
Before buying Ring, WEMO or Roku, consider privacy issues - walterbell
https://www.usatoday.com/story/tech/2019/11/23/before-buying-ring-wemo-roku-consider-privacy-issues/4260851002/
======
MobileVet
The further down this future we travel, the less I want to do with technology.
I am becoming a Luddite.

None of this crappy IOT stuff will enter my home.

~~~
3pt14159
My roommate has a phone. I didn't think much of it until he said "Ok Google"
while cooking.

What am I supposed to say here? I don't like microphones being always on
either, but it's his phone and his home too. I can't escape the millions of
cameras around the city or the constant internet trackers. We should have had
regulated this stuff decades ago.

~~~
maximente
i mean, is it any different than having any other conversation that
potentially involves interpersonal conflict?

if it's important to you and you're willing to burn social capital on it, just
politely ask that he not use it when [your boundaries here].

if you come to an impasse, then there's not much to be done other than part
ways. i'd imagine this is similar to any other incompatible roommate
situations, e.g. someone whose recent significant other recently started
coming over and has annoying habits.

~~~
frereubu
I think the idea is that, rather than fight hundreds of small battles like
this every day, we should collectively agree (through democratic political
means) what's acceptable without explicit permission.

~~~
sansnomme
Well if you care about it so much, contribute either money or code and create
ecosystem with the same level of layman UX. It's difficult to get legislation
when you cannot demonstrate alternatives that do not severely reduce
convenience. This is a forum of overpaid software engineers. Distributed
neural network training isn't science fiction anymore. Go ship or pay others
to do so.

Brave and DuckDuckGo built entire businesses on the premise of privacy. Many
an arrogant reader here HN have no qualms claiming that they can replicate
Facebook in a weekend.

Go forth and walk the talk. Yet another Mastodon client is cool, but do you
know what's cooler? A production quality OCR competitive with Google Cloud
Vision API, voice transcription on par with AWS Transcribe, or personal
assistants with the ubiquity of Siri.

~~~
frereubu
I care about it enough to contact my local representative (my MP because I'm
in the UK) and he agrees with me that there should be explicit legislation to
control the use of these technologies. The EU's GPDR is a step in that
direction when it comes to things like automated decision-making. Open source
is not a solution here, and to suggest otherwise seems like it misses the wood
for the trees. Besides which, I hardly think that restricting the use of
cameras on doorbells (which is what this sub-thread is about) is "severely
reducing convenience."

~~~
CamperBob2
Don't want a camera on your doorbell? Don't install one. I would like to have
the freedom to decide differently.

~~~
cannonedhamster
Do I have the freedom not to be filmed by your doorbell and have it sent to
the police without even your permission to be processed and stored for however
long they want and possibly used against me at a later date for something that
isn't even a crime now?

~~~
CamperBob2
Sure. Just stay off my porch.

~~~
travisporter
And don’t walk by my house? For that matter, don’t bother visiting me?

~~~
CamperBob2
If you're walking by my house, you're in public, and you have no expectation
of privacy. (Actually, that's not true -- my house isn't visible from the
street, so if you're on my cameras, you're definitely on my property.)

If you're visiting me, you're on my property, ditto.

Any attempts to "fix" this will only make the world worse in the end. The
people you empower to enforce your opinions about privacy in (semi-)public
places will begin by exempting themselves from whatever well-intentioned rules
you have in mind.

------
tzs
Wow...that Mozilla page that rates a bunch of products by how creepy they are
[1] is very confusing. The first time I looked at it, I got the impression
that it was telling me that Ring, for example, is rated "Not creepy!" when in
fact it rates it "Very creepy!".

There are two ways it can mislead.

1\. It appears that the items are sorted by creepiness, but in the table of
products there is no indication of how creepy the product is. Instead, they
have an indicator above the table that starts out "Not creepy!" and as you
scroll down through the table that indicator goes through various levels of
creepiness.

So let's say you are wondering about Ring--you are ready to buy but first want
to see what Mozilla says. You go to the page, see "Not creepy!" and an array
of products. As you scroll through the products looking for Ring, the only
indication that the creepiness level is changing is that indicator at the top.
If you don't notice that it changes, it is easy to assume the whole array is
the "Not creepy!" section. Then you hit Ring, think it is "Not creepy!", and
head over to Amazon to buy one.

I only noticed that this was not how it works because I scrolled to the end of
the page, didn't see another array for the more creepy products, and only then
realized what is going on.

2\. Changing the filter settings does not change the creepiness indicator. If
it is showing "Not creepy!" products, and you go change the filter settings to
only show more creepy products, it shows those products, but still says "Not
creepy!". It only updated the "Not creepy!" to whatever the creepiness level
is for the shown products when you next scroll.

This page would work a lot better if it simply had separate sections for "Not
creepy!", "A little creepy!", and so on.

[1]
[https://foundation.mozilla.org/en/privacynotincluded/](https://foundation.mozilla.org/en/privacynotincluded/)

------
charles_f
> Wemo says it encrypts all communication between the app, cloud and device
> and takes privacy and security "seriously."

