Hacker News new | comments | ask | show | jobs | submit login
For Owners of Ring Security Cameras, Strangers May Have Been Watching Too (theintercept.com)
106 points by Deinos 38 days ago | hide | past | web | favorite | 131 comments

the video files were left unencrypted, the source said, because of Ring leadership’s “sense that encryption would make the company less valuable,” owing to the expense of implementing encryption and lost revenue opportunities due to restricted access.

This is an industry problem, and a big one.

To be fair (but not really) they still cashed out for a billion dollars, so I guess they were right about the money.

How does that prove that they were right about their stance on encryption?

That if their goal is to cash out then it didn't matter to bother.

Or maybe, that it's possible to dodge a bullet of their own stupidity and still successfully cash out.

That doesn't make sense at all. A fiasco before cashing out would cause a crisis.

of course they don't want end-to-end encryption because then they won't be able to look at your data...

I've never understood why people seem to love these surveillance devices that rely on an external service. Besides the privacy issues, if the service disappears or even the Internet connection goes down, they become useless. A DVR and a set of "old school" network cameras in an internal network have none of those problems, but it seems all the big companies are eagerly pushing "cloud" centralisation instead of making easy-to-use local solutions.

For outdoor monitoring, where my privacy concerns are minimal and where my security concerns are maximized, it's pretty straightforward: plug in a camera, get a many-days-history high-res video feed with alerting. What's not to understand?

On my neighborhood Facebook groups, people need help just getting Nest and Ring cams set up. The idea that they were going to set up their own local DVR camera systems is pretty silly.

I don't understand why people install speaker systems (like Alexa) and cameras in their houses; I wouldn't trust third party, even Google, to manage a feed of audio or video from inside my four walls. But outside, the privacy/security tradeoff is radically different, and the devices have been (for us) super valuable.

Eh, I don't know about privacy concerns being minimal at the places where ring devices are installed.

The ring doorbell is installed at your front door. It records pretty much all movement to and from your house. It records audio at the doorstep, so if you're having a conversation with anyone at your doorstep, that gets recorded too. If you have a porch and are sitting on it and speaking with people, etc etc etc.

I referred to the privacy/security "tradeoff", not an absence of privacy concerns. But for similar reasons, I'm unlikely to have an especially sensitive conversation at my doorstep anyways: my neighbors will be able to hear it. Obviously, they can also see who's coming and going at my house, as could anyone else who cared to watch.

Meanwhile, the devices have been super valuable for spotting and reporting criminal attempts.

Agree one selling point of the devices is ease of use, however for someone like me who is equally concerned about privacy, streaming video from my front door is a non-starter. In your scenario, "anyone else who cared to watch" includes anyone with an internet connection, versus some random prowler at high risk of being spotted casing your place due to their physical proximity.

If some rando gets my ring doorbell footage and figures out where I live, that's hard to undo. If someone steals my stuff and gets away with it because I didn't have a ring doorbell, that's annoying but much easier to recover from. We are talking about the difference between an insurance claim and moving house.

The right product for me may not exist yet, but I'd love to have a video doorbell system that I self-host. If I need remote backup I already have that covered, I'm on gigabit FTTH and use client-side encryption for data backups. I'm pretty nerdy and would enjoy setting this up but can't make it a priority now.

Neither your points nor OP's conflict, I think you each just have different criteria and values for privacy and security.

Sure. I think the perspective I have on this is a lot more common than the "this is too scary to deploy" perspective; these devices are extremely popular in my neighborhood, and cost/convenience is the only thing keeping them from being universal.

You are violating the privacy of anyone coming to your door, without them having the option to say no. You have made this "tradeoff" for them, thinking that for you, this is fine.

Yes, normally anyone camping outside your house would be able to see it too. Now you are also recording it though, which changes the story significantly.

Seeing when you come and go to your house (pattern or not) would allow someone to do a good job of planning a burglary or some other crime, no?

The subtext here being that a burglar is going to see that you have an always-logging remote security camera, somehow obtain unauthorized access to the feed, and use that as a more convenient way to plan a burglary than simply staking the house out? Respectfully, I think that's pretty silly.

Well no. Say I am a burglar and simply try to find out in a particular geographic area cameras that I can gain access to and then monitor those cameras in some way.

