A Super Bowl ad for Ring security cameras boasting how the company can scan neighborhoods for missing dogs has prompted some customers to remove or even destroy their cameras.
Online, videos of people removing or destroying their Ring cameras have gone viral. One video posted by Seattle-based artist Maggie Butler shows her pulling off her porch-facing camera and flipping it the middle finger.
Butler explained that she originally bought the camera to protect against package thefts, but decided the pet-tracking system raised too many concerns about government access to data.
“They aren’t just tracking lost dogs, they’re tracking you and your neighbors,” Butler said in the video that has more than 3.2 million views.
I hope what really gets people to pay attention is how the FBI said they searched that news ladies’ moms’ ring camera footage even though she didn’t have an active subscription.
It was a NEST camera from Google, which is only a meaningful distinction because it means they ALL do this shit.
The only ones that don’t are ones that only send data to your data storage.
And even then, big question mark, as most Chinese produced camera modules have black box firmware. If it’s on the Internet it’s not yours.
My cameras have local network access only. Most people who are tech savvy enough to set up their own storage are also able to block Internet access for security cameras.
But another big concern for externally mounted cameras with microsd cards is the confiscation of those cards. They are are very easy to remove, often without tools and I don’t believe for a minute that the fact that a warrant is required would make police actually get one before taking the card.
Which cameras do you use?
TP-Link (which are cheap but so unreliable I had to add smart switches to reset them when they stop working), Foscam and Dahua. Dahua is by far the best. All of them record to a local server running Home Assistant and Frigate.
I really need to set up frigate. Been procrastinating for months 😐
TP-Link
I hope its not one of the 32 TP-Link cameras that have unpatched auth flaws allowing malicious actors to reset the admin credentials in them.. This is a local exploit, so you’re probably okay, but these exploits could be used in concert with others to compromise your security/privacy.
And the NEST camera apparently has some sort of free tier that saves a short amount (the last few hours) of video by default, so NEST users shouldn’t be surprised at all that their video feed is sent to the cloud as its one of the features of the subscription-less model.
The problem isn’t that it’s being sent to the cloud, the problem is that it’s not being encrypted and Amazon is doing whatever they fuck they want with it, including giving it to law enforcement without a warrant.
encryption wouldn’t solve the problem, just raise more questions. how is it encrypted, with what algorithm? was the alg implemented securely? who has the decryption keys? how were the keys generated? were they generated from a good enough entropy source? these are non-trivial questions that have to be asked in an encrypted system where encryption is not just a gimmick or a marketing buzzword.
having encryption and “secure!” plastered all over the box and the phone app does not mean anything, especially when you need protection against the manufacturer.
When people in a Lemmy technology community say “encryption” it should be obvious we’re referring to effective encryption, not a marketing claim on a product box.
yes, that would be ideal, but at any point in time we will have newcomers, for them it won’t be obvious
Your prior comment was for newcomers?
"How is it encrypted, with what algorithm? was the alg implemented securely? who has the decryption keys? how were the keys generated? were they generated from a good enough entropy source? "
This was obviously written for people with quite a bit of knowledge. Most newcomers would have absolutely no idea what any of it means.
A big exception to the rule are the HomeKit secure video cameras that work in Apple’s ecosystem. If your HomeKit compatible camera is going straight into HKSV, and isn’t paired with manufacturer’s own cloud video service, then it’s all E2EE and it can’t be accessed by Apple, even with a warrant.
Problem is, camera offerings are limited, and scrolling clips in HomeKit is paaaainful. Also, if you’re not in Apple’s ecosystem, you can’t use it.
Can’t you get a surveillance camera from anywhere and use that?
They’re pointing out that HomeKit cameras are specifically end to end encrypted and claimed inaccessible. Apple has really been pushing online privacy as a feature
You can get a camera from anywhere and either use it locally only or implement your own encryption before saving to a cloud resource if you can get one with any expectation of privacy. But you have to do all the work and it is never end to end encrypted
Initially, NBC Nightly News (Savannah Guthrie’s network) stated that Ring cameras could only record 4-6 hours before the footage would start to rewrite over itself. Yet being able to uncover what they did after the fact seems hella sketchy.
