Pretty simple really - stop using third party vendors for data storage. They're cheap and easy because your data is usually the product. Sure, you would still be forced to comply with warrants/subpoenas if they think you have data, but that's basically unescapable.
If they get a warrant like the story in this article you'll still have to hand it over.
The fact that it's not on a popular cloud camera provider may make it harder for them to discover what it is they need to request, but they can still do it and you could still be compelled to comply.
In that case I would kind of rather they go to a megacorp vs. me needing to get a lawyer and figure out how to respond.
But generally I agree that it's sketchy for a third party to hold the data.
You shouldn't really need a lawyer. The megacorp will just hand over all the data, in which case you could too to avoid the legal fees. The benefit is like you said, less likely they go to you since they don't know you have anything, vs them seeing a map of all the Ring users.
At least in that case I'm the one deciding how long to keep the data. They can't get a warrant for data I don't have. I frankly don't understand why anyone would keep weeks of security camera footage around.
All things being equal, you're right. I'd want to avoid the issue of wanting a lawyer and prefer the resources of a larger corporation making those decisions
But they're not equal.
The police can acquire a warrant and serve it to a select few megacorps for ALL of the footage at a specific location for a specific time range. That's setting aside some policies where there's active cooperation between the megacorp and the police. By hosting it myself, I avoid this sort of blanket privacy violation.
In my particular situation, I'd guesss it would entirely eliminate police acquiring a warrant for my footage unless I'm a criminal suspect or there was a crime committed in my front yard. Maybe I'd be a bit more forthcoming anyway if a crime happened on my property :P
> In that case I would kind of rather they go to a megacorp vs. me needing to get a lawyer and figure out how to respond.
If a crime occurred outside your home, but your home security cameras caught it, the police will discover this when they talk to you about the incident to collect witness statements, if you choose to share it.
If a crime occurred inside your home, and your home security cameras caught it, the police will discover this when you report the crime and you offer to share the evidence that may help you receive a cure.
There is absolutely nothing that a megacorp helps with here.
If it helps you, it exists, if not, it never existed in the first place. - "oh those, they aren't hooked up to anything after I bought the house, the previous owner took the computer."
The concern is less that the cops show up to your cloud provider with a signed warrant, but more so that they just hand it over when asked. There's also concerns about jurisdiction.
I strongly disagree. If they have to serve you a warrant for the data, you know they've requested it. This is rarely true if they can serve a warrant to a cloud provider for your data.
Since the likelihood is footage from your home is to investigate you or your family, knowledge of the data demand in itself is potentially invaluable, as you can begin forming a defense.
It is not feasible in reality that requests to decrypt your personal data stored on-site through warrants. If my server is powered off, everything sits in several encrypted ZFS datasets. No one can prove that I am recording stuff at all. The camera could be there for deterrence only.
They can produce a warrant to turn over what is already there. They cant force one to continue proving that service. Thats a violation of the third amendment.
Of course there no case law on the third to determine if one has to continue to give quarter to surveillance equipment.
What if the video is encrypted such that it can only be watched by certain faces?
The risk is that some judge doesn't appreciate your ironclad solution and so orders you to watch all the footage so they can record it over your shoulder.
No. I need a system that detects motion during scheduled times (ideally only humans) and buzzes my phone instantly, giving me a live view and saving a recording around that time. And most of all, it has to be reliable enough that I don't question whether it's working. Anyone who says this is easy is underestimating it.
Something on-prem could do all that, but nobody sells it, and most DIY systems don't have those features (does yours?). So here I am with the Ring.
I have several cameras hooked up to an NVR that has 2TB drives for constant recording (when space runs out older recordings are deleted. I usually have a few weeks available).
I then have frigate[1] set up on a small fitlet (with a usb CORAL TPU), which gives me excellent control over detection (Humans vs dogs vs cars vs ...). Frigate grabs the streams from my NVR over rstp.
This is then hooked up to my Home Assistant where I have various rules to send alerts to my mobile devices based upon object detected, location of camera, and time of day.
Everything is internal. I have an always on wireguard on my family's mobile devices allowing them to access the cameras and home assistant alerts from anywhere.
It works great, but I have refused to set this up for my extended family (even though they have the same NVR and _really_ want my system), just because there are a lot of moving pieces that need to be maintained (not to mention having a server + vpn)
Oh they definitely do sell it. And the more money you spend the crazier it gets (cross-camera facial recognition? you can go full blown surveillance on your neighborhood).
I bought a Synology NAS and I just added cameras on my home network in the web UI.
Does motion tracking, auto recording and the app rocks. It doesn’t ping me but I also haven’t looked for that feature.
Ubiquiti does that. I have motion detection alerts disabled but human motion detection enabled depending on the camera. You can also set regions in the view that it ignores for motion detection.
Unifi makes onprem NVR solutions for the home with everything you said. It’s all connected to their cloud for auth but you can turn it off if you want.
Wyze sells that. My camera stores local footage on an sd card. When motion activates it, Wyze sends me a push alert that something happens, I open the app and it requests directly from my camera. Video doesn’t stay on wyze’s server. If they’re served a warrant, they have no video.
"Something on-prem could do all that, but nobody sells it, and most DIY systems don't have those features"
I don't have it set up that way but thought about it. Zoneminder does motion detection and can be scheduled too. I'm not sure about the human recognition part, but I think I heard there's so sort of plugin out there for that, but I could be wrong. It will also send alerts and can be visible from the web if you have a static IP or a service that provides the same functionality (forget the name).
Frigate -> Home Assistant -> WhatApp Messages
DIY, $2 per month + electric change. The $2 cover WhatsApp group messages - as it works for all phone in family with the app sleeping. Easy to share clips.
For example - who was the person who approache dthe door with an umbrella today.
Frigate makes sure its a person, Frigate makes sure it in the correct area of camera. Cheap rtsp camera, standalone wifi network. Frigate is the bridge to 'normal' lan.
Agreed, that's the only way to build a secure system. I have some outdoor cameras but they are on a physically separate network and can't talk to anything.
Also, they are on ethernet but because they also support wifi I physically cut the antenna connections because I'm not about to trust the manufacturer of the camera to not try to exfiltrate something.
But sadly this is, while not difficult, too much for the non-techie person to do. So people just buy Ring cameras with all the associated privacy problems.
The worst is that while my system is secure, many of the surrounding neighbors have ring cameras outside so I can't protect from those!
The police can still subpoena that footage and if they do, you can’t legally destroy it.
If you’ve got the money, you can fight the subpoena and you can be sure that they can’t bypass you and get the footage while your fighting it, but you better preserve it and don’t let it age out if your NVR in case you lose the fight.
This is how laws have worked for centuries at this point in the US. At least with this method you have the option of fighting it and the data isn't secretly used behind your back. Also you can force them to clearly define what data they need, like front porch, rather than as much as they can get.
"I set autoremove to 7 days ago and I got your notice on 8th day, sorry".
