51 comments

[ 2.5 ms ] story [ 95.0 ms ] thread
What I don’t get about all of these cctv solutions is why you’d want a system that uploads to the cloud at all. Surely it’s better to have all the footage on a local device, and then perhaps have a VPN-like tool remote access. Unifi protect works pretty well for me, and I’m sure other local solutions like ZoneMinder work super well too. I’ve got a fast internet connection, but I don’t trust it to be able to handle multiple streams of live video uploading constantly. Coupled with the privacy concerns, why would you choose ring over another vendor of more old-school CCTV?
It’s not always better. One good case for cloud-linked would be when someone breaks in and steals the DVR. It also doesn’t need to constantly upload, because most have motion detection to only upload interesting events to the cloud.
And encrypt them locally before upload.
Sure, but what thieves actually do is cut your cable/phone line, thus disabling most cloud surveillance systems.
Do they really? Because I’m pretty sure that’s a movie trope. Sneaking around the property looking for the cable and telephone lines seems like a great way to get caught by a camera.
Yeah. Alarm systems are all on cellular and trigger on loss of power.
I know someone it happened to.
Smart thief would just flood the WiFi network with deauth packets since everyone is using these things over WiFi. Disabled it before you even have to be in view.
Remind me:don’t you need to be connected to the WPA2 WiFi router to send deauth packets?
No, that would sort of defeat the purpose. The deauth's are commonly used to try to capture the connection handshake so that one can then (offline) try to figure out the network's password. The management frames (such as deauth) are not encrypted, and one needs only the easily eavesdropped details of client and server MAC to spoof them: https://security.stackexchange.com/questions/190133/why-does...
There are also signal jammers which I believe are _highly_ illegal.
Depends entirely on the frequency, jurisdiction and purpose.
So is breaking and entering. I doubt most determined thieves are going to be deterred by something being illegal. Your typical junkie isn't going to do that, so you're mostly looking at attackers going after higher end neighborhoods or middle tier business campuses.
> One good case for cloud-linked would be when someone breaks in and steals the DVR.

That's a pretty uncommon edge case considering that it's usually easier to disable the camera to begin with, e.g. with a paintball gun, than to track down and remove a DVR which could be in an unknown and arbitrarily well-secured location within the building -- or even outside of it. Just because the video storage isn't in the cloud doesn't mean it can't still be offsite.

Eh, disabling the camera is also risky. First carrying a paintball gun is a great way to get shot in many places in the US on its own, especially when committing another crime. Second, by the time you've disabled the camera it is very likely you're already on the film somewhere.

And it also depends on how serious of crime one is committing. When working for defense attorneys years ago, it was not uncommon to be on a case involving data recovery by the FBI because a person lit the building on fire because there was a camera in their somewhere.

> which could be in an unknown and arbitrarily well-secured location within the building -- or even outside of it. Just because the video storage isn't in the cloud doesn't mean it can't still be offsite.

Right. Ring is usually placed in homes. Where is the well-secured location in your average home?

> Right. Ring is usually placed in homes. Where is the well-secured location in your average home?

A DVR can be smaller than a Raspberry Pi. Remove any random electrical outlet in the house, put the DVR in the wall behind it and then replace the outlet. Or put it on the underside of your washing machine etc. Can't remove it if you have to disassemble the whole house to find it.

Or just put it inside a safe which is bolted down. There are safes with interior electrical outlets.

5% of people know how to work on-prem and big players don't offer it as a solution. Your ring camera would be much more expensive if it included 1TB storage, processing, dedupes, backups, playback, etc.
You don’t need 1TB and neither does ring.

I have a Eufy camera setup that uses in-home storage. There’s about a year of data on a 64GB SD card that cost maybe $30.

You’re buying a camera. Amazon is getting a perpetual license to everything that happened in front of your home, forever. The cloud story is about analytics and data mining. You buy a camera, they get a feed.

Remote access? Display solutions? Alerting? Availability? Backups? Ease of config? It's totally dependent on your use case.

Did you have to Port forward or set up a VPN for local viewing? Just that will stop 95% of users.

Someone should invent pass-through hardware encrypt-video-on-a-fly box and send to AMZN encrypted garbage.

Same box would decrypt data on read for authorized user.

AMZN wants to monetize your feed?

Sell them subscription for access the feed with clear usage license. No sneaky, default, subtle crap "we will use your data and monetize it forever at our will without your concent"

> Your ring camera would be much more expensive if it included 1TB storage, processing, dedupes, backups, playback, etc.

