As a Nest owner with multiple cameras, I find it hilarious that no real features have been introduced in years, and this is what they come up with instead.
If they would spend more time shipping features I might not care as much but they have done nothing and instead they ship this stupid “feature”. They don’t allow us to train the cameras to ignore moving trees or shadows, repetitive noise like birds cawing, or fix their “familiar face” functionality. I’ve had complete strangers identified as being a familiar face, and I’ve also had cars identified as a familiar face.
My thoughts exactly! I've had outdoor nest cameras for a couple of years now and was expecting at some point it'd learn that the trees moving or bugs flying across the camera were not interesting but nope...... we get this...
It seems like I'm not the only one annoyed at nest lately though. I actually backed a indiegogo last week called Camect that hopefully will fix a lot of these issues and you don't even need to replace the nest cameras, though you can if you want to. I recommend checking it out!
Nest thermostats are also very stupid. The 'smart' mode tries to build a schedule of activity based on how much you walk past the specific spot on the wall where your thermostat is, and predict when to heat the house based on that. It's garbage, we (and everyone else I know) just sets a schedule like a normal thermostat.
Given Google has access to my and my partner's calendars, why not link them and use that instead, and cut the AI shit?
I've only recently purchased a Nest doorbell... but the comments here and some quick searching suggest I'd be far better off purchasing the remainder of my cameras from somewhere that is in the business of selling hardware like Ubiquiti, and then either using local storage (with sync to personal cloud) or something like this Camect thing.
At the very least, it looks like the lack of exposed onvif / rtsp on Nest cameras is an issue that will mean I can't avoid the high subscription price and bandwidth use (and it's the bandwidth that bugs me, I'd rather store HQ to disk locally whilst transcode to a lower def for the cloud, and then have it be my cloud accounts).
Not sure why this was downvoted - except maybe the "nothing to do with your satisfaction" part being a bit over exaggerated. Google's priority is ad rev. Everything else is secondary.
It's like being an airplane engineer for a living, making great money, and then promising your neighbor that you'll fix the brakes on their car for 20 bucks. Maybe...one day, when you're bored, you'll get around to it, but it's definitely not your priority.
This seems equivalent to security theater in response to misplaced fear and mistrust over cameras in general. I understand why they felt pressured to make this change (and the "good" PR it results in), but I can't help but shake the fact that, well, it doesn't actually do anything.
Bad actors will just disable the light in a myriad of ways. People will still mistrust cameras because the light can be disabled. Drawing over the light with permanent marker (or doing something temporary like putting tape over it) doesn't even create a small barrier of entry for people secretly recording. If they want to secretly record, it's not significantly harder now than it was yesterday.
The only thing this is supposed to accomplish is appeasing people that don't understand technology yet make a ruckus over Google disrespecting privacy. Now Google can say "no look, we do!" and those people will complain about something else.
The LED needs to be connected to the power lead on the camera. Then it cannot be hacked via the software.
Also, microphones and cameras need physical switches to enable them, not software switches. Preferably with an LED indicator too.
This is what I did with the electric fuel pump on my car. A dash light connected to the power lead, and a physical switch. There's also a low oil pressure switch that'll interrupt the power to the fuel pump.
Other than physical access to the camera (at which point they will more likely just install their own cameras), how precisely could attackers disable the light in any plausible ways? I’ll offer one for free:
1) “Forcing Google to do so through a government court order that leads to a firmware update to that specific camera”
What other methods besides “issue Google-signed firmware to the device” are you implying exist (“a myriad of ways”), that are obvious enough to be taken for granted without further explanation?
I can’t see them, and so unfortunately I must request that explanation.
> how precisely could attackers disable the light in any plausible ways?
The light is software controlled, as this very change clearly demonstrates. The fact Google can turn and off the light at a whim suggests an attacker could. Your defense of this being possible is based on a vague theory of infallible security.
You even seem to use a fictional quote to that end:
> What other methods besides “issue Google-signed firmware to the device” are you implying exist
Who are you quoting? What are you quoting? And where can I read up on google's infallible firmware signing strategy that you're implying has the ability to block exploits and bugs?
Despite claims to the contrary you're less "requesting an explanation" and more making several unsupported security claims, then asking people to refute your claims as if they were factual in nature.
