Hacker News new | past | comments | ask | show | jobs | submit login
Ring fired employees for watching customer videos (vice.com)
216 points by rahuldottech 13 days ago | hide | past | web | favorite | 135 comments





Whenever end-to-end encryption is not used, scenarios like these are bound to happen eventually.

As far as I know, the only home surveillance products that use E2EE are ones that support HomeKit Secure Video [1].

1. https://support.apple.com/en-us/HT210538


These kind of scenarios can happen with workers in government offices, archives and medical institutions as well. And yet the paper documents are not E2E encrypted.

Maybe... just maybe... technology is not really what should be the core issue here? But we should perhaps look at our policies and legislation? Adding proper liability there will make technology come by itself. The magic of free market doesn't seem to be working here.


Any problem is easy if you oversimplify it.

The cultural conceit of 'disruptors' is that society has made everything complicated and therefore society is 'ripe for disruption' which if you read between the lines means 'stupid'. Lack of respect means lack of care. Lack of care leads to injury (theirs, and/or ours).

You are right. It's not the tech. It's the arrogance.

From my knothole, legislation comes for things that aren't policing themselves adequately. I think what we are discovering is that there are a lot of domains where the old guard were self-policing to a degree, and the newcomers have absolutely no reverence for anything.

I expect it won't be long before you'll see industries taking a hard look at their internal culture, and then engaging in regulatory capture to keep out the disruptors.


The easiest way to keep someone out is to lock the door.

You can create penalties, punishments, hire security guards to watch the door. But the most efficient and effective way is just a lock.


That's absolutely not true. Most doors are trivial to pick and as easy to break down.

The main, and usually only, real reason for the lock on the door is to serve as a physical symbol which establishes a particular legal status of the property behind the doors, with associated consequences for unlawful entry. The legal apparatus - penalties, punishments - is what deters crime. Lock is an XML tag made of matter.

(The additional, secondary role of a lock is being a trivial inconvenience. Not enough to deter a thief determined to rob your place, but enough for a thief determined to rob a place to skip yours and pick a different one.)


Forget the analogies having to explicitly misuse the system to violate customers privacy creates a strong disincentive.

All accesses to customers data should require multiple people not by policy but by mandatory access controls.

The fact that employees could hack their employer is true and not meaningful.

The number willing to commit felonies is less than the number willing to risk termination.


I feel like I asked this before and then didn't bookmark the answers.

What systems are out there for requiring consensus for access? I know about K of N protocols for hardware cryptography, but I'm fuzzy on such systems for, say, admin functionality or data retrieval. Are they all in-house at this point?

I've found over and over again in my work that it's much easier to spout rhetoric about process change when I have provided tools to facilitate those changes. Maybe it's time for us to collaborate on some tooling in this space.


I can't remember which company it was, but I once read an article about a company who implemented their own version of `sudo`. Their version required another developer to approve your session before granting root privileges, and then allowed them to watch everything you did.

I was addressing the lock analogy itself, but going back to the original topic, I believe this line of thinking still applies to an extent. Setting up hoops one has to jump through to do something nefarious is as much about the difficulty of jumping as it is about the very act of jumping. If you have to work around some security features to access customer data, you can't defend yourself by saying you've accessed it "somehow" or by accident.

Protecting property is not the only use-case for locks.

There are also locks on e.g. cell doors in prisons. Those are pretty essential to the function of the cell, and tend to survive anything prisoners might try to do to them.

There are also locks (specifically, interlocks) on e.g. dam spillways, or on the airlocks on submarines. (For these, the "key" is a button somewhere else that's not necessarily itself secured, but it is still very crucial that they keep things out when that button has not been pushed.) They hold up pretty well—even against malicious infiltrators—mostly because they fail closed and have no UI components mechanically linked to the locking mechanism.


I've never had a window or door broken, but if I left my door unlocked, everything would be stolen. I've had stuff stolen that was outside, even had people try the locked door while I was inside. It doesn't seem to matter that my house is actually pretty easy to break into, as long as I lock the doors. So I would agree that the easiest way to keep people out of my house is to lock the door.

I must disagree, although I find what you are saying an important part of the defenses, and likely a larger issue in certain parts of the country and certain neighborhoods..

I think the gp is not 'absolutely not true'.. I have a fair amount of hobby interest experience dealing with petty thieves / criminals for the past couple decades; studying them locally and through polls and news articles... stories about locked up thieves admitting they will generally skip houses that have big dogs and security systems for example.

