back to article Ring dinged for $5.6M after, among other claims, rogue insider spied on 'pretty girls'

The FTC today announced it would be sending refunds totaling $5.6 million to Ring customers, paid from the Amazon subsidiary's coffers. The windfall stems from allegations made by the US watchdog that folks could have been, and were, spied upon by cybercriminals and rogue Ring workers via their Ring home security cameras. The …

  1. Yorick Hunt Silver badge
    Boffin

    If they were startled by this, they should have a look at Foscam (and its derivatives/clones, including Swan).

    1. cyberdemon Silver badge
      Big Brother

      It astounds me how anyone (never mind that it is so many) thinks that cloud-connected CCTV on/in their home is a good idea...

      1. doublelayer Silver badge

        If we start with the idea that they want cameras at all, and some people clearly do or the open source and private options mentioned in the first comment wouldn't exist, it isn't that surprising that a lot of users ended up with proprietary cloud-based versions. I don't want any cameras, and I'm fortunate not to need any, but let's consider this from the perspective of a nontechnical person who does want or need them.

        You can build a surveillance camera on your own from available parts. So can I. The average user, on the other hand, finds that kind of effort difficult and does not see the benefits from the hardware. They are right; the version you build from a Raspberry Pi is likely to cost more, require more maintenance, and have fewer features than finding a company that mass-manufactures millions of dedicated devices. Even if they got one or used a prebuilt camera that only uses local network traffic to collect information, the server portion is inconvenient. If they have a camera on their house, they probably want to see through it when they are away from their house. The typical solutions to this challenge include making a VPN to your home network or renting a server and configuring it to allow remote access. Neither is convenient for someone who does not have servers already and doesn't know how to configure, secure, and maintain them.

        Even if they did both of those things, some users may want certain information. For example, something to look for people approaching their house which notifies them, the ability to talk to a person at their door even if they're not home, and the ability to quickly share data from the camera with others if needed. A lot of that is difficult from a web app and would work better with native ones. Now we're into an area where it's not that quick for us to make that from scratch either and we'd likely look for an open source option, but the open source versions can't work with every device in existence because they don't have standard interfaces.

        It is not surprising that people who want cameras end up buying the cheap products with software that can do what they want. It is disappointing that they do so from companies that have thoroughly violated their users' and everyone else's privacy. I hope that this is mostly down to ignorance of how bad companies like Ring have been for their users rather than failing to understand the consequences of Ring's actions. Still, we have to look at things from their perspective if we're going to fix things or even just correctly explain why they're doing the things we wouldn't.

        1. Cris E

          Still, we have to look at things from their perspective if we're going to fix things or even just correctly explain why they're doing the things we wouldn't.

          I hope you mean understanding the customers. I'm not interested in Ring's logic behind not putting higher barriers between users and actual footage. And honestly I'm kind of surprised that either the fine was this low or that no one was indicted. Casual attitudes towards privacy invasions don't just occur at the Individual Contributor and Executive level when law enforcement won't act to deter. You think Amazon cares about $5m?

          1. doublelayer Silver badge

            Yes, I mean the customers. I was replying to this sentiment:

            "It astounds me how anyone (never mind that it is so many) thinks that cloud-connected CCTV on/in their home is a good idea..."

            Sometimes, I feel the same thing. I don't want to use a thing and I just think that everyone who does must be wrong in some way. Telling people that they're wrong won't get anything done whether they are or not, and in most cases, the people who want a thing I don't have a reason why they wouldn't prefer the alternative that I do. If I want to change their minds or even understand why we have this difference in opinion, I have to look at it from their perspective.

            The company's perspective is much easier to understand: they want money. Adding security to the code costs developer time, which means money. Adding security precautions to collected data slows down the work of anyone who has to access it, which costs money. Reviewing those who abused it would take time and might result in firings, and then they'd have to hire someone else, and that costs money. So they do as little of those things as they can.

            1. werdsmith Silver badge

              It astounds me how anyone (never mind that it is so many) thinks that cloud-connected CCTV on/in their home is a good idea...

              It's often a very good idea. It astounds me that so many people think this world is all about them and their personal requirements. Barely able to understand that people do things differently to them.