If this device was as secure as you imply that would be quite unique for smart home devices in general, and software in general for that matter.
When I think of bad guys with cameras, I think of Airbnb scams and the like hiding cameras in a home/office/etc. When they have physical access to the camera, there's a million ways to disable the light ranging from nail polish to opening it up and rewiring it.
I wasn't even considering remote attackers, but I'd imagine it's not a large step from [compromising a remote camera such that you can remotely record] to [compromising a remote camera such that you can control other software features while remotely recording].
I admit this update does make it a bit more difficult (for now?) for remote hackers to secretly record people; I'd be interested to see how prevalent that is compared to people actually just recording people with their own cameras.
This feels like a double edged sword. On one hand, yay, now I'll know for sure that the camera is on and I'm being watched.
On the other hand, we know that the light is obviously software controlled, so now we're going to get people used to the idea that "light on == camera on/ light off == camera off", and then when the camera gets inevitably hacked, people will be a lot less cautious if the light is off, assuming the camera is off.
"About the glowing red light on the pre 12v Bus which was my constant 'little worry' on many night trips: there were many, many explanations. All seemed valid and I really appreciate them all, but the cat who seemed to have the best grip on the problem suggested painting the button with heavy red fingernail polish so I couldn't see the dim glow, but could still see when the light actually came on."
i think the obvious solution would be to have the light in series with the power to the camera, so that in order for the camera to be on, the light will also have to be on
Early macbooks tried to do something like this, but got it wrong. The camera unit had a bunch of pins, including a "STANDBY" pin which turns off the sensor, and they wired the green LED directly to the standby pin.
But then in 2013 some researchers figured out that actually the camera unit is an entire system-on-a-chip, with a configuration register accessible on an i2c bus, so they could write some malware which first re-configures the camera to ignore the standby signal, and then turn it on...
The paper notes that many camera units have a separate power connection for the CMOS sensor itself, which would be more secure. And I hope later-model macbooks have fixed it. But I guess this shows that it possible to get even seemingly bullet-proof solutions wrong.
(As a more practical problem, I have also seen suggestions that it's possible to turn on the camera, take a photo, and turn it back off again too quick for the LED to be noticable, and if you do that several times per second you could capture low-frame-rate video without the green light, so even a hardware solution might not be perfectly secure.)
The obvious solution is to make this a regulatory requirement.
You want to sell cameras in this country? The on indicator light must be hard wired.
With exception for some professional grade equipment, or the ability to physically cover the indicator light when the recording environment requires it, for whatever reason.
Of course, and that's how most webcams work. But my point was with this particular camera, they clearly didn't build it that way, but now they're going to make people think they did, and that's what is dangerous here.
I originally got an Amazon Tap instead of an Echo because it required hitting a button to listen.
Then they added an all setting that let me toggle the always on capability and I realized it was just a software button and that in theory it could listen in whenever and I'd never know. The lack of reliable user controlled methods of limiting recording devices is disappointing. Is there some sort of sound dampening material that could be made into a cover for devices like this?
But we won't know for sure. As you say in the next line, it's software controlled, so it could be showing the light and recording nothing, or vice versa, or behaving as documented.
Hopefully, sooner rather than later, a Google-Snowden will emerge revealing the truth about Googles data collection and truth about if that data really is being deleted.
I have two of these cameras in a window, so they can see outside. Keeping the LED on all the time makes them useless at night from reflections, so I always turn it off.
It seems really wrong that I am "allowed" to add electrical tape, but not to click a checkbox.
Same config -- right inside a window. It took three layers of tiny tape squares to conceal the light on mine today. The cameras run pretty hot and the adhesive is going to make a gooey mess.
I have no issues as long as the device was not changed after it was sold.
Being able to disable the light was a feature, now it is not. I likely would have not bought these if the ability to disable the light was not a shipping feature.
And I would really not care if all new devices being activated did not have this feature. But I do care that my devices will stop working one way and start working another way.