Let's say further I get some mechanical turk like crew to monitor (stop laughing I can hear you ..) w/o telling them why I am doing this. I social engineer the reason and pay them to tell me for 'market research' etc or some other stupid cover story.

Anyway my point is that you had said you didn't care if people heard what you are saying. That assumes then that you think it's possible for someone to hear you and gain access. Now you may be thinking that person is not close enough to do you harm but is that a safe assumption?

At the office we have a full NVR system and multiple cameras. Fwiw the professional installer left that wide open to the point where we don't even allow any access (other than the stuff that the Chinese have already enabled that probably is sending things out). The default setup was insecure out of the box and nobody has had the time to look or lock it down.

If you’re a rare art dealer or other high-value target, maybe, but then you have tons of things like drones, etc. to worry about. For 99.9999…% of the population, your house probably isn’t getting burgled by someone like that, if at all. The addicts and bored teenagers are just going to walk down the street at a time when most people are at work and look for obvious signs of life — they don’t care about you in particular and are just going to pick an easy target where they can get in easily and without attracting much attention.

I live in DC and basically all of the reported videos are some dude walking down the street before racing up to grab an amazon delivery or casually knocking on the door (and checking whether it’s locked). They get caught after a few weeks and there’s a lull before the next person with poor decision making abilities gets a couple of grand & jail time. Unlesss you’re doing something which involves storing a lot of cash – don’t brag about your Bitcoin trove – that’s the likely threat.

Is the cloud necessary for the convenience though? That’s my hangup with so many of these devices. I don’t want the bulk of the data leaving the premises.

We would have to totally change the way devices are developed and marketed to actually keep data local but it seems technically possible.

Also, has a Ring doorbell somehow prevented a theft or just helped you know what happened?

I'd say, yes. I've been able to watch that many people see the ring (they see the camera), and they back right off the porch. It's been awesome in this respect, people simply ring it less. As far as the cloud stuff; I'm willing to make that sacrifice so that it can call my phone and i can see/talk to the person at the door. For family I get to literally let them in, and for others I can pretend to be home but uninterested.

I see the benefit of off-site access but is the cloud a requirement for that? It seems we have conflated the idea of “network enabled” and “cloud based”.

From a technical stand point I agree. But the unit needs to open a connection to my phone, which is going to require reaching beyond my home network. It's hard to deliver a product to an end user this way, so in these cases the cloud means 'we manage the hard part for you'. So the cloud isn't a requirement, for well... us? But the average consumer, yes. I'm mostly playing devil's advocate here. I'd love a version of Ring where I could easily eliminate the middle man; but I recognize the value in what they've done. How we protect privacy sometimes seems to be an argument of confidence (Our own home network security VS a vendors), there are arguments to be made about centralizing some of it?

I do agree there is an argument to be made for partial centralization. Right now everything is centralized, even some things that I don't think need to be. From a purely technical perspective it seems to me that notification and configuration can be delegated to a third party but the actual video data can remain local.

Yes, because of NAT and needing to setup port forwarding, which most people won’t do.

As opposed to what? Setting up a local storage server? Only message board nerds are going to do that. I am 10000% more concerned about the privacy of my email than I am about footage of the outside of my house, which you yourself could obtain simply by driving to my block. And, like a majority of people on this privacy-conscious message board, I happily delegate my email to Google Mail.

I’m not attacking your decision to use a security camera and I understand the trade offs you made.

I’m simply asking if it would be possible to sell a product that has feature party with Ring but doesn’t use the cloud.

Before Ring setting up a home security system was also something only message board nerds would do. Why can’t the same be done for a local server?

I believe Microsoft actually marketed a home server back around the turn of the century. That didn’t go anywhere but they had a lot of ideas that were either ahead of their time or good but poorly executed. The original surface comes to mind. Or what weird kitchen computer that is basically an Echo with a screen.

Sure, you definitely could; you'd sell the same cameras Ring sells, and a local server appliance maybe the size of a wireless router that they'd link to, sort of like how you buy Hue bulbs and also a Hue router.

You'd likely lose the following features:

* Access to the camera from your phone

* The ability to talk to people near the camera

* The "people detection" image classification stuff

* The ability to highlight a range of video and get a shareable link for it

* Access to the camera from your phone

A sane-default DNS configuration could get around this automatically. The default can be some managed thing like your-preferred-name.cameraservice.com and if you're particularly adventurous could be camera.yourdomain.com. IPv6 would greatly simplify the NAT complications here. A device that can double as a firewall or talk to one to auto configure would go a long way.

