
Drop dead - _pius
http://tilde.club/~mathowie/files/e0c99a3e95d5d907ab156fca2ba889bf-36.html
======
shittyanalogy
I think you guys are missing the point a little on this one. It's not that
there is a picture of this dudes bare ass somewhere online and he's upset
about it, it's that no matter what he did or tried he could be guaranteed in
absolutely no way that the data was removed or under his control. Once it's in
the pipes, it may or may not be there, there's no way to know. Anything you
put online, in all sorts of incidental ways be it from giving your TV voice
commands, sending your location to google maps, or your net connected security
devices, becomes someones property other than just yours. Not that it's legal,
or that people are spying on everything you do, but that you have no way of
knowing about or controlling the data once it's there.

This isn't supposed to be scary, just a reminder that you can lose control
easily.

This is a complex issue and if you think it goes away by saying things like
"well then don't stand in front of the camera naked." then you are missing the
point.

~~~
joshkpeterson
This dude is Matt Haughey, founder of Metafilter.

He wrote another piece about accidentally spying on his house-sitter that I
think is more interesting.

[https://medium.com/@mathowie/every-data-point-is-
sacred-e0bd...](https://medium.com/@mathowie/every-data-point-is-
sacred-e0bd2ec66ce8)

------
ChuckMcM
The 'oh' moment of data dissemination.

Somethings are not good for the cloud, not only is there a picture of your
buttocks in the cloud, its a lot easier to get a warrant to peek at
Dropcam/Google's data than it is to get one to get a computer from your house
and scan its hard drive. And if someone is fishing for a reason to get your
attention, well getting snapshots inside your house is a lot easier than
getting a search warrant for your house.

I was looking at the comm vaults Comcast and others put into the ground where
they are doing fiber pulls and realized that it wouldn't be that hard to put
one in a back yard, or in a weird kind of data center (kind of like a cemetery
but selling server vaults instead of burial plots) which would at least keep
your data 'off site' in the sense that your house burning down wouldn't cause
it to go away.

~~~
cromulent
I want someone at HN to build a small network device which I can plug a NAS or
USB drive into. Buy a pair, install one at your buddies/mothers house. They
find each other over magically over the internet and any data you put on the
local drive gets encrypted and put on the other remote drive.

Other drive burns down / is stolen, no problem. Your house burns down, go and
pick up your photos, enter your passphrase.

I'll pay 200€ or so. The hard part is convincing another million people they
want one, I guess.

~~~
ChuckMcM
Seriously? That's a pretty straight forward project. Buy a USB drive, buy a
Rasberry Pi, rent a VPS from Amazon or whomever. Export the USB drive as an
NFS volume to the local lan, Run a cron job on the Pi that connects to the VPS
over SSH and does an rsync. Done. If you want it locally encrypted you'll need
an encrypted file system.

Error recovery is tricky of course. You can leave a copy of your files in the
'cloud' (depending on your situation could be good or could be bad). And it
depends on whether you want it active/active (you can add files on either
side) or active/passive (where the passive side is pulling the active side
pushing).

Should cost about $100 or 80€ in parts per unit (so double that for two
units). A bit more for the internet access and a monthly fee for the VPS. If
its a lot of data there may be some bandwidth charges as well.

~~~
cromulent
Yes, seriously.

I understand your suggestion, but that seems to cost the same amount plus some
hours of my time. And, the data is on a VPS, which is not under my roof (or a
trusted persons roof). And I get another monthly bill.

I'm a user, this is what I want :)

Edit: Also, it should be easy to load the remote drive first locally with your
dataset, before you drive to the summer cottage, so you don't have to wait
days/weeks for the backup to be up to date.

------
knodi123
On the one hand, "If you don't want naked pictures of yourself in the cloud,
don't take naked pictures of yourself and put them in the cloud."

But this is like saying "If you don't want to get scammed, then don't respond
to scammy emails." That is, it's perfectly good advice, which is fine for
people who visit Hacker News, but maybe not sufficient for the vast majority
of people who aren't aware of the ins and outs of our rapidly advancing
technology.

