Reports Suggest Ring Allowed Employees Unfettered Access to Customer Camera Feeds

[notabadname]

It is certainly not good news. But, I’m also not worried about it. I just don’t do anything thrilling out in front of my front door. And If I did, it could be viewed (and filmed) by the neighbors across the street. My “expectation of privacy” is pretty low out on my sidewalk. But still, such video should not be viewed or mined for data by by the company I am contracting to store it for me without my express, and very clear, consent.

 

[The Barron]

Like Alexa, I'll add this to a list of things I don't want in my house.

Not even a chance of Alexa or any voice activated "smart" assistant ever being in this house! Amazon is insidious when it comes to person invasion with their many nifty devices. hah!
[doublepost=1547183841][/doublepost]

I always try to limit the apps I download to my phone for this reason. Sometimes, you can't avoid it.

It's Amazon though. Are we surprised?

Look at their leader!

Their leader is going to need to raise serious coin as his divorce settlement certainly sets a new world record seeing he was married prior to Amazon! Whew.

 

[Jamers99]

I don't own one but planned to buy a Ring this year. Not now. Forget it.

 

[ignatius345]

doesnt surprise me. i use arlo cameras around my main mansion in the hills. **** amazon.

Lol your “main mansion”. Sure. Thanks for sharing.

 

[Localcelebrity]

So, I think we can pretty safely assume the HomeKit support isn’t coming at this point right?

 

[merik]

I always wondered when this would finally get reported. I used to work for Ring and I can say this is true... we actually had to hide the employees that had the issue when Amazon came to the office when they were looking to acquire us. I was always weirded out on them having access for research and development without explicit permission.

 

[dilbert99]

This is why I run my own private cloud. Synology running Surveillance Station and the only way to access is to VPN in and connect.

Anything that sends your videos to a cloud means people can view everything going on, who knows how many employees do this for kicks etc.

In most companies, staff access is audited. Access content when you have no need to and you will be sacked.
In research in AI, you need real data to build the models, but that doesn't necessarily mean that companies should be using customers data without permission.
Its not really much of a story, staff couldn't possibly watch every minute of every bit of footage.

 

[tennisproha]

This is why I masturbate in front of my Ring exclusively. Hey Jamie

 

[GadgetBen]

This is a massive data breach and should be international news.

 

[eddjedi]

People can't have it both ways. You either have cameras everywhere in/outside your house, or privacy. It's pretty simple.

 

[MacBH928]

Not sure when people will understand not to trust companies with their personal lives. Not the KGB nor the Mossad have thought that people willingly will pay with their money and install spying devices in their home with a smile on their faces.

Time to disconnect, this multimedia data collecting, storing, sharing, never deleting and also hackable is just not right. I would like to go back to the 90s when a TV just display video and a calculator just did math, not record your body temperature by touch or your family arguments via a secret microphone.

 

[sirozha]

We have thirteen 4K resolution cameras around our property. The Ring doorbell is just an "extra" camera. I purchased it for the convenience of being notified quickly when someone was at the front door plus the ability to record audio and talk to the person.

What I did NOT purchase it for is to allow Ring and its employees unfettered access to my doorbell's camera feed (and, presumably, audio feed too). That is INVASION OF PRIVACY as far as I'm concerned.

I will be removing our Ring doorbell and I will be contacting the company to seek a full refund. If they refuse, I will file a lawsuit in small claims court to seek reimbursement for the cost of the doorbell plus court costs.

Mark

What cameras are you using?
[doublepost=1547203614][/doublepost]

Not sure when people will understand not to trust companies with their personal lives. Not the KGB nor the Mossad have thought that people willingly will pay with their money and install spying devices in their home with a smile on their faces.

Time to disconnect, this multimedia data collecting, storing, sharing, never deleting and also hackable is just not right. I would like to go back to the 90s when a TV just display video and a calculator just did math, not record your body temperature by touch or your family arguments via a secret microphone.

What did Mossad do to you? Whatch too many TV dramas?

 

[iapplelove]

This is a massive data breach and should be international news.

What data do they have of mine? They can peak into some videos they I erase daily... big deal.

Hell equifax didn’t even get international news and that’s the biggest heist ever

 

[rols]

It is certainly not good news. But, I’m also not worried about it. I just don’t do anything thrilling out in front of my front door. And If I did, it could be viewed (and filmed) by the neighbors across the street. My “expectation of privacy” is pretty low out on my sidewalk. But still, such video should not be viewed or mined for data by by the company I am contracting to store it for me without my express, and very clear, consent.

Except that Ring employees have access to the cameras which people put inside as well as out. If you only have Ring outside, yeah not much to be worried about, if you have them dotted around the house too, perhaps a different expectation of privacy.

 

[travelsheep]

This technology is going onto the wall.

 

[MoreRumors?]

Ring do not need to access the customer's video to "improve" facial and object recognition. They could easily ask their own employees to volunteer to have it installed at their own homes or install it at all of the Amazon warehouses. So how does that sound Amazon?
[doublepost=1547206732][/doublepost]

So Amazon can watch the porch thief make off with your delivery and get a replacement on the way before you even miss it. Sounds like a great feature.

