If they were startled by this, they should have a look at Foscam (and its derivatives/clones, including Swan).
Ring dinged for $5.6M after, among other claims, rogue insider spied on 'pretty girls'
The FTC today announced it would be sending refunds totaling $5.6 million to Ring customers, paid from the Amazon subsidiary's coffers. The windfall stems from allegations made by the US watchdog that folks could have been, and were, spied upon by cybercriminals and rogue Ring workers via their Ring home security cameras. The …
COMMENTS
-
-
-
Thursday 25th April 2024 23:11 GMT doublelayer
If we start with the idea that they want cameras at all, and some people clearly do or the open source and private options mentioned in the first comment wouldn't exist, it isn't that surprising that a lot of users ended up with proprietary cloud-based versions. I don't want any cameras, and I'm fortunate not to need any, but let's consider this from the perspective of a nontechnical person who does want or need them.
You can build a surveillance camera on your own from available parts. So can I. The average user, on the other hand, finds that kind of effort difficult and does not see the benefits from the hardware. They are right; the version you build from a Raspberry Pi is likely to cost more, require more maintenance, and have fewer features than finding a company that mass-manufactures millions of dedicated devices. Even if they got one or used a prebuilt camera that only uses local network traffic to collect information, the server portion is inconvenient. If they have a camera on their house, they probably want to see through it when they are away from their house. The typical solutions to this challenge include making a VPN to your home network or renting a server and configuring it to allow remote access. Neither is convenient for someone who does not have servers already and doesn't know how to configure, secure, and maintain them.
Even if they did both of those things, some users may want certain information. For example, something to look for people approaching their house which notifies them, the ability to talk to a person at their door even if they're not home, and the ability to quickly share data from the camera with others if needed. A lot of that is difficult from a web app and would work better with native ones. Now we're into an area where it's not that quick for us to make that from scratch either and we'd likely look for an open source option, but the open source versions can't work with every device in existence because they don't have standard interfaces.
It is not surprising that people who want cameras end up buying the cheap products with software that can do what they want. It is disappointing that they do so from companies that have thoroughly violated their users' and everyone else's privacy. I hope that this is mostly down to ignorance of how bad companies like Ring have been for their users rather than failing to understand the consequences of Ring's actions. Still, we have to look at things from their perspective if we're going to fix things or even just correctly explain why they're doing the things we wouldn't.
-
Friday 26th April 2024 19:13 GMT Cris E
Still, we have to look at things from their perspective if we're going to fix things or even just correctly explain why they're doing the things we wouldn't.
I hope you mean understanding the customers. I'm not interested in Ring's logic behind not putting higher barriers between users and actual footage. And honestly I'm kind of surprised that either the fine was this low or that no one was indicted. Casual attitudes towards privacy invasions don't just occur at the Individual Contributor and Executive level when law enforcement won't act to deter. You think Amazon cares about $5m?
-
Friday 26th April 2024 21:16 GMT doublelayer
Yes, I mean the customers. I was replying to this sentiment:
"It astounds me how anyone (never mind that it is so many) thinks that cloud-connected CCTV on/in their home is a good idea..."
Sometimes, I feel the same thing. I don't want to use a thing and I just think that everyone who does must be wrong in some way. Telling people that they're wrong won't get anything done whether they are or not, and in most cases, the people who want a thing I don't have a reason why they wouldn't prefer the alternative that I do. If I want to change their minds or even understand why we have this difference in opinion, I have to look at it from their perspective.
The company's perspective is much easier to understand: they want money. Adding security to the code costs developer time, which means money. Adding security precautions to collected data slows down the work of anyone who has to access it, which costs money. Reviewing those who abused it would take time and might result in firings, and then they'd have to hire someone else, and that costs money. So they do as little of those things as they can.
-
Monday 29th April 2024 10:32 GMT werdsmith
It astounds me how anyone (never mind that it is so many) thinks that cloud-connected CCTV on/in their home is a good idea...
It's often a very good idea. It astounds me that so many people think this world is all about them and their personal requirements. Barely able to understand that people do things differently to them.
I monitor the side path alongside my house, where there has been criminal activity in the not so distant past. If people want to watch me put my bins out, I really could not care less.
-
-
-
Sunday 28th April 2024 08:02 GMT MachDiamond
"If they have a camera on their house, they probably want to see through it when they are away from their house."
I get around all of that by being on good terms with my neighbors. Not all of them, but the good ones. When I'm going to be out for a few days, I let them know I'll be gone. Chances are that the last thing I'll be doing when away is looking through those cameras everytime there's a message sent to my phone (which I try to keep from happening at all). After all, I'm away for a reason and likely doing that thing. If my neighbor spots something, they can see if it's prudent to call the police better than I can from what I can see through a fish-eye lens.
I do have local cameras so I can see out without letting anybody know I'm home and decide if I want to open the door or not. All deliveries are set up to go to the post office so I don't have that going on. The rest of the time somebody comes by, they want to sell me something (roofing, a religion, redemption through charitable giving, etc). I can't be bothered to put on presentable attire for any of that. I need to make a new "piss off" sign to put up to hopefully dissuade people from knocking.
