I know the default stance here is "everything should be internet-connected and everything should stream all available data back to the mothership whenever possible" because generally we're the ones building the things and receiving the data (and data is great, who doesn't love data?!)
But from the point of view of the person buying and using the things, this is just getting creepier and creepier.
There are quite a few people who are looking out for the mistakes too - the population of hacker news includes security testers, lawyers and the like.
At least this company is taking steps to improve things, which is a vast improvement over, say, V-tech, whose initial response to finding data had been taken was to update the terms and conditions stating that they had no responsibility for keeping data safe.
It is scary how much data we send around though, even when you are trying to keep the worst offenders out of your house.
Actually people are both at the same time. The more you have to develop this stuff the less you use it. 90% of the developers I know don't have a smart phone, no facebook account, don't use gmail as mail client, etc.
Yeah, the more people know about this stuff the more likely they seem to be to turn it off.
I'm amazed that you know that many people with no smart phone or facebook account, though - I know one person who doesn't have facebook, and no-one (as of a couple of years ago) who doesn't have a smartphone.
For the life of me in my household nothing else than my computers will be connected to internet, not because I'm a security and privacy oriented person, but because it's essentially unnecessary. I think IoT is creepy futile tech living on hype, and it also vastly increases the attack surface of a house (i.e. an attacker can theoretically remotely inspect or damage it).
But these comments, the sort I make now usually attract lots of downvotes and criticism becomes invisible. Especially common phenomenon with the IoT stories and Tesla ones, praise or go away.
> I think IoT is creepy futile tech living on hype, and it also vastly increases the attack surface of a house (i.e. an attacker can theoretically remotely inspect or damage it).
That is exactly what I have been thinking!
A while ago I heard that some home automation systems allow locking/unlocking the doors remotely. My first thought was burglars were going to have a field day[1], but now I think more along the lines of ransomware - "If you really just want to go to bed, why not just pay the 100 Bitcoins?"
[1] Especially if you consider that once they have owned your home automation they can monitor if you are at home.
The reality is that most IoT products are really just 'How do I get you to pay a subscription for something you never paid a subscription for'. The solutions, thus far, have been lackluster. They're like the infomercial products from the 90s.
While I can see the fun and useful part in collecting this kind of data ("80% of our users use the 'high' setting - let´s improve Gen 2 on that point"), I think more and more companies are losing track of what´s "good and bad" for the sole purpose of improving products. Why not directly ask the customers, make an opt-in or whatever, instead of anonymously collecting this kind of data from everybody. Come on, in the end it´s quite private after all.
Maybe not with open identity, but they surely do discuss. There are lots of mostly non-commercial forums that are full of people discussing their "turn-ons". In most cases I encountered, in a very civilized fashion. Discussions are more technical than one might expect, especially compared to "real-life" discussions about turn-ons, which often end in shame, giggling or bragging. A look at Amazon or other commercial platforms and the customer reviews shows about the same. As long as people aren't forced to show their full name, they are just fine about discussing such matters.
I can't tell if your response is condoning this behaviour or merely pointing out that that's what the company did. They knew that their customers would not voluntarily share this information, and so they recorded it secretly without consent.
Asking users is terrible. Famously, MS asked users for features they'd like in Word and got a list that was 80% features which already existed. And that's for stuff they'd like to talk about.
This is actually great feedback, if you know how to interpret it. Because now you know all the features your application has that your application doesn't adequately present to users.
While I don't have any of this kind of device, I bought a Dropcam a few years ago, when they were new, without knowing that they stored everything on their servers. I was mortified, and immediately got rid of it. I feel like a home webcam is at least on par with this device in terms of how profound the invasion of privacy is.
That said, in this case, a lot of the stuff the device does couldn't readily be done without some sort of connection to a server in the cloud, I would think. I mean, Bluetooth can handle the local controls (and probably should, when available), but even the remote control app for my Fire TV phones home rather than using a local link; and that's a situation where I'm guaranteed to be in the same room with the device when I want to control it from my phone. But, they should be really clear about how much information they're passing around and where it ends up.