That is a great point!

 

[MikeTHIS]

I have two and they’re outside my home. I don’t feel the need to have inside monitoring - so if they want to watch the random animals run past the cameras be my guest.

Also, typically when there’s a story like this things change a little.

When you have connected devices (and it seems there’s a lot of them these days) privacy gets less and less. It’s like some movies predicted everything about society today......

 

[Morgenland]

Guess I should stop walking around naked on my front porch where my ring doorbell might see me.

To avoid a dispute about your attractiveness between the data processing companies/agencies?
Better keep me out of this ;-)

 

[[AUT] Thomas]

Not related to this story, but I've owned a Ring since the very early days of the company. 100% of the credentials sent from the camera to the server are sent plaintext HTTP :/

It sucks when you see behind the curtain on the products you like.

While I'm in for a free market, I think there needs to be a law that enforces that passwords (authentication data) are

• Are always stored hashed and salted. That becomes the "master hash"
  
• Based on that use challenge authentication, rather than transmitting the password or master hash.
• Transmitted via TLS 1.2 /w FS or higher on production equipment

So, neither the password nor the master hash are actually transmitted -except at password change.

It's that simple. As such penalties should be high.

Also, all IoT and network things must enforce password change at setup...
That alone would solve 90% of the botnet and IoT security issues.

 

[HQuest]

Odd... I own a Ring doorbell for well over 5 years and every single time data was sent out from the camera, activity was detected in front of it - exactly as it was configured to. I do run my very own closed home network, with same enterprise grade equipment and software you will find on many Fortune 500 companies, so I monitor every bit coming in or going out. The camera was never trigged by itself, so this misinterpretation of information is rubbish.

On the cloud side, however, is where things get uh, cloudy. There is no way to guarantee who access my camera videos. Last I asked for Ring support help, they too sent a request for access to my images, which I’m perfectly fine with: what is the point for you to put in a surveillance system if it is private? If you need to share footage with law enforcement, you wouldn’t because it is only for you to see?

One might counter argue saying “Ring is not a law enforcement” or “they have no business looking at my videos” and I agree. That’s why you are the silly one having public cameras recording private areas. A public service should only get public data: anyone can walk by and look outside my four walls and roof. That’s the extent of public security cameras. Get them on the outdoors, looking at driveways, porches, external doors, sheds, you name it. Make them no much different to the footage satellites are already capturing and you cannot opt out from them either.

It is not the technology that is bad, is the misconception and ignorance that makes it look bad.

 

[Morgenland]

While I'm in for a free market, I think there needs to be a law that enforces that passwords (authentication data) are

• Are always stored hashed and salted. That becomes the "master hash"
  
• Based on that use challenge authentication, rather than transmitting the password or master hash.
• Transmitted via TLS 1.2 /w FS or higher on production equipment

So, neither the password nor the master hash are actually transmitted -except at password change.

It's that simple. As such penalties should be high.

Also, all IoT and network things must enforce password change at setup...
That alone would solve 90% of the botnet and IoT security issues.

Technically, you're close, as far as I can tell.

Companies that are too small and unknown to suffer from obvious security sloppiness can survive such things.
Even front face companies where data whoring is a central part of the business model survive such things within their business models (Skype/Windows/Microsoft; Facebook; GooglePay etc). With these companies, you know where you stand.

However, if a company is well known and serves markets that depend on trust, dirty programming could damage that company so much that internal strategic risk management prioritizes data security.

This is currently happening at Apple.
Obviously, they want to enter new markets that have long been lost for privacy traitors 'companies'.
Apple's best-known products in preparation are currently Autonomous Driving, Health, Banking.
If Apple doesn't make mistakes like Blackberry did back (who stood there from one day to the next as a liar) then it can generate immense capital and outpace all the disgusting data espionage companies for advertising and governments.

 

[laptech]

You will find that the reason the Ring employees are using customers video data to identify 'targets' is so as the technology used in the devices improves, the camera will be able to independently scan a customers property and pick out ad related targets. The example's shown in the article are showing Ring employees training the software on what to look for by putting boxes around them. Once the designers are happy that the system works, customers will be asked to update their Ring devices and what they will find is that unbeknown to the them, the camera is working behind the scenes looking for stuff they can target adverts to the customer on their mobiles or computer.

So for example, if the camera is in the living room, it will scan items that amazon sell and will send email ad's to the customer.

Companies such a Ring will always use the excuse that it is doing what it is doing because of improving safety for it's customers. Which is total BS because time and time again, companies keep getting caught out selling customer data to 3rd party advertising companies.

 

[kemal]

Anything and everything in the name of selling you s-.

 

[827538]

This is why if I’m installing home cameras I would store the data locally.

Ubiquiti has some great stuff for this, bit more cost and setup but it means not dealing with shady companies like this.

 

[Piggie]

This is why I masturbate in front of my Ring exclusively. Hey Jamie

Ahhh, I wondered who I was watching !!!!