I wonder if integrity will win out.
I am surprised this is still holding up.
Anyone who clicks on the link can read the title and decide its relevance to the hack. The primary people whose needs aren't accommodated by the change are those whose interest is triggered by "AirBnB."
Journalists often concoct an "ongoing" narrative to make it sound like there is a big trend when there are only one or two anecdotes. Write a weak article with one example, follow it up with a second article with a second example, then write a third article proclaiming that something is "sweeping the nation," linking to what "we previously reported."
The linked title could just as well have said "when you're staying in a stranger's home," but that doesn't carry as much currency as "AirBnB." I think that's clickbait, albeit subtle.
Why would YC want to propagate negative content corresponding to their ventures?
As far as I'm aware, HN never promised to let us (the users) rule the roost this way. And they've never promised freedom from censorship.
To be clear, I don't mean any of this in a critical way. It simply is what it is.
Reviewing it now, it looks to me like they declared editorial independence without going into much detail. I especially don't see anything about guaranteeing the preservation of things that may harm the YC or affiliated brands.
Someone rents the room, and runs this script, disabling the cameras.
During the stay, the property is burglarized, and there is no surveillance footage of the crime because the renter disabled the cameras.
That seems like an incredibly messy legal situation. Would the renter even be able to exonerate themselves? They disabled the cameras, it almost feels like they inadvertently framed themselves for a crime they didn't commit.
On the other hand if the homeowner or the insurer wished to SUE someone for disabling the security system and thereby facilitating the loss of property, that someone would most likely be fucked. Civil liability doesn't require the accused to be the sole cause of the damage; one can be a contributory cause and still get roasted for huge damages.
IANAL and this comment is not legal advice
(2) Civil liability does require, generally, causation--cause-in-fact and proximate cause. The cause-in-fact test is a simple "but-for" assessment: but-for our guy disabling the wireless, would the robbery have happened? In this case, yes, in the absence of our guy disabling the wireless, the bad guy would have still robbed the house. Disabling the wireless did not cause the robbery, the criminal was acting independent and without knowledge of the wireless camera's being disabled. Proximate cause is a more complicated legal standard, but since cause-in-fact is missing here, our guy isn't liable, and your second point is probably incorrect.
I see what you're saying, but there's a strong argument to be made for finding the camera-disabling guest negligent. If I was advising a client I would never state things as matter-of-factly as you did, but maybe its okay in the court of HN.
A lawyer who doesn't quite yet understand factual causation or the limitations imposed by proximate cause would do well to hedge an answer like this with a client. A knowledgeable lawyer, however, would win this on SJ.
The FCC considers sending deauth packets to networks you are not supposed to be in control of jamming.
So, still a bad thing here, but not quite the same reason.
If you can convince the cops to do their job, then yes?
If my apartment was burgled when I was at work and my new roommate had the day off, the cops would -hopefully- do some investigation to determine if anyone else might have possibly entered the space, as well as checking and enquiring with pawn shops and grey-market street vendors for my stolen goods.
"It may be illegal to use this script in the US."
There's no "may" about it. It is illegal:
Two wrongs really don't make a right. Without physically locating the camera you have no idea what is being deauthed. It could be a camera monitoring a locked (unavailable to the guest) room or even a neighbors camera. Not everyone out there is a perv and there are entirely legitimate and expected uses for WiFi cameras which are not creepy.
It would be better to locate the camera and if in a location where privacy is expected, simply call the police because who knows how many other victims there may have been and who knows how creepy the person who put it there is.
"No hotel, convention center, or other commercial establishment or the network operator providing services at such establishments may intentionally block or disrupt
personal Wi-Fi hot spots on such premises, including as part of an effort to force consumers to purchase access to the property owner's Wi-Fi network. Such action is illegal and violations could lead to the assessment of substantial monetary penalties."
Ethically speaking I'd say it's completely okay to monitor the former, whether that service is a plumber or a babysitter, and whether the monitoring is done with a camera or your own human eyes. Those service personnel shouldn't be expecting privacy while they provide services, anyway.
