As someone who tends to fall on the side of privacy more often than not, I'm actually not sure how I feel about facial recog+home security cameras.
I'm completely against any fully automated system where the police can have access to the camera's data.
But on the other hand, what if the system was implemented completely locally, and all with the owner's control and permission?
So your Ring app pops up and says "Hey, your local police department is looking for a suspect and your camera spotted them. Would you like to share the footage?".
So many petty crimes (e.g. home burglaries, car breakins, etc) go unsolved because the police just don't have the tools and resources to go after all those crimes. I have neighbors who've had their homes and cars broken into. It's a violating experience, and I think it's justified to want the perpetrators of those crimes caught and sentenced appropriately; at the very least to dissuade others.
Within the context of a well built, local, permissioned system, I'm not sure I'm against it.
Of course A) The likes of Amazon would never build such a system responsibly; they'd rather gobble up and abuse the data themselves. B) There are serious security concerns, as evidenced by TFA. C) Civil disobedience and similar acts are an important part of democratic society, and mass surveillance, responsible or not, threatens that. And finally, D) something which I think everyone misses when it comes to facial recognition systems ... they're still not very good. SOTA published recog systems make a mistake on 1 in 1000 faces (http://vis-www.cs.umass.edu/lfw/results.html), and that's on LFW which is fairly high quality. I'm sure FAANG does better, and SOTA will continue to improve quickly, but is that good enough for this kind of application?
>Ring cameras are basically being used as a gigantic police-partnered dragnet:
Isn't that sort of like saying humans are basically used as a gigantic police-partnered dragnet...seeing as our entire criminal system is primarily driven by eye witnesses of crimes?
Only what we know is eye-witnesses often have conflicting testimony, some will refuse to assist police officers (out of concern for their own safety or they just don't give a shit), and others outright lie.
For example, a UFC fighter's step-daughter was recently kidnapped and murdered (abducted right from a gas station)...video would later assist identify the suspect and lead to arrest, but also identify eye witnesses to the abduction (who never came forward because they "didn't want to get involved") but after the video identified the witnesses, their testimony ended up being important.
This is a very hyperbolic take. Police do not have access to the cameras, only the server stored footage, which is both optional to share and optional to even participate in.
I disagree that it is a 'dragnet'. That seems like an emotionally-colored take. It is camera owners voluntarily sharing footage with police when they request it. Citizens are allowed to lawfully film in many locations (their own homes, public spaces, etc.) and citizens are allowed to voluntarily exchange information they own with entities of their choosing.
I have no problem with this. I have ring cameras all around my property and so do most of my neighbors and it's already caught multiple people attempting breaking and stealing packages.
They get hacked because of poor password choices.
You are fighting against a changing tide and the benefits of the cameras vastly outweigh the privacy concerns.
Luckily, if you click on the link to the original article near the beginning of this article, there's a video clip from a local news outlet that offers a sure-fire way to avoid being hacked, from tech security "expert" Michelle Bordoff:
"Wired cannot be hacked."
"Someone has to be in your home, hardwired to your modem to see anything on your network."
Someone should let the world's governments and financial institutions know that all they need to do to stop hackers is stop using wireless servers.
If she hadn’t mentioned the word modem I’d be on board. An old fashioned analog camera wired directly to a VHS recorder would be a bitch to hack remotely right?
Am I mistaken, or is it not an accident that “podcast” rhymes with “broadcast”? I thought the whole metaphor behind the name was that these were essentially radio broadcasts except you listened to them on your iPod: podcasts. The fact that they weren’t generally live is simply due to the fact that electronic hardware and wireless internet weren’t up to the task at the time.
Now, calling live audio streams “podcasts” seems perfectly understandable and arguably even more faithful to the original idea because of the ubiquity of streaming media.
At some point we have to admit that passwords have not worked and the general public does not understand how to use them despite decades of education attempts. This problem would be entirely solved if they enforced the use of 2fa
I think "hacks" is a pretty strong word here. They're basically just brute forcing accounts with email and password combos that have been leaked from other sources.
It is the same headline as the "Did Disney+ get hacked?" stuff the other day. 10m+ credentials were available almost immediately because people re-use username/password combos across every site.
That's why I am pro-password managers. Even if they're imperfect, password re-use remains a major active threat (contrast that with a lot of theoreticals against password managers).
Around ten of my accounts' information has been leaked (inc. big ones like Adobe). But I don't re-use credentials so aside from an uptake in spam, it has had no impact. Typically these were services I haven't used in years.
Why is Ring allowing brute forcing? Individual cameras should be set to only allow logins at least a few seconds apart increasing up to several minutes and perhaps blocking IP addresses with excessive volume. If they're brute forcing Ring's servers an application firewall would catch and block this.
I read this and I'm not sure how to feel. This is the real world impact of devices that can actually impact our lives being internet accessible and with security that doesn't match.
That's not to say a simple password and email isn't secure enough, just that there's much bigger repercussions when your nest gets hacked as opposed to your GrubHub account.
Having your life compromised is never comfortable, but it's never less comfortable then when you suddenly realize you're being watched and having your home "invaded" in a potentially very personal way.
So if I understand it, the scenario is the digital equivalent of someone who uses a single key to fit every lock in their lives -- front door, back door, car door, ignition, safe deposit box, etc...
The key is stolen, possibly through no specific fault of the owner, and the owner may not realize it has even happened...
...and then these discord shock jocks go off and brute force these compromised email/password combinations until they stumble upon a working pair and then the hapless victim is subjected to the electronic analog of them unlocking the front door of their home and bursting into the living room yelling "hahaha gotcha, kill yourself!"
...all in order to increase their views/ratings.
I think it's just a shitty thing to do, but even more so when it involves children, or people who have no control over the cameras (like animal shelter workers)... I suppose _maybe_ if they made an effort to alert the owner first, an email "hey we have your u/p, if you don't change it in 72 hours you're going to be on our show"...
I think the nulledcast crew ought to take a lesson from Jon Stewart: BE A FUCKING PERSON ... think about how shitty what you're doing is, and no, the fact that these people are saps with insecure logins does not mean they deserve this.
Just heard about this on the radio eating breakfast. The DJ said "so I guess you should be changing your passwords often if you want to protect your self. And also turn on uh... what was that thing starts with a 2? 2-something? Uhhh... yeah 2-fac-tor authentication... yeah. Do that."
The radio crew doesnt talk about computers very often so I thought the way they spoke was interesting.
I agree. Even "bad" 2FA (e.g. SMS) is better than nothing in this case. However, I suspect some would complain about needing to give a telephone number to use their new camera.
Being able to check on children remotely are not a small value to most working parents, or at least, not particularly smaller than most tech improvements in life.
[+] [-] kick|6 years ago|reply
Ring cameras are basically being used as a gigantic police-partnered dragnet:
Amazon’s Ring Planned Neighborhood “Watch Lists” Built on Facial Recognition
https://theintercept.com/2019/11/26/amazon-ring-home-securit...
If this provides a disincentivize to an average user buying Ring cameras, their immature 'prank' may have unintentionally helped the nation.
[+] [-] fpgaminer|6 years ago|reply
I'm completely against any fully automated system where the police can have access to the camera's data.
But on the other hand, what if the system was implemented completely locally, and all with the owner's control and permission?
So your Ring app pops up and says "Hey, your local police department is looking for a suspect and your camera spotted them. Would you like to share the footage?".
So many petty crimes (e.g. home burglaries, car breakins, etc) go unsolved because the police just don't have the tools and resources to go after all those crimes. I have neighbors who've had their homes and cars broken into. It's a violating experience, and I think it's justified to want the perpetrators of those crimes caught and sentenced appropriately; at the very least to dissuade others.
Within the context of a well built, local, permissioned system, I'm not sure I'm against it.
Of course A) The likes of Amazon would never build such a system responsibly; they'd rather gobble up and abuse the data themselves. B) There are serious security concerns, as evidenced by TFA. C) Civil disobedience and similar acts are an important part of democratic society, and mass surveillance, responsible or not, threatens that. And finally, D) something which I think everyone misses when it comes to facial recognition systems ... they're still not very good. SOTA published recog systems make a mistake on 1 in 1000 faces (http://vis-www.cs.umass.edu/lfw/results.html), and that's on LFW which is fairly high quality. I'm sure FAANG does better, and SOTA will continue to improve quickly, but is that good enough for this kind of application?
So I'm torn.
[+] [-] throwaway_tech|6 years ago|reply
Isn't that sort of like saying humans are basically used as a gigantic police-partnered dragnet...seeing as our entire criminal system is primarily driven by eye witnesses of crimes?
Only what we know is eye-witnesses often have conflicting testimony, some will refuse to assist police officers (out of concern for their own safety or they just don't give a shit), and others outright lie.
For example, a UFC fighter's step-daughter was recently kidnapped and murdered (abducted right from a gas station)...video would later assist identify the suspect and lead to arrest, but also identify eye witnesses to the abduction (who never came forward because they "didn't want to get involved") but after the video identified the witnesses, their testimony ended up being important.
[+] [-] ActorNightly|6 years ago|reply
[+] [-] dzhiurgis|6 years ago|reply
[+] [-] throwawaysea|6 years ago|reply
[+] [-] bobongo|6 years ago|reply
[+] [-] remotecool|6 years ago|reply
They get hacked because of poor password choices.
You are fighting against a changing tide and the benefits of the cameras vastly outweigh the privacy concerns.
[+] [-] 34679|6 years ago|reply
"Wired cannot be hacked."
"Someone has to be in your home, hardwired to your modem to see anything on your network."
Someone should let the world's governments and financial institutions know that all they need to do to stop hackers is stop using wireless servers.
[+] [-] stallmanite|6 years ago|reply
[+] [-] soylentcola|6 years ago|reply
Have media folks just started calling any streaming audio a "podcast" now?
[+] [-] gatherhunterer|6 years ago|reply
[+] [-] baddox|6 years ago|reply
Now, calling live audio streams “podcasts” seems perfectly understandable and arguably even more faithful to the original idea because of the ubiquity of streaming media.
[+] [-] tantalor|6 years ago|reply
https://en.wikipedia.org/wiki/Webcast
[+] [-] madenine|6 years ago|reply
[+] [-] tw1010|6 years ago|reply
[+] [-] mrcu5|6 years ago|reply
[+] [-] bronson|6 years ago|reply
Edit, further discussion (from 15 mins ago): https://news.ycombinator.com/item?id=21776250
[+] [-] baroffoos|6 years ago|reply
[+] [-] surround|6 years ago|reply
[+] [-] jaywalk|6 years ago|reply
[+] [-] Someone1234|6 years ago|reply
That's why I am pro-password managers. Even if they're imperfect, password re-use remains a major active threat (contrast that with a lot of theoreticals against password managers).
Around ten of my accounts' information has been leaked (inc. big ones like Adobe). But I don't re-use credentials so aside from an uptake in spam, it has had no impact. Typically these were services I haven't used in years.
[+] [-] michaeloder|6 years ago|reply
[+] [-] unknown|6 years ago|reply
[deleted]
[+] [-] draw_down|6 years ago|reply
[deleted]
[+] [-] beshrkayali|6 years ago|reply
[+] [-] wronglebowski|6 years ago|reply
That's not to say a simple password and email isn't secure enough, just that there's much bigger repercussions when your nest gets hacked as opposed to your GrubHub account.
[+] [-] angry-sw-dev|6 years ago|reply
So if I understand it, the scenario is the digital equivalent of someone who uses a single key to fit every lock in their lives -- front door, back door, car door, ignition, safe deposit box, etc...
The key is stolen, possibly through no specific fault of the owner, and the owner may not realize it has even happened...
...and then these discord shock jocks go off and brute force these compromised email/password combinations until they stumble upon a working pair and then the hapless victim is subjected to the electronic analog of them unlocking the front door of their home and bursting into the living room yelling "hahaha gotcha, kill yourself!"
...all in order to increase their views/ratings.
I think it's just a shitty thing to do, but even more so when it involves children, or people who have no control over the cameras (like animal shelter workers)... I suppose _maybe_ if they made an effort to alert the owner first, an email "hey we have your u/p, if you don't change it in 72 hours you're going to be on our show"...
I think the nulledcast crew ought to take a lesson from Jon Stewart: BE A FUCKING PERSON ... think about how shitty what you're doing is, and no, the fact that these people are saps with insecure logins does not mean they deserve this.
[+] [-] jacobwilliamroy|6 years ago|reply
The radio crew doesnt talk about computers very often so I thought the way they spoke was interesting.
[+] [-] boatswain|6 years ago|reply
Given the sensitive nature of cameras in homes, I think Ring should require 2FA.
[+] [-] Someone1234|6 years ago|reply
[+] [-] ActorNightly|6 years ago|reply
Easier to remember, and more secure.
[+] [-] LinuxBender|6 years ago|reply
[+] [-] dmschulman|6 years ago|reply
https://abcnews.go.com/US/ring-security-camera-hacks-homeown...
[+] [-] annoyingnoob|6 years ago|reply
[+] [-] unknown|6 years ago|reply
[deleted]
[+] [-] cryptozeus|6 years ago|reply
[+] [-] danso|6 years ago|reply
[+] [-] Muuuchem|6 years ago|reply
[deleted]
[+] [-] dang|6 years ago|reply
[+] [-] Wordball|6 years ago|reply
[+] [-] OrgNet|6 years ago|reply