The security cameras aren't exposed because of Google, but rather because of a website admin that didn't know what he was doing. Google's responsibly for this is akin to the responsibly a construction company has for building roads to an insecure bank. :-p
For the majority of these I doubt there even is a website admin. I think most of these urls were found by people that have the google toolbar installed looking at their own private cameras.
There are downsides to the toolbar, one of them is that google knows about urls that are never linked.
Do you have any examples where URLs that were only discovered via toolbar reporting (from one or any number of visitors) appear in Google's search results, even though never linked from any other page?
Some sites use unique per-user access URLs as their only access-control; I would have expected more tales of woe if such URLs regularly received Googlebot visits or appeared in search results.
I've personally had the googlebot visit an under-construction site that happened to have a few juicy keywords on it.
This led to a lot of trouble...
Since then no more google toolbar for me. Google denied involvement, we later figured that it might have been an adsense or analytics tag as well, but there are supposedly no flows of data between those projects.
The damage was done, the page should have been password protected, we learned our lesson and moved on without spending a whole lot of time on finding out if there may have been another cause, we couldn't see another one that was likely.
There are plenty of other cases like this on the web, Google has always denied any kind of flow from the toolbar or adsense/analytics to their search crawler.
One thing I do know: if you are building a website and you have adsense tags on the page you can not password protect it and expect to receive relevant ads because the adsense crawler can not reach your content.
AFAIK the best workaround for this problem is detecting the bot and presenting a different page (or at least one without a log in).
"Google's Search Service
Google Toolbar is designed to be used in conjunction with Google's search services. Accordingly, your use of Google Toolbar is also defined by Google's Terms of Service and Privacy Policy. "
And nowhere does it explicitly state that the toolbar data is not used to enhance the search engine results, personally if they had no other use for it as a discovery tool then I would wonder why it was made in the first place.
If google does not use the toolbar data in any way then it would be a small matter for them to say so loud and clear in the toolbar license or their privacy policy.
Another possibility: if the page had outlinks, the URL could appear in public referrer logs elsewhere. (Pages like intranet login-only wikis often reveal their internal URL structure to outside sites that way.)
The default setting on most ip cameras is "public". I can't remember it atm, but there's another search you can do that exposes a ton of cameras of the form
<uniqueID>.something.com where something is setup by the camera makers to provide an easy way to share your cam. (This isn't anything new, I was thinking of doing some analysis on all the public IP cams you can find on google a few years ago).
The default robots.txt on my Axis camera is deny. Myself and many others often change this to watch people play with the camera and catch things out of the ordinary. Mine is a 35x optical zoom, pan and tilt, have fun:
I like to use such analogies, but have actually found them very limited for persuasive purposes, or only very effective with certain kinds of abstract thinkers.
Of course, if you already agree with a speakers' point, the analogy makes sense and helps make the matter vivid.
But when a listener intuitively disagrees, the analogy can derail discussion. Even though in the spirit in which it was offered, it aligns one axis of the issue at hand, with one axis of the offered analogous situation, the listener instead may focus on -- and comment about -- every other dimension of the two things that are wildly different.
For some thinkers, all those other differences are easy to factor out -- of course they're different in those dimensions, and the wild variance only serves to highlight the similarity-in-one-dimension-of-interest. But for other fuzzier/holistic thinkers, every difference is a distraction to be considered separately, and the attempted analogy may harden them against your point.
Worst case is when some other aspect of the analogy so dominates listeners' thought (or can be cynically flipped against you to imply you've said something you didn't mean). This is why Nazi analogies can be so conversationally-derailing -- whatever one small comparison was being intended, the response is "how dare you call [Bush|Obama|Teachers' Unions|Evangelicals|Mall Santas|etc] Nazis!"
Try explaining tech stuff to tech-illiterate people. The road analogy has come in useful many times when explaining the ethics of vulnerability research and related security matters.
Way back in the day of the first ptz webcams we were installing one in a zoo in Amersfoort, the Netherlands where an Elephant was about to give birth.
The webcast was tremendously popular, over half a million visitors over the course of a few days (at the time this was phenomenal), we set up relay stations just to be able to handle the bandwidth.
Being in a cage with a 6 metric tons pregnant elephant is quite an experience I can tell you :)
A few weeks ago I scraped the results from one of these searches (using Yahoo BOSS). This page shows the live streams of a random subset of them. Scroll to see more.
Could you geolocate the IPs in the scrape and then overlay them on top of a Google Maps API? That'd be a bit more useful: security cameras in your neighborhood.
If anyone remembered johnny i hack stuff from way back (mmm nostalgic) that popularized using google to find vulnerabilities such as this. The reincarnation of that site seems to be http://www.hackersforcharity.org/ghdb/ (lists a wealth of google discoverable devices/services and other stuff)
I think the makers of these cameras should include a 'robots.txt' by default that stops crawlers (or more correctly asks them to stop) from indexing the cameras.
I highly doubt this is intended behaviour, some of these look like they were not meant to be exposed to the general public.
Hah. I can't believe someone made an AdSense farm for these cams with this search term as the domain. It came up towards the bottom of the first results page for me.
Man I remember doing this stuff /years/ ago. Can't remember where I learned about it... Maybe 2600? Lots of sweet cameras to look at in Japan. Of course back then I was using a dial-up connection so to be able to see more than a frame every few seconds is a welcome improvement.
Full-disclosure equals reduction in vulnerability here, in an odd way. Because of links about this all over the blogosphere, the google search results are now mostly cluttered with stories about it, instead of the actual pages. (Although you can still find them.)
The quality of the images is so bad with these I wonder what "security" at all they do provide.
Scientific surveillance studies have shown that CCTV has no positive effect on crime. Either the crime happens elsewhere or it happens anyways and just gets filmed.
The only thing that CCTV changed is that you have footage of masked burglars afterwards or you catch some people having sex in the act.
Statistics suggest that catching the criminals on tape does not mean more of them get arrested either so it's just about civil liberties being taken away.
I'm quite strongly against CCTV but the claim that they are not a deterrent is false.
3% of the crimes solved in areas where CCTV systems are set up were attributed to that. This is a pittance, but it is 3% more than would have been solved otherwise.
The real drawback of CCTV is the 'false positive' rate, and the fact that people that should not have access to the data (which was sort of the point of my posted link) are able to look over the shoulder of the people in control of the cameras. This is a serious invasion of privacy.
