These kind of scenarios can happen with workers in government offices, archives and medical institutions as well. And yet the paper documents are not E2E encrypted.
Maybe... just maybe... technology is not really what should be the core issue here? But we should perhaps look at our policies and legislation? Adding proper liability there will make technology come by itself. The magic of free market doesn't seem to be working here.
The cultural conceit of 'disruptors' is that society has made everything complicated and therefore society is 'ripe for disruption' which if you read between the lines means 'stupid'. Lack of respect means lack of care. Lack of care leads to injury (theirs, and/or ours).
You are right. It's not the tech. It's the arrogance.
From my knothole, legislation comes for things that aren't policing themselves adequately. I think what we are discovering is that there are a lot of domains where the old guard were self-policing to a degree, and the newcomers have absolutely no reverence for anything.
I expect it won't be long before you'll see industries taking a hard look at their internal culture, and then engaging in regulatory capture to keep out the disruptors.
I'm a strong proponent of both approaches. If surveillance infrastructure is in place, and all you have protecting you is law, it only takes one small change, or one warrant, to lose all your privacy (and you won't even find out about it). On the other hand, if the law forbids privacy, technological solutions won't withstand for very long, especially when you can be compelled to hand over your passwords or face jail.
This brought back memories of doing data entry for an insurance company as a teenager. I spent eight hours a day transcribing people's names, addresses, SSNs, and medical ailments, including all sorts of sexually transmitted diseases.
It's weird, now that I think about it. I was just some kid they hired as a temp. We've never really known who's looking at our private data.
I don’t know if Ubiquiti’s feeds are streamed encrypted, but at least the recording infra is 100% local and can be accessed locally without any cloud middleman if desires.
Unless I COMPLETELY misunderstand encryption, E2E encryption only protects your data in transit. It does not mean that data on servers are encrypted NOR does it mean that servers don't have decryption keys to that data if it is encrypted.
Your confusion is around where the end is in this case. E2E would be encryption from the ring device to your other device being used to view the feed (your cellphone for instance). Part of the difficulty in that case is getting the encryption key securely transferred between the two devices without exposing it to anyone else (a non-trivial problem). Assuming that was done in this case Ring employees would only have access to the encrypted videos with no access to the decryption keys to actually view them.
E2E Encryption is usually referenced in messaging applications where the ends are understood to be the two communicating parties, while in this scenario it's a little more nebulous.
In short, yes, because end-to-end implies only a single producer and consumer have access to the data. Storage in the cloud wouldn't be an "end", and therefore it must be encrypted at that stage. The ends are 1) where the data is created by the device, and 2) wherever it is viewed on retrieval by the end user. While it's in the cloud it's still "in transit".
Facebook, if I recall correctly, at one point seemed to be trying to redefine the term to be "encrypted on its way to us and then back out again", which IMO is nothing short of propagandizing to confuse people, I assume to foil demand for real E2E encrypted products and gain unearned trust.
At least in Apple's case, they do not have the keys because it is encrypted by your devices and then uploaded.
It is then only able to be read by your devices because they have the keys to un-encrypt it.
Wyze has End to End encryption for their cloud stuff, or you can save it all on an SD card instead. Wyzecams are also really cheap $20 but they dont have a doorbell, so for now I'm keeping Ring (came with my house) till I see a good alternative.
Please correct me if I am wrong, but Wyze doesn't actually encrypt the files they store, in their case end to end just means that the files are secure in transmission. Apple secure Video actually encrypts the files so they can't be viewed by Apple.
Wyze is using the term end-to-end wrong, which is very disappointing but not surprising. They are considering themselves an end, which changes the meaning in a way to make the term totally meaningless. The end in end-to-end is end users.
How is Ring better than a Wyze cam pointed at your front door? Genuinely curious. I have several Wyze cams but have never interacted with a Ring much other than pushing the bell button at someone else’s house.
Unless you intend for someone else to oversee your surveillance operation, your footage shouldn't leave your premises unless encrypted, using keys which don't leave your possession. You enter them out-of-band on the device on which you wish to watch remotely.
Is there some implied benefit to not encrypting end-to-end or are they just being lazy and using nothing more than TLS because security isn't really the goal?
In this context, "end to end" means being encrypted between the camera and the user's devices they use to watch the camera, with the cloud service acting as an intermediary between the two, and unable to decrypt the data.
> It says three employees can currently access stored customer videos.
I can't think of a legitimate reason for 1 employee at Ring to have the capability of viewing customer videos.