              I monitor the side path alongside my house, where there has been criminal activity in the not so distant past. If people want to watch me put my bins out, I really could not care less.

        2. MachDiamond Silver badge

          "If they have a camera on their house, they probably want to see through it when they are away from their house."

          I get around all of that by being on good terms with my neighbors. Not all of them, but the good ones. When I'm going to be out for a few days, I let them know I'll be gone. Chances are that the last thing I'll be doing when away is looking through those cameras everytime there's a message sent to my phone (which I try to keep from happening at all). After all, I'm away for a reason and likely doing that thing. If my neighbor spots something, they can see if it's prudent to call the police better than I can from what I can see through a fish-eye lens.

          I do have local cameras so I can see out without letting anybody know I'm home and decide if I want to open the door or not. All deliveries are set up to go to the post office so I don't have that going on. The rest of the time somebody comes by, they want to sell me something (roofing, a religion, redemption through charitable giving, etc). I can't be bothered to put on presentable attire for any of that. I need to make a new "piss off" sign to put up to hopefully dissuade people from knocking.

      2. David 132 Silver badge

        I have multiple cameras on my property. If Chinese hackers or anyone else intercept the video stream, they'll get lovely images of goats frolicking, ducks nesting & sleeping, and an occasional labrador galloping down a field like the big brainless doofus that he is.

        Camera inside my house or pointing at anything identifiable? Not a smegging chance.

        1. Anonymous Coward
          Anonymous Coward

          That’s nice

          Where can I get the feed? Sounds like just the thing to while away some hours.

          1. Not-P

            Re: That’s nice

            Contact Ring technical support.

  2. David 132 Silver badge
    Facepalm

    Paypal?

    FTFA: "These payments will be sent via PayPal (yes, really) to 117,044 accounts."

    Oh, so there'll be a wave of totally legitimate "DeaR siR this is Papyal click HEER and enter ur bank deetails to claim ur refund" spam emails incoming to a mail server near you then.

    Didn't really think this through, did they?

    1. Gene Cash Silver badge

      Re: Paypal?

      Yeah, and is Paypal getting a cut or a fee to distribute this money? If so, that's completely wrong.

  3. IGotOut Silver badge

    And for the people....

    .that were illegally spying on people and those complicit init????

    1. Yorick Hunt Silver badge
      Facepalm

      Re: And for the people....

      Technically not illegal; the terms & conditions state that staff have access to everything.

      1. dwyermic

        Where did they get this Term / Condition?

        From the Horizon PO contract?

      2. I am David Jones Silver badge

        Re: And for the people....

        Voyeurism laws, perhaps? Just because something is in the T&C does not make it legal.

        1. Mike 137 Silver badge

          Re: And for the people....

          "Just because something is in the T&C does not make it legal"

          But unfortunately, its being illegal doesn't stop people doing it, and policing of this kind of thing is very hard. What's needed is a change of ethics - both corporate and personal - but don't hold your breath waiting for that.

          1. SundogUK Silver badge

            Re: And for the people....

            You don't like the human race, so you want to get a different one?

  4. Anonymous Coward
    Anonymous Coward

    5.6 Million

    I like to think that figure was out by a factor of 1000, considering what a breach of trust and privacy this is.

    And a few executives put in prison for failure to run a company properly and encouraging criminal behaviour amongst employees. (they failed to have effective processes in place to stop it)

    If the government can get so jumped up about tik-tok then they should be taking these people to the cleaners, naming and shaming, and shutting down the entire shop.

    Does this only affect US customers, or is it a world wide thing?

    Mainstream media take note.

    1. Pascal Monett Silver badge
      Trollface

      Re: If the government can get so jumped up about tik-tok

      Yeah but Tik-Tok is Chinese.

      Get with the program.

  5. Blackjack Silver badge

    Anyone still using Ring? Got bridge to sell you...

  6. sarusa Silver badge
    Devil

    "rogue insider"

    "rogue insider"

    Yeah, as the rest of the article makes quite clear, this was just normal practice for Ring employees and contractors. As was stunningly obvious from the start - if you give minimum wage grunts (or maximum wage incels) the ability to look at naked people on cameras, they will do so enthusiastically. And I'm sure they were passing the best clips around. But Ring just didn't care, why should they?