Certainly there are certain types of people to take into consideration from what you are mentioning, and petty criminals vary from locale to locale in significant ways sometimes. From what I understand places like frisco often have car hoppers busting out windows of cars on a regular basis, however in my area they generally only check for doors to be locked or unlocked when choosing to rummage through a car. A portion of the criminals around here will make an exception and bust a window if they see a purse or briefcase, but generally move on to the next without making too much noise, for example.

In most neighborhoods seeing someone crouched down playing with a door lock would attract attention and likely calls to the police. Kicking in a door would also create an amount of noise that brings attention the average criminal does not want to deal with.

Sure if a delivery person has seen you have a box of gold and sapphires next to the door (or notice your vintage guitar collection hanging on the walls while trick or treating) - they may target you with a door kick / other means of juice that is worth the squeeze..

but most of the thieves in my area will skip the locked houses and move to the next softer target. (often ringing the doorbell to see if anyone is home first)

I don't think most petty thieves are willing to learn lock-picking, even though it's easier to learn today than it was 20 years ago.. The added time it takes is not really worth it. (for most in most situations)

It's easier to find a neighbor that has a window air conditioner that can be pushed in with ease (at least around here, this technique in Minnesota may not be used as often)

The only place I can think of in regards to "establishes a particular legal status of the property behind the doors, with associated consequences for unlawful entry." would be Kennesaw, Ga - every person who lives there has a gun - there, the legal status of kicking in a locked door and it's associated consequences are proportionally different than most apartments in NY.

Some of the street thugs know that robbing with tools (that can be labeled burglary tools) carries an extra charge, just like robbing with a loaded gun is different time for the crime of stealing using threat of other force..

I do agree that certain situations / threats make "The additional, secondary role of a lock is being a trivial inconvenience. Not enough to deter a thief determined to rob your place, but enough for a thief determined to rob a place to skip yours and pick a different one." true - but that does not make the above statement absolutely not true.

I think you are both right.


You're right that I shouldn't have said "absolutely not true", but I stand by my general message. Regular locks are inconveniences for thieves, not deal breakers.

> In most neighborhoods seeing someone crouched down playing with a door lock would attract attention and likely calls to the police.

Not if that someone is wearing a hi-vis safety vest (perhaps with "Cory & Trevor Locksmith Company" or something similar written on it).

My point is that the effectiveness of locks primarily comes from laws and economics, not from their physical properties.


Follow-ups to your comment have responded to your analogy with discussions of lock-picks, firefighter exceptions, and safes vs doors.

The point I think you were trying to make is that it's mathematically possible to create a cryptographic lock that's inviolable. This is a different way of thinking.

I agree strongly - it's one thing to have a process or rule on what to do, and another to build a system that forces the processes and rules to be followed.

(I say inviolable, but I'm aware you can typically defeat a cryptographic lock by taking a crowbar to the physical locks watched by your Ring doorbell and subsequently using the crowbar on the person whose mind holds the key to said lock...but that's not the lock's fault.)


Actually, the best way to keep people out is to convince them it is not worth it to try to get in.

I agree, but I would use the safe analogy instead of door, because locks only keep honest people honest, just like rules.

Locked doors can kill if a fire breaks out in your house.

Typically, at least in the US, a locked door can be opened from the inside without a key for that reason.

So while that is true (and not to go too far off into the weeds on an analogy), in an emergency, people are trying to follow procedure under pressure and the odds of error in operation of an interface increase. You want the interface that is used in an emergency situation to either be well practiced or absolutely as intuitive as possible.

To destructure the analogy and give a concrete example, if I'm dying of allergic shock I don't want my doctor unable to access my medical history because somebody in the process can't remember how to "break glass" on the encryption on my medical records, even if there's a procedure to do so. I want my records in plain text format and as readable as possible.


Your concrete example would never happen the real world. If you were in anaphylactic shock, no doctor is going to go off looking for your medical records first, even if they were sitting on the table next to him. He's just going to stick you with epinephrine and then MAYBE look at your medical records later.

All that said, I get your point, but I'm not sure how it applies to this discussion anyway.


My point is there's a tradeoff between prevention and penalty. Sometimes, the best option isn't a locked door; it's a clear sign saying "trespassers will be prosecuted" and a security camera (i.e. auditable access, not preventative access denial). That way, people can get in if they need to to do something critical, and one can resolve the question of trespass later.

True, but:

- If you normally keep the door locked, unlocking it with the thumb turn is what you do every time anyway

- In cases where there are many people expected to use doors that they're unfamiliar with, it's typically even simpler to exit (panic bar on business fire exits, automatically-unlocking deadbolt on hotel doors, etc)


If you keep the door locked at all times, unlocking it should be pretty routine.