"well, it does record only when it detect motion, and there isn't anything on that date, but here is the neighbour's cat video few minutes earlier"
Just need to shred the files instead of just removing them.
Then again if it is by police to you they need to say what they need and not just get everything automatically so IMO not really that problematic as the case where they can get inside house footage from 3rd party company coz they don't give a shit.
For the police to subpoena the footage they at least have to know you have cameras. They'll have much tougher time figuring out you have indoors cameras and requesting data from them.
With Ring it seems to be more like selecting a box on the map and click "request".
> you can be sure that they can’t bypass you and get the footage while your fighting it
They also wouldn't request data from cameras offsite. I mean, they could, but why would they (and would they even make the connection that these cameras are also owned by you?)
I agree, but it’s not so evident or easy for the average person. Who wants to deal with managing storage? Cloud will typically win for the masses, who are typically not thinking about privacy and may not know the difference between a SSD and HDD
I've long wondered why something like a general computing device maintenance service hasn't become a thing. I guess cloud storage stepped in and removed the need.
When my AC unit broke I didn't need to know the finer decisions surrounding which unit to choose.
I have weekly visits from the pool guy for a pool and gardener for the landscaping. A yearly termite check and AC/furnace maintenance. And so on.
I agree many are not willing, but I disagree that it is not "easy for the average person".
One can walk into a local supermarket on any planet(e.g., Walkmart, Sam's Club, Carrefour, Aldi, Tesco, Auchan) and likely be able to pick up a self-managed NVR with cameras.
If it was not relatively easy, I do not believe these companies would carry them.
If you buy a Synology NAS there's really not much to manage. Other than inserting the drives and waiting for it to initialize, it's not considerably harder than setting up an account somewhere. It also has apps for security cameras.
Unless it's proof to the negative, which in most jurisdictions isn't something you'd ever need to prove, as the burden is on something occurring, after some amount of time most recordings are useless?
Most security video recorders will just let you set automatic limits to the storage or age of recordings it's not that hard to just dedicate a small part of an attached or internal HDD to recordings and forget about it.
In this case even that might not have solved the issue because the cops got a warrant for EVERY camera on the person's account including those inside the house that couldn't reasonably show evidence of the thing they were investigating.
> EVERY camera on the person's account including those inside the house that couldn't reasonably show evidence of the thing they were investigating.
Armchairing it here - these broad warrants are probably carry over from the days where you'd issue a single warrant for "the tapes" since every camera in the system recorded onto a single shared medium.
Like GP, I have a personal offline system with remote backups that I control. The footage all goes onto a single shared HDD for all the cameras like the old "tape" days. A warrant would likely ask for that HDD - not the footage from a specific camera.
Much easier for the party seeking footage to subpoena a large, third party repository than to subpoena individual citizens. The mere existence of large repositories of recorded footage invites parties to subpoena them. No need to locate individuals with useful footage and deal with each separately. Just go to Ring. Same with third party email providers. The use of third parties for email makes warrants and subpoenas much more convenient. Just go to Google. These are one stop shops for getting peoples' data. Why store private data on removable media disconnected from the internet. Put it on social media or in the cloud so it's easier for law enforcement to get a copy. They can subpoena the social media or cloud provider. It's better if people do not know when the third party is giving their data to law enforcement.
It's open source, and you can hook it up to a Coral (or some other things, I think) to get crazy-fast classifications. But CPU is fine for only a few cameras.
Once you get something like that setup, it's just a matter of finding cameras that support RTSP. You get them setup however you like (but preferably wired, with PoE), point Frigate at the RTSP stream, and that's it. Now you've got home security footage that never leaves your house. You can set up a VPN to watch the feeds from elsewhere. Frigate supports MQTT as well, so you can hook it into Home Assistant to get notifications, and even pipe person events into something like Double Take to get face detection:
EDIT: Oh, and the most important part is to have your security cameras on a totally separate network that doesn't have access to your internal network or the internet. The best cameras are from China, and you don't want to give them any opportunities.
Ubiquiti's UniFi is an option (of many). They include doorbell cameras nowadays. There's also solutions from Logitech, Eve and others.
You can use Ubiquiti's surveillance software that's part of the UniFi console (that you can manage locally, with no cloud account), or other third party local-only monitoring software such as Synology Surveillance Station, BlueIris, and open source solutions such as iSpy, Frigate, ZoneMinder, and many others.
-- -----
Unrelated to cameras, I've preferred Eve for IoT devices simply because they adopted Thread and Matter very quickly. Nothing of them I have is IP addressable, nor can directly reach the internet. They have nice apps for phones and tablets, but I also use open source software to aggregate everything into my own dashboards (and automation) that I host and manage locally.
My system uses Cloudedge which lets you access the cameras from your phone/computer but instead of saving my data in the cloud I use micro-usb cards. Holds about 10 days of constant recording (128 gig). After that I wipe it and record over it.
I use Unifi's security cameras at home, they store all data on your own disks on-site.
Owning footage is only half the story, privacy is also a big issue for me, I don't want images of my home being sent to corporations even if I own all rights to it.
The only downside I can think of is that a really advanced thief might know to pull the hard drives and walk with them, but I suspect most residential thieves aren't that smart or wouldn't know what disk to pull from my rack.
The other downside for less techy people is that without the cloud it's not that simple to view your home from a remote location. I just VPN into my home network and view it, but it took some effort to set that up, especially with dynamic DNS and all.
I have a pretty decent outdoor camera system, because I actually wrote some ONVIF software, and got them for testing.
I will not use an external server. The cameras are in an internal DMZ, and no ports are open. I have a Synology server, recording the video.
But the convenience (and well-written apps) for Ring and Nest cameras is hard to argue with. People don't care about this kind of thing, if they can pull up video of their dog taking a dump in the living room, while they are sitting at a bar with you.
>Sure, you would still be forced to comply with warrants/subpoenas if they think you have data, but that's basically unescapable.
Isn't there the standard work around that companies do of having scheduled deletion. As long as the deletion is scheduled and not in response to a legal request, what is gone is gone and not a crime. If you receive a warrant you might have to stop further deletion, but what they want is likely already gone.
I host my own on-site and have had my security footage requested by police 4 different times. It's never a subpoena or demanding. Just some detectives will stop by and say they want to know which direction a vehicle went. They come inside, give me a USB stick and we copy it over.
I'm sure I could tell them to kick rocks, and they would have to write up a subpoena but there's no reason to do that.
>I'm sure I could tell them to kick rocks, and they would have to write up a subpoena but there's no reason to do that
Would they have the right to subpoena you though? Over mere suspicion that they think a vehicle at some point drove a certain direction?
Sure if it was a case involving me personally I'd probably be cooperative, but I don't fancy the idea of just letting LEOs just waltz into my property to "just to take a look"
UniFi Protect[0] is a decent on-prem solution and has all the main features of Nest/Ring. Certainly expensive though, minimal system for a doorbell cam is $199 for the camera[1] + $199 for the smallest NVR[2].