1. Law enforcement requests? Blind-forward what the warrant asks for.
2. Verifying service is functioning? Canary devices utilizing the normal application workflow. Login to your canary account and make sure the video is working.
3. Customer asks you to review something? Just say you can't. The world will be happier.
In an ideal world, sure. But it's easy enough to imagine how you'd end up with this situation.
For example, you have a customer support phone number, and you want your call centre workers to be able to see exactly what the user sees, and help the user do anything the user can do through the website. After all, if you're keeping your support costs down, the website should be able to do 99% of what users call support for already.
So you give your call centre workers a 'log in as customer' option. And you justify to yourself that there's access logging, and staff are under strict orders. Maybe it's before you've released any indoor cameras, and it's not like people are putting doorbells in their showers.
Sure, it'd be a sensible extra feature if log-in-as-customer was a special mode that didn't show videos. But is that really a minimum viable product? We'll put that on the backlog to attend to later.
Et voilà, your call centre workers can watch customer videos.
Even if you offered a “log-in as customer” feature, that could incorporate a notification and/or authorization request to the user so that it can’t be abused.
Sure, but with just-in-time approvals for a specific time window, for a specific customer, with approval coming from management. Anything else is asking for abuse.
Encryption with customer managed keys solves that pretty easily. It also solves any ethical questions with regards to furnishing data to comply with warrants.
This creates a new problem of managing keys, of course, but that's been solved many times now in other parts of the industry.
I was always skeptical of cloud-based camera solutions due to privacy & bandwidth concerns, but now that those concerns are being proven true and reported in mainstream outlets I can’t imagine any reason to purchase them now. Long-term prospects for Ring can’t be looking good.
Marketing this kind of product directly to consumers is a fool's game. Consumers will always ask inconvenient questions like these when they're forking over their own money.
Pretty soon Ring will shift to working primarily with security and insurance companies who will bundle this into their own service offerings. The end customer will never even know what gets recorded, where it's stored or who has access.
It has a lot of advantages. Now when a criminal steals my package I alert the police immediately with 100% return rate so far. Before Ring, I would go home and search for a package for thirty minutes before realizing it was stolen. I'll gladly pay $3 a month for this service, it pays for itself. As far as privacy, I don;t have the privilege of a gated community to keep thieves out so this is the next best thing
The only reason you had to explain it was sarcasm is of course you should care. You sound like one of those "I have nothing to hide" people even though having something to hide is completely irrelevant. You're being spied on and you don't see any problems with that? And by the way, everyone has something to hide whether they know it or not.
My big problem with IoT devices is trust. When a third party has control of my data, I have to trust the company is going be a responsible steward for my data. This is particularly telling since few of them (none?) have binding terms of service which protect the rights of the buyer. So you have situations like this where abuse happens or companies like Canary which made a rather big and infuriating change to their policies on storing data. To make things more complicated, if it's a small company you have to worry about it getting acquired. I've had multiple occasions where products I've purchased have shifted from having decent terms to terms which make me want to toss the product in the trash.
As a result, I'm extremely cautious about purchasing IoT products. I haven't given up smart devices entirely, but I avoid the ones that require an account to sign in or rely heavily on cloud services. Smart cameras are particularly tricky since they reveal so much about you, particularly combined with machine learning and face identification.
I avoid the ones that require an account to sign in or rely heavily on cloud services.
This is the best IoT advice I can give anyone. I've had at least a dozen "smart" lightbulbs orphaned by two different companies. One went out of business, the other just decided not to support them anymore.
The amazing thing is with the first group of bulbs, the IoT company actually pushed out a software update bricking the controller box before it went out of business. This was a box that could have functioned forever because there were several tinkerers who had reverse-engineered the protocol and seemed close to releasing open source integrations.
Naturally, there was no notice. The only way I found out was when the bulbs wouldn't respond anymore and I went to the company's web site where there was a notice.
You know what doesn't always work? Smart light bulbs.
One of the most frustrating was my anova Sous Vide with bluetooth. It had a fairly useful app that worked well for monitoring temperature and setting temperature until they changed their policy to force users to create an account on their site. Fortunately I can just use the cooker without the app entirely which is much better than what Canary did.
I do like my smart lights, but I'm for a good chunk of them I'm buying the ones where the brain is integrated into the switch and the switch defaults to being a dumb switch when it can't find the cloud connection.
that's also why sometimes it's worth a little more for the name brand/larger company. I paid a little more for Hue, but my first bulb still functions the same or better than the day I bought it.
I have a couple of these devices outside along with some more traditional hardware going to a local DVR. I wanted cloud video storage in the event someone stole my dvr. I accept that someone someone may have access to this footage. I trust Amazon/Ring more than I trust some random Chinese company.
