Buying a used one, the owner has to remove it before the new owner can add it to InControl. The official FAQ item is pretty much useless, it provides no info on how to identify or contact the PO, and provides no mechanism if you can’t. Same with multiple other threads where that question was asked.
So, I’ll ask again - how does one identify the previous owner/organization so they can be contacted to release the device?
Don’t answer “contact the seller.” There’s a serious DoS/security flaw. Anyone with the serial number can assume ownership of an unregistered device, and the seller would have no way of knowing who it’s registered to or how to contact them - look at a few eBay listings and try it! (be sure to remove it if you do)
What process does Peplink have for recovering such a device? It seems the old “photo of the device / proof of purchase” method is no longer available.
Seems to me there should be some sort of key, available only via direct web management on the device (i.e. not on an external label), which would be needed in addition to the s/n to register a device with InControl.
Apparently, devices stay in InControl even after their license expires. It seems to me one solution is to simply “unregister” any device some short time (a few months?) after the license has expired. What good is InControl registration for an unlicensed device?
I’m just a personal user. I can probably get by with a reset and disabling InControl. But Peplink has a lost opportunity here - I would pay for PrimeCare if I could get it under my name.
I will tell you at least part of the problem, in some regions that Peplink operates (including mine) it would be illegal for Peplink to tell you who the registered owner currently is or even provide a contact phone number.
Also in regions that it isn’t illegal, it’s pretty bad form for them to provide customer data to a 3rd party. For many large companies, the contact person on file would have no clue if you are even supposed to have their old device or if it was received legally.
The ‘contact the seller’ is in the hope that they are in any way affiliated with the original owner and can help you. Problem is that many sellers in the used market just bought it at a sale of a bunch of used stuff together or even recovered it from recycling and have no way to get ahold of anyone involved.
I will let you know that expired devices do actually show up in InControl in a useful way, in status, green is online, red is offline and blue is warranty expired but showed up online today. It’s not much but for synergized devices or remote devices that get very little attention, it’s nice at a glance to get that info. (I can see this on devices of mine that haven’t been on a service plan since 2018)
As for why companies don’t just remove them, that’s easy, the admins have no clue where the devices are. Keeping the last gen stuff around to be able to swap in in an emergency or to get a temp location up quick, slowly becomes a bunch of outdated stuff around. When the oldest stuff gets purged by someone, nobody does more than a factory reset, then recycle. Over time this leads to a bunch of old devices on the account that haven’t been used for years but nobody sure which ones were recycled and which ones are being used as synergized devices or at some branch office as a cold standby. Add the risk of theft and I can see why Peplink can’t/won’t help.
I know this isn’t what you want to hear, it’s also the reason I have decided not to buy a used peplink device on more than one occasion.
About the only suggestion I have for Peplink, if there was a place in the web interface that could show that the device was released from InControl and was able to be adopted, that would be a way for sellers to show potential buyers the state of the device (as long as the seller also knew to cover up the SN)
But there is nothing stopping them from being an intermediary, even automating it providing a “contact registrant” link to a contact form next to the “this device is already registered” message, which could allow contact while keeping the current registrant anonymous. Or as was suggested in one thread I read - sending a “If you don’t confirm ownership (and accuse the current possessor of theft) of unlicensed device X in 7 days, we’re going to release it” email.
But not if the device has been sold or otherwise disposed of, in which case leaving them only causes clutter.
A concern I would have with this is that these emails might look like phishing emails and I might not respond thinking it is a phishing email, or that such emails might be caught by spam filters, etc. and not be delivered. I strongly do Not want anything I have locked for security to be automatically unlocked because an email is missed.
I would not like it at all if peplink removed my owned device from incontrol; If it’s registered to my incontrol account, it insures that someone else can’t see or somehow get the serial number and register it to a rogue incontrol account. One of my primary worries with cloud controled devices is the security of the cloud control.
I think if security is an issue, buy the device from a peplink authorized reseller and register it to your incontrol account. If there is an issue, they will certainly help you with your new device. Or make the incontrol registration a requirement of the purchase if buying used – if you don’t get it, return it not as advertised.
I don’t mean to be rude with my reply, but I hate the idea of reducing security of my devices by automatically “dropping” them at some point. If I pay full retail price, please continue to guard my security as the #1 goal. That’s why I’m paying the retail price to buy new routers.
I have had the experience of a Switch having a duplicate Serial Number from the factory preventing me from adopting. Support were able to contact the reseller of the duplicate who contacted the end user to confirm they we both indeed had the same serial number, after which my unit was “rebirthed”.
The same process of Support as Middle-man could easily resolve this most of this problem.
I agree that simple possession of the hardware should not be enough as that encourages theft, there must be a process to legitimately have the devive un-registered.