"Is there a home solution as easy as Nest or Ring and which offers the same feature set?"
I highly doubt it, for the fact that many of the features are incompatible with the goal of privacy and convenience.
There are plenty of on-site options that offer the bulk of the benefits, like self contained NVR systems. Once you want things like texts, web access, etc then it gets tricky. Those typically aren't offered in a secure and easy way.
This is a very subjective area. As I noted you can get all kinds of NVRs with notification and cameras, others have mentioned Ubiquiti, Roku is also getting into the home automation field, and of course there are open source solutions like Home Assistant.
as easy as plug and play? not really. blueiris(windows) & securityspy(macOS) offer similar features, but it takes a bit of setup to add the cams via RTSP/ONVIF, configure storage and retention, configure monitoring schedules/alerts etc..
I agree, but still, I don't think it was appropriate for the judge to approve this warrant. Just because person X is suspected of a crime doesn't justify a search/seizure from person Y who just happens to be nearby at the time. Imagine a police officer legally searching your car just because the car next to you was suspected of a crime. It's just not reasonable. I hope the EFF or someone can help push back on this.
If you want a really simple and cheap local storage camera, check out Wyze[0]. By "simple" I mean actually simple for non-techies. It’s one of the very few consumer oriented options with support for local SD storage.
By default it uploads short clips of motion to “the cloud” and requires an app + wifi for setup, but you can disable clip uploading after it’s setup.
If you don’t trust it even with cloud uploading disabled, you can just deprive it of internet access once it’s setup. (Block the device on your network, etc). It’ll keep writing video to the SD card while offline. Though with the fully offline approach you'll need to physically take out the SD card to access the video instead of using their app.
There's certainly better local storage options out there. But for local storage with a single camera it’s the easiest and cheapest setup I know.
I am using Frigate. Simple, open source project. It streams the cameras and can do object and motion detection and only record for specific events (like motion). It allows me to set how long to keep the recordings. For any additional functionality, I have it integrated with my home assistant.
Reolink cameras are pretty affordable, can be accessed with ONVIF, and you can just put them on a VLAN/Firewall that has no internet access if you're afraid that it's phoning home.
I have a Synology NAS and their free security camera software is pretty easy to set-up and use with ONVIF cameras.
The allure of convenience makes a lot of people blind to what's going on outside their small bubble of awareness. I see it a lot in the boomers around me.
It seems worth calling out that if Larkin had "owned" the footage in the sense the article means, perhaps by recording it onto magnetic tape like a convenience store, he'd still be required to furnish it to the police. Deliberately destroying that tape, even in advance of the receipt of a warrant, can be actionable depending on your state's tampering and obstruction statutes.
So my take would be that it's not so much the "cloud" part of this problem as it is the "it's now convenient to have lots more cameras" part of it.
In this scenario, there would be no need to provide video from cameras inside the house.
One big issue I have here is that Amazon provided video from cameras inside the home that could not possibly have what the police are after. Not only is this a privacy violation, the police are going to waste time looking at useless video. Seems to me that dumping huge amounts of data on police is an issue of cost to the community.
I think an important difference is if he “owned” and solelt possessed the data, the warrant would be his to fight (or not comply with) in court.
When someone else possesses your data (not even sure ownership matters) they may just share it and if you’re lucky you get an FYI in the mail. You’re not even necessarily a party to the request and you’re banking on a company rep to fight for you.
IANAL but you’d hope fighting the warrant yourself on the interior cameras would be easy but definitely not necessarily the case.
> I think an important difference is if he “owned” and solelt possessed the data, the warrant would be his to fight (or not comply with) in court.
My understanding from the article is that he was, in fact, given 7 days to contest the warrant, and elected not do so because he didn't want to spend money on a lawyer. Which sounds pretty similar to the options he'd have if he had sole possession of the data and the warrant was served directly to him, though of course IANAL.
I wonder how it works (technically) for things like Amazon's Blink cameras that advertise local storage. They're absolutely trash because the local storage mode is (deceptively) crippled, but as far as I can tell they actually store the video locally.
Is Amazon allowed to reach into your network and take the video they want?
That's the difference between the government compelling speech (1st Amendment) and serving warrants with due process (5th/14th Amendment).
IANAL, so not sure on recent case law, but last I knew (~2010 Apple encryption case?) the government couldn't compel a private company to change their existing architecture to expose data in unencrypted and/or physically/legally-accessible fashion.
If they already have data security implementation gaps or a tap-susceptible architecture, then it's a different matter. The government serves them a warrant, and they have to comply.
But if Amazon being compelled to reach into a network and retrieve video stored locally is a threat model, that should be mitigated by a tight firewall and non-updating devices...
Half of the IoT privacy gaps are because people don't run network security barriers anymore, and then are shocked when companies abuse them.
>Deliberately destroying that tape, even in advance of the receipt of a warrant, can be actionable depending on your state's tampering and obstruction statutes.
Wouldn't they be required to prove that it was deliberate though? Rather than an unfortunate accident with a hammer?
This is classic nerd thinking they're so clever stuff - judges see right through that.
If you've never destroyed a tape before but suddenly start doing it after an incident it won't go well for you. Even if you do get off it'll be a painful process.
The only way to do this safely is good old records management - routinely and boringly destroy records on a regular cadence. Preferably automatically. If you become aware it may be subject to a police investigation then take action to preserve it.
If you don't want to do any of this the best option is to just not keep the record at all - don't make a recording.
Third Party Doctrine says that once you give your data to someone else, you lose most of your rights to privacy, control, etc. It's why law enforcement doesn't NEED a warrant to go after so many things like cell phone records, bank account info, and so much more. The fact that so many companies want a warrant is usually a courtesy, not a requirement.
Check out the book "Habeas Data" for the (US) legal reasoning on it.
And to be clear, I think Third Party Doctrine should be wiped out and I should be able to say "you can't use, sell, share, etc my data without EXPLICIT PRIOR permission from me."
I wish the 2nd amendment movement had a sister group with the same vigor for the 4th amendment. What you proposed is the sensible legislation that we need to ensure our longevity as a “free society”
One could almost say that aggressive opposition to this exposes a true tyrant.
Interestingly enough that group does tends to advocate for 4th amendment protections, at least within limited scope. Although those same concepts and case law could be applied to other areas. So it's possible to piggyback off of it.
Some examples are red flag laws which use the civil system to avoid the protections of the criminal system for the government to seize property (beyond a reasonable doubt, right to representation, ex parte protections, etc). Police stopping, questioning, and sometimes seizing guns (property) without any crime being committed and with some of those guns (property) being destroyed. There is of course pushback on things related to data reporting such as registries (Ring is essentially a registry that allowed police to contact the individual in this article), new credit card merchant codes, and data abuses of carry permit information (disclosing names and addresses of gun owner which is basically a map for thieves).
