Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Reports Suggest Ring Allowed Employees Unfettered Access to Customer Camera Feeds

It is certainly not good news. But, I’m also not worried about it. I just don’t do anything thrilling out in front of my front door. And If I did, it could be viewed (and filmed) by the neighbors across the street. My “expectation of privacy” is pretty low out on my sidewalk. But still, such video should not be viewed or mined for data by by the company I am contracting to store it for me without my express, and very clear, consent.
 
  • Like
Reactions: Ifti
lunarworks said:
Like Alexa, I'll add this to a list of things I don't want in my house.
Click to expand...
Not even a chance of Alexa or any voice activated "smart" assistant ever being in this house! Amazon is insidious when it comes to person invasion with their many nifty devices. hah!
[doublepost=1547183841][/doublepost]
Baymowe335 said:
I always try to limit the apps I download to my phone for this reason. Sometimes, you can't avoid it.

It's Amazon though. Are we surprised?

Look at their leader!
Click to expand...
Their leader is going to need to raise serious coin as his divorce settlement certainly sets a new world record seeing he was married prior to Amazon! Whew.
 
  • Like
Reactions: Baymowe335
I always wondered when this would finally get reported. I used to work for Ring and I can say this is true... we actually had to hide the employees that had the issue when Amazon came to the office when they were looking to acquire us. I was always weirded out on them having access for research and development without explicit permission.
 
Last edited:
hugodrax said:
This is why I run my own private cloud. Synology running Surveillance Station and the only way to access is to VPN in and connect.

Anything that sends your videos to a cloud means people can view everything going on, who knows how many employees do this for kicks etc.
Click to expand...
In most companies, staff access is audited. Access content when you have no need to and you will be sacked.
In research in AI, you need real data to build the models, but that doesn't necessarily mean that companies should be using customers data without permission.
Its not really much of a story, staff couldn't possibly watch every minute of every bit of footage.
 
People can't have it both ways. You either have cameras everywhere in/outside your house, or privacy. It's pretty simple.
 
  • Like
Reactions: Morgenland
Not sure when people will understand not to trust companies with their personal lives. Not the KGB nor the Mossad have thought that people willingly will pay with their money and install spying devices in their home with a smile on their faces.

Time to disconnect, this multimedia data collecting, storing, sharing, never deleting and also hackable is just not right. I would like to go back to the 90s when a TV just display video and a calculator just did math, not record your body temperature by touch or your family arguments via a secret microphone.
 
  • Like
Reactions: eddjedi
Mark Booth said:
We have thirteen 4K resolution cameras around our property. The Ring doorbell is just an "extra" camera. I purchased it for the convenience of being notified quickly when someone was at the front door plus the ability to record audio and talk to the person.

What I did NOT purchase it for is to allow Ring and its employees unfettered access to my doorbell's camera feed (and, presumably, audio feed too). That is INVASION OF PRIVACY as far as I'm concerned.

I will be removing our Ring doorbell and I will be contacting the company to seek a full refund. If they refuse, I will file a lawsuit in small claims court to seek reimbursement for the cost of the doorbell plus court costs.

Mark
Click to expand...
What cameras are you using?
[doublepost=1547203614][/doublepost]
MacBH928 said:
Not sure when people will understand not to trust companies with their personal lives. Not the KGB nor the Mossad have thought that people willingly will pay with their money and install spying devices in their home with a smile on their faces.

Time to disconnect, this multimedia data collecting, storing, sharing, never deleting and also hackable is just not right. I would like to go back to the 90s when a TV just display video and a calculator just did math, not record your body temperature by touch or your family arguments via a secret microphone.
Click to expand...
What did Mossad do to you? Whatch too many TV dramas?
 
notabadname said:
It is certainly not good news. But, I’m also not worried about it. I just don’t do anything thrilling out in front of my front door. And If I did, it could be viewed (and filmed) by the neighbors across the street. My “expectation of privacy” is pretty low out on my sidewalk. But still, such video should not be viewed or mined for data by by the company I am contracting to store it for me without my express, and very clear, consent.
Click to expand...

Except that Ring employees have access to the cameras which people put inside as well as out. If you only have Ring outside, yeah not much to be worried about, if you have them dotted around the house too, perhaps a different expectation of privacy.
 
Ring do not need to access the customer's video to "improve" facial and object recognition. They could easily ask their own employees to volunteer to have it installed at their own homes or install it at all of the Amazon warehouses. So how does that sound Amazon?
[doublepost=1547206732][/doublepost]
78Bandit said:
So Amazon can watch the porch thief make off with your delivery and get a replacement on the way before you even miss it. Sounds like a great feature.
Click to expand...
That is a great point!
 
  • Like
Reactions: Marekul
I have two and they’re outside my home. I don’t feel the need to have inside monitoring - so if they want to watch the random animals run past the cameras be my guest.

