Rise and fall of SleepyHead: How community backed CPAP hacking got jeopardized

Among the data leaks and privacy issues, one may stumble on the fact that there is no easy way to distinguish the characteristics of the data. The ongoing infinite data stream is created by us and we are entangled with it – thus differentiating the ownership and rights is way too difficult.

Take the example of a life support device: who should be the rightful owner of the data generated while serving the patient? The patient or the doctor or the manufacturer of the device?

Clinical data is always a controversial matter. The educational usage of it is itself blurry, because the hierarchy of the authority and their relation with third parties.

In this article, we will talk about a medical disorder called sleep apnea. To be specific, we are more interested in the associated medical data, the DRMs in it and community effort to break it.

Quoting from Wikipedia:

Sleep apnea, also spelled sleep apnoea, is a sleep disorder characterized by pauses in breathing or periods of shallow breathing during sleep. Each pause can last for a few seconds to a few minutes and they happen many times a night.

There are multiple treatment methods, including surgery in extreme cases. Using breathing apertures such as a CPAP (Continuous Positive Airway Pressure) machine along with a face mask is a common method to track the symptoms.

AHI (Apnea-Hypopnea Index) is a standard measure to count the number of apneas (stops breathing) recorded during per hour of sleep.

There are big players in clinical industry who manufacture these CPAP devices. They are ‘smart’ enough to store various parameters, including AHI, average air pressure, mask leakage, average usage etc.

Older CPAP devices can export these data to SD card in (obviously) proprietary format. Only manufacturer specific tools can read them and the access to those is virtually impossible for patients.

Current gen machines can even wirelessly connect with internet and upload the data directly to cloud. These data are meant be used to track the sleeping pattern of the patients and accommodate the diagnostics accordingly.

Unfortunately that’s not the way it’s done in real life. Doctors often neglect the data, probably because they are not at all sleep specialists.

All these obstacles lead end users to hack the CPAP aparetures. Tuning the air pressure according to the personal requirements is one of the most used mod in this field.

There are online communities like Apnea Board, CPAPTalk and r/SleepApnea, where like minded people have discussions with each other on the disorder. Apnea Board even try to collect and distribute obscure technical documentations for CPAP devices for DIY modding.

https://twitter.com/ApneaBoard/status/1083876829260402688

The users of these groups extensively use SleepyHead – a free and open source software which can decode the proprietary file formats created by the CPAP devices. The developer, Mark Watkins, is himself suffering from the disorder.

He started this as a curiosity to break into the his own sleep data from the CPAP machine, around 8 years ago. It turned into a full time development from a hobby. Thanks to the software, millions of sleep apnea patients can visualize and analyze their sleep data and treat themselves.

Not limited to it, SleepyHead has been cited in multiple clinical research papers. Researchers use it to decipher the raw data generated by the CPAP machines which can be used to enhance the existing therapy methods.

Apnea Board and CPAPTalk are also vital parts of this revolution. Their large user base helps Mark to gather necessary informations about new CPAP peripherals. The leaked documentations are also crucial for reverse engineering the obfuscated datasets.

In FOSS development, the developers are often crushed by the load of expectations. New feature requests and unplanned expansions lead to frustrations. Bringing universal satisfaction is a utopia, but still they fall into the trap.

SleepyHead faced the exact same scenario. The community arranged fundraisers to support Mark, who solely contributed to the development. After a while, the backers started to create pressure as they expected to get support for their CPAP devices. Meanwhile Mark wanted to fix the existing bugs, which initiated miscommunications.

As the software is open source, prominent members of the forums tried to come up with a call for developers to provide patches. Their were talks to fork the existing codebase and add support for new devices.

The communication gap triggered a public outrage from Mark Watkins, who accused Apnea Board for stealing his contributions. Eventually the community got split up – members were taking sides and the drama continued.

ApneaBoard is NOT affiliated with the SleepyHead project, nor is anyone there or anywhere else authorised to release on my behalf under the SleepyHead project – or announce SleepyHead releases for that matter.

ApneaBoard’s recent “release committee” initiative is illegitimate and is seeking to undermine my years of work on SleepyHead and undermine my role in my own software project.

If it’s NOT SleepyHead, don’t call it SleepyHead, and don’t make it look like SleepyHead… it’s that simple!

From civilised discussions, it reduced to dirty talks and destructive criticism. Distributing test builds and reusing the logo and name without proper consent were the primary allegations made by Mark.

As a consequence, the dev shut down the project.

After repeated hostile takeover attempts, undermining, betrayal, and torrents of abuse, I have no desire to continue subjecting myself to working under those condtions. No Free & Open Source Software developer should have to endure that. 🙁

As a matter of fact, the drama has got bigger afterwards. The forums are being filled up with hate posts while the Discord channel and Facebook group have been shut down by Mark.

Apnea Board is trying to start a completely new project, dubbed as OSCR (Open Source CPAP Reviewer).

There is a group of developers from the Apnea Community, comprised of some of the same individuals that have contributed to previous versions of Sleepyhead and some that have not, including individuals from multiple forums and multiple nationalities, working on developing a fork of Sleepyhead 1.1.0.

OSCR is planned to be the spiritual successor to SleepyHead. The original GitLab repo of the later is still online, along with clones.

Mark is still active in the sleep apnea community, though SleepyHead is stuck in a limbo.

Follow @PiunikaWeb

PiunikaWeb is a unique initiative that mainly focuses on investigative journalism. This means we do a lot of hard work to come up with news stories that are either ‘exclusive,’ ‘breaking,’ or ‘curated’ in nature. Perhaps that’s the reason our work has been picked by the likes of Forbes, Foxnews, Gizmodo, TechCrunch, Engadget, The Verge, Macrumors, and more. Do take a tour of our website to get a feel of our work. And if you like what we do, stay connected with us on Twitter (@PiunikaWeb) and other social media channels to receive timely updates on stories we publish.