There's a financial component to the 2A (and 1A) that doesn't really exist for the 4A. So the 4A will never have the same level of financial support as the other two.
I had the impression that the kind of people that go for 2nd also go for 1st, 4th and all rights in general, but because I am living on a different continent my impression may be wrong.
This is not as true as it used to be, at least in certain states.
Under CCPA/CPRA in California, you can request that personal information is removed. There are half a dozen other laws around the US that allow for similar requests in different forms.
Enforcement is still hit or miss. Lobbyists are starting to fight back against the most effective laws, for example:
>Under CCPA/CPRA in California, you can request that personal information is removed. There are half a dozen other laws around the US that allow for similar requests in different forms.
CCPA/CPRA is a minor start, IMHO.
Telecoms need to collect and store usage information (including call detail) to perform billing functions.
As with most such laws, there are loopholes big enough to drive a column of tanks through.
And many other corporations collect and store data both for billing and because they can [mine|analyse|sell] such data.
Just being able to request removal of "data" isn't nearly enough.
Unless there are unambiguous opt-in data collection/retention policies, with clear, concise language about how such data could be used.
What's more, such policies should apply to any and all third parties providing services to corporations with such data.
Further, as another comment[0] in this discussion pointed out, the Third-Party Doctrine should be gutted and a requirement that all government agencies collect data for law enforcement purposes through the issuance of warrants by judges that specify the "probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."[1]
This is (unfortunately) a wide-ranging issue, with a growing number of industries (autos, electronics, "cloud" services, etc., etc., etc.) collecting, storing, using and selling all sorts of PII.
From a privacy perspective, this is a nightmare, the CCPA notwithstanding -- even in California.
> Third Party Doctrine says that once you give your data to someone else, you lose most of your rights to privacy, control, etc.
This is what I wish more people could understand about "the cloud".
The moment your private data is sent to a third party, it's game over in terms of having any privacy control on that data (unless it's encrypted with keys only you control and only you can ever access, but that's rare, intentionally).
So many people will argue "Oh but I trust company Foo" without realizing that is completely irrelevant. Company Foo might be trustworty, today. But management can change in the blink of an eye and they now still have your data. Or most importantly, regardless of how honorable management is, they can receive government orders (up to including NSLs) which force them to leak the data no matter what.
If they did, they could set it up like AWS where you hit a button to spin up a pre-configured image that is considered yours. They don't want to do it this way because they want your data.
Also whether they need a warrant or not seems to be moot since it seems the judges are more than willing to sign them. We would also have to address the lax views on "probable cause" that seem to be rampant with warrant approval.
If the police get a warrant to search my home, they can see what I HAVE in my physical possession at that moment not what I DID have, have DONE, or SAID.
With video (or audio) data, someone could review every action, conversation, item, or facial expression my family has had within sight (or hearing) of the camera.
When someone can construct a complete record of everything that happened, it gets ripe for abuse.
I would have to ask why you have cameras recording inside the home when you're actively at home like this? Shouldn't the cameras only on when at night typical when you would arm the alarm type of situation?
I've been thinking that the US might be going about the whole Tik Tok thing in a nonconstructive way. If, instead, the federal government locked down what could be done with user data in a way that made Tik Tok not a threat, then we wouldn't have to say "these are fine, but that one's too spooky for us."
But then, the federal government would have to acknowledge that Tik Tok is just a different nation state doing what American companies are doing...
> Third Party Doctrine says that once you give your data to someone else, you lose most of your rights to privacy, control, etc.
It's useful to think of this not as you losing your rights, but you transferring your rights to that third party. The end result is the same, but that emphasizes that someone else has gained what you lost.
If you're willing to put an afternoon's work into it, you can easily and inexpensively build a home surveillance system with ZoneMinder that stores all data securely and safely on-prem. The cops can still take it, but it requires a few warrants to do so.
But it's also important to only record what you absolutely must. I think putting CCTV cameras inside your house is insane, and putting up cameras in any "private" outdoor area should likewise be avoided. Once the data exists, somebody will want it eventually.
> I think putting CCTV cameras inside your house is insane
I'm very sympathetic to this. However, I have cameras inside my house. The reason is that there's no way to cover the outside of my house in an effective manner without also recording what's happening on the sidewalk or in my neighbor's yards.
But the cameras are hardwired and no video leaves my premises, so that becomes an acceptable risk for me. The video isn't kept for all that long, so even if someone has a warrant, they can't get a long history of video.
And it proved useful in my break-in, because I could see exactly what the burglar took.
Do you have any recommendations what cameras to use? Rather simple set of requirements, but I really struggle to find anything suitable: compatible with zoneminder/motioneye, poe, no cloud nonsense, outdoor weatherproof, preferably non-chinese, reasonably priced. Don't need NVR. Was eyeing hikvision, but there seems to be mixed feelings about them.
I also have only HSV cameras or Ubiquiti ones for this reason. Everything I care about is stored on-site or in the cloud with end-to-end encryption, no privacy or surveillance state enablement concerns.
Used to use HKSV, but I’m running a Unifi Protect setup these days. Everything records locally to my NVR with a 30 day retention policy. No cloud. Honestly it’s been more reliable too. Downside is I spend a decent amount of time running Ethernet lines.
UI’s stuff works so well with the Apple ecosystem (mainly thinking ATV and iOS apps) that I haven’t even bothered to bridge the setup into HomeKit yet.
I'm using it with an Amcrest AD410. I have an SD card in the AD410 to record 24/7, then anything with detected motion is also recorded by Scrypted to my NAS as well as uploaded via HKSV to Apple.
HKSV is pretty aggressive about what it's willing to keep, so I can go back to my NAS if HKSV trimmed a clip too aggressively, and if even motion wasn't detected, I've always got the SD card I can go to.
As long as it's within the retention period of the video data. It's nuts for Ring to store the data for 180 days. If I had exterior cameras, I'd store the data for maybe a week?! However long I'd need to backup important snippets in case something happens, like a theft.
Just to be able to [store it in a location that's internet accessible, but that is also wholly owned and controlled by the user, rather than a separate entity]
Ring doorbells providing this information to law enforcement quickly and easily is working as intended and is part of the reason it exists at all. Amazon has even used police to sell the doorbells arguing it provides better security [1].
It is great that the people who had their video data provided to law enforcement were notified after the fact in this situation. I wonder how many people never find out due to national security letters not allowing it.
> I wonder how many people never find out due to national security letters not allowing it.
There's an annoying thought. Amazon could be providing a live feed of every ring device directly to an aggregated intelligence data center, while being legally prevented from revealing that fact by a national security letter. Seems inevitable, and anybody buying a ring device should assume it as likely.
Imagine the boon of having indexed facial, gait and voice recognition feeds recorded and stored for eternity covering a significant portion of residential and business locations.