That was what upset me most about the Dropcam...I read the box, saw it had all the features I wanted, but no mention of, "BTW-We'll also be sending every video over the Internet to our servers, where we will sell you access to that data." I think one shouldn't have to guess about how a company implements stuff like this, particularly if there are other, non-privacy infringing, ways to implement the features. Hopefully they'll be more clear about it in the future.
I also bought a Dropcam Pro a few years ago, and from memory, it was pretty clear that it was cloud based. I've been pretty happy with it, but my goals are different.
I suspect you weren't the target market for Dropcam. It was sold, and is sold as a turnkey camera that works out of the box, that anybody can setup on minutes, has native mobile apps that let you watch from anywhere in the world, and records up to 30 days of footage, with motion/sound (and more person) alerts.
In contrast, I've also setup local hosted cameras (Unifi video cameras) for somebody else recording onto a rack mounted Dell R610 with S3 backups. Different needs.
Many of the features of Dropcam (now Nest Cam) aren't really possible without it being on the cloud. In particular, the new person alerts take advantage of ML in the cloud, as does the new Sightline feature that lets you scrub quickly over a few days in seconds.
> Many of the features of Dropcam (now Nest Cam) aren't really possible without it being on my butt.
Oh, they totally are. They just chose not to do it this way. Some of that is because of it being a "turnkey" solution, but let's not pretend the cloud is required for most of them.
> In particular, the new person alerts take advantage of ML in my butt
It shouldn't need to. Detecting people on video streams is something your smartphone camera now does on-chip. At most it requires a DSP unit.
> as does the new Sightline feature that lets you scrub quickly over a few days in seconds.
That's just a video player with some added precalc on the video stream.
You could have all those features with your own storage server and interface in a local network. It's just that it is a little less "turnkey", so it wouldn't sell as well.
Anyway, I fully agree. And they could even use the cloud as a synchronization mechanism without having to pass the actual data through it, or passing it only in an encrypted form.
You suggest these features (people detection, timeline scrubbing etc.) are possible with a locally hosted solution - are you aware of any such alternatives?
And please don't mention things like Motion or ZoneMinder unless you've actually tried them. And if you have tried them, well, why are you still arguing with me =). It's sad, and I wish it were otherwise, but there are not very many good OSS solutions I'm aware of in this space.
There are commercial solutions (e.g. Ubiquiti's Unifi Video line, or Blue Iris) that handle the NVR side well, but don't really do the extra stuff well.
I suspect you are under-estimating both the infrastructure required to do this well, or the engineering effort.
It's like say, a search engine. Yes, you could write a web crawler in your basement, and host it on a few commodity servers. It would return results when you put in search terms. It might just take a while to react to updates on pages. Or it might only crawl a subset of the internet. But you could argue that there's no need for a remote "cloud" service to do it, when you can do it yourself on-premise. However, my argument is that there's a difference between doing something well and just doing it.
Or take Netflix - yes, you could transcode video yourself into various formats, and serve that up from your home server. However, if you wanted to share this with somebody in another country, unless you also had geo-proximate caches in those countries that mirrored your home server, you might find some issues there. It's workable, just not very good.
> It shouldn't need to. Detecting people on video streams is something your smartphone camera now does on-chip. At most it requires a DSP unit.
There's a difference between detecting a face in a photograph (and even that can be tricky sometimes), and identifying people (versus say, large animals etc.) in arbitrary video footage in realtime with a reasonable degree of certainty.
Or are you aware of phones that already do this kind of thing? (If so, I apologise, because I'm unaware of this).
> That's just a video player with some added precalc on the video stream.
It's actually not..lol. There's a public blog post which I admit is a bit market-y
But essentially, they use ML to figure out the most "representative" shot for each block, thus distill several hours of footage into several hundred key frames, and allowing you to scrub through them quickly. The blog post has an animated GIF that shows the UI in action:
The trick isn't serving up the image stream - it's figuring out what to put into it.
(I admit I'm slightly biased here, because I watched a presentation from some of the engineers involved, talking about how they implemented it, and the effort that went into it).
"However, given the intimate nature of our products, the privacy and security of our customers’ data is of utmost importance to our company. Accordingly, we take concerns about customer privacy and our data practices seriously."