* The ability to talk to people near the camera

I don't see how the cloud is necessary for this other than slightly simplifying notification. Can't the box at your house just shoot off a text message with a link? A centralized notification service could be used here that contains only a message along the lines of "there is activity at your camera" and the phone app can initiate the stream directly.

* The "people detection" image classification stuff

How hard is this really? Once the model/algorithm is in place the actual computation is easy right? Do they really have to run in the cloud?

* The ability to highlight a range of video and get a shareable link for it

This can be done with either a share-to-youtube link for videos you don't mind making public or simply direct links to your device for small audiences.

if your data is stored in Ukraine with open access to your password, wifi, email account for ring as well as IP address it really wouldn't be hard to hack into your gmail. Ring's employees have access to all of that.

I always create separate, single-use email accounts for these purposes. Other email services also allow you to create aliases.

There are quite a few videos on YouTube where the owner (I assume, via an alert that the motion sensor is triggered) starts speaking though the device remotely "put that down" or "get out of here" and the would-be thieves usually drop the package and hurry off.

EDIT: I should add that a video circulated recently in my neighborhood showing someone stealing the camera. So there's that risk. I'm sure the thieves will be disappointed when they find out about the monthly fee.

"Put that cookie down! Down!"

It's very common for would-be thieves to see the doorbell camera and leave. Cameras, by the nature of the fact that someone could be watching, are a natural deterrent.

Sure that makes total sense. But is there anything special about Ring or other cloud cameras in their ability to deter theft over any other camera?

> I've never understood why people seem to love these surveillance devices that rely on an external service

The same reason people love any external service such as email and calendars: convenience. There's a lot more work involved with video security system if you don't use consumer friendly versions.

To be sure, SAAS companies put more resources into making the implementation convenient to setup and use, and to provide revenue, but there's no reason that setup and usability issues wouldn't also be dealt with in generic DVR systems if the same effort was expended.

True statement, BUT: in general most generic DVR systems are driven by people who are looking for advanced features. Convenient setup for non-expert users is (at best) a distant second.

I've setup a homebrew system for my cameras and while fun initially it was a pain to maintain. Rather than spend a weekend getting the system back up and running before a recent trip I just bought a 150.00 baby monitor that supported Homekit. Way more convenient.

One of the biggest selling points of these services is that you can view your live video feed from anywhere via mobile device -- A savvy tech enthusiast might be able to create such a setup by hand, but the majority of people wouldn't know where to begin.

> A DVR and a set of "old school" network cameras in an internal network have none of those problems

Ring is a $300 purchase and takes an hour to install. This would take me a few weekends and would cost thousands of dollars. Cloud centralization makes things easier and cheaper, by orders of magnitude.

Why would it be so difficult to connect to locally?

A company could drop a camera and a small NAS box, and have it all work over the local WiFi.

I haven't looked into it, but I suspect there are several vendors who already do this.

It would get more complicated to support accessing it while away from home, admittedly. I don't know if that's an important feature for this application.

> It would get more complicated to support accessing it while away from home, admittedly. I don't know if that's an important feature for this application.

This is a huge feature which I've solved using an IPSec VPN. This is not something that's easy for regular people to do though, so it's not a universal solution.

If someone made a router that could easily provision VPN access for a device (e.g., generate a sensible OpenVPN config or something) it would make this setup a LOT easier.

> It would get more complicated to support accessing it while away from home, admittedly. I don't know if that's an important feature for this application.

That's the killer feature. What good is a home surveillance system if you have to be there to use it?

This feels like one of the huge benefits to true widespread adoption of IPv6. A firewall is still required but without NAS it becomes much easier to connect to individual devices on arbitrary networks from anywhere.


i can drop a link right now that will let you look around at my driveway, if i get to know you better i could give you a login so you can see it works.

> A company could drop a camera and a small NAS box, and have it all work over the local WiFi.

If you setup a company to do this, you will quickly find you are a customer service and call center company, NOT a security tech company.

Synology has IP camera support out of the box. For one camera. If you want more, you have to buy more licenses, which are only available from them. In hard copy form. And they take a week or more to arrive.

Been there, done that.