There are whole communities of people devoted to the practice of finding women
who accidentally configured their phones to upload all pictures to a publicly
accessible cloud storage server. The women whose nudes are distributed this
way may not realize their pics are being mirrored- or they may assume it's to
a private site (because why the hell isn't that the default?!?)- or they may
have shared these pics with a dude who made the same mistakes.

But regardless, the point remains- any _individual_ is easily capable of being
immune to this problem. But there's a _whole population_ of vulnerable victims
who don't even know they're being victimized. And that _is_ a real problem.

------
serve_yay
Funny. We're all so (justifiably) afraid of NSA and Google violating our
privacy that we don't even consider the ways we do it to ourselves.

~~~
PavlovsCat
You can't "violate your own privacy" though. It's like wondering why someone
who likes to eat a lot of strawberries might frown on being forced to eat even
a single strawberry, or why someone who is perfectly fine with some
permutations of the letters of the alphabet would protest others. "But I did
the same thing that other guy just did, I just arranged some letters! Oh, the
irony." Well no, details and context matter.

------
ggchappell
I'm missing something here.

If you don't want naked pictures of yourself taken, then you don't undress in
front of a running video camera, right? Seems kinda obvious.

This fellow put together a setup that automatically takes pix of whatever
happens and uploads them to a company's server and ... he's shocked when it
does what it's supposed to?

I don't get it.

\--------

EDIT. Been pondering this. Perhaps he began with a misconception akin to that
of a politician who wants a backdoor for the good guys to use, but who doesn't
understand that if the good guys can use it, then so can the bad guys. Then
the e-mail and his resulting thoughts showed him that he wasn't thinking about
the world properly; thus his feeling of shock.

~~~
jonnathanson
You make a good point, but perhaps you're being slightly unfair to the author.
My take on his piece wasn't that he was "shocked" when the camera did what
it's supposed to do. Rather, he realized -- upon seeing a very jarring
stimulus -- that he has no idea who else can see what he sees, or what they do
with that information.

A general consumer assumption with devices like these is that only the end
user sees the footage. That's a naive assumption. But psychologically, it's
understandable. We believe that the walls of our homes are "privacy shields"
\-- Faraday cages, of a sort, that somehow prevent anyone outside from seeing
in, or anything inside from leaking out. At the same time, we bring connected
devices (including cameras) into those homes. Few of us consciously put two
and two together.

Seeing himself naked was sort of a wake-up call for the author. He'd always
known the camera was connected to the cloud. But then he became cognizant of
who's on the other end of that cloud. I think it's fair to recoil upon coming
to that realization, regardless of who the company might be (Google or
otherwise). Consumers are embracing the "cloud," but they really have no idea
what the "cloud" is, or what it can mean. Again: naive, certainly. But still
an interesting thing to consider.

~~~
mdonahoe
This happened to me, and "wake-up call" is exactly right. I set up the camera
to check my cats when I was away, and found myself realizing I walk around
naked a lot.

------
ubertaco
The principle of the matter and all, I know, but you've got to love his
response here: "now there's a web-accessible picture of me naked! Here, it's
this picture: <insert web-accessible image>"

~~~
gsg
He stuck a black bar on that one (and references that in the post). Although
that might seem a trivial difference, that there is an edit implies the
author's knowledge of and control over the image. That makes all the
difference.

------
joshavant
I have a Dropcam in my garage for miscellaneous reasons. I, too, have wondered
the implications of providing the Google/NSA complex video evidence of my
comings and goings...

It'd be nice if Dropcams were more hacker friendly, and allowed recording to
personally-owned devices, instead of forcing you to use their (fairly
expensive) cloud recording service.

(Not to mention the ~100ish GB/mo bandwidth savings to stream this video,
which is a fairly nontrivial requirement.)

~~~
andrewchambers
It could easily be done, but that's how they make money, so it won't.

~~~
GuiA
And that's a great sum up of the state of technology in 2014.

------
pavel_lishin
I actually have my laptop set up to take a snapshot every 20 minutes (unless
I'm connected to work wifi - never know when it might be pointed at
confidential data on a whiteboard, and it felt unfair to opt all my coworkers
into it.)

It has definitely made me more mindful of situations like this.

(It actually sporadically refuses to take a photo on the new laptop right now,
so [http://lishin.org/pavelcam.jpg](http://lishin.org/pavelcam.jpg) doesn't
always get updated.)

~~~
akent
Why do you do this to yourself?

~~~
tedks
I'd probably do that. Give the link to a few friends. It's pretty harmless,
sort of an automatic snapchat. It'd definitely make me more conscious of when
I'm being watched by my webcam, and I'd definitely want to have an opt-out
when it was about to snap a picture.

That aside, he seems to do this because it is _pure nightmare fuel_. This is
the pic from right now:
[https://i.imgur.com/xuDp4Kk.jpg](https://i.imgur.com/xuDp4Kk.jpg)

~~~
pavel_lishin
There have been creepier once :P

------
jaxbot
I have a device similar to a Dropcam but by D-Link, and have it configured to
transmit data to my NAS, rather than the cloud. I can then SSH in to view the
images on it.

If you want a camera monitoring your home, but don't want it stored on someone
elses' system, it's pretty easy to roll your own with a variety of
configurations.

------
kybernetyk
> It’s at this point you ask yourself if having a net-connected camera for
> monitoring your house was a good idea after all.

It's a good idea but you probably shouldn't buy the fancy "cloud" version.
Just set up your own FTP server ...

------
kentdev
I may have to spend the weekend messing with my raspberry pi to make a local
dropcam. Just found a link to a guide:

[http://www.sonsoftone.com/?page_id=287](http://www.sonsoftone.com/?page_id=287)

------
rwallace
What would bother me about this is that picture is far too small and blurry to
identify a criminal. Is that the best this product can do? If so, are there
any competing products that do better?

------
tlrobinson
Assuming you _do_ want off-site backups of your security footage, but only
accessible to you (i.e. strongly encrypted), what are your options?

What if you want a remote live stream?

Linux or OS X, please.

~~~
dllthomas
Well, in principle you could toss your public key on that camera. In practice,
I don't know if anyone does this as anything remotely approaching off-the-
shelf.

~~~
lotsofmangos
Sounds like a good project for a raspberry pi.

~~~
dllthomas
It does.

------
sysk
What do you mean by "web accessible"? Did Google decide to publicly publish
all dropcam's customer pictures?

~~~
matt-attack
I'm sure they're accessible via a customer account. That's sort of the point
of this system - you can be on vacation and peek into your home. Web
accessible doesn't mean not password-protected.

------
thrillgore
This certainly gives me pause about buying a Dropcam, even if the only place
its going to observe is near my front door.

------
Nux
Of all ipcams in the world why the hell did he buy the one in 0.1% of them
that uploads shit to the "cloud"?

~~~
Buge
I've heard stories of break ins where the crooks destroyed all the local hard
drives. Cloud is the only way to avoid that, but a solution is to encrypt
before uploading.

~~~
matt-attack
Wouldn't the crooks now just snip that cable that's draped across your
backyard to your roof?

~~~
Buge
Ideally the camera would cover that as well. Or you could use cell towers.

In the story I read (I think on reddit but I can't find it now) they destroyed
all his hard drives but he had one camera that uploaded to the cloud so he
still got some footage from that.

------
raldi
1\. Visit google.com

2\. Search for [erase dropcam video]

3\. Click first result

~~~
duiker101
it might say "erase dropcam video" but it really means "erase indexing of
dropcam video"

~~~
raldi
Are you claiming that, when Dropcam says it erased your video, it's lying?
That they're secretly keeping a copy around?