-
-
Thursday 25th April 2024 23:14 GMT David 132
I have multiple cameras on my property. If Chinese hackers or anyone else intercept the video stream, they'll get lovely images of goats frolicking, ducks nesting & sleeping, and an occasional labrador galloping down a field like the big brainless doofus that he is.
Camera inside my house or pointing at anything identifiable? Not a smegging chance.
-
-
-
Thursday 25th April 2024 21:36 GMT David 132
Paypal?
FTFA: "These payments will be sent via PayPal (yes, really) to 117,044 accounts."
Oh, so there'll be a wave of totally legitimate "DeaR siR this is Papyal click HEER and enter ur bank deetails to claim ur refund" spam emails incoming to a mail server near you then.
Didn't really think this through, did they?
-
-
-
-
Friday 26th April 2024 07:17 GMT Mike 137
Re: And for the people....
"Just because something is in the T&C does not make it legal"
But unfortunately, its being illegal doesn't stop people doing it, and policing of this kind of thing is very hard. What's needed is a change of ethics - both corporate and personal - but don't hold your breath waiting for that.
-
-
-
Thursday 25th April 2024 23:07 GMT Anonymous Coward
5.6 Million
I like to think that figure was out by a factor of 1000, considering what a breach of trust and privacy this is.
And a few executives put in prison for failure to run a company properly and encouraging criminal behaviour amongst employees. (they failed to have effective processes in place to stop it)
If the government can get so jumped up about tik-tok then they should be taking these people to the cleaners, naming and shaming, and shutting down the entire shop.
Does this only affect US customers, or is it a world wide thing?
Mainstream media take note.
-
Friday 26th April 2024 01:05 GMT sarusa
"rogue insider"
"rogue insider"
Yeah, as the rest of the article makes quite clear, this was just normal practice for Ring employees and contractors. As was stunningly obvious from the start - if you give minimum wage grunts (or maximum wage incels) the ability to look at naked people on cameras, they will do so enthusiastically. And I'm sure they were passing the best clips around. But Ring just didn't care, why should they?
-
Friday 26th April 2024 08:55 GMT GioCiampa
Re: "rogue insider"
Nothing new there...
Back in the day, I worked for a company that developed photos for Truprint (amongst others), and films with "interesting" photos were regularly being reprinted if spotted early enough in the process (usually by those operating the development machines letting someone in the printroom know what batch/film numbers to look out for). Legend had it there were multiple lockers in one of the corridors that were full of the stuff...
I'd love to know what modern-day GDPR sensibilities would have made of the fact that (during a period where my job was to ensure the printed output matched the negatives) I would, alongside the "holiday photos", also see photos processed for the police (crime scenes) or medics (including close-up gynaecological) - sometimes both (one specific case of a man with a rather large hole where part of his skull ought to have been comes to mind). I imagine that in this digital age that wouldn't happen, but I was surprised that it happened even then.
-
Friday 26th April 2024 14:48 GMT John Brown (no body)
Re: "rogue insider"
I think it's a difference of scale and "convenience", as with much of the outrage over many things these days that have always happened. When it involved an individual having to make some effort to copy "data" and distribute it on a small scale to friends and colleagues, while still outrageous, it really was quite localised. In the digital age, one person can collect data on 1000's if not millions of people and distribute it world wide with a few button clicks. See also data scraping in general and "right to forget" type laws. It's always been possible to get this data but it previously required time and expense, often physically visiting local councils, newspaper offices, buying out of area phone directories etc. In the digital age, it's almost trivial to collect all that data and so much more at almost zero cost.
Those "saucy" photos copied at the photo lab, while wrong and an abuse of trust, probably never made it into the awareness of the victims or their friends and family. Nowadays, they'll probably end up on Twitter, Pornhub, etc and people often do get directly and obviously hurt by it. I'm not defending anything here, just pointing out the logistics make it far more likely to have a serious effect rather than some "innocent fun".
-
-
-
Sunday 28th April 2024 08:09 GMT Richard 12
Re: "rogue insider"
Ring do security cameras too.
There will absolutely be times people wandered through a camera view in a state they didn't want anyone to see.
If they realised at all then they'd probably just "delete" the clips via the app later, and have no idea that everyone at Ring could have watched it.
-
-
-
Friday 26th April 2024 11:56 GMT Bebu
So I now know the exact value of my privacy.
USD50.00. If you don't know the difference between value and worth then ask yourself how much do you think you should receive.
The worth of most things don't have a definable value.
Not that I would deploy any tech anything like this but there is no excuse technically for such a service storing unencrypted footage (AV recordings) on remote servers.
All the remote side should be doing is time stamping and signing the encrypted footage received from the user before storing it. (An honest job for distributed ledgers for a change.)
The cryptographic material should remain with or at least under the control of the user who can provide access to required keys for legitimate parties to view relevant recordings.
Losing or destroying the keys effectively destroys any recordings using those keys and any copies.