Ethically speaking I'd say it's wrong and a violation of privacy to monitor the latter, regardless of whether it is done with camera or eyes, without prior warning. This is because providing a place of residence implies providing some level of privacy. Forget cameras, you shouldn't generally enter a tenant's place of residence even with your human eyes, without letting them know in advance (e.g. at the very least by knocking).
Jeez. Not sure how to respond. I think for me it is not 'complete okay' to waiver your privacy whenever you provide paid services to some overlord.
Do you expect privacy when you're in a shopping mall?
You're in a building controlled by someone else, no renting going on. What is your rule for when privacy is expected?
Yes. And I am in the position to demand it, or take another position. So we get a privacy divide within society: cleaners, waiters etc don't have an expectation of privacy, those higher up do.
> Do you expect privacy when you're in a shopping mall?
No, everybody can walk in and out at any time.
> You're in a building controlled by someone else, no renting going on. What is your rule for when privacy is expected?
Well, you have touched upon that yourself in your previous question: if a place is open to public you can not expect privacy obviously. When you are in a private place, the default should be to expect privacy unless explicity noticed otherwise.
I feel like you are actually advocating some 1984 here on freakin' HN!
At some point, once we have established a degree of trust, I would probably watch over you less and less. This is quality control, not a privacy violation.
I do agree that within a single organization, such as a software company, employees need to have some level of privacy from each other in order to work efficiently and happily. That is also facilitated by an environment of mutual trust established by the company itself. That's a very different situation from an individual contracting the services of another individual, who are not a priori related to each other.
If you are present: yes.
I just realized the fight against surveillance is not particular with the NSA/GHQC and or the government.
It will be a fight within.
If I can't see what you're doing in my house, you're not working in my house. What's the reason I'd ever want/need the opposite?
For a second there, I thought I was in another proprietary software vs. free software thread...
In what way do those 'higher up' have privacy? Even a CEO is commonly able to be monitored by HR.
He even has an employee hired to protect his privacy: his secretary, which sits in front of this door. 'No sorry, mister Buffet is not in right now'.
The cleaner, the factory worker etc has to work in public places an thus can ben surveilled 100% of the time?
> I'm not advocating anything
You are at least condoning surveillance of everything that is under YOUR control. 'My property', 'I am paying for this'. Expressing your opinion like this in this context can only be explained as advocacy.
Those are not words I said.
I just wanted to know how you drew the line.
Which has helped me understand you better. I think you define the word 'privacy' differently than I do. I am against surveillance in many areas where I do not expect 'privacy'. You also draw a similar distinction, where you're okay with someone physically watching a plumber but not setting up a camera.
What do you consider "being monitored" in this context? The CEO answers to the board. Would I be naive in assuming the CEO is so far above HR and IT that monitoring him wouldn't be within their jurisdiction without the board requesting something specifically behind the CEO's back?
Really? I'm a software engineer and I certainly don't expect my employer to not look at me when I'm working.
Most people don't have a reasonable expectation of privacy at their office, including "higher ups."
Somewhat, yes. Benefits of being a European, I guess.
I mean, if we extend your logic, we should monitor everyone at all times because someone might just accidentally do something to hurt your child right? You never know why an extremely rare event like you mentioned could happen.
Edit: also, cameras don't have to be secret. Knowledge that they're being recorded can often stop it happening the first time.
(I realize this isn't really addressing your intended meaning, but the ambiguity is there in what you said, which is pretty...)
(which obviously they aren't, they are documenting instances where vetting the sitter fails, not keeping marginal sitters in line)
That is protecting the baby's health, which sometimes reaches the level of saving lives.
Your logic only works if camera footage goes unwatched until the day the babysitter exits the business.
Edit: And that 'thin line' remark is 100% a strawman. I don't know how you can admit it isn't the "intended meaning" and yet claim it's not a strawman.