You don't need anywhere near 1TB of storage if you're only storing video when there's motion, and that smaller amount of storage has minimal cost. You also can't really dedup a series of unique videos anyway. And processing and playback cost nothing when done locally; pretty much all the rest of it is software.

All "cloud" really gets you is backups, which is more of a nice-to-have than a necessity for video which is going to get auto-deleted on a schedule regardless and can be manually backed up any time it becomes relevant to retain. You could also get automatic backups without "cloud" for any system that spans multiple sites, which is the case for most businesses and even an individual with any family member or friend who uses the same system.

It’s insanely easy and cheap to get a quality doorbell and alarm system that has monitoring (they call the police and/or fire) and lets me see a month (or more, I’ve only needed a month so far) of video from anywhere. Storing video on the camera is only good if someone doesn’t take the camera.
Do you have any recommendations?
I use a Ring doorbell and alarm, actually. My comment was explaining why someone would use a system like Ring. I use them over a self-hosted solution because of the professional monitoring. I don’t use their cameras in my house, though.
Sticker-eye camera maybe.
> What I don’t get about all of these cctv solutions is why you’d want a system that uploads to the cloud at all. Surely it’s better to have all the footage on a local device, and then perhaps have a VPN-like tool remote access

If the threat model is burglary, no I don't want footage on a local device at all. Or more specifically, I don't want footage only on a local device and, ring or not, the first thing I'll want to do is ship it offsite.

If this is a business or it otherwise has people managing a security office, then local storage (ideally shipping to an offsite location later) should be adequate. Or if the system is well-protected enough that it would take longer to tamper (or destroy it) than law enforcement's response.

If the threat model is real burglary (not the hollywood kind where expert thieves steal everything in your house), storing footage on a NAS somewhere in a closet or in your basement is fine.

If your threat model is this fantasy burglary, the burglars are going to know to simply cut your Internet line before they rob the house to render the cloud-connected shit useless. Then they will just steal the cameras to ensure no local caches push data back up when the Internet is restored.

why you’d want a system that uploads to the cloud at all

I don't want to configure, monitor and manage a local DVR -- what do I do when I'm away from home and it fails? What do I do if the burglar finds that expensive looking DVR and steals it? How would I even know if it fails without some external (cloud?) service monitoring it?

These problems are solvable (I use Unifi cameras with a DVR with RAID disks and a hard to find network backup drive, and a monitoring process on my home router that will tell me if the DVR is offline but I'm still subject to failure when I'm away from home), but does the average consumer want to expend the effort to solve them?

I usually like EFF but this is mostly FUD. Amazon Ring is far from perfect, but this article is not fair. This is the fifth sentence:

> Do you want strangers being able to learn your routines by watching you leave and return to your house every day?

But then they follow it up with "a few amazon employees were fired for watching videos" and "the cops might request/warrant your videos" and "some hackers got access and did bad things a few times". That is a comically large gap from strangers watching you every morning and evening to learn your habits.

(comment deleted)
The article asserts that if you upload video from Ring devices, it will be seen by amazon employees. This has been shown to be true. Amazon employees are almost all strangers to me. What's the issue with the statement?

"Do you want a few amazon employees being able to learn your routines by watching you leave and return to your house every day?" might be more technically expressive but no more accurate and certainly not any more reassuring or comfortable to me.

The part about cops and hackers are separate issues (and lead to more convincing arguments against cops and cloud services more generally) but this seems like an entirely fair assessment.

Do you want strangers to learn all of your important personal information by reading the emails you send and receive?

If you don't trust anybody, the Internet sure is a scary place.

>Do you want strangers to learn all of your important personal information by reading the emails you send and receive?

You mean to say this doesn't concern you? That enough PII is being archived in multiple places indefinitely and could be used to build a find grained profile on you?

Imagine how much you can infer just from location data. Sexual orientation. Political affiliation. Religious affiliation. Now imagine what happens when authoritarian regime gains control of such databases. The largest nation on Earth has such a system already - it isn't far fetched.

It's just as problematic as the Ring doorbell, if not more so
Yes, that is problematic, which is why I use an encrypted email service that encrypts and decrypts on the client. The only people reading my emails should be the intended recipients.

Likewise for videos of and around my house. The only people capable of watching those feeds are me and those I explicitly choose to share it with. Ring should be E2E encrypted, with any video processing being done before upload or after download. Sharing with the police shouldn't be possible without the police coming to my home asking me for video of a given time period, preferably with a warrant.

I have no problem with storing encrypted video in the cloud, assuming that it's reasonably hard to decrypt and my keys aren't stored anywhere nearby (they should strictly be on the client, out of reach of the cloud service). If I want to send a video to someone, the service should download it, decrypt it locally, and then send it over my encrypted channel of choice.

I really don't understand why we put up with anything less. It's incredibly cheap to do get a chip these days that can do video processing on the client, so why is the cloud used for anything other than encrypted video storage and retrieval?

Unless you put a ring camera in your house, the video is of the street and your front porch. In my neighborhood, everyone has the doorbell and not much more.
> In my neighborhood, everyone has the doorbell and not much more.

Based on talking to your neighbours, or is this an assumption based on only being able to see the outside of your neighbours houses?

I’ve been in most of my neighbor’s houses, or talked to them about their systems. One of my neighbors has an additional camera, on the outside. Most people have a doorbell cam and some window/door sensors.
Even that is a huge issue to me. If an attacker can compromise one camera system, they can track movement of anyone the camera can see, so they can figure out when people are likely to be away. If the service is unencrypted, this can be done by compromising the server or even a single WiFi hotspot, which makes this product a huge liability for everyone that the camera can see.

Why should we go through the risk? Just encrypting everything on the client makes the system way more robust, and features can be rolled out to a device that does local processing. I don't own any big home automation systems because I don't trust them, so as soon as a company builds something privacy centric, they will get my money.

It WILL be seen, or it MAY be seen? A big difference. It’s impossible that every video is seen by an employee.
I’ve always had a hard time taking the EFF seriously because of stuff like this. They often seem to be motivated more by fear than reason. And while that’s maybe not entirely out of place given the nature of privacy and digital freedom, it does their mission a disservice when they make claims like this.

I remember when Apple first announced that they were removing the headphone jack from their phones, Elliot Harmon posted a long, horribly misinformed diatribe about how it basically meant the end of DRM-free audio, which totally ignored how audio over Lightning and Bluetooth actually works, essentially rendering the entire article moot.

Harmon later revised the article with more accurate information, but conveniently, he neglected to correct any of the misinformation that the article was built around. One can’t help but conclude that maybe the EFF is more concerned with attacking technologies based on their emotional response to them than they are with understanding those technologies and the issues to the table.

>They often seem to be motivated more by fear than reason.

Unfortunately fear is what gets people to donate money, not reason.

I take the EFF with a grain of salt. I really value their mission, but yes, some of their articles can be a bit fear based. However, behind every fear based article is a reason based argument, but the reason based argument wouldn't have the same shock value.

For the Ring doorbell, I am less worried about an Amazon employee misusing my data than a group of thieves hacking WiFi networks (really not hard) to steal Ring videos in transit to be able to stake out multiple neighborhoods at once. If an Amazon employee has access, it's (probably) not E2E encrypted. So the question is, do you trust Amazon to make their devices, servers, and communication between both secure? I don't because it's not really in their interest to do so.

(comment deleted)
I appreciated this write-up.

- An aggregate of the various security issues that came up so far (with unvalidated rumors filtered).

- Touches upon social issues and medium-term unintended consequences: “instilling paranoia”, and by association social/racial profiling.

- Manages to discuss sensitive topics gently without implicit shaming or talking down to the reader. I think Matthew from EFF has done a good job here

- Both technically correct and easy to understand by non-technologists.

- Easy to link to, from credible source.

Shame that most people who should read this probably won’t stumble across it, at least their technologist friends have a readable article to share.

Cameras and surveillance software/services with features like this are in high demand. They do improve safety, and they do prevent loss.

I'm putting something together for work with off-the-shelf cameras, maybe it'll be similar enough that it can be adapted for home use.

I think there is a moral good produced by some amount of private surveillance, on and near a person's own property, controlled by that private person; so we just need to fix people's expectations from these companies which subsidize their services by selling out their customers.

I think we just need a security and privacy focused alternative that doesn't suck that:

- does all video processing on the client (e.g. as it's generated) - optionally uploads encrypted video to the cloud - stores encrypted video locally - allows sharing video by downloading and decrypting that video on your device - never stores the key in the cloud

Ideally, it would be a drop in replacement for Ring, but with the complicated logic done on the camera or your viewing device. I'm happy to pay extra for that, though I think it can be competitively priced. It should also come with an optional VPN device/service to access your cameras when outside your network.

Tldr: basically don't get one