Not at all, that’s tons of time.
That was a nest and I don’t know about them, but for Ring they store snippets activated by motion or ringing the bell. Once you’re only saving snippets, 4-6 hours video could be weeks
Ring can also save snapshots, at regular intervals, but that’s a still photo taking much less storage.
I used to have a nest doorbell. You can set it to record continuously, just FYI.
E: that will also require a subscription, which includes 60 days of saved footage (and other stuff)
Yet being able to uncover what they did after the fact seems hella sketchy.
Not really if you know how this kind of computing/information technology works.
A file consists of the data itself, and a pointer to the data location on the storage device or index record. When the computer wants to retrieve the data, it looks at the index to get the data location, then goes to that location to get the data. This is how the majority of computers/devices work. When a file is “deleted” the index is usually the only thing that goes away, not the data itself. Over the course of time, the data is eventually overwritten as its in areas marked as “free space”. So other new files will occupy some or all of that space changing it to hold the new file data.
If you want to get rid of the data itself, that is usually considered “purge” where the data is intentionally overwritten with something else to make the data irretrievable.
What the Google engineers were able to do was essentially go through all the areas marked as “free space” across dozens (hundreds?) of cloud servers that hold customer Nest camera data and try to find any parts that hadn’t been overwritten yet by new data. This is probably part of why it took so long to produce the video. Its like sorting through a giant dumpster to find an accidentally discarded wedding ring.
I’m late to your reply but it was well explained and I feel like I learned something new. Thanks!
I’m glad it was helpful!
The subscription is ostensibly to cover the cost of bandwidth. But of course they’re uploading anyway…
If your stupid gadget needs a separate proprietary app that demands internet access, anticipate that all data is shared for all kinds of shady business.
Not always the case. Some cameras require a proprietary app for set up but can then be set to stream to a local server. Internet access can then be completely blocked with router settings.
Still, would you really want that? A half-baked device in your network, a device you suspect would constantly betray you, if given the chance?
I personally can’t imagine getting used to that. I’d despise the device (and myself probably).
I have absolutely no problem using these kinds of devices.
I have an old phone and a generic Play account that I used for setup so the companies have nothing of consequence but my public IP address. Setup takes less than 15 minutes and after that all Internet access is completely blocked just like it would be if I unplugged my cable modem. There is no way for the cameras to override my router settings.
My smart TV is much more of a concern.
It is baffling that people hadn’t clued in about this sooner
Either they are ignorant or choosing convenience over security.
My personal choice for security stuff is ubiquiti, but I’m sure someone here can find a super cheap doorbell camera that saves to an SD card and accomplishes the same thing.
I’m really glad people didn’t just fall over for this ad, and connected the dots on what Amazon is doing
Reolink doorbell cameras don’t need to be connected to the cloud. They can record to an SD card or upload to an FTP server. You can connect to them with RTSP and run your own NVR if you want too.
I’m sure many did, sadly.
They’ve backed off this and ended the partnership, claim Flock never got any footage, which I think is a total lie.
They’ll re-partner when the heat is off, or just do it silently, Amazon shouldn’t be trusted. Explain why to your friends and neighbors.
This isn’t referring to the flock thing, they put out a commercial in the Superbowl about creating a cam-network to help find lost pets.
Where did you hear they ended the partnership? (Even if you supply a source, I probably won’t believe it.)
Edit: nm. found it. https://www.engadget.com/home/ring-calls-off-partnership-with-police-surveillance-provider-flock-safety-031717605.html
deleted by creator
I honestly didn’t know what they were thinking with that commercial. Why would you proudly advertise that you’ve built a massive surveillance network, during one of the most-watched yearly televised events too for that matter? Did they seriously believe that there wouldn’t be a major backlash? I mean I appreciate the blunt honesty in that commercial so I’ll give them credit for that.
I honestly didn’t know what they were thinking with that commercial. Why would you proudly advertise that you’ve built a massive surveillance network
Presumably because most end users are in deep with the “if you do nothing wrong, you have nothing to worry about” crowd … and besides it can find a lost dog /s.
They brought these sorts of intrusive cameras in the first place so privacy was not top of mind, or even in 2nd or 3rd place.
Presumably because most end users are in deep with the “if you do nothing wrong, you have nothing to worry about” crowd
I agree with other comments that this is probably an Executive issue. Decision-makers operating with missing information can make misinformed decisions. Whether or not end users actually are in that crowd is less relevant than whether the people making such decisions think the users are in that crowd.
In a game-theory framing, it’s a game with incomplete information. What you assume about others, including what you assume about their assumptions, influences your decisions. The sheer amount of players makes it a lot harder to model or predict.
My guess is that since Ring has a history of well-known collaborations with police and ICE, they wanted to re-frame their evil surveillance network as a way to save a puppy. Instead, lots of uninformed normies suddenly realized what those cameras are capable of, and had a huge negative reaction given the state of things.
Because in 3 weeks most people will forget about it. It’s brazen. They’ll still be the biggest doorbell company in America
These people are so fucking out of touch that it’s ridiculous
Because the most evil people on the planet are universally convinced that they’re heroes.
just get a Chinese one like tapo so that the Chinese government can spy on you instead
Which is actually better because the chinese have no jurisdiction in the USA.
Yet…
President Xi, my people yearn for freedom.
I chose Reolink. AFAICT it’s not leaking anything outside my network and it’s fairly inexpensive. Not as cheap as the subsidized Ring brand but hey, at least I own them.
I’ve got a few Reolinks. I have them set to record to a local SD card and have blocked outside internet so that they’re not phoning home.
I’ve been worried about security, and therefore haven’t even researched the options. I’d like to have one, but I don’t want people able to see what’s happening without me allowing it for specific footage. Only guaranteed way was to just not have any. I could do local only, but there is less utility with that. So, it wasn’t worth the effort and cost.
I have my reolink cameras setup on an internal network without direct internet access, but have a server running Frigate and a VPN that I can remote into from my phone. Gives me full control of where the recordings are backed up and remote access controls. This setup works for their doorbells too which is neat.
PoE, no wifi for me. The DVR is in the rack, I keep meaning to back it up to a cloud account of some sort but haven’t gotten around to it so if you break into my house and steal the NVR I won’t have a record of you being there.
I have my security alerts sent to Telegram from Frigate just so it’s in another location for that reason.
I have a reolink that I use as a baby monitor. It’s on our wifi but I set up my router to prevent it from accessing the internet. So you can only access it if you’re phone is on the wifi. And it records onto an SD card.
I have a QNAP. Free dvr software. I buy cheap rtsp-capable cameras and roll my own.
Put your reolink in privacy mode so it wont contact the reolink servers. Then set up Frigate to record a week of data. You dont need much space for 7 days of a couple of cameras.
I have their NVR and yeah, it’s all in privacy mode.
Imagine spending millions of dollars on an ad that costs your company millions more in lost sales
And reduced usage by existing customers, reduced network effect, etc…
For anyone who has a Ring camera, wants to get rid of it, but still wants a doorbell camera for security/convenience reasons, I’ll point out that Ecobee has a fairly good rating on Mozilla’s Privacy Not Included page where they review products for their privacy.
E2EE transmission of video from the camera to your phone when streaming, on-device processing of video feeds, auto-deletes any cloud footage when people uninstall the app (so non-technical users who think uninstalling an app deletes their data will actually get that benefit), only saves clips when actual motion is detected, first line of their privacy policy is “Your personal information and data belong to you”, and their subscription is 100% optional.
Only real privacy concern is that if you choose to integrate yours with Alexa, it might get some data from that, but that’s optional. The main downside is just that they only have a wired option for outdoor setups, but they do have an indoor one that doesn’t require any kind of hookup directly into wires in your wall.
As always though, if you have the technical ability to set something up yourself that runs only on your local network, do it.
my next door neighbor has a camera that seems to look like a ring… I mean I’m not gonna approach their door for no reason to check if it is a ring, but like… if it is a ring… then oh well, NSA is right by my door.
And I’m in a deep blue city btw… neighbor is a renter and is Black, so… yeah… minority working class inadvertantly have a spy camera on their door
Front door is like right next to each other… like the camera can see me walking in the the path into my own house, it makes a sound when it detects movement and I heard the sound thing trigger even when walking only on my side of the yard
…And my family are immigrants…
so yay, our movements are probably in an ICE database
Do you still have chinese citizenship? A few immigrant friends have gotten the paperwork ready, either to return to their home country or immigrate elsewhere, just incase ICE picks them up, they can agree to self-deport instead of ending up in a salvadorian concentration camp indefinitely.
IDK how the chinese US citizenship thing works, maybe China’d accept getting literally deported as proof you’re not a US citizen.
According to google (I am not a lawyer) I don’t have it anymore the moment I got US citizenship since they don’t do dual citizenship and honestly I don’t really want to live in mainland China.
If I had to leave the US, I rather go to Canada, Australia, or perhaps EU for asylum…
Or perhaps Taiwan, or maybe Singapore.
I know from your post history, you seem to like PRC, but please understand that I have a personal grudge against the CCP, I was the second child (precisely a second son so there was no exemption whatsoever) in my family born during the One Child Policy, I really hate the fact that they tried to terminate me when I was still a fetus, then afterwards deny my existence by refusing to issue my legal documents until they made my parents pay a huge fine… which feels like extortion IMO.
I feel like my existence in China is “illegal”, I feel rejected. I don’t wanna be there.
I have an existential crisis over it… I’m not even supposed to be alive in this world, I’m an anomoly.
According to google (I am not a lawyer) I don’t have it anymore the moment I got US citizenship
Yes, but if the US says you never actually had citizenship, maybe China will accept that.
If I had to leave the US, I rather go to Canada, Australia, or perhaps EU for asylum
I’ve heard they’ve made it harder to get asylum, and there’s often poor outcomes for asylum seekers, after Arab Spring. If you have a US passport and money to start a business or any extended family, you can stay for quite awhile. This applies to most of Asia too where US passport gets you 90 days on arrival, or 90 day evisa for vietnam. US passports are pretty powerful.
Or perhaps Taiwan, or maybe Singapore.
Never been to either, can’t tell you about it.
I have an existential crisis over it… I’m not even supposed to be alive in this world, I’m an anomoly.
Eh, it’s a different place now. My family who worked there in the 90s and 2000s had completely alien experiences to when I went there in last year. All I’m saying is it’d be wise to be aware of what options you have.
Eh, it’s a different place now. My family who worked there in the 90s and 2000s had completely alien experiences to when I went there in last year. All I’m saying is it’d be wise to be aware of what options you have.
Mental health acceptance is stilk a huge issue. My mom told me about a story where allegedly someone in either her village or a neighboring village (can’t even understand what exactly she said because I’m not as fluent in Cantonese as English) had a family that has a son that “doesn’t act normal” and instead of trying to help, they perceived him as a threat and just locked him inside the house, barely treated him like a human being and only fed him out of pity… like an animal on a barn…
And also my mom just told me a story on WeChat about in Guangdong, an autistic person that got accepted into a University but then they found out about his autism so they expelled him for that after he already got accepted. So yeah… that would’ve caused outrage in the west. There is not really an ADA equivalent in China.
My mother kinda lowkey hates me for having depression… can’t imagine what’s its like in China, everyone would just call me “lazy” or “useless eater” or some shit… China is very conservative, its MAGAland but with Chinese Characteristics.
Also, if I posted any of my posts that I posted here about my mother’s behaviors on the Chinese internet… oh jeez they’re gonna just attack me for being “unfilial”, at least westerners sort of sympathize. In China, parents are always right, the kids are always wrong.
My ideal country would be one with a lot of Asians (or more specifically, ethnic Han Chinese) but that are westernized. Cuz then I have safety of not having to deal with racism, but also not having to deal with conservative culture bullshit.
Like just build one massive island then gather all the Westernized ethnic Han Chinese there, build our own country, without authoritarian bullshit, then I’d be safe.
Mental health acceptance is stilk a huge issue
Yes, definitely. Mental health (and regular healthcare in some specific ways) definitely has room for improvement. Only panhandler I remember was a guy asking people for money, with what looked like his mother, saying he had depression.
Also, if I posted any of my posts that I posted here about my mother’s behaviors on the Chinese internet
Depends on who the audience is. I’ve seen quite a few Chinese, particularly LGBT+ posting about their parents on xhs, but presumably there’s not a lot of boomers in their algo.
My ideal country would be one with a lot of Asians (or more specifically, ethnic Han Chinese) but that are westernized
If you have Chinese citizenship, but your hukou is mainland China, can you get a job in Hong Kong? I didn’t like the few hours that I spent there, it’s expensive and charmless, but it’s pretty westernized.
Also maybe talk to people who live there, your mother sounds like she might have a specific agenda in which experiences she shares. That’s not to say abusive families aren’t a major issue. One chinese was confused that americans don’t beat their children, “even if the child is intentionally misbehaving”. She seemed to accept “children learn from their parents, so hit someone who doesn’t do what you want isn’t something I want to teach” tho. I didn’t investigate if that meant she sometimes beats the kid for behavior she believes is unintentional too.
His icon suggests Taiwanese.
ten years too late
the few that do this are the smart ones. I fear the ignorant/dumb wont follow when this story eventually dies
Question is why they bought a Ring camera in the first place?
There is no way they can have been unaware that these gadgets can be accessed from outside.
But it was only when the evidence was put right in their face they finally connected the dots?So my answer is quite simple: Because they are stupid, and bought a sleazy product from a known sleazy company, and when they found out it was in fact as sleazy as could be expected, they figured that maybe they didn’t want to to be voluntarily surveilled anyway.
Question is why they bought a Ring camera in the first place?
Probably because of marketing.
There is no way they can have been unaware that these gadgets can be accessed from outside.
(1) Clearly you’ve not talked to enough people outside the privacy-aware community. Absolutely they can have been unaware of that.
(2) They may well have known, but not known the scope, or not cared. If you’re having trouble with (for instance) porch pirates, you might not care about the privacy ramifications.
But it was only when the evidence was put right in their face they finally connected the dots?
Yes. When you don’t live and breathe this stuff, a lot of times that’s what it takes.
My mom used to use the same password for every service. It was a ten-letter password that she came up with in 1999, and she essentially never deviated from it; until I typed it in for her on haveibeenpwned and showed how many times it had been leaked. People who don’t care about privacy won’t care until they’re shown how it actually affects them.
So my answer is quite simple: Because they are stupid,
Profoundly uncharitable read on the situation. Are you “stupid” if you don’t know what you don’t know? We don’t have classes about this sort of thing in high school or anything. There are billions of dollars going toward telling people that sleazy products are actually great and companies actually care about their well-being, and only neckbeards like us on Lemmy spending $0 to tell them the opposite. If they’re not watching tech news because the regular news is too much, or because they have jobs and families and hobbies, or because they don’t know how to process or parse it, or just because they’re not interested and have never been convinced that they should be, they aren’t stupid, just propagandized.
and bought a sleazy product from a known sleazy company,
First of all, “sleazy” is a perfect word for this, and thank you for using it.
But second, keep in mind that for a lot of people, most companies are still responsible members of society; “pillars of the community,” and generally worthy of trust. It’s not because they’re dumb, it’s because they’ve been propagandized into believing it.
and when they found out it was in fact as sleazy as could be expected, they figured that maybe they didn’t want to to be voluntarily surveilled anyway.
People are waking up to the reality of big tech “convenience.” That’s a good thing. Don’t shoot at them for coming to their senses.
Thank you for bringing the detail and tone I was going to type. You covered so many good points. It’s nice to see someone outside the tech-heavy, privacy-hyperaware echo chamber.
But second, keep in mind that for a lot of people, most companies are still responsible members of society; “pillars of the community,” and generally worthy of trust. It’s not because they’re dumb, it’s because they’ve been propagandized into believing it.
Oh boy that is so true, I was laughing my ass off during the financial crisis about how people were shocked that banks are businesses trying to maximize profits like any other business.
They genuinely thought that banks were some sort of community institution that existed to help people with their finances, and not businesses that are selling products to make money.
Still even if people are so ignorant that they are unaware of privacy issues, they have chosen to be willfully ignorant, because this issue has been talked about non stop for decades. For nothing to sieve in at some point, you have to be a special kind of willfully ignorant.
Even people that are very low information on technology, know that the Internet is a source of potential surveillance, and having your info on the internet in any form is a potential for being surveilled. Everybody knows that all the big IT companies are trying to gather as much information as they can. And Amazon is right at the top among them.
So to claim they were ignorant of Amazon possibly collecting and sharing their data is a bit far fetched IMO.For the banks, the two biggest ones in germany were in fact exactly this: community owned and with supporting local residence and businesses in mind.
people were shocked that banks are businesses trying to maximize profits like any other business.
Because every ad they see talks about how respectable and responsible they are. Like I said above, they’ve spent billions trying to cultivate this level of obliviousness in their customers.
Still even if people are so ignorant that they are unaware of privacy issues, they have chosen to be willfully ignorant, because this issue has been talked about non stop for decades. For nothing to sieve in at some point, you have to be a special kind of willfully ignorant.
In our sphere, sure. But most people don’t live in our sphere. Most people don’t mainline tech news and privacy updates. A lot of “normal people” (i.e. people you meet dropping your kids off at school, or in line at the supermarket, or on a bus) would have trouble telling you the name of the company that made the phone they stare at for seventeen hours a day. Some of the smartest, most world-aware people I know couldn’t tell you the difference between “encrypted” and “password-protected.” The stuff that breaks through into the mainstream are the huge breaches, but the problem is always spun to be the hackers, or one guy in the IT department who did something wrong, or whatever, not the fact that they’re even collecting all of this data in the first place.
And this isn’t willful ignorance, it’s just not something they think applies to them. Maybe they bought the “if you have nothing to hide you have nothing to fear” line, but more likely they just don’t actively think about it at all. Like how, if you live inland, you probably rarely worry about tsunamis; they’re simply a reality, and they probably vaguely know about the danger, but they’re a fact of nature, there’s nothing they can do to change it, and it’s not a risk they face personally. That doesn’t make them willfully ignorant, it just means they think it’s something that really only matters to spies or whoever.
Even people that are very low information on technology, know that the Internet is a source of potential surveillance, and having your info on the internet in any form is a potential for being surveilled.
But usually only in the abstract. “Oh, as long as I just look for the lock in the top left of the browser, I’m ok.” They think the threat comes from hackers and foreign governments, not companies that make the funny cat meme service.
Everybody knows that all the big IT companies are trying to gather as much information as they can. And Amazon is right at the top among them.
No, I think you’re wrong about that, and I think that’s because–again–these companies have spent billions trying to convince people that they aren’t. Even in the rare cases that they do see a threat, they have completely the wrong idea about what the threat really is; think about those memes that go around from time to time saying “I hereby declare that Facebook doesn’t own my photos!” or whatever. Zuck doesn’t want their photos, he wants to be able to lock them and their friends in, he wants their personal data, and he wants exclusive, 24/7 access to their eyes so that he can cram personalized ads into them.
All of that advertising may not necessarily convince people that the company is good, but it might cast just enough doubt or confusion to get them to focus on the wrong issue.
And Amazon? If people have anything against Amazon, it’s probably just “oh, they’re trying to put mom & pop companies out of business!” (Which, in fairness, they are also doing). Do you think the average person knows that they even own Ring and Roomba and AWS? I would submit that a surprisingly large chunk of the population probably doesn’t even know that they own Alexa.
Not because they’re ignorant, just because (1) it doesn’t matter to them, and (2) they’ve been aggressively propagandized to not care.
Even people that are very low information on technology, know that the Internet is a source of potential surveillance, and having your info on the internet in any form is a potential for being surveilled. Everybody knows that all the big IT companies are trying to gather as much information as they can. And Amazon is right at the top among them.
So to claim they were ignorant of Amazon possibly collecting and sharing their data is a bit far fetched IMO.you are largely overestimating the capabilities of the average consumer. most don’t even know on a surface level how the internet works, and what dangers it poses.
Why anyone ever thinks empowering psychopathic companies is ever a good idea is beyond me. They ALWAYS fuck us over. Every damn time.
