Slashdot Mirror
Nest Competitor Ring Reportedly Gave Employees Full Access To Customers' Live Camera Feeds (9to5google.com)
Amazon-owned Ring allowed employees to access customers' live camera feeds, according to a report from The Intercept. "Ring's engineers and executives have 'highly privileged access' to live camera feeds from customers' devices," reports 9to5Google. "This includes both doorbells facing the outside world, as well as cameras inside a person's home. A team tasked with annotating video to aid in object recognition captured 'people kissing, firing guns, and stealing.'" From the report: U.S. employees specifically had access to a video portal intended for technical support that reportedly allowed "unfiltered, round-the-clock live feeds from some customer cameras." What's surprising is how this support tool was apparently not restricted to only employees that dealt with customers. The Intercept notes that only a Ring customer's email address was required to access any live feed.
According to the report's sources, employees had a blase attitude to this potential privacy violation, but noted that they "never personally witnessed any egregious abuses." Meanwhile, a second group of Ring employees working on R&D in Ukraine had access to a folder housing "every video created by every Ring camera around the world." What's more, these employees had a "corresponding database that linked each specific video file to corresponding specific Ring customers." Also bothersome is Ring's reported stance towards encryption. Videos in that bucket were unencrypted due to the costs associated with implementation and "lost revenue opportunities due to restricted access." In response to the report, Ring said: "We have strict policies in place for all our team members. We implement systems to restrict and audit access to information. We hold our team members to a high ethical standard and anyone in violation of our policies faces discipline, including termination and potential legal and criminal penalties. In addition, we have zero tolerance for abuse of our systems and if we find bad actors who have engaged in this behavior, we will take swift action against them."
According to the report's sources, employees had a blase attitude to this potential privacy violation, but noted that they "never personally witnessed any egregious abuses." Meanwhile, a second group of Ring employees working on R&D in Ukraine had access to a folder housing "every video created by every Ring camera around the world." What's more, these employees had a "corresponding database that linked each specific video file to corresponding specific Ring customers." Also bothersome is Ring's reported stance towards encryption. Videos in that bucket were unencrypted due to the costs associated with implementation and "lost revenue opportunities due to restricted access." In response to the report, Ring said: "We have strict policies in place for all our team members. We implement systems to restrict and audit access to information. We hold our team members to a high ethical standard and anyone in violation of our policies faces discipline, including termination and potential legal and criminal penalties. In addition, we have zero tolerance for abuse of our systems and if we find bad actors who have engaged in this behavior, we will take swift action against them."
What did you think would happen?
phonehome device owners shocked to learn device is phoning home
welcome to the future
welcome to Cloudthing, Smartproduct, and Alwaysonline
this is for your safety
this is for your convenience
this is for your user experience to be reliable and carefully controlled
this is not for our sake
Just so you know who's watching you fuck, it's Jeff Bezos. Think I'm kidding? Look at him.
I used to watch DildoCam in the late 90s on a Real Video stream. People used to be cool about stuff, and it's a shame how downhill things have gone.
In addition, we have zero tolerance for abuse of our systems and if we find bad actors who have engaged in this behavior, we will take swift action against them."
I think you mean "if we get caught with bad actors."
The worst acting here is pretending this wasn't all done intentionally.
But anyone that trusts their privacy to Ring gets what they deserve.
"Eve of Destruction", it's not just for old hippies anymore...
It's almost as if people are just begging to be taken advantage of.
Here, let me pre-order this game, for this console I cannot control from this company that really abused their customers last time.
Here, let me buy this product or service that has been repeatedly reported in the news as being used to spy on me.
Here, let me keep using this website, service, or institution that sells my private information for money.
Here let me keep voting for this lying son-of-a-bitch because that other liar is somehow worse than that other liar.
Just wondering when are people going figure out why this saying holds true...
"Fool me once, shame on you! Fool me twice, shame on me!!"
Most victims are actually not victims, but the very perpetrators of their own miseries!
Engineers have access to the system they created...
Rumor has it, that BMW service can watch the 360 degree cameras of all cars remotely. A growing surveillance system on public roads. Even in areas where the EU GDPR is applicable.
Can I watch too? no laws seem to have been broken
Lag from your mom's room wasn't a problem, even in the 90s.
That it made 1000 year old ocean water get colder.
...but any network-connected camera with proprietary firmware might phone home without your knowledge. The only sure way to prevent this with untrusted firmware is by isolating those cameras on their own network with no Internet access.
Any sufficiently unpopular but cohesive argument is indistinguishable from trolling.
I recommend that instead of Ring, people should get the DEBARK Smart Video Doorbell.