Edit: Having now installed Fing and looked at what it does, it seems to basically just look at its assigned IP and netmask to determine the address space of the local network, and then perform an nmap-style ping scan to see what doesn't time out. When it gets a packet back, it uses the MAC address to identify the type of device, and a PTR lookup with the DHCP-provided DNS server to obtain a hostname. These are pretty cool capabilities to have on a handheld device, of course, but if you can't or won't install Fing, you can do pretty much everything it does with a 15-line Perl script on any device that can connect to the wireless network.
Kali Linux (can run from a bootable live image) has these two plus a whole lot more useful tools for doing this kind of thing.
Which points to (pdf):
On the Fing page it says: "Fing does not collect nor sends any detail about your environment, your accounts or your network to anybody. And that's guaranteed!"
Yet on the Fingbox page it says: "By installing Fing on a desktop workstation and logging into your account, you can perform operations on remote networks through the Fingbox cloud."
Those 2 things sound in conflict.
Nmap. You want nmap.
192.168.1.1? That tells me what my router is connected to but that isn't necessarily what I want. 90% of output is just what it is doing. Oh you initialised, completed, initialised, completed, Unable to split netmask from target expression, script post-scanning, Read data files from: /usr/local/bin/../share/nmap.
I have no immediately identifiable use for this.
Fing provides something of a value-add by wrapping its sort of functionality in a nice UI. It's just amusing to see people discover Fing as though it were the first or only tool of its kind.
nmap is a universal stalwart of network security since the late 90s. It is the classic "hacking tool" long predating Metasploit, and Hollywood VFX people have even figured this out - it features in hacking scenes in Matrix Reloaded, Battle Royale, Bourne Ultimatum, and Elysium. I suspect ease of use has never been a priority, since its target audience is fellow open-source-savvy l33t haxxors.
-edit- oops, didn't see the other comment to the parent comment.
(edit: Nevermind, I see flaunt has both meanings)
"4. The use of flaunt to mean “to ignore or treat with disdain” ( He flaunts community standards with his behavior) is strongly objected to by many usage guides, which insist that only flout can properly express this meaning. From its earliest appearance in English in the 16th century, flaunt has had the meanings “to display oneself conspicuously, defiantly, or boldly” in public and “to parade or display ostentatiously.” These senses approach those of flout, which dates from about the same period: “to treat with disdain, scorn, or contempt; scoff at; mock.” A sentence like Once secure in his new social position, he was able to flaunt his lower-class origins can thus be ambiguous in current English. Considering the similarity in pronunciation of the two words, it is not surprising that flaunt has assumed the meanings of flout and that this use has appeared in the speech and edited writing of even well-educated, literate persons. Nevertheless, many regard the senses of flaunt and flout as entirely unrelated and concerned speakers and writers still continue to keep them separate."
The only similarity I hear is that they both begin with fl and end in t. But the vowel between is quite different, in British English RP at least.
This is not an AIRBNB issue, it's a privacy issue anywhere you go...
Now, you could "hide" your SSID to reduce the number of SSIDs that appear in a WiFi network browser in a congested area... but that's a thing that -IMO- doesn't get you much for the hassle.
For security, either use WPA2-Personal in AES/CCMP-only mode with a long, randomly-generated password, or WPA2-Enterprise  in the same mode.
 Maybe even with client authorization through certs! :D
Consider "The Thing:"
> Due to changes in FCC regulation in 2015,
It wasn't a change in regulation. There was an enforcement advisory that the FCC considered interfering with WiFi connections to be interference under 47 USC 333. That's not a new law or regulation, it's just the FCC publicizing that they have already and will take further action over new way to violate a law.
> it appears intentionally de-authing WiFi clients, even in your own home,
The radio spectrum is a public resource, even when it radiates through your home. I can't use a stingray just because the phones are being used in my house either. I can understand why some people might disagree with the public resource nature of RF. But it's neither clear if the author is trying to pick that bone for real, nor am I here to defend that classification. Just pointing it out.
> is now classed as ‘jamming’. Up until recently, jamming was defined as the indiscriminate addition of noise to signal - still the global technical definition.
