A Super Bowl ad for Ring security cameras boasting how the company can scan neighborhoods for missing dogs has prompted some customers to remove or even destroy their cameras.
Online, videos of people removing or destroying their Ring cameras have gone viral. One video posted by Seattle-based artist Maggie Butler shows her pulling off her porch-facing camera and flipping it the middle finger.
Butler explained that she originally bought the camera to protect against package thefts, but decided the pet-tracking system raised too many concerns about government access to data.
“They aren’t just tracking lost dogs, they’re tracking you and your neighbors,” Butler said in the video that has more than 3.2 million views.
I hope what really gets people to pay attention is how the FBI said they searched that news ladies’ moms’ ring camera footage even though she didn’t have an active subscription.
It was a NEST camera from Google, which is only a meaningful distinction because it means they ALL do this shit.
The only ones that don’t are ones that only send data to your data storage.
And even then, big question mark, as most Chinese produced camera modules have black box firmware. If it’s on the Internet it’s not yours.
My cameras have local network access only. Most people who are tech savvy enough to set up their own storage are also able to block Internet access for security cameras.
But another big concern for externally mounted cameras with microsd cards is the confiscation of those cards. They are are very easy to remove, often without tools and I don’t believe for a minute that the fact that a warrant is required would make police actually get one before taking the card.
Which cameras do you use?
TP-Link (which are cheap but so unreliable I had to add smart switches to reset them when they stop working), Foscam and Dahua. Dahua is by far the best. All of them record to a local server running Home Assistant and Frigate.
I really need to set up frigate. Been procrastinating for months 😐
Frigate is a marvel. Setting it up and tweaking it does take time but once done it requires almost no maintenance (at least in my experience) and is close to flawless. It’s only had 1 false alert in the last year and that was caused by a spiderweb on the camera. I wish all my applications were as trouble free.
I hope its not one of the 32 TP-Link cameras that have unpatched auth flaws allowing malicious actors to reset the admin credentials in them.. This is a local exploit, so you’re probably okay, but these exploits could be used in concert with others to compromise your security/privacy.
The cameras have no Internet access at all. Someone would need to be already inside my network for this vulnerability to be a problem.
Friend don’t let friends get TP-LINK they am never updated their products properly and their products are full of known CVEs
And the NEST camera apparently has some sort of free tier that saves a short amount (the last few hours) of video by default, so NEST users shouldn’t be surprised at all that their video feed is sent to the cloud as its one of the features of the subscription-less model.
The problem isn’t that it’s being sent to the cloud, the problem is that it’s not being encrypted and Amazon is doing whatever they fuck they want with it, including giving it to law enforcement without a warrant.
encryption wouldn’t solve the problem, just raise more questions. how is it encrypted, with what algorithm? was the alg implemented securely? who has the decryption keys? how were the keys generated? were they generated from a good enough entropy source? these are non-trivial questions that have to be asked in an encrypted system where encryption is not just a gimmick or a marketing buzzword.
having encryption and “secure!” plastered all over the box and the phone app does not mean anything, especially when you need protection against the manufacturer.
When people in a Lemmy technology community say “encryption” it should be obvious we’re referring to effective encryption, not a marketing claim on a product box.
yes, that would be ideal, but at any point in time we will have newcomers, for them it won’t be obvious
Your prior comment was for newcomers?
This was obviously written for people with quite a bit of knowledge. Most newcomers would have absolutely no idea what any of it means.
no, it was for everyone.
the point was not to explain how encryption works, but to paint a picture about how many details matter a lot, so that the reader can know that just some kind of “encryption” does not mean much
A big exception to the rule are the HomeKit secure video cameras that work in Apple’s ecosystem. If your HomeKit compatible camera is going straight into HKSV, and isn’t paired with manufacturer’s own cloud video service, then it’s all E2EE and it can’t be accessed by Apple, even with a warrant.
Problem is, camera offerings are limited, and scrolling clips in HomeKit is paaaainful. Also, if you’re not in Apple’s ecosystem, you can’t use it.
Can’t you get a surveillance camera from anywhere and use that?
They’re pointing out that HomeKit cameras are specifically end to end encrypted and claimed inaccessible. Apple has really been pushing online privacy as a feature
You can get a camera from anywhere and either use it locally only or implement your own encryption before saving to a cloud resource if you can get one with any expectation of privacy. But you have to do all the work and it is never end to end encrypted
Initially, NBC Nightly News (Savannah Guthrie’s network) stated that Ring cameras could only record 4-6 hours before the footage would start to rewrite over itself. Yet being able to uncover what they did after the fact seems hella sketchy.
Not at all, that’s tons of time.
That was a nest and I don’t know about them, but for Ring they store snippets activated by motion or ringing the bell. Once you’re only saving snippets, 4-6 hours video could be weeks
Ring can also save snapshots, at regular intervals, but that’s a still photo taking much less storage.
I used to have a nest doorbell. You can set it to record continuously, just FYI.
E: that will also require a subscription, which includes 60 days of saved footage (and other stuff)
Not really if you know how this kind of computing/information technology works.
A file consists of the data itself, and a pointer to the data location on the storage device or index record. When the computer wants to retrieve the data, it looks at the index to get the data location, then goes to that location to get the data. This is how the majority of computers/devices work. When a file is “deleted” the index is usually the only thing that goes away, not the data itself. Over the course of time, the data is eventually overwritten as its in areas marked as “free space”. So other new files will occupy some or all of that space changing it to hold the new file data.
If you want to get rid of the data itself, that is usually considered “purge” where the data is intentionally overwritten with something else to make the data irretrievable.
What the Google engineers were able to do was essentially go through all the areas marked as “free space” across dozens (hundreds?) of cloud servers that hold customer Nest camera data and try to find any parts that hadn’t been overwritten yet by new data. This is probably part of why it took so long to produce the video. Its like sorting through a giant dumpster to find an accidentally discarded wedding ring.
I’m late to your reply but it was well explained and I feel like I learned something new. Thanks!
I’m glad it was helpful!
The subscription is ostensibly to cover the cost of bandwidth. But of course they’re uploading anyway…