Consider 1) the multiple security breaches that pop up every week, usually
following quite dumb holes (unprotected elastic search, unencrypted reset
commands, etc.). I have 0 trust in how these companies store my data. 2) the
relative longevity (lack thereof) of these companies that still function on
investors money, which means that best case scenario your device is now a
brick, worst case your data now belongs to a company the likes of Google that
doesn't care (or are planly hostile) for your privacy.

My wife reaaaally wanted cameras in our house, I took ubiquity and didn't
connect it to their "cloud", that's the only thing I somewhat trust

~~~
nontoxyc
Do you have a smart phone? If so I have bad news for you.....

~~~
Jamwinner
Whataboutism, giving up on personal freedom or privacy, because it takes
effort is not helpful. Your handle betrays you.

~~~
nontoxyc
Oh I haven't given up at all. My cell phone service expires Dec 10 never to be
renewed.

The massive amount of data your phone collects about you is quite relevant.
Thanks for the downvotes which have now throttled my new account, and given me
a bit of a bad impression of the community here.

Can you explain what you mean by "your handle betrays you?"

~~~
cannonedhamster
You're new here. I suggest you read the rules of you haven't (it's to get an
idea for how comments are handled and expectations). Comments tend to get
downvoted if they do not add to the conversation. I'd give it a bit of time to
learn how HN works before making up your mind. I get downvoted all the time,
but if you're posting comments of value you can expect your karma to increase
over time.

~~~
nontoxyc
Been lurking and reading the articles for 3 years.

~~~
lewaldman
such a young soul...

------
smitty1e
> "Customers have to consent to allow Ring to share the doorbell footage with
> law enforcement, but "once they have access, they can save it indefinitely,"
> says Rebecca Ricks, a Mozilla researcher who worked on the report."

Sure, but once the bits exit a closed network, how do you have any idea where
they go?

Even if encrypted, there is no way to prevent the recording of data for some
future brute-force attack.

Probably the basis for a great thriller novel.

~~~
saagarjha
> there is no way to prevent the recording of data for some future brute-force
> attack

Ideally, your encryption would be resistant to a brute-force attack…

~~~
smitty1e
What does "resistant" mean?

~~~
beatgammit
I'm guessing OpenSSL, which has never had a security breach...

~~~
smitty1e
Which is great, as far as it goes.

Likely more a question of when, and how feasible.

------
Thriptic
I'm confused about the issue with Ring here. The primary complaint seems to be
that users can share data with police if they want and that police can then
save that data. Ultimately that's product agnostic; someone could easily take
footage from any camera and show it to police voluntarily, and users could
always be compelled to hand over footage of a crime with a warrant. People
have zero control over how neighbors use their personal cameras and I don't
see why that should impact personal buying decisions, even if you decide to
never share data with police. What's the problem?

~~~
9dl
This is like vaccination

Why I have to vaccinate if measles already defeated?

Why I have to fear that all my neighbors send* all video to someone?

* because you do not know that "some corporation" do not sell your video feed to anyone

~~~
Thriptic
That's not my point. If we want to talk about the societal impact of mass
security camera adoption, fine, but that has little to do with picking a Ring
camera for personal use specifically. The only thing that differentiates this
from other security camera products is that it's marginally more convenient
for police to get access to data if the user wants to submit it. The advice in
the article is silly because it doesn't say "don't get a camera because it's
helping to create a police state", it's saying "just don't get this one
camera".

------
yumraj
During Halloween I was rather concerned while taking my kids to homes with
Ring.

Luckily in most cases the kids had masks, but still.

Next Halloween those homes will be in my do-not-visit list.

~~~
thebean11
Genuine question, what scenario are you trying to avoid?

~~~
yumraj
My minor kids' photos in some company's database, tagged with neighborhood
data which points to where they live, correlated with what characters they
like based on costumes, correlated with their age based on their height and so
and so forth..

Now if the said company can connect my kids' photos with their identity based
on some other database, it will have a lot more info on them to sell ads and
for other nefarious purposes.

Just one scenario I can think of... There may be others.

~~~
smabie
Do you actually believe this is happening? No offense, but what you’re
describing sounds like a paranoid fantasy. Moreover, I’m sure your kids value
candy more than privacy.

Also your kids have probably been caught on video hundreds of times at
convenience stores, streets, wherever. If you actually wanted to avoid them
being on camera at all, you would have to lock them in your house and things
would turn out like the movie Dogtooth.

It’s not possible to completely protect your privacy unless you make some very
hard and costly choices like moving into a cabin in the woods or living a
completely isolationist life without internet or contact with the outside
world. Unless you want to make these sacrifices for a very dubious benefit, it
would probably be better to just worry about something else.