Presumably this evidence will eventually come to light through court proceedings. I'm not talking like one huge case, but through thousands of inconsequential small cases where an effort is not made to hide the data origin.
I've been using UniFi cameras for a couple of years now, writing to a local SSD (~ 40 days of storage), stored in a UDMPro.
The initial outlay is a bit more expensive but the setup is rock solid, provides tons of network analytics, has smart lights paired next to the cameras, and continues to work even when my ISP has issues. I've _voluntarily_ given footage to the police a couple of times but it feels much better when the entire system is within my control, sitting in my office.
I'm curious. Do you currently have Unifi remote access [1] enabled, or is any remote access done through a VPN that you control? I suspect that if a law enforcement agency were sufficiently determined, they could convince Ubiquiti to give them access to your system if you had remote access turned on. Whether this is realistic depends on your threat model.
With a security-minded setup, Ubiquiti would not be able to grant remote access. Whether they actually have a security-minded setup or not is the question. As a user of their stuff, I have remote access disabled. I can access everything I need through Home Assistant, which is completely controlled by me.
You can get by much cheaper as well - e.g. occasionally I use TP-Link Tapo cameras which record to internal SD card and can also stream to Synology NAS Surveillance Station software (all local).
I'm a bit miffed that the app is trying to sell cloud storage, but for now a full cheap local setup is still possible.
(For a serious setup I'd of course opt for something more serious).
Great to know, as a fellow UDM owner I was ironically working on making the switch from a NetGear camera setup a week ago because of their awful option sets and related interface, their increasing cloud pricing, and finally and most importantly what happened in the OP.
Couldn't the police in theory get a warrant for the footage on your SSDs? The problem with Ring is that they give data to police without warrants, but in this case the problem seems to be the over-invasion of privacy of the warrant system.
If the police aren't going into your home to seize your hard drive, it might be a subpoena, rather than a warrant. The advantage here is that you can fight it. For the subject of this story, he likely could have fought to only turn over footage of the outside of his home -- not the footage from inside his home and store.
IANAL but the short answer is yes. Slightly longest answer is probably, but they'd have to convince a judge that this camera has something worthwhile compared to any other cameras on that street. Somewhat paradoxically the more of your neighbors have things like Ring the "safer" you are from something like this.
IANAL, but it seems that would require the equivalent of a warrant to search your house. (among other things, they would need to actually get physical possession of your SSDs for the key to be useful, so they'd need a warrant for an actual physical search)
If judges in your area are giving those out like candy then you've got a problem, whether you have security cameras or not.
This kind of outcome is precisely why I removed all cameras and other smart capabilities from my home on the day I moved in.
I've never once seen someone in my friend & family circle achieve some positive outcome in their own household by having more surveillance around it. The only thing I observe is increased anxiety when squirrels or FedEx trigger push notifications to phones.
You were missing the AI squirrel counter. If you had this, you could have a dashboard showing the number of squirrels visiting you each day and the time of their visit. Instead of being anxious, you could be a squirrel expert and you long conversation on squirrel behavior with your neighbors. Instead of getting a notification for each squirrel, you could instead set goals of how many squirrels you want to visit you and get notifications when you reach those goals. Then you'd have a fun game. How to get 10 or more squirrels to visit each day? Maybe put some nuts outside? Endless possibilities.
I recently had my place broken into and was the first thing I did was to hand the cops a memory stick with the relevant footage from my cameras on it.
My system isn't managed by any companies, so nobody can be all sneaky about getting footage. But I could still provide that footage to the cops when needed. It's the best of both worlds.
I should note that I have no cameras that can see any public space. They only record my private areas. I have too much respect for my neighbors to invade their privacy.
Replying to myself because it's too late to edit my post.
I thought this was worth mentioning -- the burglar beelined for the closet in one of the bedrooms. I mentioned to the cop that I found that strange, as if he was looking for something specific.
The cop said it's not strange at all, that burglars usually do that because people tend to keep their really valuable stuff in their bedrooms. The lesson I took from that is don't keep your really valuable stuff in your bedroom.
> This kind of outcome is precisely why I removed all cameras and other smart capabilities from my home on the day I moved in.
I have a cat. Someone needs to take care of it when I travel. A smart camera and smart lock let me know if someone came to my house to give the cat food. Before that, twice, my cat went 24-48 hours without food because the designated caregiver dropped the ball.
> This kind of outcome is precisely why I removed all cameras and other smart capabilities from my home on the day I moved in.
Why? Obviously that's your choice, but there's nothing inherently evil about a "smart home". The main issue is that some devices require a cloud connection, but I'm getting rid of those.
I installed cameras after someone got inside our fenced in backyard and stole a bike. It would have been great to have some evidence or even a notification that something had happened – this was at the height of COVID so we were not even going out, took me a week to notice the missing bike. Cameras are configured to only turn on in a schedule - so late at night and early morning; I can also manually turn on if we are out for an extended period. I don't do 24/7 monitoring precisely because of the useless notifications.
> there's nothing inherently evil about a "smart home"
Not so sure. If a house is designed to have as much surveillance capability and access points to gain as much info on you as possible - like if Facebook were to design a house to collect user info on the inhabitants - that would absolutely be “evil” in many peoples eyes.
The real question is do all these “smart” devices actually improve people’s well being? Or is it all marketing magic bullshit with negligible end- user benefits at the expense of more privacy invasions?
I don’t want my house cooperating with big brother, and that’s what many smart devices seem more than willing to do.
Readit News
I do. DIY on-site only system.
Pretty simple really - stop using third party vendors for data storage. They're cheap and easy because your data is usually the product. Sure, you would still be forced to comply with warrants/subpoenas if they think you have data, but that's basically unescapable.
The fact that it's not on a popular cloud camera provider may make it harder for them to discover what it is they need to request, but they can still do it and you could still be compelled to comply.
In that case I would kind of rather they go to a megacorp vs. me needing to get a lawyer and figure out how to respond.
But generally I agree that it's sketchy for a third party to hold the data.
But they're not equal.
The police can acquire a warrant and serve it to a select few megacorps for ALL of the footage at a specific location for a specific time range. That's setting aside some policies where there's active cooperation between the megacorp and the police. By hosting it myself, I avoid this sort of blanket privacy violation.
In my particular situation, I'd guesss it would entirely eliminate police acquiring a warrant for my footage unless I'm a criminal suspect or there was a crime committed in my front yard. Maybe I'd be a bit more forthcoming anyway if a crime happened on my property :P
Maybe your situation is different?
If a crime occurred outside your home, but your home security cameras caught it, the police will discover this when they talk to you about the incident to collect witness statements, if you choose to share it.
If a crime occurred inside your home, and your home security cameras caught it, the police will discover this when you report the crime and you offer to share the evidence that may help you receive a cure.
There is absolutely nothing that a megacorp helps with here.
Since the likelihood is footage from your home is to investigate you or your family, knowledge of the data demand in itself is potentially invaluable, as you can begin forming a defense.
Of course there no case law on the third to determine if one has to continue to give quarter to surveillance equipment.
In my view, there is no effective difference between having a commercial entity holding your data and having the police hold it.
The risk is that some judge doesn't appreciate your ironclad solution and so orders you to watch all the footage so they can record it over your shoulder.
No. I need a system that detects motion during scheduled times (ideally only humans) and buzzes my phone instantly, giving me a live view and saving a recording around that time. And most of all, it has to be reliable enough that I don't question whether it's working. Anyone who says this is easy is underestimating it.
Something on-prem could do all that, but nobody sells it, and most DIY systems don't have those features (does yours?). So here I am with the Ring.
I then have frigate[1] set up on a small fitlet (with a usb CORAL TPU), which gives me excellent control over detection (Humans vs dogs vs cars vs ...). Frigate grabs the streams from my NVR over rstp.
This is then hooked up to my Home Assistant where I have various rules to send alerts to my mobile devices based upon object detected, location of camera, and time of day.
Everything is internal. I have an always on wireguard on my family's mobile devices allowing them to access the cameras and home assistant alerts from anywhere.
It works great, but I have refused to set this up for my extended family (even though they have the same NVR and _really_ want my system), just because there are a lot of moving pieces that need to be maintained (not to mention having a server + vpn)
[1] https://frigate.video/
I bought a Synology NAS and I just added cameras on my home network in the web UI.
Does motion tracking, auto recording and the app rocks. It doesn’t ping me but I also haven’t looked for that feature.
It just detected movement, sent an email with video file attached and a link to stream.
No face detect AI but this is ancient software, and minimum effort to set up
I don't have it set up that way but thought about it. Zoneminder does motion detection and can be scheduled too. I'm not sure about the human recognition part, but I think I heard there's so sort of plugin out there for that, but I could be wrong. It will also send alerts and can be visible from the web if you have a static IP or a service that provides the same functionality (forget the name).
For example - who was the person who approache dthe door with an umbrella today.
Frigate makes sure its a person, Frigate makes sure it in the correct area of camera. Cheap rtsp camera, standalone wifi network. Frigate is the bridge to 'normal' lan.
Deleted Comment
Agreed, that's the only way to build a secure system. I have some outdoor cameras but they are on a physically separate network and can't talk to anything.
Also, they are on ethernet but because they also support wifi I physically cut the antenna connections because I'm not about to trust the manufacturer of the camera to not try to exfiltrate something.
But sadly this is, while not difficult, too much for the non-techie person to do. So people just buy Ring cameras with all the associated privacy problems.
The worst is that while my system is secure, many of the surrounding neighbors have ring cameras outside so I can't protect from those!
This is not normal - there is no other industry where the customer routinely expects to be defrauded, and everyone to get away with it.
Kinda shame we don't have more cameras running OSS software
The police can still subpoena that footage and if they do, you can’t legally destroy it.
If you’ve got the money, you can fight the subpoena and you can be sure that they can’t bypass you and get the footage while your fighting it, but you better preserve it and don’t let it age out if your NVR in case you lose the fight.
The likes of Ring (it might have actually been Ring if memory serves) were recently caught sending data to whomever asked nicely.
"well, it does record only when it detect motion, and there isn't anything on that date, but here is the neighbour's cat video few minutes earlier"
Just need to shred the files instead of just removing them.
Then again if it is by police to you they need to say what they need and not just get everything automatically so IMO not really that problematic as the case where they can get inside house footage from 3rd party company coz they don't give a shit.
With Ring it seems to be more like selecting a box on the map and click "request".
It's my data on my drives. Are there legal retention requirements? Lying and saying "I already deleted it" seems like a pretty simple solution.
They also wouldn't request data from cameras offsite. I mean, they could, but why would they (and would they even make the connection that these cameras are also owned by you?)
When my AC unit broke I didn't need to know the finer decisions surrounding which unit to choose.
I have weekly visits from the pool guy for a pool and gardener for the landscaping. A yearly termite check and AC/furnace maintenance. And so on.
One can walk into a local supermarket on any planet(e.g., Walkmart, Sam's Club, Carrefour, Aldi, Tesco, Auchan) and likely be able to pick up a self-managed NVR with cameras.
If it was not relatively easy, I do not believe these companies would carry them.
You are right, many are not willing.
Unless it's proof to the negative, which in most jurisdictions isn't something you'd ever need to prove, as the burden is on something occurring, after some amount of time most recordings are useless?
Armchairing it here - these broad warrants are probably carry over from the days where you'd issue a single warrant for "the tapes" since every camera in the system recorded onto a single shared medium.
Like GP, I have a personal offline system with remote backups that I control. The footage all goes onto a single shared HDD for all the cameras like the old "tape" days. A warrant would likely ask for that HDD - not the footage from a specific camera.
Since you have your own system, would you be willing to share links to info on a "roll your own" system?
I'm a big fan of this project:
https://frigate.video/
It's open source, and you can hook it up to a Coral (or some other things, I think) to get crazy-fast classifications. But CPU is fine for only a few cameras.
Once you get something like that setup, it's just a matter of finding cameras that support RTSP. You get them setup however you like (but preferably wired, with PoE), point Frigate at the RTSP stream, and that's it. Now you've got home security footage that never leaves your house. You can set up a VPN to watch the feeds from elsewhere. Frigate supports MQTT as well, so you can hook it into Home Assistant to get notifications, and even pipe person events into something like Double Take to get face detection:
https://github.com/jakowenko/double-take
EDIT: Oh, and the most important part is to have your security cameras on a totally separate network that doesn't have access to your internal network or the internet. The best cameras are from China, and you don't want to give them any opportunities.
You can use Ubiquiti's surveillance software that's part of the UniFi console (that you can manage locally, with no cloud account), or other third party local-only monitoring software such as Synology Surveillance Station, BlueIris, and open source solutions such as iSpy, Frigate, ZoneMinder, and many others.
-- -----
Unrelated to cameras, I've preferred Eve for IoT devices simply because they adopted Thread and Matter very quickly. Nothing of them I have is IP addressable, nor can directly reach the internet. They have nice apps for phones and tablets, but I also use open source software to aggregate everything into my own dashboards (and automation) that I host and manage locally.
Owning footage is only half the story, privacy is also a big issue for me, I don't want images of my home being sent to corporations even if I own all rights to it.
The only downside I can think of is that a really advanced thief might know to pull the hard drives and walk with them, but I suspect most residential thieves aren't that smart or wouldn't know what disk to pull from my rack.
The other downside for less techy people is that without the cloud it's not that simple to view your home from a remote location. I just VPN into my home network and view it, but it took some effort to set that up, especially with dynamic DNS and all.
I will not use an external server. The cameras are in an internal DMZ, and no ports are open. I have a Synology server, recording the video.
