
For Owners of Ring Security Cameras, Strangers May Have Been Watching Too - Deinos
https://theintercept.com/2019/01/10/amazon-ring-security-camera/
======
michaelchisari
_the video files were left unencrypted, the source said, because of Ring
leadership’s “sense that encryption would make the company less valuable,”
owing to the expense of implementing encryption and lost revenue opportunities
due to restricted access._

This is an industry problem, and a big one.

~~~
partiallypro
To be fair (but not really) they still cashed out for a billion dollars, so I
guess they were right about the money.

~~~
atomical
How does that prove that they were right about their stance on encryption?

~~~
Waterluvian
That if their goal is to cash out then it didn't matter to bother.

Or maybe, that it's possible to dodge a bullet of their own stupidity and
still successfully cash out.

~~~
atomical
That doesn't make sense at all. A fiasco before cashing out would cause a
crisis.

------
userbinator
I've never understood why people seem to love these surveillance devices that
rely on an external service. Besides the privacy issues, if the service
disappears or even the Internet connection goes down, they become useless. A
DVR and a set of "old school" network cameras in an internal network have none
of those problems, but it seems all the big companies are eagerly pushing
"cloud" centralisation instead of making easy-to-use local solutions.

~~~
jbob2000
> A DVR and a set of "old school" network cameras in an internal network have
> none of those problems

Ring is a $300 purchase and takes an hour to install. This would take me a few
weekends and would cost thousands of dollars. Cloud centralization makes
things easier and cheaper, by orders of magnitude.

~~~
Lammy
I know this is going to sound a lot like “Why would anyone use dropbox when
they could roll their own with an rsync shell script” but it’s not that bad.
Please don’t spread FUD about the difficulty of freeing yourself from cloud
surveillance. A copy of Blue Iris is $60, and you seem to be able to get 1080p
indoor WiFi cameras for about another $60 each. Anyone who can connect a
device to their wireless network, run a program, and forward a port can get
equivalent functionality, and from my experience even a lot of non-tech-
focused people are familiar with doing that for e.g. Xbox Live

~~~
StudentStuff
To pile on, I picked up a few Wyze Cameras for $25ea, reflashed them with
Dafang Hacks, and they work perfectly well for catching porch pirates and
people coming down my block pulling every car door handle.

No cloud dependence, subscription needed or extra internet bandwidth use.

~~~
bradknowles
You're still dependent on binary Chinese firmware blobs that these tools are
based on. Not something I consider trustworthy.

~~~
userbinator
The fact that they don't require a cloud/internet connection should relieve
much of the worry already... and it's not as if the original firmware wasn't
Chinese either.

------
mimixco
The founder of Ring was back on Shark Tank as a shark himself not long ago.
It's interesting to see how his perspective has changed since joining Amazon.
He invented the product so he could hear/see the doorbell from his garage. But
now he presents himself as some kind of social crusader, out to protect the
world.

It's disturbing to see how many big tech companies have turned into
surveillance and military companies lately.

~~~
president
> But now he presents himself as some kind of social crusader, out to protect
> the world.

So many tech CEOs do this. It's a cop-out method of rebranding one's image. In
reality though, it says more about the public at large for believing into
marketing and PR.

~~~
e40
This is why I stopped watching Shark Tank. It started out interesting, but the
last couple of years have been all PR and BS. I stopped watching the second
Sir Richard Branson threw water in Mark Cuban's face. Shark Tank had jumped
the shark.

~~~
mimixco
Is it just me, or is Daymond John especially mean to black entrepreneurs who
haven't "made it" yet? Did you see the one with the African fashion company
where he told the gal he couldn't be involved because he might be _sued?_ Over
clothing?

I have noticed that over the years they've moved from supporting small
entrepreneurs who are just starting out to only funding companies that already
have proven success. You used to be insane to ask for a $1M valuation (or a
$1M investment) on that show; now, it happens every week.

------
EricE
Camera systems with 100% local storage and drop dead simple remote access do
exist.

For example - Unifi Protect.

NVR:
[https://store.ubnt.com/collections/surveillance/products/uni...](https://store.ubnt.com/collections/surveillance/products/unifi-
cloudkey-gen2-plus-1)

$200, rated to support 20 cameras - some use more with no problems. Pretty
nice box. 8 core ARM, 3GB of RAM, 1TB hard drive, POE powered, built in
battery backup for clean system shutdown. Well made, metal case feels like a
piece of Apple kit.

[https://store.ubnt.com/collections/surveillance/products/uni...](https://store.ubnt.com/collections/surveillance/products/unifi-
video-g3-flex-camera-1)

$80. They have others in the $150 - $250 range depending on capabilities. They
even have a wifi one, but wired is always better.