Just. Anonymise. Your. Data. At. Source.
This isn't that hard, come on. Your company's futur is at stake here.
"Accordingly, we take concerns about customer privacy and our data practices seriously."
This is typical of the meaningless boilerplate that companies use to acknowledge there's a problem but that they won't take any concrete steps to solve it.
Usually when I see something like "your privacy is important to us" but with nothing back it up, I interpret that as acknowledgement that they're going to sell all your data at some point in the future, maybe through acquisition such as when Google bought Nest.
It's like the stock phrase "we use your data in ways including ..." which, because it doesn't exclude other ways to use said data, makes the whole statement meaningless fluff.
If it were more clear, the nature of the packaging, and the installation process for any software included/offered with the device, it might be easier to develop an opinion about whether the user was sufficiently warned about the level of scummy behavior they could expect to suffer while using a remote control massage apparatus.
On the one hand, having ripped so many EULA warning stickers, and clicked through oh so many zombie consent rubber stamp dialogs, I'd figure that with enough labeling, and smile-and-nod EULA prompts, the plantiff would be doomed.
But, then again, given the slipshod and middling tendencies toward product packaging and general software hygiene across the adult entertainment industry, I'd be completely unsurprised if they cut corners, and shipped an autorun.inf CD-ROM in a paper sleeve, alongside a vacuum-molded plastic shell inside a scotch-taped cardboard box.
Without understanding the the packaging (which is probably nsfw) I can't really draw conclusions about which direction this case is headed in.
35 comments
[ 4.6 ms ] story [ 85.8 ms ] threadBut from the point of view of the person buying and using the things, this is just getting creepier and creepier.
At least this company is taking steps to improve things, which is a vast improvement over, say, V-tech, whose initial response to finding data had been taken was to update the terms and conditions stating that they had no responsibility for keeping data safe.
It is scary how much data we send around though, even when you are trying to keep the worst offenders out of your house.
I'm amazed that you know that many people with no smart phone or facebook account, though - I know one person who doesn't have facebook, and no-one (as of a couple of years ago) who doesn't have a smartphone.
But these comments, the sort I make now usually attract lots of downvotes and criticism becomes invisible. Especially common phenomenon with the IoT stories and Tesla ones, praise or go away.
That is exactly what I have been thinking!
A while ago I heard that some home automation systems allow locking/unlocking the doors remotely. My first thought was burglars were going to have a field day[1], but now I think more along the lines of ransomware - "If you really just want to go to bed, why not just pay the 100 Bitcoins?"
[1] Especially if you consider that once they have owned your home automation they can monitor if you are at home.
As you correctly suggest, "it's quite private" and users don't openly discuss their turn-ons with strangers.
That said, in this case, a lot of the stuff the device does couldn't readily be done without some sort of connection to a server in the cloud, I would think. I mean, Bluetooth can handle the local controls (and probably should, when available), but even the remote control app for my Fire TV phones home rather than using a local link; and that's a situation where I'm guaranteed to be in the same room with the device when I want to control it from my phone. But, they should be really clear about how much information they're passing around and where it ends up.
That was what upset me most about the Dropcam...I read the box, saw it had all the features I wanted, but no mention of, "BTW-We'll also be sending every video over the Internet to our servers, where we will sell you access to that data." I think one shouldn't have to guess about how a company implements stuff like this, particularly if there are other, non-privacy infringing, ways to implement the features. Hopefully they'll be more clear about it in the future.
I suspect you weren't the target market for Dropcam. It was sold, and is sold as a turnkey camera that works out of the box, that anybody can setup on minutes, has native mobile apps that let you watch from anywhere in the world, and records up to 30 days of footage, with motion/sound (and more person) alerts.
In contrast, I've also setup local hosted cameras (Unifi video cameras) for somebody else recording onto a rack mounted Dell R610 with S3 backups. Different needs.
Many of the features of Dropcam (now Nest Cam) aren't really possible without it being on the cloud. In particular, the new person alerts take advantage of ML in the cloud, as does the new Sightline feature that lets you scrub quickly over a few days in seconds.