I know this is going to sound a lot like “Why would anyone use dropbox when they could roll their own with an rsync shell script” but it’s not that bad. Please don’t spread FUD about the difficulty of freeing yourself from cloud surveillance. A copy of Blue Iris is $60, and you seem to be able to get 1080p indoor WiFi cameras for about another $60 each. Anyone who can connect a device to their wireless network, run a program, and forward a port can get equivalent functionality, and from my experience even a lot of non-tech-focused people are familiar with doing that for e.g. Xbox Live

> Anyone who can connect a device to their wireless network, run a program, and forward a port can get equivalent functionality

I am very capable of all of those things and I don't agree.

To install a camera on my porch somewhere, I'd need first to run power to it, which is a difficult proposition that would probably mean I need to hire an electrician to do it right, as I'm not confident at all in my ability to properly do electrical wiring in places where it needs to be properly weatherproofed. And adding electrical to a near-as-makes-no-difference 80 year old house would look pretty hideous. Then, need to set up a server with redundant spinny storage and offsite backup, which, while not being terribly expensive these days, isn't particularly cheap either. And I don't even know how to begin approaching the mobile app notification issue. Doable, I'm sure, but does Blue Iris have notifications and remote access for viewing built in?

Or, alternatively, I paid $160 for a Ring doorbell and installed it in place of my existing doorbell in an hour or so.

I wish I had more control over it, and I _really_ wish they had an open public API. But at the same time, from a time/money investment point of view, getting the Ring was an obvious move.

Yes, wiring is the most complicated part of any outdoor video security setup. Since you can't avoid wires, even with wireless cams (unless you opt for battery operated cams like Arlo), it's just easier to use PoE so you won't need an electrician.

For anybody else like me out there, PoE means Power over Ethernet.


I kind of cheated for my cameras. I simply put them in the window next to the front door and hid the power cable in the adjacent closet.

Because they're behind glass, using the built-in IR illumination is out of the question. Instead I use an LED bulb outside to provide light for the camera to see even in day mode.

It's not ideal by any measure, but it works OK enough.

If it were an option, I'd run PoE to proper outdoor cameras.

It is not FUD. Even for a techie there's a decent amount of setup involved, not to mention the pain and cost of having to maintain an entirely separate computer dedicated to video surveillance. I have my own poe setup and maintenance is just annoying in order to maintain feature parity with a major service. For a non-techie, it's not even an option. Also indoor cameras are not equivalent to outdoor cameras, especially in terms of cost. It is going to cost a few thousand dollars for a decent non-cloud setup.

To pile on, I picked up a few Wyze Cameras for $25ea, reflashed them with Dafang Hacks, and they work perfectly well for catching porch pirates and people coming down my block pulling every car door handle.

No cloud dependence, subscription needed or extra internet bandwidth use.

You're still dependent on binary Chinese firmware blobs that these tools are based on. Not something I consider trustworthy.

The fact that they don't require a cloud/internet connection should relieve much of the worry already... and it's not as if the original firmware wasn't Chinese either.

Pretty sure most of the other blobs also come from China.

> No cloud dependence,

I own a few. I'm pretty sure you need to talk to centralized servers in order to hit your cameras, especially remotely - the time it matters most. Did I miss something?

The Dafang firmware he flashed allows RTSP so they can be used as generic VOIP cameras. That functionality isn't present in the original firmware.

Umm, these cameras offer RTSP streams, not SIP. Wish they offered SIP for use of the mic and speaker though...

Haha, sorry. I meant IP cameras, not VOIP.

i live in alaska, and there are a lot of undereducated people that do just fine setting up home networked cameras. it isnt difficult to do, and people here really hate "the man" so ring and any other cloud based security is not an option. thats the knee jerk part of it. there is also frequent power interruptions brownouts blackouts. so a lot of people straddle off n on grid. a local surveilance system is the only working option here if you need it to be continuous LAN service. I really do hope a bunch of "snow billies" [self included] are not smarter than HN users.

this just in. Ring is also a "ceiling cat". https://9to5google.com/2019/01/10/ring-camera-live-feed-acce...

IKEA can't get people to assemble a fucking box, and you're here telling me that it's totally possible for people to set up their own networked camera system?

Yes, it's possible. No, it's not easy. I've been working as a software dev for like 10 years now and I would happily purchase Ring instead of pulling my hair out for a whole weekend trying to yak-shave[1] my way to a hacked together security camera system.

