Terms of Service and Liability Waiver

Last Updated: May 2026

1. Acceptance of Terms

By accessing the Linked Lamp website, using its firmware, or building the hardware (collectively, the "Project"), you agree to be bound by these Terms of Service. The Linked Lamp is an open-source, Do-It-Yourself (DIY) project provided strictly for personal, non-commercial, and educational use. If you do not agree with any part of these terms, you must not use or assemble the Project.

2. Hardware & Electrical Safety Waiver

WARNING: Building the Linked Lamp requires the handling of electronic components, soldering irons, microcontrollers, and external power supplies.

By undertaking the assembly of the Linked Lamp, you acknowledge and accept all inherent risks, including but not limited to electrical shock, fire, burns, toxic fumes from soldering, and property damage. You agree that you are solely responsible for ensuring proper wiring, adequate insulation, and the use of certified, safe power supplies. Under no circumstances shall the creators, maintainers, or contributors of this Project be held liable for any personal injury, death, property damage, or catastrophic failure resulting from your assembly, modification, or use of the physical hardware.

3. Software "AS IS" & Security Disclaimer of Warranties

THE FIRMWARE, WEB INTERFACES, 3D MODELS, AND DOCUMENTATION (COLLECTIVELY, "SOFTWARE") ARE PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. WE DO NOT GUARANTEE THAT THE SOFTWARE WILL BE UNINTERRUPTED, ERROR-FREE, SECURE, OR FREE FROM VULNERABILITIES.

CRITICAL SECURITY ARCHITECTURE WAIVER: YOU ACKNOWLEDGE AND AGREE THAT the Software utilizes a simplified security architecture to support DIY flexibility and ease of setup. Specifically:

• TLS Certificate Bypass: The ESP32 firmware deliberately disables SSL/TLS Certificate Authority (CA) validation (by calling espClientSecure.setInsecure()) to eliminate configuration blocks, certificate expiration issues, and NTP server dependencies on the physical device. While network traffic is encrypted, the identity of the remote broker server is not authenticated. This design decision exposes the device to Man-in-the-Middle (MitM) certificate spoofing, packet injection, and credential interception when connected to public or untrusted network environments.
• Plaintext Local Storage & Base64 Unique ID: The web-based dashboard caches your raw MQTT broker username and password credentials in plaintext within your browser's local storage (LocalStorage). Additionally, the dashboard generates a "Unique ID" (UID) containing these raw credentials encoded in standard Base64url format for convenient pairing. You acknowledge that Base64 is a plaintext encoding format and provides zero cryptographic protection. Anyone who intercepts or obtains access to the UID can immediately decode it to steal your raw broker credentials.
• Unauthenticated & Unsigned Remote OTA Updates: The ESP32 firmware features a remote Over-The-Air (OTA) update command system triggered by publishing an update URL to the device's subscription topic. Because this system is completely unauthenticated, does not verify cryptographic signatures on the binary, and disables SSL certificate validation, any third party with publishing capabilities on your MQTT feed can force your lamp to flash arbitrary, unverified software. This allows remote code execution which could be used as a vector to compromise your entire local home network. You assume all responsibility and risks of device hijacking and network intrusion by deploying this firmware.

BY USING THIS PROJECT, YOU FULLY UNDERSTAND, ACCEPT, AND ASSUME ALL RISKS ASSOCIATED WITH THESE SECURITY CONSTRAINTS. UNDER NO CIRCUMSTANCES SHALL THE CREATORS, MAINTAINERS, OR CONTRIBUTORS OF THIS PROJECT BE HELD LIABLE FOR ANY SECURITY BREACHES, DATA THEFT, CREDENTIAL COMPROMISE, UNAPPROVED NETWORK ACCESS, BROKER HIJACKINGS, OR LOSS OF PRIVACY RESULTING FROM YOUR ASSEMBLY OR DEPLOYMENT OF THIS PROJECT.

4. Third-Party Service Dependence and Non-Affiliation

The Project relies entirely on third-party infrastructure (including but not limited to GitHub for hosting and OTA updates, Cloudflare for domain routing, Google and Cloudflare for Public DNS, public Content Delivery Networks (CDNs) like unpkg.com and jsDelivr for delivering runtime script libraries, and external MQTT brokers like HiveMQ or Adafruit IO for connectivity). None of these third-party services are affiliated with, endorsed by, or operated by the Linked Lamp project or its creators. We have no control over these entities. You acknowledge that if a third-party provider experiences an outage, changes their pricing, or deprecates their API, your Linked Lamp may cease to function entirely. We bear no responsibility for loss of functionality, and you agree not to hold us liable for any disruptions, data breaches, or server logs collected by these third-party services.

5. Unintended and High-Risk Use Prohibited

The Linked Lamp is a novelty item for entertainment purposes. It is NOT designed, intended, or authorized for use in critical life-safety systems, medical alerts, emergency response mechanisms, or any environment where failure could lead to injury, death, or severe environmental damage. Any such use is strictly prohibited and at your own sole risk.

6. Indemnification

You agree to indemnify, defend, and hold harmless the project creators, maintainers, and contributors from and against any and all claims, liabilities, damages, losses, costs, expenses, or fees (including reasonable attorneys' fees) arising from your violation of these Terms, your assembly of the hardware, or your use of the Software.

7. License and GPLv3 Compliance

The Linked Lamp software is licensed under the GNU General Public License v3.0 (GPLv3). Nothing in these Terms of Service shall restrict your rights under the GPLv3 to copy, modify, and distribute the software. To the extent any provision in these Terms conflicts with the GPLv3 regarding the software itself, the GPLv3 shall govern. Our disclaimers of warranty and liability are intended to complement Sections 15 and 16 of the GPLv3.

Return to Home