I'm a strong proponent of both approaches. If surveillance infrastructure is in place, and all you have protecting you is law, it only takes one small change, or one warrant, to lose all your privacy (and you won't even find out about it). On the other hand, if the law forbids privacy, technological solutions won't withstand for very long, especially when you can be compelled to hand over your passwords or face jail.

This brought back memories of doing data entry for an insurance company as a teenager. I spent eight hours a day transcribing people's names, addresses, SSNs, and medical ailments, including all sorts of sexually transmitted diseases.

It's weird, now that I think about it. I was just some kid they hired as a temp. We've never really known who's looking at our private data.


I agree, there should be a legislative intervention here. These devices come out semi-regularly with no regard to security.

I don’t know if Ubiquiti’s feeds are streamed encrypted, but at least the recording infra is 100% local and can be accessed locally without any cloud middleman if desires.

Best I could find[1] but I think the forum question is about having a NVR in another site with a VPN connection in between the site and camera.

[1] https://community.ui.com/questions/Are-Unifi-Video-streams-e...


The only product currently out that supports this is the logitech Circle.

https://www.apple.com/ios/home/accessories/#section-camera


Unless I COMPLETELY misunderstand encryption, E2E encryption only protects your data in transit. It does not mean that data on servers are encrypted NOR does it mean that servers don't have decryption keys to that data if it is encrypted.

Am I wrong about this?


Your confusion is around where the end is in this case. E2E would be encryption from the ring device to your other device being used to view the feed (your cellphone for instance). Part of the difficulty in that case is getting the encryption key securely transferred between the two devices without exposing it to anyone else (a non-trivial problem). Assuming that was done in this case Ring employees would only have access to the encrypted videos with no access to the decryption keys to actually view them.

E2E Encryption is usually referenced in messaging applications where the ends are understood to be the two communicating parties, while in this scenario it's a little more nebulous.


In short, yes, because end-to-end implies only a single producer and consumer have access to the data. Storage in the cloud wouldn't be an "end", and therefore it must be encrypted at that stage. The ends are 1) where the data is created by the device, and 2) wherever it is viewed on retrieval by the end user. While it's in the cloud it's still "in transit".

Facebook, if I recall correctly, at one point seemed to be trying to redefine the term to be "encrypted on its way to us and then back out again", which IMO is nothing short of propagandizing to confuse people, I assume to foil demand for real E2E encrypted products and gain unearned trust.


At least in Apple's case, they do not have the keys because it is encrypted by your devices and then uploaded. It is then only able to be read by your devices because they have the keys to un-encrypt it.

The latest Apple platform security doc (fall 2019, available as pdf) does a half-decent job of explaining their key distribution mechanisms (iCloud Keychain, they call it) too. They are doing some pretty complicated stuff under the hood to support multiple devices (trust circles, they call it).

I just wish I could read the source code to make sure theory and practice are reasonably congruent.


I am curious if there are others.

But as soon as a camera came out that supported this I finally got one (flat out refused to get one before... even though I wanted to get one).

It feels pretty good knowing its stored encrypted in my iCloud and all of the processing happens on my devices (HomePod and Apple TV)


Wyze has End to End encryption for their cloud stuff, or you can save it all on an SD card instead. Wyzecams are also really cheap $20 but they dont have a doorbell, so for now I'm keeping Ring (came with my house) till I see a good alternative.

Please correct me if I am wrong, but Wyze doesn't actually encrypt the files they store, in their case end to end just means that the files are secure in transmission. Apple secure Video actually encrypts the files so they can't be viewed by Apple.

You might be right all I was able to find was this:

https://forums.wyzecam.com/t/meaning-of-end-to-end-encryptio...

I can always just revert to using an SD card instead of sending my data over to them on the other hand. I am okay with this so far though, they delete videos after 15 days anyway.


Wyze is using the term end-to-end wrong, which is very disappointing but not surprising. They are considering themselves an end, which changes the meaning in a way to make the term totally meaningless. The end in end-to-end is end users.

How is Ring better than a Wyze cam pointed at your front door? Genuinely curious. I have several Wyze cams but have never interacted with a Ring much other than pushing the bell button at someone else’s house.

I prefer the Wyze cam all out, but it's already installed so I'm just leaving it there. I don't want to uninstall it until I have a better doorbell device or if theres serious security implications in keeping a Ring device.

I'm also waiting for the outdoor / weather resistant Wyze cams that are set to come out this year, so I can put them facing the front door from the front part of my porch. I hope to have it trigger a Wyze lightbulb, though I'm not sure if they're that smart or if they need the sensor instead.