[1] https://seths.blog/2005/03/dont_shave_that/

Edit: Everyone, just read the replies to my original comment and you will see why Ring is better. There's a million different ways to setup a home camera system, each with their own intricacies and challenges. THIS is why Ring is better. It's the ONE solution that ties together all this technical bullshit that nobody really wants to deal with (unless you're passionate about networking. Which is probably a lot of the users on this board. Which is why I'm probably getting crushed with downvotes).

The problem is that the original intent of buying such a device has now been subsumed under a tech company and government agenda, the surveillance state. When you see Ring on the shelf everywhere, it isn't advertised as a way to surveil you and your family, to scan your face and report your video and audio to cops.

This reminds me of 23 and Me which acts like it's helping you but, by signing up, you agree to help Big Pharma and cops keep track of you.

That's a reason to be opposed to Ring. Hell, it's a reason to be opposed to surveillance cameras in general. What it is not, is an argument about the ease of installing your own DVR set up.

This is true. However, it seemed relevant to the thread.

> > A DVR and a set of "old school" network cameras in an internal network have none of those problems

> Ring is a $300 purchase and takes an hour to install. This would take me a few weekends and would cost thousands of dollars. Cloud centralization makes things easier and cheaper, by orders of magnitude.

I have a number of "old school" network cameras and an on-site DVR, it doesn't take "a few weekends" to set everything up.

Adding a camera is simply a matter of following the instructions to connect it to the network. This would be the same process for a Ring or an "old school" camera. Adding a camera to Blue Iris is a 5-15 minute job, depending on how much tweaking you want to do to the motion detection settings.

In terms of implementing from scratch, I picked up a refurbished Windows 10 Pro machine, set up and updated Windows, installed Blue Iris, and added my cameras, in an evening.

Cost-wise, my setup is more expensive than a single Ring camera. However, my incremental costs are a lot cheaper since I can buy sub-$100 cameras instead of $300 ones. There's also no monthly fee, which is nice.

Properly installing and maintaining Windows is a full-time job in and of itself, forget everything else.

Not something I want to waste my time on.

I thought this too, but Windows 10 has needed surprisingly little babysitting in my experience.

Do you have any sort of off-site backup? I think one of the big advantage of the "cloud" cameras vs a home setup is that it's easy to view footage anywhere (I haven't used Blue Iris so maybe they make that easy), and if someone breaks in and steals your computer you'll still have the video somewhere else.

I don't. I've thought of building such a thing, but it's not something that I really have a need for.

It's a good consideration though and a definite advantage for the cloud services.

There's no monthly fee, but you do have the cost of running that Windows 10 machine. What does that amount to? At 100W and $0.14/kWh I calculate about $10, which is competitive with something like Nest Aware.

Not to mention if you get robbed they're going to take the PC that has your recordings on it, so good luck giving the police footage of your robbers...

This really depends on the machine and how you deploy it. I picked up a refurbished SFF business desktop type of machine and the power draw is only 40-60W (with Blue Iris running and recording from all of my cameras).

This is definitely a consideration though. More cameras and/or higher resolution cameras will result in more power consumption or require a beefier machine.

Most people don't even know what it means to forward a port on their router. They aren't going to know how to build a DVR and give it the same feature set as a Ring doorbell camera.

I assume if the internet goes down, then they can start storing video locally. Just replace your DVR with a hard drive.

A DVR typically is the hard drive.

It makes sense for security. If someone breaks in and steals your camera and local storage, what good is it?

I would like to see a camera where I can control the S3 account that the data is uploaded to.

I assume it's because they want to mine the data they collect. Amazon can watch everyone who comes to your front door. They can easily learn things like how many people live in your home, if you are single, when you are dating, if you have children, how often you have food delivered, what types of clothing people in your area are wearing, what they talk about as they pass by etc. Tons of valuable data to collect if you can convince people to install a camera for you and hand over access to the feed.

> Amazon can watch everyone who comes to your front door. They can easily learn...

No need to do difficult and processor-intensive video & audio analysis. They can get most of that from the products you're ordering from them. Remember when Target outed a young woman for being pregnant based on the things she was buying? That was 6 years ago.

