A Super Bowl ad for Ring security cameras boasting how the company can scan neighborhoods for missing dogs has prompted some customers to remove or even destroy their cameras.
Online, videos of people removing or destroying their Ring cameras have gone viral. One video posted by Seattle-based artist Maggie Butler shows her pulling off her porch-facing camera and flipping it the middle finger.
Butler explained that she originally bought the camera to protect against package thefts, but decided the pet-tracking system raised too many concerns about government access to data.
“They aren’t just tracking lost dogs, they’re tracking you and your neighbors,” Butler said in the video that has more than 3.2 million views.
It was a NEST camera from Google, which is only a meaningful distinction because it means they ALL do this shit.
The only ones that don’t are ones that only send data to your data storage.
And even then, big question mark, as most Chinese produced camera modules have black box firmware. If it’s on the Internet it’s not yours.
My cameras have local network access only. Most people who are tech savvy enough to set up their own storage are also able to block Internet access for security cameras.
But another big concern for externally mounted cameras with microsd cards is the confiscation of those cards. They are are very easy to remove, often without tools and I don’t believe for a minute that the fact that a warrant is required would make police actually get one before taking the card.
Which cameras do you use?
TP-Link (which are cheap but so unreliable I had to add smart switches to reset them when they stop working), Foscam and Dahua. Dahua is by far the best. All of them record to a local server running Home Assistant and Frigate.
I really need to set up frigate. Been procrastinating for months 😐
Frigate is a marvel. Setting it up and tweaking it does take time but once done it requires almost no maintenance (at least in my experience) and is close to flawless. It’s only had 1 false alert in the last year and that was caused by a spiderweb on the camera. I wish all my applications were as trouble free.
Make sure you fill out a bug report.
I hope its not one of the 32 TP-Link cameras that have unpatched auth flaws allowing malicious actors to reset the admin credentials in them.. This is a local exploit, so you’re probably okay, but these exploits could be used in concert with others to compromise your security/privacy.
Friend don’t let friends get TP-LINK they am never updated their products properly and their products are full of known CVEs
The cameras have no Internet access at all. Someone would need to be already inside my network for this vulnerability to be a problem.
And the NEST camera apparently has some sort of free tier that saves a short amount (the last few hours) of video by default, so NEST users shouldn’t be surprised at all that their video feed is sent to the cloud as its one of the features of the subscription-less model.
The problem isn’t that it’s being sent to the cloud, the problem is that it’s not being encrypted and Amazon is doing whatever they fuck they want with it, including giving it to law enforcement without a warrant.
encryption wouldn’t solve the problem, just raise more questions. how is it encrypted, with what algorithm? was the alg implemented securely? who has the decryption keys? how were the keys generated? were they generated from a good enough entropy source? these are non-trivial questions that have to be asked in an encrypted system where encryption is not just a gimmick or a marketing buzzword.
having encryption and “secure!” plastered all over the box and the phone app does not mean anything, especially when you need protection against the manufacturer.
When people in a Lemmy technology community say “encryption” it should be obvious we’re referring to effective encryption, not a marketing claim on a product box.
yes, that would be ideal, but at any point in time we will have newcomers, for them it won’t be obvious
Your prior comment was for newcomers?
This was obviously written for people with quite a bit of knowledge. Most newcomers would have absolutely no idea what any of it means.
no, it was for everyone.
the point was not to explain how encryption works, but to paint a picture about how many details matter a lot, so that the reader can know that just some kind of “encryption” does not mean much
Just to note here, they are referring to nest which is google.
A big exception to the rule are the HomeKit secure video cameras that work in Apple’s ecosystem. If your HomeKit compatible camera is going straight into HKSV, and isn’t paired with manufacturer’s own cloud video service, then it’s all E2EE and it can’t be accessed by Apple, even with a warrant.
Problem is, camera offerings are limited, and scrolling clips in HomeKit is paaaainful. Also, if you’re not in Apple’s ecosystem, you can’t use it.
Can’t you get a surveillance camera from anywhere and use that?
They’re pointing out that HomeKit cameras are specifically end to end encrypted and claimed inaccessible. Apple has really been pushing online privacy as a feature
You can get a camera from anywhere and either use it locally only or implement your own encryption before saving to a cloud resource if you can get one with any expectation of privacy. But you have to do all the work and it is never end to end encrypted
Depends on your precise definition of the camera “end” I suppose, but an IP camera absolutely can be and should be end to end encrypted. Even if the camera itself does not support native encryption, at worst the aggregation point/server should. Really, surveillance cameras should be on their own dedicated private IP network anyway, ideally with physical isolation on any wired connections. Besides a physical, on-site attack (which is what the cameras are for!) there really should not be any plausible method of an outside attacker breaching into the non-encrypted part of the network at all.
And that’s the worst case, real-world scenario. Quite a few cameras do in fact support on-device encryption now so “never” is still definitely incorrect. You do have to do the work though. That’s how good security works, it doesn’t come in a box as much as many wish it would and even if it does it’s never one-size-fits-all.