Edit:

Matter of fact, I have a window next to the Ring where I have a Wyze cam looking outside, but the IR doesn't work through window, so I'm just waiting for the outside Wyze cams to be a thing. Once I get those I might repurpose some of the regular wyze cams to do time lapse videos of the weather from upstairs. Florida has interesting weather.


I also have a Wyze cam on the inside of a window looking out, and you're right that the IR would just reflect in the window, making it useless at night. But I think you can put an IR bulb (or LED array) outside, and just have that light up the area. I'm planning to get an LED array for mine when I have some free time. I also think that you probably don't really need a weather-resistant Wyze cam if it's mounted sufficiently close underneath eaves. Probably depends on how much wind you get in your area though.

The benefit of their upcoming outside cameras is that it will run on battery, and you plug it in only to recharge them.

That's a good idea, I had not thought about that, adding an IR bulb outside. I'm thinking of getting Wyze bulbs for outside though, I'm sick of coming home to complete darkness, just bought the home and there's no smart lights outside yet.

I do need to worry about weather mainly because I do live in Florida, and hurricanes do come through now and then. I will be sure to mount it securely though.


Why would end-to-end help when it's the other end that's watching?

The other end should be you too?

Unless you intend for someone else to oversee your surveillance operation, your footage shouldn't leave your premises unless encrypted, using keys which don't leave your possession. You enter them out-of-band on the device on which you wish to watch remotely.

Is there some implied benefit to not encrypting end-to-end or are they just being lazy and using nothing more than TLS because security isn't really the goal?


> The other end should be you too?

But that cannot work with a cloud-based Motion Detection feature (arguably the second most important feature of Ring doorbell cameras, after the doorbell functionality). The Motion Detection is done server side so the server has to be able to see unencrypted video. Maybe if there was a lot more powerful (and programmable) hardware on the camera side you could do it there.


Makes sense, I thought there would have to be some "good" reason.

Your wouldn't need anything much more powerful than a Pi4B to do that part for a couple of cams, but I guess this keeps the cost down for a security-unconscious public.


I don't see why you couldn't. The hardware to do it isn't expensive, so the camera itself could do that processing locally and just send the data along with the video encrypted to the end device. It might make the product cost a bit more, but it would also eliminate most of the concerns I have with that type of product.

In this context, "end to end" means being encrypted between the camera and the user's devices they use to watch the camera, with the cloud service acting as an intermediary between the two, and unable to decrypt the data.

Can't wait for (scalable) homomorphic encryption, where providers can serve you without ever knowing what's in your data.

> It says three employees can currently access stored customer videos.

I can't think of a legitimate reason for 1 employee at Ring to have the capability of viewing customer videos.

1. Law enforcement requests? Blind-forward what the warrant asks for.

2. Verifying service is functioning? Canary devices utilizing the normal application workflow. Login to your canary account and make sure the video is working.

3. Customer asks you to review something? Just say you can't. The world will be happier.


In an ideal world, sure. But it's easy enough to imagine how you'd end up with this situation.

For example, you have a customer support phone number, and you want your call centre workers to be able to see exactly what the user sees, and help the user do anything the user can do through the website. After all, if you're keeping your support costs down, the website should be able to do 99% of what users call support for already.

So you give your call centre workers a 'log in as customer' option. And you justify to yourself that there's access logging, and staff are under strict orders. Maybe it's before you've released any indoor cameras, and it's not like people are putting doorbells in their showers.

Sure, it'd be a sensible extra feature if log-in-as-customer was a special mode that didn't show videos. But is that really a minimum viable product? We'll put that on the backlog to attend to later.

Et voilà, your call centre workers can watch customer videos.


Even if you offered a “log-in as customer” feature, that could incorporate a notification and/or authorization request to the user so that it can’t be abused.

We implemented this at my work. In order to sign in as the customer, the customer must first explicitly consent to this and can withdraw that consent (and the ability to sign in as the customer) at any time. Without the consent, the sign in as customer function in our support tools doesn't work.

There are some agents/admins with override abilities but the overrides are logged and reason (with ticket number) is required to create the override.


Sure, but with just-in-time approvals for a specific time window, for a specific customer, with approval coming from management. Anything else is asking for abuse.

How does that prevent abuse? It might reduce it, but as long as it is technically possible to view forward without user consent, it will be abused.

For scenario 1. the employee would still have access they just wouldn't be using it.

Why would that be the case? It's trivial to separate identification from content.

I guess the employee could send the video anywhere, including to themselves.

There's always somebody with root access to the servers.

Encryption with customer managed keys solves that pretty easily. It also solves any ethical questions with regards to furnishing data to comply with warrants.

This creates a new problem of managing keys, of course, but that's been solved many times now in other parts of the industry.