Jamming is used colloquially to refer to all interference under 47 USC 333. But with a little googling I don't see the FCC using the term "jamming" for this style of WiFi interference. The law is written the way it is because spoofing deauth messages is just one of the many ways to cause interference without "jamming."
> It’s worth noting here that all wireless routers necessarily ship with the ability to de-auth, as part of the 802.11 specification.
I don't think I understand that it's "worth noting." There is a large difference between an access point managing it's clients, and a rogue actor spoofing messages to mislead those clients that the message came from the AP. The fact it's part of the spec is the only reason this tool works at all, and the concept of layer 2 interference isn't particularly hard to grasp, especially when that's the explicit purpose of the tool.
>The very fact this code exists should challenge you to reconsider the non-sane choice to rely on anything wireless for home security. More so, WiFi jammers - while illegal - are cheap. If you care, use cable.
There are a great many things in my life that someone could fuck up if they wanted to break the law that are much more important than my wifi based home security. Even with this tool, the greatest threats to wifi devices are still lousy wifi performance before interference, and lousy residential internet connections.
I don't need someone with a baseball bat loitering around the parking lots I use to pester me about my car. That doesn't "challenge me to reconsider the non-sane choice" of using a mode of transportation that is just so darn easy to damage with a baseball bat.
Call be dumb but I have no idea what my wireless NIC is called and that's the first arg to the script.
How do I find out the handle for my wireless network card (I didn't even know it had a name), but also does anyone know why the script can't self detect that? Don't most people only have one?
Ditto for the SSID, couldn't the script just figure out what SSID I'm connected to?
Asking as much for self education as anything else...
The script could automate the discovery of both information but that would make it larger and much more error prone.
Your comment is nice, it shows how Linux Desktop nowadays is so easy to use, one does not have to worry about technical details.
Note that newer debian versions seem to have moved ifconfig to sbin so it's not in a normal user's $PATH
So it only works if they are using one of those two off the shelf cameras.
It will be accessible on the local network via web browser (it starts a web server on the phone) or client app on another phone (e.g. tinyCam Monitor).
We got one as a gift, but hardly used it. Of course both my kids are little Darth Shnorkulas.
I just can't really think of a scenario where the monitor helps. I mean I've had those panicked moments where I'm like "Is my kid dead, and I've just been sitting here playing computer games?" But either get up and check, or just keep playing. They almost never die.
Pretty much most of what people said in response; if the baby's asleep and I'm cooking in the kitchen while watching a YouTube video and boiling something, it'd be nice to have a window displaying the kid in the corner so I can tell when it wakes up. Plus, it might be nice to tune in from work and watch it sleep. Plus, the wife wants one.
Given that dedicated hardware ones are expensive, I'd like to try it with one of the old phones we have laying around - if I come to agree with you that it's unnecessary, I won't have wasted $200 on something that really has no other purpose.
As I was writing my response, I realized that I was doing this, but it amused me. So yeah, touché.
The alternative is madness and leads to divorce or murder-suicide.
EDIT> Actually, I just made that number up. It's all context. My main warning / peeve is that our unrealistic standards of care as modern, educated, intelligent, self-improvement-minded parents actually leads to a shitty child-rearing experience that produces somewhat shitty children, rather than a more laissez-faire approach. Crying is like the weather. We don't always have to fix it.
Most people think it's a good idea to address those needs.
Even the people who like sleep training think you probably shouldn't start when the child is under 6 months.
There are a couple of people who think you can start sleep training under 6 months (Ferber; Gina Ford), but even Ferber sets a minimum age of 4 months.
If you are going to go down the "cry it out" route you will want to carefully investigate the different systems. Some of them have been discredited as harmful and cruel. Ferberization (or Gina Ford, they're pretty similar) is about the harshest system that a modern parent could get away with, but you need to be aware that a lot of people hate this method.
You can then search for them and simply place some cloth on it? Might be more legal.
If the camera runs on a separate network to which you don't have access to, the script wouldn't work.