But the convenience (and well-written apps) for Ring and Nest cameras is hard to argue with. People don't care about this kind of thing, if they can pull up video of their dog taking a dump in the living room, while they are sitting at a bar with you.
Isn't there the standard work around that companies do of having scheduled deletion. As long as the deletion is scheduled and not in response to a legal request, what is gone is gone and not a crime. If you receive a warrant you might have to stop further deletion, but what they want is likely already gone.
I'm sure I could tell them to kick rocks, and they would have to write up a subpoena but there's no reason to do that.
Would they have the right to subpoena you though? Over mere suspicion that they think a vehicle at some point drove a certain direction?
Sure if it was a case involving me personally I'd probably be cooperative, but I don't fancy the idea of just letting LEOs just waltz into my property to "just to take a look"
[0]: https://ui.com/camera-security [1]: https://store.ui.com/collections/unifi-protect-cameras/produ... [2]: https://store.ui.com/collections/unifi-protect/products/unif...
I highly doubt it, for the fact that many of the features are incompatible with the goal of privacy and convenience.
There are plenty of on-site options that offer the bulk of the benefits, like self contained NVR systems. Once you want things like texts, web access, etc then it gets tricky. Those typically aren't offered in a secure and easy way.
This is a very subjective area. As I noted you can get all kinds of NVRs with notification and cameras, others have mentioned Ubiquiti, Roku is also getting into the home automation field, and of course there are open source solutions like Home Assistant.
Can you claim protection against self-incrimination?
By default it uploads short clips of motion to “the cloud” and requires an app + wifi for setup, but you can disable clip uploading after it’s setup.
If you don’t trust it even with cloud uploading disabled, you can just deprive it of internet access once it’s setup. (Block the device on your network, etc). It’ll keep writing video to the SD card while offline. Though with the fully offline approach you'll need to physically take out the SD card to access the video instead of using their app.
There's certainly better local storage options out there. But for local storage with a single camera it’s the easiest and cheapest setup I know.
[0] https://www.wyze.com/products/wyze-cam
https://www.vueville.com/home-security/cctv/ip-cameras/ultim...
I have a Synology NAS and their free security camera software is pretty easy to set-up and use with ONVIF cameras.
or you destroy the evidence.. sure, the regime may come after you, but they cant get what they want
So my take would be that it's not so much the "cloud" part of this problem as it is the "it's now convenient to have lots more cameras" part of it.
To me the concern is not a proper subpoena duces tecum to Larkin, but the lack of specificity that can be ignored going to the cloud provider.
One big issue I have here is that Amazon provided video from cameras inside the home that could not possibly have what the police are after. Not only is this a privacy violation, the police are going to waste time looking at useless video. Seems to me that dumping huge amounts of data on police is an issue of cost to the community.
When someone else possesses your data (not even sure ownership matters) they may just share it and if you’re lucky you get an FYI in the mail. You’re not even necessarily a party to the request and you’re banking on a company rep to fight for you.
IANAL but you’d hope fighting the warrant yourself on the interior cameras would be easy but definitely not necessarily the case.
My understanding from the article is that he was, in fact, given 7 days to contest the warrant, and elected not do so because he didn't want to spend money on a lawyer. Which sounds pretty similar to the options he'd have if he had sole possession of the data and the warrant was served directly to him, though of course IANAL.
Is Amazon allowed to reach into your network and take the video they want?
IANAL, so not sure on recent case law, but last I knew (~2010 Apple encryption case?) the government couldn't compel a private company to change their existing architecture to expose data in unencrypted and/or physically/legally-accessible fashion.
If they already have data security implementation gaps or a tap-susceptible architecture, then it's a different matter. The government serves them a warrant, and they have to comply.
But if Amazon being compelled to reach into a network and retrieve video stored locally is a threat model, that should be mitigated by a tight firewall and non-updating devices...
Half of the IoT privacy gaps are because people don't run network security barriers anymore, and then are shocked when companies abuse them.
Deleted Comment
Wouldn't they be required to prove that it was deliberate though? Rather than an unfortunate accident with a hammer?
If you've never destroyed a tape before but suddenly start doing it after an incident it won't go well for you. Even if you do get off it'll be a painful process.
The only way to do this safely is good old records management - routinely and boringly destroy records on a regular cadence. Preferably automatically. If you become aware it may be subject to a police investigation then take action to preserve it.
If you don't want to do any of this the best option is to just not keep the record at all - don't make a recording.
Third Party Doctrine says that once you give your data to someone else, you lose most of your rights to privacy, control, etc. It's why law enforcement doesn't NEED a warrant to go after so many things like cell phone records, bank account info, and so much more. The fact that so many companies want a warrant is usually a courtesy, not a requirement.
Check out the book "Habeas Data" for the (US) legal reasoning on it.
And to be clear, I think Third Party Doctrine should be wiped out and I should be able to say "you can't use, sell, share, etc my data without EXPLICIT PRIOR permission from me."
Ref: https://en.wikipedia.org/wiki/Third-party_doctrine
One could almost say that aggressive opposition to this exposes a true tyrant.
Some examples are red flag laws which use the civil system to avoid the protections of the criminal system for the government to seize property (beyond a reasonable doubt, right to representation, ex parte protections, etc). Police stopping, questioning, and sometimes seizing guns (property) without any crime being committed and with some of those guns (property) being destroyed. There is of course pushback on things related to data reporting such as registries (Ring is essentially a registry that allowed police to contact the individual in this article), new credit card merchant codes, and data abuses of carry permit information (disclosing names and addresses of gun owner which is basically a map for thieves).
Under CCPA/CPRA in California, you can request that personal information is removed. There are half a dozen other laws around the US that allow for similar requests in different forms.
Enforcement is still hit or miss. Lobbyists are starting to fight back against the most effective laws, for example:
https://www.chicagotribune.com/opinion/commentary/ct-opinion...
I'm involved in the fight to strengthen and expand these laws, and overall I'm hopeful for the future.
CCPA/CPRA is a minor start, IMHO.
Telecoms need to collect and store usage information (including call detail) to perform billing functions.
As with most such laws, there are loopholes big enough to drive a column of tanks through.
And many other corporations collect and store data both for billing and because they can [mine|analyse|sell] such data.
Just being able to request removal of "data" isn't nearly enough.
Unless there are unambiguous opt-in data collection/retention policies, with clear, concise language about how such data could be used.
What's more, such policies should apply to any and all third parties providing services to corporations with such data.
Further, as another comment[0] in this discussion pointed out, the Third-Party Doctrine should be gutted and a requirement that all government agencies collect data for law enforcement purposes through the issuance of warrants by judges that specify the "probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."[1]
This is (unfortunately) a wide-ranging issue, with a growing number of industries (autos, electronics, "cloud" services, etc., etc., etc.) collecting, storing, using and selling all sorts of PII.
From a privacy perspective, this is a nightmare, the CCPA notwithstanding -- even in California.
[0] https://news.ycombinator.com/item?id=35073264
[1] https://www.law.cornell.edu/constitution/fourth_amendment
We didn't get this way overnight so while I'd love my idea to fly immediately, I appreciate people pushing things the right direction.
This is what I wish more people could understand about "the cloud".
The moment your private data is sent to a third party, it's game over in terms of having any privacy control on that data (unless it's encrypted with keys only you control and only you can ever access, but that's rare, intentionally).
So many people will argue "Oh but I trust company Foo" without realizing that is completely irrelevant. Company Foo might be trustworty, today. But management can change in the blink of an eye and they now still have your data. Or most importantly, regardless of how honorable management is, they can receive government orders (up to including NSLs) which force them to leak the data no matter what.
If they did, they could set it up like AWS where you hit a button to spin up a pre-configured image that is considered yours. They don't want to do it this way because they want your data.
Also whether they need a warrant or not seems to be moot since it seems the judges are more than willing to sign them. We would also have to address the lax views on "probable cause" that seem to be rampant with warrant approval.
If the police get a warrant to search my home, they can see what I HAVE in my physical possession at that moment not what I DID have, have DONE, or SAID.
With video (or audio) data, someone could review every action, conversation, item, or facial expression my family has had within sight (or hearing) of the camera.
When someone can construct a complete record of everything that happened, it gets ripe for abuse.
But then, the federal government would have to acknowledge that Tik Tok is just a different nation state doing what American companies are doing...
It's useful to think of this not as you losing your rights, but you transferring your rights to that third party. The end result is the same, but that emphasizes that someone else has gained what you lost.
Deleted Comment
Shameless plug -> https://nbailey.ca/post/nvr/
But it's also important to only record what you absolutely must. I think putting CCTV cameras inside your house is insane, and putting up cameras in any "private" outdoor area should likewise be avoided. Once the data exists, somebody will want it eventually.
I'm very sympathetic to this. However, I have cameras inside my house. The reason is that there's no way to cover the outside of my house in an effective manner without also recording what's happening on the sidewalk or in my neighbor's yards.
But the cameras are hardwired and no video leaves my premises, so that becomes an acceptable risk for me. The video isn't kept for all that long, so even if someone has a warrant, they can't get a long history of video.
And it proved useful in my break-in, because I could see exactly what the burglar took.
Here’s a good starting point: https://ipcamtalk.com/threads/best-current-recommended-camer...
It limits the choices, and they tend to be a bit pricier, but the tradeoff seemed reasonable.
There's a great HomeBridge plugin which enables HomeKit Secure Video on my UniFi Protect cameras: https://github.com/hjdhjd/homebridge-unifi-protect
Used to use HKSV, but I’m running a Unifi Protect setup these days. Everything records locally to my NVR with a 30 day retention policy. No cloud. Honestly it’s been more reliable too. Downside is I spend a decent amount of time running Ethernet lines.
UI’s stuff works so well with the Apple ecosystem (mainly thinking ATV and iOS apps) that I haven’t even bothered to bridge the setup into HomeKit yet.
https://github.com/koush/scrypted extends HKSV to a lot more cameras.
I'm using it with an Amcrest AD410. I have an SD card in the AD410 to record 24/7, then anything with detected motion is also recorded by Scrypted to my NAS as well as uploaded via HKSV to Apple.
HKSV is pretty aggressive about what it's willing to keep, so I can go back to my NAS if HKSV trimmed a clip too aggressively, and if even motion wasn't detected, I've always got the SD card I can go to.
My PC's cloud backup is like this: It is stored in their cloud, but the provider cannot decrypt the data. Only I have the key.
Why should Ring or other such companies actually require access to the video? Only I should have access to the contents.
It is great that the people who had their video data provided to law enforcement were notified after the fact in this situation. I wonder how many people never find out due to national security letters not allowing it.
[1]https://www.vice.com/en/article/mb88za/amazon-requires-polic...
There's an annoying thought. Amazon could be providing a live feed of every ring device directly to an aggregated intelligence data center, while being legally prevented from revealing that fact by a national security letter. Seems inevitable, and anybody buying a ring device should assume it as likely.
Imagine the boon of having indexed facial, gait and voice recognition feeds recorded and stored for eternity covering a significant portion of residential and business locations.
The initial outlay is a bit more expensive but the setup is rock solid, provides tons of network analytics, has smart lights paired next to the cameras, and continues to work even when my ISP has issues. I've _voluntarily_ given footage to the police a couple of times but it feels much better when the entire system is within my control, sitting in my office.
[1] https://help.ui.com/hc/en-us/articles/115012240067-UniFi-Net...
I'm a bit miffed that the app is trying to sell cloud storage, but for now a full cheap local setup is still possible.
(For a serious setup I'd of course opt for something more serious).
Also what are some good 4k Wi-Fi cameras that work with Synology?
https://en.wikipedia.org/wiki/Subpoena_duces_tecum
If judges in your area are giving those out like candy then you've got a problem, whether you have security cameras or not.
I've never once seen someone in my friend & family circle achieve some positive outcome in their own household by having more surveillance around it. The only thing I observe is increased anxiety when squirrels or FedEx trigger push notifications to phones.
My system isn't managed by any companies, so nobody can be all sneaky about getting footage. But I could still provide that footage to the cops when needed. It's the best of both worlds.
I should note that I have no cameras that can see any public space. They only record my private areas. I have too much respect for my neighbors to invade their privacy.
I thought this was worth mentioning -- the burglar beelined for the closet in one of the bedrooms. I mentioned to the cop that I found that strange, as if he was looking for something specific.
The cop said it's not strange at all, that burglars usually do that because people tend to keep their really valuable stuff in their bedrooms. The lesson I took from that is don't keep your really valuable stuff in your bedroom.
Just a little public service announcement.
I have a cat. Someone needs to take care of it when I travel. A smart camera and smart lock let me know if someone came to my house to give the cat food. Before that, twice, my cat went 24-48 hours without food because the designated caregiver dropped the ball.
Why? Obviously that's your choice, but there's nothing inherently evil about a "smart home". The main issue is that some devices require a cloud connection, but I'm getting rid of those.
I installed cameras after someone got inside our fenced in backyard and stole a bike. It would have been great to have some evidence or even a notification that something had happened – this was at the height of COVID so we were not even going out, took me a week to notice the missing bike. Cameras are configured to only turn on in a schedule - so late at night and early morning; I can also manually turn on if we are out for an extended period. I don't do 24/7 monitoring precisely because of the useless notifications.
Not so sure. If a house is designed to have as much surveillance capability and access points to gain as much info on you as possible - like if Facebook were to design a house to collect user info on the inhabitants - that would absolutely be “evil” in many peoples eyes.
The real question is do all these “smart” devices actually improve people’s well being? Or is it all marketing magic bullshit with negligible end- user benefits at the expense of more privacy invasions?
I don’t want my house cooperating with big brother, and that’s what many smart devices seem more than willing to do.