There are numerous logistic issues with this approach. How would you implement a feature where users could log in to view the footage while away from home? They would need the decryption key, and if the server doesn't have it how would they get it? The only secure option is from the device itself, which is a pretty big UX challenge.

However, worse, features that use AI to detect movement/people/etc can't be implemented without access to the underlying video stream. The only remotely viable way would be via homomorphic encryption, which has serious limitations still.

It's far easier to do what they did, and just limit root access to a very small number of trusted people.


"How would you implement a feature where users could log in to view the footage while away from home?"

The "decryption key" can be a password-like object rather than an AES key, though that does require some security, and browsers are, if not quite ready to decrypt a stream and then render it as a video file, getting pretty close to that.

However, any client provided to the user by the video company itself, web or app, has the risk of exfiltrating the key back up to the video company, and I don't think the market will support a video company where you have the inconvenience of being required to get a third-party client to use it.

"However, worse, features that use AI to detect movement/people/etc can't be implemented without access to the underlying video stream."

The hardware to do this locally isn't that expensive, but again, the market would have a hard time standing for it, because this is inevitably going to be more expensive than the competition.


> The hardware to do this locally isn't that expensive

Wyze cams do "edge detection" AI in-camera, and those cameras are only $20-25. It seems to work pretty well to me. Although, the company that developed the AI is pulling out of the contract with Wyze. Nonetheless, it shows that it can be done cheap.


The market can be easily scared by the thought of random employees spying on them. I'd easily pay $50 for that peace of mind.

> They would need the decryption key, and if the server doesn't have it how would they get it?

Either carry it with them or enter a passphrase (for use with a key derivation function; I guess/hope that Ring requires some passphrase to view video via their website anyway). That's a rather common problem.

As for "AI", depending on what you mean by that, it can be implemented in the device itself (unless it's something particularly fancy, requiring more resources than viable to dedicate there).

It's indeed easier and slightly more convenient to not care about security, but that's also a general/common case.


Keybase seems to have a pretty good strategy for passing encryption keys between devices without Keybase itself having access to the keys. (I feel like this would be a great market for them to insert themselves into, possibly licensing their platform to IoT vendors.)

But yeah, I imagine you'd have a passphrase/key that can be found on a new device, perhaps via a QR code, and then signing into a new client device would require you have access to the old device to approve it/allow the private keys to transfer between the two, etc.


How are you going to datamine and AI train and sell customer data for to advertisers for profit, if you can't read the customer data?

Google makes billions from doing this, if we wanted Google to not be able to do this at all, we would have to pay them the same money (more!) collectively to incentivise them to do that instead. And I don't see any movement to take that into account and be willing to do it.

I don't know much about Ring, but I would be amazed if there was no plan or dream in their business model for things like "face recognition to let your friends in", or "tracking suspicious people around your neighbourhood" as a police contractor, or "selling info to FedEx about what their drivers are up to as seen from the customer side", or "selling data to real estate sites about which roads are busiest or quietest", or anything else they can gather.

Saying "my data, my property!" is a principle I can support, but without facing up to this, Ring's answer is very likely to be "we're secure don't worry about a thing .. behind you! a three headed monkey!".


What about to verify that video backups/storage are working correctly, to prevent an issue like the Gandi one on the front page right now?

I was always skeptical of cloud-based camera solutions due to privacy & bandwidth concerns, but now that those concerns are being proven true and reported in mainstream outlets I can’t imagine any reason to purchase them now. Long-term prospects for Ring can’t be looking good.

You vastly underestimate the complacency of average consumers.

Yep, and Ring has already proven its model. If privacy were an actual problem, Ring would not have made it this far.

This might be an education gap. That is, people really like the cameras and the way they work/ease of use, but they may not be aware of how non-private the recordings are. If they were, their opinion might be very different.

For some portion of their customer base, I'm sure that's true.

Ring's biggest product is their doorbell and I'd be willing to bet that a big chunk of their customer base isn't that concerned if somebody accesses their doorbell video. I'm not sure I'd care...


Marketing this kind of product directly to consumers is a fool's game. Consumers will always ask inconvenient questions like these when they're forking over their own money.

Pretty soon Ring will shift to working primarily with security and insurance companies who will bundle this into their own service offerings. The end customer will never even know what gets recorded, where it's stored or who has access.


It has a lot of advantages. Now when a criminal steals my package I alert the police immediately with 100% return rate so far. Before Ring, I would go home and search for a package for thirty minutes before realizing it was stolen. I'll gladly pay $3 a month for this service, it pays for itself. As far as privacy, I don;t have the privilege of a gated community to keep thieves out so this is the next best thing

We're being sold a problem and a solution.