At least the homeowner has a choice to upload their video to ring.
Street-facing doorbell cameras on public sidewalks are in my opinion the worse problem. Pedestrians didn't opt-in. Operators of these cameras (both the buyer and the vendor) should be subject to the same legal obligations as other data collectors.
My neighbor, across the street, has a Ring camera aimed directly at my house, since that is where their front door faces. What is my recourse for preventing my private property from being recorded?
You have none. a tv crew could set up outside your house and record indefinitely. or even go through your trash. People are allowed to record public spaces. It's just bad behavior and the consequences are social
grow trees? not really much else and it kinda sucks. The same goes for cameras in businesses, you walk into a coffee shop and they have 15 cameras, and all the transactions are cc so there's like nothing to steal? But it's pervasive, everywhere has cameras and it's just a thing that happened without much thought. Most of them are being uploaded these days too.
Where do you live? In some European countries you need a license for surveillance cameras as in you're not allowed to record public spaces, only your private property must be in frame and for this you need a license.
Otherwise you face significant fines.
GDPR is on your side here as well. I had to consent to the surveillance cameras when I joined my local gym.
Also at our workplace we had to consent to being taped by the main entry surveillance cameras and the company is not allowed to view the footage, like for performance reviews :), unless a theft or crime has occured.
> What is my recourse for preventing my private property from being recorded?
Either put up a visual barrier or move.
This sort of thing is why I consider products like Ring to be terrible and highly antisocial. I would avoid even going into a neighborhood that had many of these installed, let alone live in one.
Also, am I the only one who thinks that the prevalence of these devices in a neighborhood is a very strong indicator that the neighborhood is sketchy -- either it has a lot of crime, or it has a lot of very paranoid people.
What's a good cloudless setup? I've got a couple zwave devices, and have been looking into OpenHab. Win10 compatibility would be a bonus, as well as the ability to run my own OpenCV video analysis and voice recognition stacks...
You can also access it remotely, too, which is nice. If you don't have a fixed IP/don't want to manage firewall rules, they have a central service that creates the handshake between your remote device and your NVR to facilitate the connection.
I'm actually planning to do same thing, probably also use that to install PoE wifi access points. I think I also will need VLAN functionality. Which switch do you use?
Also any opinion about their recent fiasco with telemetry?
I've been considering Ubiquiti since I'm going to redoing all the networking in my new house. Does Ubiquiti offer inner sort of facial-recognition-based alerts?
I'm working on IP cameras sending their video to Surveillance Station on my Synology NAS. Totally local recording, and was super easy to setup with some random IP cam I had laying around.
My plan is to run cable for PoE cameras soon. Will have 24/7 recording, but accessible only locally.
Readit News
As far as I know, the only home surveillance products that use E2EE are ones that support HomeKit Secure Video [1].
1. https://support.apple.com/en-us/HT210538
Maybe... just maybe... technology is not really what should be the core issue here? But we should perhaps look at our policies and legislation? Adding proper liability there will make technology come by itself. The magic of free market doesn't seem to be working here.
The cultural conceit of 'disruptors' is that society has made everything complicated and therefore society is 'ripe for disruption' which if you read between the lines means 'stupid'. Lack of respect means lack of care. Lack of care leads to injury (theirs, and/or ours).
You are right. It's not the tech. It's the arrogance.
From my knothole, legislation comes for things that aren't policing themselves adequately. I think what we are discovering is that there are a lot of domains where the old guard were self-policing to a degree, and the newcomers have absolutely no reverence for anything.
I expect it won't be long before you'll see industries taking a hard look at their internal culture, and then engaging in regulatory capture to keep out the disruptors.
You can create penalties, punishments, hire security guards to watch the door. But the most efficient and effective way is just a lock.
It's weird, now that I think about it. I was just some kid they hired as a temp. We've never really known who's looking at our private data.
[1] https://community.ui.com/questions/Are-Unifi-Video-streams-e...
https://www.apple.com/ios/home/accessories/#section-camera
Am I wrong about this?
E2E Encryption is usually referenced in messaging applications where the ends are understood to be the two communicating parties, while in this scenario it's a little more nebulous.
Facebook, if I recall correctly, at one point seemed to be trying to redefine the term to be "encrypted on its way to us and then back out again", which IMO is nothing short of propagandizing to confuse people, I assume to foil demand for real E2E encrypted products and gain unearned trust.
But as soon as a camera came out that supported this I finally got one (flat out refused to get one before... even though I wanted to get one).