If a car mfg forced driving lights remotely and killed your ability to run and operate the car without the driving lights I feel like this issue would get more clear resistance. The workarounds are cute but the alarming issue is that we paid for these things with XYZ capabilities and specifically someone thought this feature was good enough to build and ship and maintain for years. Now that feature is removed, I guess this invalidates the previous use case to have had it. It seems fair that new cameras would have this “feature” baked in, old cameras notta. Same use case for the car scenario.
>If a car mfg forced driving lights remotely and killed your ability to run and operate the car without the driving lights I feel like this issue would get more clear resistance.
What use case are they trying to solve for? It's confusing to me. Especially this:
>On Nest Cam, Dropcam, and Nest Hello, the status light will blink when the camera’s live video is streamed from the Nest app. The setting to turn this off will be removed.
So now someone trying to break into my house will know that no one is looking at them on the camera so it's all clear?
No, because that's worked around with tape on the led. I think the use case that they are trying to solve for is to avoid camera owners unintentionally recording activities of other people who are unaware that they are being recorded, and then ending up with footage that they probably wished they hadn't captured because it makes them feel pervy. Maybe parent setting it up for security but ending up with videos of their teenage kid making out...
Readit News
If they would spend more time shipping features I might not care as much but they have done nothing and instead they ship this stupid “feature”. They don’t allow us to train the cameras to ignore moving trees or shadows, repetitive noise like birds cawing, or fix their “familiar face” functionality. I’ve had complete strangers identified as being a familiar face, and I’ve also had cars identified as a familiar face.
Google is a terrible consumer product company.
It seems like I'm not the only one annoyed at nest lately though. I actually backed a indiegogo last week called Camect that hopefully will fix a lot of these issues and you don't even need to replace the nest cameras, though you can if you want to. I recommend checking it out!
Given Google has access to my and my partner's calendars, why not link them and use that instead, and cut the AI shit?
At the very least, it looks like the lack of exposed onvif / rtsp on Nest cameras is an issue that will mean I can't avoid the high subscription price and bandwidth use (and it's the bandwidth that bugs me, I'd rather store HQ to disk locally whilst transcode to a lower def for the cloud, and then have it be my cloud accounts).
It's like being an airplane engineer for a living, making great money, and then promising your neighbor that you'll fix the brakes on their car for 20 bucks. Maybe...one day, when you're bored, you'll get around to it, but it's definitely not your priority.
Bad actors will just disable the light in a myriad of ways. People will still mistrust cameras because the light can be disabled. Drawing over the light with permanent marker (or doing something temporary like putting tape over it) doesn't even create a small barrier of entry for people secretly recording. If they want to secretly record, it's not significantly harder now than it was yesterday.
The only thing this is supposed to accomplish is appeasing people that don't understand technology yet make a ruckus over Google disrespecting privacy. Now Google can say "no look, we do!" and those people will complain about something else.
Also, microphones and cameras need physical switches to enable them, not software switches. Preferably with an LED indicator too.
This is what I did with the electric fuel pump on my car. A dash light connected to the power lead, and a physical switch. There's also a low oil pressure switch that'll interrupt the power to the fuel pump.
1) “Forcing Google to do so through a government court order that leads to a firmware update to that specific camera”
What other methods besides “issue Google-signed firmware to the device” are you implying exist (“a myriad of ways”), that are obvious enough to be taken for granted without further explanation?
I can’t see them, and so unfortunately I must request that explanation.
The light is software controlled, as this very change clearly demonstrates. The fact Google can turn and off the light at a whim suggests an attacker could. Your defense of this being possible is based on a vague theory of infallible security.
You even seem to use a fictional quote to that end:
> What other methods besides “issue Google-signed firmware to the device” are you implying exist
Who are you quoting? What are you quoting? And where can I read up on google's infallible firmware signing strategy that you're implying has the ability to block exploits and bugs?
Despite claims to the contrary you're less "requesting an explanation" and more making several unsupported security claims, then asking people to refute your claims as if they were factual in nature.
If this device was as secure as you imply that would be quite unique for smart home devices in general, and software in general for that matter.
Perhaps malicious code will be produced which will only take single frame shots, never staying on cycle long enough to trigger the light.
Or it will go unnoticed because it flashes on and off so quickly.
I wasn't even considering remote attackers, but I'd imagine it's not a large step from [compromising a remote camera such that you can remotely record] to [compromising a remote camera such that you can control other software features while remotely recording].