Upcoming /s-

It would really suck if someone could watch my front door. Like, they might know when my package arrives?

Or what if someone checked my naked footage?

/S

I really don't care. Should I care?


The only reason you had to explain it was sarcasm is of course you should care. You sound like one of those "I have nothing to hide" people even though having something to hide is completely irrelevant. You're being spied on and you don't see any problems with that? And by the way, everyone has something to hide whether they know it or not.

There's that one TED talk about privacy where the guy says something like, "People say they have nothing to hide, but do any of you want to give me access to your private email account right now? No? Right, no one's ever taken me up on that".

I've always thought that was a bit of a strawman. In the case of my front door, I really wouldn't mind even if it were livestreamed for the whole world to watch. I agree that "I have nothing to hide" is generally a poor argument, but I think when it's more specific it can be a valid statement, e.g. "I have nothing to hide when it comes to things that go on outside my front door". I can't recall in my entire life a single event outside my front door that I would care about other people being able to watch. Can I imagine a scenario where I might want privacy at my front door? Sure. Maybe my friend becomes a fugitive and comes to me looking for help. Maybe I become a CIA informant and they come to secretly meet with me. But in the few situations I can think of where I would actually care about total privacy around my front door, I'd hope I would have the prescience to pop out the batteries in advance. I legitimately cannot think of a single case in which I might care that someone is watching my front entryway.

Of course, I don't feel the same way about other camera positions. But I think I'm a pretty security-conscious guy (my in-home security cameras are airgapped and streamed to a local server) and I have a Ring on my front door and have no qualms about it.


If your front door were live streamed then people can basically watch your front door 24/7 while being invisible to you. They can watch long enough to be 99% certain the house is empty and rob you, or they can see if a package has arrived and you're not normally due home for hours and grab it. It would make casing the joint pretty easy.

My big problem with IoT devices is trust. When a third party has control of my data, I have to trust the company is going be a responsible steward for my data. This is particularly telling since few of them (none?) have binding terms of service which protect the rights of the buyer. So you have situations like this where abuse happens or companies like Canary which made a rather big and infuriating change to their policies on storing data. To make things more complicated, if it's a small company you have to worry about it getting acquired. I've had multiple occasions where products I've purchased have shifted from having decent terms to terms which make me want to toss the product in the trash.

As a result, I'm extremely cautious about purchasing IoT products. I haven't given up smart devices entirely, but I avoid the ones that require an account to sign in or rely heavily on cloud services. Smart cameras are particularly tricky since they reveal so much about you, particularly combined with machine learning and face identification.


I avoid the ones that require an account to sign in or rely heavily on cloud services.

This is the best IoT advice I can give anyone. I've had at least a dozen "smart" lightbulbs orphaned by two different companies. One went out of business, the other just decided not to support them anymore.

The amazing thing is with the first group of bulbs, the IoT company actually pushed out a software update bricking the controller box before it went out of business. This was a box that could have functioned forever because there were several tinkerers who had reverse-engineered the protocol and seemed close to releasing open source integrations.

Naturally, there was no notice. The only way I found out was when the bulbs wouldn't respond anymore and I went to the company's web site where there was a notice.

You know what doesn't always work? Smart light bulbs.

You know what always works? Dumb light bulbs.


One of the most frustrating was my anova Sous Vide with bluetooth. It had a fairly useful app that worked well for monitoring temperature and setting temperature until they changed their policy to force users to create an account on their site. Fortunately I can just use the cooker without the app entirely which is much better than what Canary did.

I do like my smart lights, but I'm for a good chunk of them I'm buying the ones where the brain is integrated into the switch and the switch defaults to being a dumb switch when it can't find the cloud connection.


that's also why sometimes it's worth a little more for the name brand/larger company. I paid a little more for Hue, but my first bulb still functions the same or better than the day I bought it.

Agreed, but at the time there were no big brands. Now if I buy IoT, I buy Homekit simply because I think Apple is the least likely company to go out of business or abandon the kit.

We built a video security assistant that's completely autonomous. Hoping to start selling direct in a month or so.

The only thing surprising is that they were caught, this time.

Keep your camera footage local or demand end to end encryption.


I have a couple of these devices outside along with some more traditional hardware going to a local DVR. I wanted cloud video storage in the event someone stole my dvr. I accept that someone someone may have access to this footage. I trust Amazon/Ring more than I trust some random Chinese company.

> I trust Amazon/Ring more than I trust some random Chinese company.

Really? Why?


Because I worked at Amazon and I know how seriously they take data security.

And yet, literally, this article shows that you cannot.