It's less expensive (~$78 on Amazon) and it can record to SD card, SDVR, or a cloud service of your choosing (optional). Comes with a free remote indoor chime, and from what I understand, it's easy for it to connect to your old doorbell chime. Can be used wired or wireless. Two-way audio, and very good night vision capability.
Ring is waaaaaay overpriced and they force you to use their paid cloud service. Yes, it's only $3 a month, but why be forced to pay anything? The cheaper models won't let you do anything besides receive alerts and watch live video.
And, for the record, I have no connection to DEBARK, I just think their wireless doorbell is FAR better than the crap that Ring puts out.
Just cruising through this digital world at 33 1/3 rpm...
I wonder how many of those 'executives' were caught by their assistants with their pants around their ankles, watching those live video streams, jacking off to partially-clad housewives?
It is a new Netflix Reality Show.
Make sure its a USB webcam that only gets used when needed.
Build your own CCTV network.
Network your own CCTV to a wider network you designed, understand and trust.
Don't let camera and microphones connect to network you did not set up.
Domestic spying is now "Benign Information Gathering"
Once considered a Nest thermostat, then Google bought them out, and decided “NOPE!”
Same thing when Amazon bought Ring: “NOPE!”
Today I feel validated in my decisions.
AC comments get piped to
If you are a technologist, then lead the way. Gently educate your family and friends that *everything* is tracked by these companies, especially by the large tech firms that offer "free" services. These companies do not respect privacy or personally identifying information (PII) because it's a big reason how they make money. The US has no laws to protect individuals' personal data. The US has no restrictions on what data can be collected and stored beyond the weak and easily bypassed age checks.
Non-technical people have no real understanding about how easy and effortlessly it is to log, store, and analyze every keystroke, mouse movement, mouse click, touch gesture, search query, location, picture, video, audio, document, email, phone call, website visit, instant message, etc. And they have no concept that the largest tech companies also buy personal data from smaller companies to supplement their own.
The US needs protections for privacy now.
On those rinky dink systems?
Well, I'm sure they have people watching employees all the time and none of the files ever escape. Right?
"In addition, we have zero tolerance for abuse of our systems and if we find bad actors who have engaged in this behavior, we will take swift action against them."
Newsflash: if you allow your employees unfettered access of this sort, you have already lost the game. It's too late once you "find bad actors". You need to set things up so that as much as possible, bad actors can't do these things.
Or in other words: preventative measures, not reactive measures, are what you want. Sure, there will be some employees who need that sort of access. So you lock it down to the maximum you can manage.
This is privacy 101. That they got this stuff wrong does not speak well for the rest of their systems.
OP: Videos in that bucket were unencrypted due to the costs associated with implementation and "lost revenue opportunities due to restricted access."
Translation: They are selling the videos to 3rd-parties.
Goddamn.
=^..^= all your rodent are belong to us
Yeah, this seems like a "step 1: install cameras everywhere" for your "convenience" or "security". Step 2: allow law enforcement to have access, monitor when someone is home, etc.. I fear we will look back on this decade as when the groundwork was laid for the rest of our privacy to be taken away. So many of us willingly.
If only there were some way they could WATCH their employees remotely......any ideas anyone?
Why say "Nest competitor Ring" ? Doesn't everybody on Slashdot already know who Ring is, for better or worse? Also, Ring was in this space long before Nest. Having just dealt with a service nightmare on my Nest thermostat, where I was given entirely inaccurate information by the Nest support representatives, I don't think they deserve headline status on this posting (which I suspect may have been put there by a Googler).
When my American saas company had to make changes to deal with GDPR I thought it sucked st first but after reading key sections of the gdpr and summaries of the rest I realized the EU was right about something for once and we should follow them in this regard.
My data is mine. Fuck Zuckerberg and Page and Gates and Bezos and the rest of the fat bastards making money buying and selling me. Who I am and what I do, like, hate, eat, talk to, travel to, buy, sell, think about or anything else is none of your god damned business.
I want to be anonymous, unknown, and forgotten. GDPR for USA.
(And no my company does not track people, we are help other companies manage their finances but still got caught up in GDPR compliance).
This is why I (and likely most people around here) refuse to buy these cloud cameras. For all the people who did buy into it, they were warned and warned that this sort of thing was almost a given. Now what are they upset about?
They were/possibly still are giving China full access to our rings.
Quite honestly, we will be switching to Nest doorbell in the near future. I want to be able to see my doorbell from Google Assistant, as well as I like the constant circular recording.
I prefer the "u" in honour as it seems to be missing these days.
Just wondering if anyone has experience with a roll your own system using RTSP cameras. Any cheap cameras you can recommend that are usable without sending data to the cloud? I tried my hand hacking a couple of the cheap XiaoFang cameras ( https://github.com/samtap/fang...) but haven't been successful to date.