>I've never understood why people seem to love these surveillance devices that rely on an external service

It is simple really. With the cloud people don't have to worry about properly managing a server. If they want to access cameras remotely, well with a self-hosted solution then I need to have a proper firewall, security, etc. I need to monitor and maintain the system, perhaps setup fail2ban or something similar, a reverse proxy would also help. This is all a lot of work, or I can just outsource this to the cloud and not worry about it.

That said, I would never ever, ever use ring or a system like it (ring directly partners with law enforcement agencies and gives them access to their customers cameras).

I recently did a Camera installation at a clients house using Ubiquiti cameras. They cameras are great, and I trust Ubiquiit a hell of a lot more than Ring, to not share video with anyone. The web portal makes it great for management, the iOS app is a huge selling point to my client who loves that she can check the cameras from anywhere.

TLDR: cloud isn't inherently bad, you just need to find the right cloud provider, or be willing to take on all the risk and responsibility of running everything on premises.

Why is network security not important to your camera? Even without a server on premise you still don’t want random people on the internet to look up your webcam, right? So network security is important to all networks.

>Why is network security not important to your camera?

It is, but you don't have do very much to secure a camera.

The camera is going to call out to whatever cloud provider, which is fine. You can easily just set your firewall to deny all incoming connections from outside (and you should) and the camera will still work fine, since it is calling out (the cloud isn't calling in).

This makes it very easy to secure and manage.

Self-hosting a security system you want to access remotely is a whole new ball game. Now you dealing with outside connections coming in, exposing ports on your firewall, and now you dealing with needing a static IP address and or figuring out a way around a DHCP address from you ISP. Making sure whatever server you have running your system is patched (both the OS and client software), since that machine is accessible to the outside world. You also need to setup SSL if you don't want your logins to be in clear text.

Or all of that can be managed by a cloud provider that you (hopefully) have a degree of trust in. The cloud provider will already have SSL setup, they will have a team of security people monitoring and maintaining their servers.

Personally I would never even consider a self-hosted solution, unless one of the follow two were true 1) I didn't care at all about remote access and just closed the system completely so it was only accessible on premises. 2)I was setting up a security appliance with VPN so the remote access could all go through a VPN.

The founder of Ring was back on Shark Tank as a shark himself not long ago. It's interesting to see how his perspective has changed since joining Amazon. He invented the product so he could hear/see the doorbell from his garage. But now he presents himself as some kind of social crusader, out to protect the world.

It's disturbing to see how many big tech companies have turned into surveillance and military companies lately.

> But now he presents himself as some kind of social crusader, out to protect the world.

So many tech CEOs do this. It's a cop-out method of rebranding one's image. In reality though, it says more about the public at large for believing into marketing and PR.

When someone markets themselves as "good", they are usually trying to distract you from something not so good that they are doing.

This is why I stopped watching Shark Tank. It started out interesting, but the last couple of years have been all PR and BS. I stopped watching the second Sir Richard Branson threw water in Mark Cuban's face. Shark Tank had jumped the shark.

Is it just me, or is Daymond John especially mean to black entrepreneurs who haven't "made it" yet? Did you see the one with the African fashion company where he told the gal he couldn't be involved because he might be sued? Over clothing?

I have noticed that over the years they've moved from supporting small entrepreneurs who are just starting out to only funding companies that already have proven success. You used to be insane to ask for a $1M valuation (or a $1M investment) on that show; now, it happens every week.

Camera systems with 100% local storage and drop dead simple remote access do exist.

For example - Unifi Protect.

NVR: https://store.ubnt.com/collections/surveillance/products/uni...

$200, rated to support 20 cameras - some use more with no problems. Pretty nice box. 8 core ARM, 3GB of RAM, 1TB hard drive, POE powered, built in battery backup for clean system shutdown. Well made, metal case feels like a piece of Apple kit.


$80. They have others in the $150 - $250 range depending on capabilities. They even have a wifi one, but wired is always better.

$100 switch gives you four POE ports - the DVR and three cameras: https://store.ubnt.com/collections/routing-switching/product... There are other switches that can provide more POE ports if you need 'em.

Pretty decent system. No monthly fees - slightly higher up front cost will pay for itself over time, especially if you have more than one or two cameras.

What's really nice about their system? Create a free account with them. Set up the NVR and log it into the free account. Load their app on your phone, log into the account and boom. You have access. Whether you are remote or not. Their cloud service brokers the connection from your device to your phone. No firewall ports to forward or other configurations. NVR connects to cloud, uses that connect your remote access back to the NVR. Slick as snot. Once you connect their cloud is out of the equation.