Huge difference... Chinese company wouldn't fire them, it would give all of that data to a whole bunch of people in the government.

At least the homeowner has a choice to upload their video to ring.

Street-facing doorbell cameras on public sidewalks are in my opinion the worse problem. Pedestrians didn't opt-in. Operators of these cameras (both the buyer and the vendor) should be subject to the same legal obligations as other data collectors.


My neighbor, across the street, has a Ring camera aimed directly at my house, since that is where their front door faces. What is my recourse for preventing my private property from being recorded?

You have none. a tv crew could set up outside your house and record indefinitely. or even go through your trash. People are allowed to record public spaces. It's just bad behavior and the consequences are social

Sounds super illegal and not GDPR compliant. You're not allowed to tape my private property without my consent. At least in Europe.

OP lives in the US.

Find a 5mw near-infrared laser and aim it at the camera across the street

Seems like overkill, and potentially harmful (if someone gets their eye in the way of the beam, or even a pretty good reflection of the beam).

grow trees? not really much else and it kinda sucks. The same goes for cameras in businesses, you walk into a coffee shop and they have 15 cameras, and all the transactions are cc so there's like nothing to steal? But it's pervasive, everywhere has cameras and it's just a thing that happened without much thought. Most of them are being uploaded these days too.

There was a post about WiFi deauth attack against Ring devices:

https://news.ycombinator.com/item?id=21889837

Disclaimer: This is not an invitation to do such a thing. Be mindful of laws in your jurisdiction and ethics of this.


Where do you live? In some European countries you need a license for surveillance cameras as in you're not allowed to record public spaces, only your private property must be in frame and for this you need a license. Otherwise you face significant fines.

GDPR is on your side here as well. I had to consent to the surveillance cameras when I joined my local gym.

Also at our workplace we had to consent to being taped by the main entry surveillance cameras and the company is not allowed to view the footage, like for performance reviews :), unless a theft or crime has occured.


Personally, i'd use one of these https://www.wickedlasers.com/arctic to resolve the issue

aim well

:)


Depends on your location. NY has some laws now. As expected Europe is strict, here is UK guidance. https://ico.org.uk/your-data-matters/domestic-cctv-systems-g...

> What is my recourse for preventing my private property from being recorded?

Either put up a visual barrier or move.

This sort of thing is why I consider products like Ring to be terrible and highly antisocial. I would avoid even going into a neighborhood that had many of these installed, let alone live in one.

Also, am I the only one who thinks that the prevalence of these devices in a neighborhood is a very strong indicator that the neighborhood is sketchy -- either it has a lot of crime, or it has a lot of very paranoid people.


What's the big deal if it's ring, or me with a bunch of chinese-made POE cameras and blue iris as a local server? shouldn't people have the right to set up surveillance on their own house for protection and deterrence?

saying people are paranoid for having cameras is ridiculous, people also have security systems. It's a deterrent and doesn't necessarily mean high crime. if you live in Major City like I have my whole life, it's just a fact of life that you're going to want stuff like this.


> What's the big deal if it's ring, or me with a bunch of chinese-made POE cameras and blue iris as a local server?

If it's just you with a local server, then I only have to worry about you. If it's going to someone else's server, then I have to worry about them as well. And in the case of Ring specifically, that someone else is Amazon -- which is even more concerning.

> shouldn't people have the right to set up surveillance on their own house for protection and deterrence?

Sure, I never said otherwise. I have a surveillance system myself (on my own local servers), but I take great pains to ensure that no cameras are capturing anything that isn't my property.

> It's a deterrent and doesn't necessarily mean high crime.

I never said that it automatically means a high crime area. It's just highly suggestive of it. If it's a low crime area, far fewer people would feel the need for this sort of thing.

> if you live in Major City like I have my whole life, it's just a fact of life that you're going to want stuff like this.

No, it's not. I've lived in a number of major cities, and have never felt the need to point cameras at my neighbor's houses or the street.


https://shop.ring.com/pages/privacy

> At the core of Ring, and guiding every action we take, is respect for the privacy and security of our neighbors

> Nobody can view your video recordings unless you allow it

Sounds pretty straightforward.

Send Ring's legal dept a letter telling them you don't allow it (privacy@ring.com, then certified mail when they ignore you the first time).


Put up a fence.

If it's public property, there's nothing to opt in to, nor is there a reasonable expectation of privacy by definition.

build a fence/wall/hedges.

What's a good cloudless setup? I've got a couple zwave devices, and have been looking into OpenHab. Win10 compatibility would be a bonus, as well as the ability to run my own OpenCV video analysis and voice recognition stacks...

