they are walking the correct line with this. The adverse headlines generated from telling you what you want to hear would likely kill the company; and to what end?
I have ooma, and I live in the baltimore area. I would love to help Mike.