    1. GioCiampa

      Re: "rogue insider"

      Nothing new there...

      Back in the day, I worked for a company that developed photos for Truprint (amongst others), and films with "interesting" photos were regularly being reprinted if spotted early enough in the process (usually by those operating the development machines letting someone in the printroom know what batch/film numbers to look out for). Legend had it there were multiple lockers in one of the corridors that were full of the stuff...

      I'd love to know what modern-day GDPR sensibilities would have made of the fact that (during a period where my job was to ensure the printed output matched the negatives) I would, alongside the "holiday photos", also see photos processed for the police (crime scenes) or medics (including close-up gynaecological) - sometimes both (one specific case of a man with a rather large hole where part of his skull ought to have been comes to mind). I imagine that in this digital age that wouldn't happen, but I was surprised that it happened even then.

      1. John Brown (no body) Silver badge

        Re: "rogue insider"

        I think it's a difference of scale and "convenience", as with much of the outrage over many things these days that have always happened. When it involved an individual having to make some effort to copy "data" and distribute it on a small scale to friends and colleagues, while still outrageous, it really was quite localised. In the digital age, one person can collect data on 1000's if not millions of people and distribute it world wide with a few button clicks. See also data scraping in general and "right to forget" type laws. It's always been possible to get this data but it previously required time and expense, often physically visiting local councils, newspaper offices, buying out of area phone directories etc. In the digital age, it's almost trivial to collect all that data and so much more at almost zero cost.

        Those "saucy" photos copied at the photo lab, while wrong and an abuse of trust, probably never made it into the awareness of the victims or their friends and family. Nowadays, they'll probably end up on Twitter, Pornhub, etc and people often do get directly and obviously hurt by it. I'm not defending anything here, just pointing out the logistics make it far more likely to have a serious effect rather than some "innocent fun".

    2. Allan George Dyer
      Childcatcher

      Re: "rogue insider"

      @sarusa "naked people on cameras"

      People ringing your doorbell are very different from the people ringing my doorbell.

      1. Richard 12 Silver badge

        Re: "rogue insider"

        Ring do security cameras too.

        There will absolutely be times people wandered through a camera view in a state they didn't want anyone to see.

        If they realised at all then they'd probably just "delete" the clips via the app later, and have no idea that everyone at Ring could have watched it.

  7. Dagg Silver badge
    Joke

    Damaged self esteem

    So the Ugly Girls should also also get money because no one wanted to look at them... And this damaged their self esteem.

    1. Anonymous Coward
      Anonymous Coward

      Re: Damaged self esteem

      And what about us pretty boys, eh?

      1. jospanner Bronze badge

        Re: Damaged self esteem

        femboy subreddits got you covered

  8. Bebu

    So I now know the exact value of my privacy.

    USD50.00. If you don't know the difference between value and worth then ask yourself how much do you think you should receive.

    The worth of most things don't have a definable value.

    Not that I would deploy any tech anything like this but there is no excuse technically for such a service storing unencrypted footage (AV recordings) on remote servers.

    All the remote side should be doing is time stamping and signing the encrypted footage received from the user before storing it. (An honest job for distributed ledgers for a change.)

    The cryptographic material should remain with or at least under the control of the user who can provide access to required keys for legitimate parties to view relevant recordings.

    Losing or destroying the keys effectively destroys any recordings using those keys and any copies.

  9. aerogems Silver badge
    Holmes

    I mean... I know everything seems obvious in hindsight, but really, who the hell couldn't see this coming a mile off!? Best case scenario was always going to be people perving on others using the cameras.

  10. M.V. Lipvig Silver badge
    Trollface

    We know they never accessed MY cameras

    No reports of otherwise normal Ring employees suddenly going blind while screaming in terror.

    Plus I don't have any of them.

  11. Cris E

    This is why I only put my Ring cameras in other people's bedrooms. You never know who could be watching...

    1. MachDiamond Silver badge

      "You never know who could be watching..."

      Or listening. Audio can be much more useful for intelligence gathering. While you may have Ring employees spying on "customers", I'd worry even more about Ring performing analysis on what the mic is picking up.

  12. spacecadet66 Bronze badge

    Note to self: buy Ring system, patch in slideshow of my latest colonoscopy. Might get some free polyp checks that way too.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like