If so, come out and make that accusation explicitly. It would be quite a
story, especially if you had a reference to cite.

~~~
lambda
Erasing data is rather difficult.

If you're being a responsible provider, you will be doing backups, in case
your primary data dies. But backups are not all that useful if they can just
be wiped out by an online process. There's a potential secret copy lying
around.

Another possibility is that they run a caching system, that store cache on
faster but still persistent storage (or even in memory on systems that don't
reboot often). Does their caching setup ensure that it tells all involved
caches to delete their copies of the data?

Many systems do some kind of transcoding, generating thumbnails or more highly
compressed versions of uploaded video. Does requesting that a file be deleted
immediately delete every file it was based on or derived from it?

Furthermore, when you delete data from most filesystems, it doesn't actually
get overwritten, just the reference to it is removed. So even if you do delete
all the copies that you know about, there's a good chance that the data is
still on the disk, ready to be accessed by an off-the-shelf data
recovery/forensics tool.

If you're a provider that runs a large amount of storage, you likely run
through hard drives at a fairly regular rate, once they start throwing enough
SMART errors. Do all providers properly securely erase failing hard drives
before sending them off to recycling? Swapping out a failing drive and sending
it off to recycling without securely erasing it first likely leads to other
copies floating around in the wild that the provider no longer even has access
to erase.

I would be more surprised to find providers that actually did securely
overwrite every copy they had of a given piece of data when you asked for it
to be deleted, than I would by a revelation that providers that "secretly kept
a copy around".

------
akkp
To paraphrase: "The device functioned as intended so now I hate It".

The developers of this product don't deserve this blog post, especial when the
feature in question is a paid extra that requires setup.

~~~
andreasvc
The blog post illustrates that applications of technology can have unforeseen,
unintended consequences (even though it may appear obvious in hindsight).
Regardless of whether the device works as intended, the non-technical but
human question of whether it should function that way in the first place is a
valid question to pose.

------
hellbanner
The blog's subtitle is "doing it wrong". Naked in front of a camera and
pondering implications of Internet of Things backed by private corporations?

Yes, you are doing it wrong.

------
imgabe
Ultimately though, what are the negative consequences of some random stranger,
or even the general public, seeing your naked ass? Pretty much nothing.

~~~
shittyanalogy
You've taken this too literally.

------
anigbrowl
Much as I care about privacy and the exploitation of people's data for
commercial gain, I find this a bit histrionic. If you put the automated camera
inside your house and you are the sort of person who sometimes wanders around
naked, then the two are eventually bound to collide (which is why I don't have
automated cameras inside the house).

On the plus side, everybody has an ass and this one is so far into the
background of the picture that the only conclusions I can reach about the
subject are 'Mathowie is quite pale' and 'he has an ass like every other
member of the human race.' In other words, this isn't really awkward enough to
serve as a cautionary tale to anyone else. Now if he had been dressed up as a
lobster that would be quite a different kettle of fish.

------
_Adam
Except that image isn't accessible to anyone except the owner, or MAYBE the
NSA.

But I'm pretty sure the NSA doesn't care about looking at some random guy's
ass.

In the unlikely case that they do need to investigate the ass for national
security reasons, they aren't going to disseminate the picture to the world,
similar to how they don't disseminate intelligence data.

Which means the ONLY way the public will see the ass-picture is if: a) The ass
is of interest to national security AND b) The ass is of such concern to
national security it is stored in the NSA's internal ass-database AND c) There
exists some kind of ass-Snowden that leaks all the asses in the NSA arsenal.

...why does anyone care about this?

~~~
vectorpush
_> Except that image isn't accessible to anyone except the owner_

Good point, it's true that cloud servers containing personal information are
never hacked, this is probably because most companies take security very
seriously.

 _> But I'm pretty sure the NSA doesn't care about looking at some random
guy's ass._

Exactly! It's not as if NSA employees have ever been known to abuse their
power for personal or purely entertainment purposes!

 _> they aren't going to disseminate the picture to the world, similar to how
they don't disseminate intelligence data._

Agreed, rest assured that your private photos and correspondences are safe in
the hands of professionals who would never be interested in leaking personal
or embarrassing data about innocent law abiding citizens.

~~~
drdaeman
> who would never be interested

Rephrasing Hanlon's razor, there's no need for malice where a simple fuck-up
would suffice ;)

They don't need to be interested in leaking personal data, they just have to
make a mistake that would allow such leak. And introducing bugs isn't not
something unheard of, even for pros.