Also, typically when there’s a story like this things change a little.

When you have connected devices (and it seems there’s a lot of them these days) privacy gets less and less. It’s like some movies predicted everything about society today......
 
pdaholic said:
Guess I should stop walking around naked on my front porch where my ring doorbell might see me.
Click to expand...
To avoid a dispute about your attractiveness between the data processing companies/agencies?
Better keep me out of this ;-)

587605.jpg
 
Last edited:
  • Like
Reactions: pdaholic
Raineer said:
Not related to this story, but I've owned a Ring since the very early days of the company. 100% of the credentials sent from the camera to the server are sent plaintext HTTP :/

It sucks when you see behind the curtain on the products you like.
Click to expand...
While I'm in for a free market, I think there needs to be a law that enforces that passwords (authentication data) are
  • Are always stored hashed and salted. That becomes the "master hash"
  • Based on that use challenge authentication, rather than transmitting the password or master hash.
  • Transmitted via TLS 1.2 /w FS or higher on production equipment
So, neither the password nor the master hash are actually transmitted -except at password change.

It's that simple. As such penalties should be high.

Also, all IoT and network things must enforce password change at setup...
That alone would solve 90% of the botnet and IoT security issues.
 
Odd... I own a Ring doorbell for well over 5 years and every single time data was sent out from the camera, activity was detected in front of it - exactly as it was configured to. I do run my very own closed home network, with same enterprise grade equipment and software you will find on many Fortune 500 companies, so I monitor every bit coming in or going out. The camera was never trigged by itself, so this misinterpretation of information is rubbish.

On the cloud side, however, is where things get uh, cloudy. There is no way to guarantee who access my camera videos. Last I asked for Ring support help, they too sent a request for access to my images, which I’m perfectly fine with: what is the point for you to put in a surveillance system if it is private? If you need to share footage with law enforcement, you wouldn’t because it is only for you to see?

One might counter argue saying “Ring is not a law enforcement” or “they have no business looking at my videos” and I agree. That’s why you are the silly one having public cameras recording private areas. A public service should only get public data: anyone can walk by and look outside my four walls and roof. That’s the extent of public security cameras. Get them on the outdoors, looking at driveways, porches, external doors, sheds, you name it. Make them no much different to the footage satellites are already capturing and you cannot opt out from them either.

It is not the technology that is bad, is the misconception and ignorance that makes it look bad.
 
[AUT] Thomas said:
While I'm in for a free market, I think there needs to be a law that enforces that passwords (authentication data) are
  • Are always stored hashed and salted. That becomes the "master hash"
  • Based on that use challenge authentication, rather than transmitting the password or master hash.
  • Transmitted via TLS 1.2 /w FS or higher on production equipment
So, neither the password nor the master hash are actually transmitted -except at password change.

It's that simple. As such penalties should be high.

Also, all IoT and network things must enforce password change at setup...
That alone would solve 90% of the botnet and IoT security issues.
Click to expand...

Technically, you're close, as far as I can tell.

Companies that are too small and unknown to suffer from obvious security sloppiness can survive such things.
Even front face companies where data whoring is a central part of the business model survive such things within their business models (Skype/Windows/Microsoft; Facebook; GooglePay etc). With these companies, you know where you stand.

However, if a company is well known and serves markets that depend on trust, dirty programming could damage that company so much that internal strategic risk management prioritizes data security.

This is currently happening at Apple.
Obviously, they want to enter new markets that have long been lost for privacy traitors 'companies'.
Apple's best-known products in preparation are currently Autonomous Driving, Health, Banking.
If Apple doesn't make mistakes like Blackberry did back (who stood there from one day to the next as a liar) then it can generate immense capital and outpace all the disgusting data espionage companies for advertising and governments.
 
Last edited:
You will find that the reason the Ring employees are using customers video data to identify 'targets' is so as the technology used in the devices improves, the camera will be able to independently scan a customers property and pick out ad related targets. The example's shown in the article are showing Ring employees training the software on what to look for by putting boxes around them. Once the designers are happy that the system works, customers will be asked to update their Ring devices and what they will find is that unbeknown to the them, the camera is working behind the scenes looking for stuff they can target adverts to the customer on their mobiles or computer.

So for example, if the camera is in the living room, it will scan items that amazon sell and will send email ad's to the customer.

Companies such a Ring will always use the excuse that it is doing what it is doing because of improving safety for it's customers. Which is total BS because time and time again, companies keep getting caught out selling customer data to 3rd party advertising companies.
 
This is why if I’m installing home cameras I would store the data locally.

Ubiquiti has some great stuff for this, bit more cost and setup but it means not dealing with shady companies like this.
 
  • Like
Reactions: Morgenland
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back