Would love 2-3 such low powered cameras I could get to record locally using VLC or similar. Just a basic set-up.
How many times have white supremacists killed someone for exactly that reason, you cowardly faggot? Just wondering how ready to die for the nazi cause you are. Wanna find out? Pussy little inbreds, lol.
Remember kids, always resort to name calling to get your point across.
I'd be shocked, SHOCKED if there was a part of Amazon that didn't collect all of the data that they could. That's what they do. That's how they make money. Of course they're looking at your stuff. You're PAYING THEM TO.
I don't respond to AC's.
it's true. If you have a Ring, you're an unwitting cam whore. We often passed around funny clips (mostly people tripping, getting hurt, getting hit in the balls, etc). I saw more than one video of a woman blowing the delivery guy. (or maybe it was just role play?). I saw some snuff films, too. Can't really forget that. It was an open secret that some people were collecting fuck videos, people walking around naked, etc. Some of the shit I saw just creeped me out.
Arlo, Ring, Nest, etc. Probably the same from our own government like NSA! :P
Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
How many times have white supremacists killed someone for exactly that reason, you cowardly faggot?
Thanks for asking.
Over the last 200,000 years, as of January 9, 2019, 34 people of the wrong color were killed by white supremacists for walking in the neighborhood.
"Trust Us! What could POSSIBLY go wrong?!?"
(In response to the report, Ring said: "We have strict policies in place for all our team members. We implement systems to restrict and audit access to information. We hold our team members to a high ethical standard and anyone in violation of our policies faces discipline, including termination and potential legal and criminal penalties. In addition, we have zero tolerance for abuse of our systems and if we find bad actors who have engaged in this behavior, we will take swift action against them.")
$5 / month hosted VPS on linux = awesome!
Possibly; after all, they've got all the gear at hand that's necessary!
And are but hurt they kicked you out of China.
And even worse, I heard that Russia has full access to our president's anus and they can watch anytime they want.
Esp Microsoft - Think Windows 10 isn't a cloud service? In this case, Telemetry. Your Samsung TV, Onkyo recvr with horrifying privacy policies similar to google? Yup, horrifying privacy policy. If you don't care about your data, use a cloud service. Think you're ok even if you pay for it? Hahaha, that's adorable.
Don't get me wrong; I think this Ring shit is creepy as all get out, especially with this latest news.
But I did have one thought where -- in one particular situation -- having cameras around your house accessible by law enforcement *might* be desirable. What if someone was swatting you and instead of the cops busting down your door and shooting your dog, they tuned into your home's cameras and realized they were being fooled.
Of course, this devil's advocate scenario could be rendered moot with some sensible reform to police procedures so they can't be manipulated as easily, but realistically I don't think our society is anywhere close to being capable of demilitarizing the police.
The above is not "Score 4, Insightful." It is "Score -1, Idiot."
Ooh, moderator points! Five more idjits go to Minus One Hell!
Delendae sunt RIAA, MPAA et Windoze
That people thought this wasn't going to happen.
It probably even says in the ToS that the company has access to the camera "for technical support and other" reasons.
People if you put a live streaming device in your home (camera, mic, other sensors) you are in fact bugging your home. As soon as that device is connected to the interwebs you must understand that its not who, not if, not how, but WHEN will it be used to spy on me. And that answer is typically, at the exact time you didn't want it to.
This connected world we live in is ridiculous.
People, we are knowingly fulfilling the big brother state prophecy and we can't seem to do it fast enough.
So Ring doesn't dispute that their employees invaded customer privacy!?!
Dump Ring. Don't trust companies which make you access video from their servers. Only buy devices which still work even when disconnected from the Internet, and which store video files locally.
Own your data.
Ring’s software has for years struggled with these fundamentals of object recognition. [] Ring used its Ukrainian “data operators” as a crutch for its lackluster artificial intelligence efforts [] Behind all the computer sophistication was a team of people drawing boxes around strangers, day in and day out, as they struggled to grant some semblance of human judgment to an algorithm.
So they're not spying on people because they're creeps, they're doing it to pretend they have AI. And in the accompanying screenshot you see a person in full view tagged as "vehicle 3".
This sort of behavior from device makers is just abhorrent. Is there any decent camera setup that can allow only the user to access features? I mean I want to be able to check the video from my phone, but I want to use a firewall in front of any device so that it can't talk outbound to ANYTHING else including the vendor's networks. My phone isn't likely to have a consistent IP address and I don't know if any company offers security camera's that don't depend on any vendor interaction for the features to work. We have got to push the IoT industry to have LAN side only access and user only interaction, where no trust is given to the device vendor and there is little or no opportunity for remote exploit, but we need to have decent ways to interact securely when we want to interact with IoT devices remotely. Maybe allow LAN and VPN allowed, but no public internet in or out?