~~~
dredmorbius
From yesterday on HN:

[https://news.ycombinator.com/item?id=21606415](https://news.ycombinator.com/item?id=21606415)

Personal and social information of 1.2B people discovered in data leak

Fourth paragraph of the story:

 _For a very low price, data enrichment companies allow you to take a single
piece of information on a person (such as a name or email address), and expand
(or enrich) that user profile to include hundreds of additional new data
points of information. As seen with the Exactis data breach, collected
information on a single person can include information such as household
sizes, finances and income, political and religious preferences, and even a
person’s preferred social activities._

 _Each time a company chooses to “enrich” a user profile, they are also
agreeing to provide what they know about the person to the enriching
organization (thereby increasing the validity of the organization’s future
results). Despite efforts from social media organizations like Facebook, the
resulting data continues to be compounded, creating a situation with no
oversight that ultimately allows all of a person’s social and personal
information to be easily downloaded._

[https://www.dataviper.io/blog/2019/pdl-data-exposure-
billion...](https://www.dataviper.io/blog/2019/pdl-data-exposure-billion-
people/)

Extrapolate present AI, facial-recognition, location tracking (cell phones),
voice-recognition, and integrated databases. You're already 99% of the way
there.

------
city41
Most of this tracking can be blocked with something like a pi hole:
[https://pi-hole.net/](https://pi-hole.net/)

~~~
tlrobinson
Pi-hole is great, but it's not going to help if the designed purpose of the
device is to send data to external servers, or if the device bypasses the
network's DNS server, especially with the advent of DoH.

~~~
oceanplexian
The right way to do this is set up a VLAN that can't get out to the Internet
and is segregated from your own devices except via inbound connections from a
Firewall. I've done this with cheap Chinese IP Cams and much other IOT garbage
that has either been reverse engineered and/or presents some form of local
network access.

~~~
everybodyknows
Sounds great -- Any recommended how-to guides for those of us new to VLANs?

------
giancarlostoro
I recently bought a house and it came with a Ring doorbell. I dont care for
it. I would of never bought one. I do have additional Wyze cams though for my
blind spots and the back of the house. I definitely dont ever want to see
activity back there.

The Wyze cams app is somewhat similar to the Ring app you can see videos
people share with Wyze but thing is they have to email those videos in. Wyze
says they End-to-End encrypt videos they upload to their cloud. If you dont
trust them you can buy surveilance SD cards and use those instead. For $20 a
pop though they are great. I only use them facing outside my house. I only put
one facing the inside when out of town.

My alternative was going to be Raspberry Pi Zero W's and EyeMotionOS if
anybody is interested in alternatives. Only reason I didnt get those is cause
I couldnt decide on the camera to get and also I had a suspicious person
(realize now they were likely just lost) stop partially on my driveway. So I
bought a bunch of Wyze cams.

Another neat thing about thr Wyze cams is they shove an AI into a $20 camera
to detect people. Their video on the matter can be seen on YouTube. It is
impressive.

~~~
samdixon
This comment reads like an ai was given context from the article and told to
spit out a response.

~~~
giancarlostoro
Well I have been sick all week so I am not surprised. But no I have been on HN
for a while.

~~~
samdixon
I'm sorry Gian, I was having some fun at your expense. Hope you have a great
weekend.

------
nihalot
>Speaking of Amazon, one of the longest-running and popular tech products, the
Kindle e-reader, got called out in the report for not having a lock-screen.
Anyone can pick up a Kindle and get right into it.

Amazon kindle has a lock screen...

------
dreamcompiler
"We take your privacy seriously" has replaced "Don't be evil" as one of the
greatest laugh-out-loud lies in tech.

~~~
jstarfish
It's most hilarious when the statement is made by some fly-by-night startup
with no real assets or obligation to perform.

It's seconded only by "Don't worry, I won't put this on the internet."

------
throwawaysea
I don’t understand the issue here, and it frankly feels like a manufactured
outrage from a minority group of activists. If customers voluntarily release a
segment of video to law enforcement, so what? That’s their right. People do so
in the interest of preventing crime. I don’t have any cameras myself but I
completely sympathize with neighbors who have Ring cameras given the huge
uptick in property crime here in the last five years. I’m all for amazon
building in facial recognition that works across their network of Ring
customers and their cameras.

As for the indefinite retention - what do you think happens if you were to
give the police evidence that helps nab a criminal in a non-IoT world? They
store it and retain it. Why would this be any different?

~~~
t34543
I have access to my neighbors ring doorbell so I can keep an eye on my home.

It tells me about all the local crime and tries to make me afraid. People
report door to door salesmen as suspicious. Get real.

The real crime here is fear mongering presumably to sell more security
products.

~~~
oceanplexian
You don't need a Ring, you can set up your own IP cams and there is plenty of
software out there. While I don't think it is necessary for everyone I've
caught tons of stuff on video, including neighbors snooping in my back yard,
cops walking around the property, neighborhood cats using the yard as a
toilet, the county inspector doing a tax inspection, and more than one person
walking up to the camera, seeing it, and then turning around. This was in an
average neighborhood in northern California so YMMV if you live in a different
area.

~~~
t34543
Yes, I have full ONVIF camera coverage of my property with local storage and
s3 as a backup. If something happens including theft of my NAS i am covered. I
don’t want to be afraid. I do the best I can. I accept 20/20 hindsight.