$100 switch gives you four POE ports - the DVR and three cameras:
[https://store.ubnt.com/collections/routing-
switching/product...](https://store.ubnt.com/collections/routing-
switching/products/unifi-switch-8-60w) There are other switches that can
provide more POE ports if you need 'em.

Pretty decent system. __No monthly fees __\- slightly higher up front cost
will pay for itself over time, especially if you have more than one or two
cameras.

What's really nice about their system? Create a free account with them. Set up
the NVR and log it into the free account. Load their app on your phone, log
into the account and boom. You have access. Whether you are remote or not.
Their cloud service brokers the connection from your device to your phone. No
firewall ports to forward or other configurations. NVR connects to cloud, uses
that connect your remote access back to the NVR. Slick as snot. Once you
connect their cloud is out of the equation.

There might be other vendors with solutions as easy to use and set up - I
haven't found them. I sure as hell don't need to store my video in the cloud.

------
stcredzero
Jeez. One of the first cybersecurity presentations I went to was in the early
2000's. Someone consulting for the newly minted Homeland Security was talking
about intercepting feeds from unsecured video cameras. This is the progress we
can make in a decade and a half?

------
pizza
By the way, how are privacy-minded HNers monitoring their homes? Going with
Ring (or similar) or more traditional alarm services?

~~~
beat
Two large, loud dogs.

edit: Before I get a bunch of downvote nonsense, this is a serious answer.
Dogs (especially big ones that bark when excited) are _terrific_ home
protection. No intruder is going to risk a tussle with a couple of big dogs
hell-bent on protecting their home. Plus they're totally good with people they
already know and trust arriving, even if we aren't there. All a camera will do
is record the fact that you're being robbed.

~~~
mikestew
I believe that has been advice in lieu of security systems for decades. That
metal front gate opens, the giant head of that pit bull/mastiff mix pops up
with a "woof", and no one has to know that a piece of cheese would allow you
slip right past him. I didn't get him for "protection", the dog needed a home
and no one else was taking him. But his size and looks do have their perks.

Didn't _Myth Busters_ do a show on how a piece of steak will get you past all
but specifically-trained guard dogs? The only danger one would face with our
dogs is getting knocked down while they try and get the steak.

~~~
beat
Sure, if someone is _really determined_ to get past guard dogs, they can. But
a casual burglar isn't going to bother. One of mine is 95 pounds of black
lab/german shepherd mutt with a massive baritone bark, but he's totally
harmless, except for maybe knocking you over. The other one is 35 pounds and
so cute that people assume he's a she, but he's actually bitten at least three
different people while overprotecting the house and yard, and I have no doubt
he'd die fighting. (And the new next door neighbor learned what he already
knew, which was to not stick your hand over the fence to pet the barking dog
who doesn't know you and is very concerned that you're in the yard of his
friends, even when that dog is small and cute.)

~~~
davinic
Sounds like you should be more concerned about losing your assets in a civil
lawsuit than through burglary.

~~~
beat
Shocking as it may seem, I don't care.

I have dogs because I love them. Their value as a home security system is just
a bonus.

------
annefauvre
Ring has cut a lot of corners to get to market quickly. I don't think this is
the last time we'll hear of these types of issues from them (or the other
small hardware co's)

------
babypuncher
Does anyone know of a similar product and service that offers end-to-end
encryption?

------
ocdtrekkie
This is why I'm writing my own home automation system that runs entirely on
premises. It's too private of a space to entrust to anyone else.

~~~
EricE
Why? There's plenty of open source stuff like [https://www.home-
assistant.io](https://www.home-assistant.io) out there.

------
emcarey
local police districts are pushing these devices on residences unaware with
how this citizen video data is processed or handled in Ukraine. Aside from the
700 person team given access to live video feeds and customer databases, the
lack of proper security of this product makes it a PRIME target for DDOS
attacks that could cripple infrastructure.

------
dclusin
Any thoughts on how hard would it be to cobble something together using COTS
cameras and a FOSS web portal?

All I'd really want is a few camera feeds with some tagging when motion is
detected. I feel like use case covers most of why people get them.

~~~
rufugee
Look at [https://zoneminder.com/](https://zoneminder.com/). I used it
successfully to do what you ask for at a fraction of the cost of cloud
cameras. The only reason I switched to Ring/Arlo was for 2-way audio and the
ability to have battery-powered cameras. ZM was really nice to work with.

~~~
bradknowles
Try Shinobi (see
[https://moeiscool.github.io/Shinobi/](https://moeiscool.github.io/Shinobi/)).

------
eeeeeeeeeeeee
Has anyone done a deep dive regarding security on the Nest cameras? I’ve been
holding off getting one for this exact fear that has come true for Ring users.

------
EricE
Cloud cameras are beyond stupid.