I admit this update does make it a bit more difficult (for now?) for remote hackers to secretly record people; I'd be interested to see how prevalent that is compared to people actually just recording people with their own cameras.
Oh wait, that breaks Google's business model of spying on people, plus it does nothing to the microphones on this thing.
(Yes, a shutter that blocks microphones can be designed, but it's a hard problem.)
On the other hand, we know that the light is obviously software controlled, so now we're going to get people used to the idea that "light on == camera on/ light off == camera off", and then when the camera gets inevitably hacked, people will be a lot less cautious if the light is off, assuming the camera is off.
-- How To Keep Your Volkswagon Alive
But then in 2013 some researchers figured out that actually the camera unit is an entire system-on-a-chip, with a configuration register accessible on an i2c bus, so they could write some malware which first re-configures the camera to ignore the standby signal, and then turn it on...
The paper notes that many camera units have a separate power connection for the CMOS sensor itself, which would be more secure. And I hope later-model macbooks have fixed it. But I guess this shows that it possible to get even seemingly bullet-proof solutions wrong.
https://jscholarship.library.jhu.edu/handle/1774.2/36569
(As a more practical problem, I have also seen suggestions that it's possible to turn on the camera, take a photo, and turn it back off again too quick for the LED to be noticable, and if you do that several times per second you could capture low-frame-rate video without the green light, so even a hardware solution might not be perfectly secure.)
You want to sell cameras in this country? The on indicator light must be hard wired.
With exception for some professional grade equipment, or the ability to physically cover the indicator light when the recording environment requires it, for whatever reason.
Then they added an all setting that let me toggle the always on capability and I realized it was just a software button and that in theory it could listen in whenever and I'd never know. The lack of reliable user controlled methods of limiting recording devices is disappointing. Is there some sort of sound dampening material that could be made into a cover for devices like this?
But we won't know for sure. As you say in the next line, it's software controlled, so it could be showing the light and recording nothing, or vice versa, or behaving as documented.
Like, maybe not tracking your every movement, search, interest, thought, fear, and desire to turn you into clicks for money?
Or hey, maybe give you total control of the information they collect on you?
Nah, let’s turn the LED on and tout our commitment to privacy!
What's wrong with "My Activity"? It gives you access to all data stored in your account and lets you delete all or pieces of it.
https://myactivity.google.com/
It seems really wrong that I am "allowed" to add electrical tape, but not to click a checkbox.
As a consumer of 5 of these things I hate them glowing at me. Any sane person should simply assume that if a camera is aimed at you it is recording...
https://www.vice.com/en_us/article/wn949b/how-corporations-u...
1. https://www.wired.com/2008/07/pervert-alert-j/
Being able to disable the light was a feature, now it is not. I likely would have not bought these if the ability to disable the light was not a shipping feature.
And I would really not care if all new devices being activated did not have this feature. But I do care that my devices will stop working one way and start working another way.
My wife just freaked out and wanted to know why the lite was on, she says it makes her feel uncomfortable.
Result? I have started making designing my own cameras and will be replacing the nest ones with something I have more control over.
I feel like I should be able to get a refund on all these stupid devices now.
This is why FOSS matters.
If a car mfg forced driving lights remotely and killed your ability to run and operate the car without the driving lights I feel like this issue would get more clear resistance. The workarounds are cute but the alarming issue is that we paid for these things with XYZ capabilities and specifically someone thought this feature was good enough to build and ship and maintain for years. Now that feature is removed, I guess this invalidates the previous use case to have had it. It seems fair that new cameras would have this “feature” baked in, old cameras notta. Same use case for the car scenario.
This actually already happens: case in point, Tesla (https://teslamotorsclub.com/tmc/attachments/notifications-co...).
I find the lack of negative press over this disturbing, to say the least- this will kill someone someday.
>On Nest Cam, Dropcam, and Nest Hello, the status light will blink when the camera’s live video is streamed from the Nest app. The setting to turn this off will be removed.
So now someone trying to break into my house will know that no one is looking at them on the camera so it's all clear?
Edit for formatting, sorry, I don't post ever.
Watching a house-guest/renter getting naked