Ubiquiti’s offerings can all run 100% locally. I have my entire setup using PoE so each only needs a single cable.

You can also access it remotely, too, which is nice. If you don't have a fixed IP/don't want to manage firewall rules, they have a central service that creates the handshake between your remote device and your NVR to facilitate the connection.

I'm actually planning to do same thing, probably also use that to install PoE wifi access points. I think I also will need VLAN functionality. Which switch do you use?

Also any opinion about their recent fiasco with telemetry?


I've been considering Ubiquiti since I'm going to redoing all the networking in my new house. Does Ubiquiti offer inner sort of facial-recognition-based alerts?

What do you use for motion detection? I've found the Unifi NRV motion detection to be very poor. Especially raining at night.

I'm working on IP cameras sending their video to Surveillance Station on my Synology NAS. Totally local recording, and was super easy to setup with some random IP cam I had laying around.

My plan is to run cable for PoE cameras soon. Will have 24/7 recording, but accessible only locally.


Unifi Has a completely cloudless setup.

https://unifi-protect.ui.com/


It seems odd to automatically trust some surveillance equipment company to not spy on your video footage when they have that access. Not to say that these companies are all untrustworthy, but rather that it would be imprudent to assume trustworthiness by default.

There are other solutions out there, like using a Raspberry Pi Zero [1] with some OSS[2]. The caveat here is that it requires a greater time investment from the consumer.

1: https://www.raspberrypi-spy.co.uk/2017/04/raspberry-pi-zero-... 2: https://github.com/ccrisan/motioneyeos/wiki


How is this even possible? I know that at Google, there was no way to access customer data directly. So this couldn't happen. That seems like a saner design


nope, joined in 2012

Same is also true at Amazon (at least from what I can remember).

How is this even possible?

not the same, but years ago i worked on a cctv/dvr system for a Giant Electronics company. we watched HOURS of video (most w/o audio) as part of the rma process. there was good reason for it, as a failure in a circuit is sometimes a function of heat and time. there was one case where the device's ambient temp would spike and the video encoders would produce garbage output every few minutes. replacing the encoders resolved the issued. we kept a locked cabinet where drives with potentially sensitive video was kept, for instance we had a device that had been at a bank during an attempted robbery and had been malfunctioning. we stored the drive until it was certain the recorded data was corrupted, and not the playback system on our device. eventually the authorities agreed to take custody so we could get it off our hands. i was on the tech end of things and not the business end, so i cannot say what sort of privacy expectations our customers had. most of these were installed in businesses...but we did have a few from private residences.

Well, people who are unaware, or uncaring of the fallout, decided to install peep holes in their homes, with the implicit belif that no creep would be so vile as to actully look in. Now we have a quarter billion of those holes installed. Neat huh?

But peep holes are one-way, and the manufacture does not have the ability to remotely view the peep-hole.

Question is more like "why wouldn't this be possible"

I'm willing to bet this is a PR attempt showing something along of the lines of "look, we protect your data by firing the people that look at your videos!"

Which is absolute nonsense if this is their data protection policy. They'll only ever catch maybe 5% of the people doing it. This is also likely meant to hide the fact that their Ring security is extremely porous and they may want to keep it like that because that may also be how law enforcement gets access to those videos right now. Changing this may mean disrupting the police's access to them for a while.

https://www.wired.com/story/ces-2020-amazon-defends-ring-pol...

Combine this with all the security issues AWS buckets have had, along with employees also accessing Alexa recordings, and it's almost starting to look like Amazon doesn't care all that much about securing your data...


> They'll only ever catch maybe 5% of the people doing it

I wouldn’t be so confident about that. I’ve worked with a few large organisations where customer service staff needed to have access to sensitive customer data, and they usually had pretty good systems for detecting improper access to data, and would monitor it quite actively. I have no idea what monitoring systems Amazon has in place, but they could easily be doing quite a good job of it.


On a tangent, does Apple already have a solution to their Spanish problem?

Siri is apparently activated at every mention of the word "si" and specifically even more during bed room conversations.

https://www.google.com/amp/s/nypost.com/2019/07/29/apples-si...


It's the 2020 version of NSA employees using their vast surveillance apparatus to spy on their ex's[1]. Except this time people willingly let a for-profit company have streaming video access to their home.

What's next, people installing microphones in their home that stream audio to Google or Amazon?

[1] https://www.reuters.com/article/us-usa-surveil-lance-watchdo...


If a local home security surveillance company rolling up in a van installed cameras that they then used to spy on their customers, it's very likely the owner would be prosecuted. What puts Ring/Google/Amazon/etc above that standard? Just being large?



Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: