- cross-posted to:
- usa@midwest.social
- cross-posted to:
- usa@midwest.social
A Super Bowl ad for Ring security cameras boasting how the company can scan neighborhoods for missing dogs has prompted some customers to remove or even destroy their cameras.
Online, videos of people removing or destroying their Ring cameras have gone viral. One video posted by Seattle-based artist Maggie Butler shows her pulling off her porch-facing camera and flipping it the middle finger.
Butler explained that she originally bought the camera to protect against package thefts, but decided the pet-tracking system raised too many concerns about government access to data.
“They aren’t just tracking lost dogs, they’re tracking you and your neighbors,” Butler said in the video that has more than 3.2 million views.
I hope what really gets people to pay attention is how the FBI said they searched that news ladies’ moms’ ring camera footage even though she didn’t have an active subscription.
It was a NEST camera from Google, which is only a meaningful distinction because it means they ALL do this shit.
The only ones that don’t are ones that only send data to your data storage.
And even then, big question mark, as most Chinese produced camera modules have black box firmware. If it’s on the Internet it’s not yours.
My cameras have local network access only. Most people who are tech savvy enough to set up their own storage are also able to block Internet access for security cameras.
But another big concern for externally mounted cameras with microsd cards is the confiscation of those cards. They are are very easy to remove, often without tools and I don’t believe for a minute that the fact that a warrant is required would make police actually get one before taking the card.
Which cameras do you use?
TP-Link (which are cheap but so unreliable I had to add smart switches to reset them when they stop working), Foscam and Dahua. Dahua is by far the best. All of them record to a local server running Home Assistant and Frigate.
I really need to set up frigate. Been procrastinating for months 😐
Frigate is a marvel. Setting it up and tweaking it does take time but once done it requires almost no maintenance (at least in my experience) and is close to flawless. It’s only had 1 false alert in the last year and that was caused by a spiderweb on the camera. I wish all my applications were as trouble free.
I hope its not one of the 32 TP-Link cameras that have unpatched auth flaws allowing malicious actors to reset the admin credentials in them.. This is a local exploit, so you’re probably okay, but these exploits could be used in concert with others to compromise your security/privacy.
Friend don’t let friends get TP-LINK they am never updated their products properly and their products are full of known CVEs
The cameras have no Internet access at all. Someone would need to be already inside my network for this vulnerability to be a problem.
And the NEST camera apparently has some sort of free tier that saves a short amount (the last few hours) of video by default, so NEST users shouldn’t be surprised at all that their video feed is sent to the cloud as its one of the features of the subscription-less model.
The problem isn’t that it’s being sent to the cloud, the problem is that it’s not being encrypted and Amazon is doing whatever they fuck they want with it, including giving it to law enforcement without a warrant.
encryption wouldn’t solve the problem, just raise more questions. how is it encrypted, with what algorithm? was the alg implemented securely? who has the decryption keys? how were the keys generated? were they generated from a good enough entropy source? these are non-trivial questions that have to be asked in an encrypted system where encryption is not just a gimmick or a marketing buzzword.
having encryption and “secure!” plastered all over the box and the phone app does not mean anything, especially when you need protection against the manufacturer.
When people in a Lemmy technology community say “encryption” it should be obvious we’re referring to effective encryption, not a marketing claim on a product box.
yes, that would be ideal, but at any point in time we will have newcomers, for them it won’t be obvious
Your prior comment was for newcomers?
This was obviously written for people with quite a bit of knowledge. Most newcomers would have absolutely no idea what any of it means.
Just to note here, they are referring to nest which is google.
A big exception to the rule are the HomeKit secure video cameras that work in Apple’s ecosystem. If your HomeKit compatible camera is going straight into HKSV, and isn’t paired with manufacturer’s own cloud video service, then it’s all E2EE and it can’t be accessed by Apple, even with a warrant.
Problem is, camera offerings are limited, and scrolling clips in HomeKit is paaaainful. Also, if you’re not in Apple’s ecosystem, you can’t use it.
Can’t you get a surveillance camera from anywhere and use that?
They’re pointing out that HomeKit cameras are specifically end to end encrypted and claimed inaccessible. Apple has really been pushing online privacy as a feature
You can get a camera from anywhere and either use it locally only or implement your own encryption before saving to a cloud resource if you can get one with any expectation of privacy. But you have to do all the work and it is never end to end encrypted
Depends on your precise definition of the camera “end” I suppose, but an IP camera absolutely can be and should be end to end encrypted. Even if the camera itself does not support native encryption, at worst the aggregation point/server should. Really, surveillance cameras should be on their own dedicated private IP network anyway, ideally with physical isolation on any wired connections. Besides a physical, on-site attack (which is what the cameras are for!) there really should not be any plausible method of an outside attacker breaching into the non-encrypted part of the network at all.
And that’s the worst case, real-world scenario. Quite a few cameras do in fact support on-device encryption now so “never” is still definitely incorrect. You do have to do the work though. That’s how good security works, it doesn’t come in a box as much as many wish it would and even if it does it’s never one-size-fits-all.
My wife and I recently moved to a home with ring cameras preinstalled, but no subscription of course. We can only access a live feed via the cloud service. I told my wife, I don’t think it matters whether we have a subscription or not… if they want to use the footage from our home cameras for any reason at all, it’s in their power to do so. They can save it, scan it, watch it, … they don’t even need to save the video, they can save results from a scan to get out the important details more efficiently.
My wife didn’t want to hear it. She said we aren’t paying them, so there’s nothing they can do. Then this news story dropped about Google Nest. I showed my wife. We no longer have the ring cameras.
I wonder if removing the cameras is the best move.
It might be better to let them run but have them watching a TV streaming Disney movies.
Then drop the dime to Disney that they are copying their IP.
Copyright theft is only an issue for the poor.
Have you been in a cave where AI doesn’t exist, or…?
I’m half curious if I cut open the box… you think there’d be an easy way to replace the camera with a video stream of my choosing? Because I wouldn’t mind cutting out the camera and leaving the device plugged into my PC for a constant headless stream of video content.
Print out a image of your asshole, though I suppose it could be anyone’s, and tape it to the front of the camera, then poke a needle through the microphone.
Or you know… Just unplug it.
unplug what? his asshole?
Theoretically they wouldn’t have internet access if a previous occupant set them up unless one of your neighbors has an unsecured AP. Or maybe I’m misunderstanding you and you’re saying you set them up on your wireless network after you moved in. Still a good move to get rid of them but I wouldn’t be as concerned about them if the only AP they were set up to use was no longer present.
Nope. Ring cameras are part of Amazon Sidewalk which is effectively an automatic, invisible, and not end-user-controllable wireless mesh network “meant to keep devices working during wifi outages” or in other words to ensure the data makes it back to the cloud at any cost.
Their are more and more device manufacturers starting to use techniques like this to ensure connection regardless of owner intent.
I can’t say that’s surprising but I have only heard of smart TVs having been confirmed to do that
Interesting, I didn’t think about that nor did I know about the mesh network someone else mentioned in a reply to you. In my case, I’m renting the home. The landlord pays for a very small internet package that is reserved for the cameras. He stopped paying for the subscription at some point but he still pays for the Internet it connects to, which is how we were able to access live footage in the past.
When I said “we no longer have the ring camera.” More accurately I could have said “we stopped charging it.” The landlord would probably have a minor aneurism if we tried explaining why we want to replace the camera he mounted a case for into the stucko by the front door.
Initially, NBC Nightly News (Savannah Guthrie’s network) stated that Ring cameras could only record 4-6 hours before the footage would start to rewrite over itself. Yet being able to uncover what they did after the fact seems hella sketchy.
amazon likely has a backup anyways somewhere, eventhough the customer doesnt.
Not at all, that’s tons of time.
That was a nest and I don’t know about them, but for Ring they store snippets activated by motion or ringing the bell. Once you’re only saving snippets, 4-6 hours video could be weeks
Ring can also save snapshots, at regular intervals, but that’s a still photo taking much less storage.
I used to have a nest doorbell. You can set it to record continuously, just FYI.
E: that will also require a subscription, which includes 60 days of saved footage (and other stuff)
Not really if you know how this kind of computing/information technology works.
A file consists of the data itself, and a pointer to the data location on the storage device or index record. When the computer wants to retrieve the data, it looks at the index to get the data location, then goes to that location to get the data. This is how the majority of computers/devices work. When a file is “deleted” the index is usually the only thing that goes away, not the data itself. Over the course of time, the data is eventually overwritten as its in areas marked as “free space”. So other new files will occupy some or all of that space changing it to hold the new file data.
If you want to get rid of the data itself, that is usually considered “purge” where the data is intentionally overwritten with something else to make the data irretrievable.
What the Google engineers were able to do was essentially go through all the areas marked as “free space” across dozens (hundreds?) of cloud servers that hold customer Nest camera data and try to find any parts that hadn’t been overwritten yet by new data. This is probably part of why it took so long to produce the video. Its like sorting through a giant dumpster to find an accidentally discarded wedding ring.
The subscription is ostensibly to cover the cost of bandwidth. But of course they’re uploading anyway…