Oh, they totally are. They just chose not to do it this way. Some of that is because of it being a "turnkey" solution, but let's not pretend the cloud is required for most of them.
> In particular, the new person alerts take advantage of ML in my butt
It shouldn't need to. Detecting people on video streams is something your smartphone camera now does on-chip. At most it requires a DSP unit.
> as does the new Sightline feature that lets you scrub quickly over a few days in seconds.
That's just a video player with some added precalc on the video stream.
You could have all those features with your own storage server and interface in a local network. It's just that it is a little less "turnkey", so it wouldn't sell as well.
Anyway, I fully agree. And they could even use the cloud as a synchronization mechanism without having to pass the actual data through it, or passing it only in an encrypted form.
And please don't mention things like Motion or ZoneMinder unless you've actually tried them. And if you have tried them, well, why are you still arguing with me =). It's sad, and I wish it were otherwise, but there are not very many good OSS solutions I'm aware of in this space.
There are commercial solutions (e.g. Ubiquiti's Unifi Video line, or Blue Iris) that handle the NVR side well, but don't really do the extra stuff well.
I suspect you are under-estimating both the infrastructure required to do this well, or the engineering effort.
It's like say, a search engine. Yes, you could write a web crawler in your basement, and host it on a few commodity servers. It would return results when you put in search terms. It might just take a while to react to updates on pages. Or it might only crawl a subset of the internet. But you could argue that there's no need for a remote "cloud" service to do it, when you can do it yourself on-premise. However, my argument is that there's a difference between doing something well and just doing it.
Or take Netflix - yes, you could transcode video yourself into various formats, and serve that up from your home server. However, if you wanted to share this with somebody in another country, unless you also had geo-proximate caches in those countries that mirrored your home server, you might find some issues there. It's workable, just not very good.
> It shouldn't need to. Detecting people on video streams is something your smartphone camera now does on-chip. At most it requires a DSP unit.
There's a difference between detecting a face in a photograph (and even that can be tricky sometimes), and identifying people (versus say, large animals etc.) in arbitrary video footage in realtime with a reasonable degree of certainty.
Or are you aware of phones that already do this kind of thing? (If so, I apologise, because I'm unaware of this).
> That's just a video player with some added precalc on the video stream.
It's actually not..lol. There's a public blog post which I admit is a bit market-y
https://nest.com/blog/2016/09/08/we-ve-changed-the-game/
But essentially, they use ML to figure out the most "representative" shot for each block, thus distill several hours of footage into several hundred key frames, and allowing you to scrub through them quickly. The blog post has an animated GIF that shows the UI in action:
https://d2qxwxxauf5yxr.cloudfront.net/blog/images/2016-09-08...
The trick isn't serving up the image stream - it's figuring out what to put into it.
(I admit I'm slightly biased here, because I watched a presentation from some of the engineers involved, talking about how they implemented it, and the effort that went into it).
"However, given the intimate nature of our products, the privacy and security of our customers’ data is of utmost importance to our company. Accordingly, we take concerns about customer privacy and our data practices seriously."
Just. Anonymise. Your. Data. At. Source.
This isn't that hard, come on. Your company's futur is at stake here.
This is typical of the meaningless boilerplate that companies use to acknowledge there's a problem but that they won't take any concrete steps to solve it.
Usually when I see something like "your privacy is important to us" but with nothing back it up, I interpret that as acknowledgement that they're going to sell all your data at some point in the future, maybe through acquisition such as when Google bought Nest.
On the one hand, having ripped so many EULA warning stickers, and clicked through oh so many zombie consent rubber stamp dialogs, I'd figure that with enough labeling, and smile-and-nod EULA prompts, the plantiff would be doomed.
But, then again, given the slipshod and middling tendencies toward product packaging and general software hygiene across the adult entertainment industry, I'd be completely unsurprised if they cut corners, and shipped an autorun.inf CD-ROM in a paper sleeve, alongside a vacuum-molded plastic shell inside a scotch-taped cardboard box.
Without understanding the the packaging (which is probably nsfw) I can't really draw conclusions about which direction this case is headed in.