
What to know before you buy or install an Amazon Ring camera - DiabloD3
https://www.eff.org/deeplinks/2020/02/what-know-you-buy-or-install-your-amazon-ring-camera
======
noodlesUK
What I don’t get about all of these cctv solutions is why you’d want a system
that uploads to the cloud at all. Surely it’s better to have all the footage
on a local device, and then perhaps have a VPN-like tool remote access. Unifi
protect works pretty well for me, and I’m sure other local solutions like
ZoneMinder work super well too. I’ve got a fast internet connection, but I
don’t trust it to be able to handle multiple streams of live video uploading
constantly. Coupled with the privacy concerns, why would you choose ring over
another vendor of more old-school CCTV?

~~~
icameron
It’s not always better. One good case for cloud-linked would be when someone
breaks in and steals the DVR. It also doesn’t need to constantly upload,
because most have motion detection to only upload interesting events to the
cloud.

~~~
amluto
Sure, but what thieves actually do is cut your cable/phone line, thus
disabling most cloud surveillance systems.

~~~
bronco21016
Smart thief would just flood the WiFi network with deauth packets since
everyone is using these things over WiFi. Disabled it before you even have to
be in view.

~~~
c0restraint
Remind me:don’t you need to be connected to the WPA2 WiFi router to send
deauth packets?

~~~
judge2020
Actually no, you can send deauth without already knowing the key. It's a good
way to force clients onto your rogue AP and then obtain the key via captive
portal.

[https://www.aircrack-
ng.org/doku.php?id=deauthentication](https://www.aircrack-
ng.org/doku.php?id=deauthentication)

------
goblin89
I appreciated this write-up.

\- An aggregate of the various security issues that came up so far (with
unvalidated rumors filtered).

\- Touches upon social issues and medium-term unintended consequences:
“instilling paranoia”, and by association social/racial profiling.

\- Manages to discuss sensitive topics gently without implicit shaming or
talking down to the reader. I think Matthew from EFF has done a good job here

\- Both technically correct and easy to understand by non-technologists.

\- Easy to link to, from credible source.

Shame that most people who should read this probably won’t stumble across it,
at least their technologist friends have a readable article to share.

------
soared
I usually like EFF but this is mostly FUD. Amazon Ring is far from perfect,
but this article is not fair. This is the fifth sentence:

> Do you want strangers being able to learn your routines by watching you
> leave and return to your house every day?

But then they follow it up with "a few amazon employees were fired for
watching videos" and "the cops might request/warrant your videos" and "some
hackers got access and did bad things a few times". That is a comically large
gap from strangers watching you every morning and evening to learn your
habits.

~~~
anarchodev
The article asserts that if you upload video from Ring devices, it will be
seen by amazon employees. This has been shown to be true. Amazon employees are
almost all strangers to me. What's the issue with the statement?

"Do you want a few amazon employees being able to learn your routines by
watching you leave and return to your house every day?" might be more
technically expressive but no more accurate and certainly not any more
reassuring or comfortable to me.

The part about cops and hackers are separate issues (and lead to more
convincing arguments against cops and cloud services more generally) but this
seems like an entirely fair assessment.

~~~
darkerside
Do you want strangers to learn all of your important personal information by
reading the emails you send and receive?

If you don't trust anybody, the Internet sure is a scary place.

~~~
allovernow
>Do you want strangers to learn all of your important personal information by
reading the emails you send and receive?

You mean to say this doesn't concern you? That enough PII is being archived in
multiple places indefinitely and could be used to build a find grained profile
on you?

Imagine how much you can infer just from location data. Sexual orientation.
Political affiliation. Religious affiliation. Now imagine what happens when
authoritarian regime gains control of such databases. The largest nation on
Earth has such a system already - it isn't far fetched.

~~~
darkerside
It's just as problematic as the Ring doorbell, if not more so

------
microcolonel
Cameras and surveillance software/services with features like this are in high
demand. They do improve safety, and they do prevent loss.

I'm putting something together for work with off-the-shelf cameras, maybe
it'll be similar enough that it can be adapted for home use.

I think there is a moral good produced by some amount of private surveillance,
on and near a person's own property, controlled by that private person; so we
just need to fix people's expectations from these companies which subsidize
their services by selling out their customers.

~~~
beatgammit
I think we just need a security and privacy focused alternative that doesn't
suck that:

\- does all video processing on the client (e.g. as it's generated) \-
optionally uploads encrypted video to the cloud \- stores encrypted video
locally \- allows sharing video by downloading and decrypting that video on
your device \- never stores the key in the cloud

Ideally, it would be a drop in replacement for Ring, but with the complicated
logic done on the camera or your viewing device. I'm happy to pay extra for
that, though I think it can be competitively priced. It should also come with
an optional VPN device/service to access your cameras when outside your
network.