There might be other vendors with solutions as easy to use and set up - I haven't found them. I sure as hell don't need to store my video in the cloud.

Jeez. One of the first cybersecurity presentations I went to was in the early 2000's. Someone consulting for the newly minted Homeland Security was talking about intercepting feeds from unsecured video cameras. This is the progress we can make in a decade and a half?

By the way, how are privacy-minded HNers monitoring their homes? Going with Ring (or similar) or more traditional alarm services?

Two large, loud dogs.

edit: Before I get a bunch of downvote nonsense, this is a serious answer. Dogs (especially big ones that bark when excited) are terrific home protection. No intruder is going to risk a tussle with a couple of big dogs hell-bent on protecting their home. Plus they're totally good with people they already know and trust arriving, even if we aren't there. All a camera will do is record the fact that you're being robbed.

I believe that has been advice in lieu of security systems for decades. That metal front gate opens, the giant head of that pit bull/mastiff mix pops up with a "woof", and no one has to know that a piece of cheese would allow you slip right past him. I didn't get him for "protection", the dog needed a home and no one else was taking him. But his size and looks do have their perks.

Didn't Myth Busters do a show on how a piece of steak will get you past all but specifically-trained guard dogs? The only danger one would face with our dogs is getting knocked down while they try and get the steak.

While most dogs might get easily distracted by food, most will sense when their owner is in fear or danger and will attempt to protect them irregardless of the distraction.

My pit gets upset if someone stresses me out over the phone. I would pity anyone who tried to come in my house and mess with me. I sleep very well at night.

Sure, if someone is really determined to get past guard dogs, they can. But a casual burglar isn't going to bother. One of mine is 95 pounds of black lab/german shepherd mutt with a massive baritone bark, but he's totally harmless, except for maybe knocking you over. The other one is 35 pounds and so cute that people assume he's a she, but he's actually bitten at least three different people while overprotecting the house and yard, and I have no doubt he'd die fighting. (And the new next door neighbor learned what he already knew, which was to not stick your hand over the fence to pet the barking dog who doesn't know you and is very concerned that you're in the yard of his friends, even when that dog is small and cute.)

Sounds like you should be more concerned about losing your assets in a civil lawsuit than through burglary.

Shocking as it may seem, I don't care.

I have dogs because I love them. Their value as a home security system is just a bonus.

What proportion of burglaries are committed by "casual" perpetrators? Steak is cheap.

depends a lot on the character of the dog, one of my dogs was food oriented for reward the Mals I have don't touch food even from anyone until they hear the OK. This can be trained away and is an essential part of French Ring (or Schutzhund) brevet. e.g. the the training police dogs get, and usually can't be enticed with food (at least when well conditioned not to - even in absence of an owner or command).


2 Belgian Malinois trained in French Ring which is the French equivalent of "Schutzhund" (minus the tracking). 3 years old they won't take food from strangers and are stable and confident as fuck. They once pinned a junkie into a corner of the garden which jumped the fence to burgle us while we were out. He was stuck for several hours (until the neighbors called us to inform us that "they're barking an awful lot today". The guy wasn't harmed but neither did he dare to move. :D

Though the reason we got these boys was because our border collie was getting really old and let 2 guys jump the fence and grab everything from the terrace while we were having a BBQ in the back yard (head-desk). We only found out because they grinned and waved to my daughter who was going to the front entrance to grab some stuff from the kitchen. Also she (the dog) wasn't trained like the Mals.

Sounds like you live in a dangerous neighborhood. Stay safe, friend!

Talk of dogs as home defense always makes me think of this reddit thread: https://old.reddit.com/r/IAmA/comments/eewou/iama_retired_ca...

Dogs are poor witnesses, and sadly, the penalty for poison is pretty low in most areas of the country.

All a camera will do is record the fact that you're being robbed.

A security system often has decent sensors to alert you even over the phone which dogs do have trouble with.

Most robbers are probably not unethical enough to resort to killing pets in order to rob a house. Most robbers would probably rather just rob a house without dogs than one with dogs.

Dogs likely raise the barrier to entry for a robbery and criminals will usually just choose easier targets.

probably depends. 2 or 3 is better than 1 in that case. Although where I live now we have gipsy gangs roaming the hoods and kidnap your dogs - then make you pay a ransome to get them back. If you don't pay you get an ear or the tail (or worse) on your porch.

EDIT: small dogs can be an advantage in this case https://twitter.com/thegrugq/status/973969277647638529

Dogs raise a barrier, but these are people trying to rob your house. The ethical argument goes right out the window.

If you are going to get a dog to be part of your family then do that, but getting a dog as a security system is just a poor idea.

There is a big difference between robbery and murder. Just because you commit a crime doesn't mean you lack empathy.

A lot of folks (including the law) don't consider killing dogs murder. You are dealing with people with low or no morals.

the deterrent is the racket they make (no matter their size). At least that puts off the non in advance planned robberies (where we lived there was a big divide between rich/poor so it was mostly junkies trying to enter holiday homes)

Indeed. When pitched a security product on Shark Tank, Robert Herjavek said a home security vendor once told him the best security is "get a dog." I never worry about anyone coming in my house with a Pit Bull and a Mountain Cur inside. :-)

a large loud dog[s] with a litter of pups works even better.


to extend the logic, defending a litter takes great priority over a steak snack.

As someone who's had the misfortune of living next to poorly trained dogs, I really hope your neighbours won't be able to hear their barking.

I got a Xiaomi Dafang camera and flashed it with OSS firmware, and all such devices in my network have no access to the internet or to other devices. I connect to them from the outside through an authenticated HTTP proxy (or WireGuard).

The same way people have for centuries. There’s a lock on the door.

More generally I protect myself (including my privacy) by not living in a constant state of fear.

I have an RCA doorbell camera. It stores locally on the included card (can upgrade this if you want). Then I can watch the videos through my phone (which connects to the camera to read the internal storage). On the app itself, there is room for 4 total cameras. I've considered adding another camera (RCA has a few non-doorbell ones also). My main concern wasn't security (this is outside my house) anyway, but it was that I didn't want another monthly charge for something.

I use Blue Iris and a variety of cheap cameras that I've acquired over the years. Remote access is done via an IPSec VPN. I also use Home Assistant and various other devices to monitor other things in the house - temperature (since freezing water pipes is a concern), water level in the sump, etc.

I don't do anything with alerting yet, but there are many ways to solve this.

Having a next door neighbour who's retired and really good at spotting when things are out of the ordinary helps too.

We've got some Nest outdoor cameras on our front door, back yard, and alley-facing garage.

I used to just use a bunch of Foscam's but I recently moved to Canary for the auto arming and push notifications.

Here is their security page. https://canary.is/security/

A Dahua DVR with wired cameras. Dahua has a free and painless P2P connection service that lets you view the DVR from the Internet without exposing a port in your router.

I'm not entirely at ease with using a cloud service, but I'm way less comfortable with directly exposing the DVR's access directly to the Internet.

I put up a SimpliSafe system at my house, and it's pretty nice overall. There's a security camera included, but it has a physical shutter that opens with an audible "click" whenever the feed is on. I'm a bit too lazy to be "privacy-minded" but it's a nice touch.

Ring has cut a lot of corners to get to market quickly. I don't think this is the last time we'll hear of these types of issues from them (or the other small hardware co's)

Does anyone know of a similar product and service that offers end-to-end encryption?

This is why I'm writing my own home automation system that runs entirely on premises. It's too private of a space to entrust to anyone else.

Why? There's plenty of open source stuff like https://www.home-assistant.io out there.

local police districts are pushing these devices on residences unaware with how this citizen video data is processed or handled in Ukraine. Aside from the 700 person team given access to live video feeds and customer databases, the lack of proper security of this product makes it a PRIME target for DDOS attacks that could cripple infrastructure.

Any thoughts on how hard would it be to cobble something together using COTS cameras and a FOSS web portal?

All I'd really want is a few camera feeds with some tagging when motion is detected. I feel like use case covers most of why people get them.

Look at https://zoneminder.com/. I used it successfully to do what you ask for at a fraction of the cost of cloud cameras. The only reason I switched to Ring/Arlo was for 2-way audio and the ability to have battery-powered cameras. ZM was really nice to work with.

Has anyone done a deep dive regarding security on the Nest cameras? I’ve been holding off getting one for this exact fear that has come true for Ring users.

Cloud cameras are beyond stupid.

Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact