(no title)

Any problem is easy if you oversimplify it.

The cultural conceit of 'disruptors' is that society has made everything complicated and therefore society is 'ripe for disruption' which if you read between the lines means 'stupid'. Lack of respect means lack of care. Lack of care leads to injury (theirs, and/or ours).

You are right. It's not the tech. It's the arrogance.

From my knothole, legislation comes for things that aren't policing themselves adequately. I think what we are discovering is that there are a lot of domains where the old guard were self-policing to a degree, and the newcomers have absolutely no reverence for anything.

I expect it won't be long before you'll see industries taking a hard look at their internal culture, and then engaging in regulatory capture to keep out the disruptors.

The easiest way to keep someone out is to lock the door.

You can create penalties, punishments, hire security guards to watch the door. But the most efficient and effective way is just a lock.

I'm a strong proponent of both approaches. If surveillance infrastructure is in place, and all you have protecting you is law, it only takes one small change, or one warrant, to lose all your privacy (and you won't even find out about it). On the other hand, if the law forbids privacy, technological solutions won't withstand for very long, especially when you can be compelled to hand over your passwords or face jail.

This brought back memories of doing data entry for an insurance company as a teenager. I spent eight hours a day transcribing people's names, addresses, SSNs, and medical ailments, including all sorts of sexually transmitted diseases.

It's weird, now that I think about it. I was just some kid they hired as a temp. We've never really known who's looking at our private data.

I agree, there should be a legislative intervention here. These devices come out semi-regularly with no regard to security.

Best I could find[1] but I think the forum question is about having a NVR in another site with a VPN connection in between the site and camera.

[1] https://community.ui.com/questions/Are-Unifi-Video-streams-e...

Your confusion is around where the end is in this case. E2E would be encryption from the ring device to your other device being used to view the feed (your cellphone for instance). Part of the difficulty in that case is getting the encryption key securely transferred between the two devices without exposing it to anyone else (a non-trivial problem). Assuming that was done in this case Ring employees would only have access to the encrypted videos with no access to the decryption keys to actually view them.

E2E Encryption is usually referenced in messaging applications where the ends are understood to be the two communicating parties, while in this scenario it's a little more nebulous.

In short, yes, because end-to-end implies only a single producer and consumer have access to the data. Storage in the cloud wouldn't be an "end", and therefore it must be encrypted at that stage. The ends are 1) where the data is created by the device, and 2) wherever it is viewed on retrieval by the end user. While it's in the cloud it's still "in transit".

Facebook, if I recall correctly, at one point seemed to be trying to redefine the term to be "encrypted on its way to us and then back out again", which IMO is nothing short of propagandizing to confuse people, I assume to foil demand for real E2E encrypted products and gain unearned trust.

At least in Apple's case, they do not have the keys because it is encrypted by your devices and then uploaded. It is then only able to be read by your devices because they have the keys to un-encrypt it.

Please correct me if I am wrong, but Wyze doesn't actually encrypt the files they store, in their case end to end just means that the files are secure in transmission. Apple secure Video actually encrypts the files so they can't be viewed by Apple.

Wyze is using the term end-to-end wrong, which is very disappointing but not surprising. They are considering themselves an end, which changes the meaning in a way to make the term totally meaningless. The end in end-to-end is end users.

How is Ring better than a Wyze cam pointed at your front door? Genuinely curious. I have several Wyze cams but have never interacted with a Ring much other than pushing the bell button at someone else’s house.

The other end should be you too?

Unless you intend for someone else to oversee your surveillance operation, your footage shouldn't leave your premises unless encrypted, using keys which don't leave your possession. You enter them out-of-band on the device on which you wish to watch remotely.

Is there some implied benefit to not encrypting end-to-end or are they just being lazy and using nothing more than TLS because security isn't really the goal?

In this context, "end to end" means being encrypted between the camera and the user's devices they use to watch the camera, with the cloud service acting as an intermediary between the two, and unable to decrypt the data.