It feels pretty good knowing its stored encrypted in my iCloud and all of the processing happens on my devices (HomePod and Apple TV)
Unless you intend for someone else to oversee your surveillance operation, your footage shouldn't leave your premises unless encrypted, using keys which don't leave your possession. You enter them out-of-band on the device on which you wish to watch remotely.
Is there some implied benefit to not encrypting end-to-end or are they just being lazy and using nothing more than TLS because security isn't really the goal?
I can't think of a legitimate reason for 1 employee at Ring to have the capability of viewing customer videos.
1. Law enforcement requests? Blind-forward what the warrant asks for.
2. Verifying service is functioning? Canary devices utilizing the normal application workflow. Login to your canary account and make sure the video is working.
3. Customer asks you to review something? Just say you can't. The world will be happier.
For example, you have a customer support phone number, and you want your call centre workers to be able to see exactly what the user sees, and help the user do anything the user can do through the website. After all, if you're keeping your support costs down, the website should be able to do 99% of what users call support for already.
So you give your call centre workers a 'log in as customer' option. And you justify to yourself that there's access logging, and staff are under strict orders. Maybe it's before you've released any indoor cameras, and it's not like people are putting doorbells in their showers.
Sure, it'd be a sensible extra feature if log-in-as-customer was a special mode that didn't show videos. But is that really a minimum viable product? We'll put that on the backlog to attend to later.
Et voilà, your call centre workers can watch customer videos.
This creates a new problem of managing keys, of course, but that's been solved many times now in other parts of the industry.
Dead Comment
Dead Comment
Pretty soon Ring will shift to working primarily with security and insurance companies who will bundle this into their own service offerings. The end customer will never even know what gets recorded, where it's stored or who has access.
It would really suck if someone could watch my front door. Like, they might know when my package arrives?
Or what if someone checked my naked footage?
/S
I really don't care. Should I care?
As a result, I'm extremely cautious about purchasing IoT products. I haven't given up smart devices entirely, but I avoid the ones that require an account to sign in or rely heavily on cloud services. Smart cameras are particularly tricky since they reveal so much about you, particularly combined with machine learning and face identification.
This is the best IoT advice I can give anyone. I've had at least a dozen "smart" lightbulbs orphaned by two different companies. One went out of business, the other just decided not to support them anymore.
The amazing thing is with the first group of bulbs, the IoT company actually pushed out a software update bricking the controller box before it went out of business. This was a box that could have functioned forever because there were several tinkerers who had reverse-engineered the protocol and seemed close to releasing open source integrations.
Naturally, there was no notice. The only way I found out was when the bulbs wouldn't respond anymore and I went to the company's web site where there was a notice.
You know what doesn't always work? Smart light bulbs.
You know what always works? Dumb light bulbs.
I do like my smart lights, but I'm for a good chunk of them I'm buying the ones where the brain is integrated into the switch and the switch defaults to being a dumb switch when it can't find the cloud connection.
Keep your camera footage local or demand end to end encryption.
Really? Why?
Street-facing doorbell cameras on public sidewalks are in my opinion the worse problem. Pedestrians didn't opt-in. Operators of these cameras (both the buyer and the vendor) should be subject to the same legal obligations as other data collectors.
https://news.ycombinator.com/item?id=21889837
Disclaimer: This is not an invitation to do such a thing. Be mindful of laws in your jurisdiction and ethics of this.
GDPR is on your side here as well. I had to consent to the surveillance cameras when I joined my local gym.
Also at our workplace we had to consent to being taped by the main entry surveillance cameras and the company is not allowed to view the footage, like for performance reviews :), unless a theft or crime has occured.
aim well
:)
Either put up a visual barrier or move.
This sort of thing is why I consider products like Ring to be terrible and highly antisocial. I would avoid even going into a neighborhood that had many of these installed, let alone live in one.
Also, am I the only one who thinks that the prevalence of these devices in a neighborhood is a very strong indicator that the neighborhood is sketchy -- either it has a lot of crime, or it has a lot of very paranoid people.
> At the core of Ring, and guiding every action we take, is respect for the privacy and security of our neighbors
> Nobody can view your video recordings unless you allow it
Sounds pretty straightforward.
Send Ring's legal dept a letter telling them you don't allow it (privacy@ring.com, then certified mail when they ignore you the first time).
Deleted Comment
Dead Comment
Also any opinion about their recent fiasco with telemetry?
My plan is to run cable for PoE cameras soon. Will have 24/7 recording, but accessible only locally.
https://unifi-protect.ui.com/