top | item 47024273

(no title)

m348e912 | 14 days ago

I know Ring is getting a bad rap for enabling state level surveillance, but the Ring app offers an option to enable end-to-end encryption between the camera and your phone.

The stored video is encrypted with key generated on your phone. You have to be physically close to the camera in order to share the key and complete the set-up. Once encrypted, the video can't be analyzed by AI or used in a broad surveillance effort.

It's entirely possible that the encryption keys have a backdoor, but I doubt it. Although there is no way to verify.

discuss

sillywabbit|14 days ago

End-to-end encryption only means something if you trust the endpoints.

rvnx|14 days ago

They often also tend to call HTTPS end-to-end encryption

https://aws.amazon.com/blogs/media/securing-your-origin-for-...

even Amazon Web Services:

    Benefits of using HTTPS connections:
    HTTPS provides end-to-end encryption

ivan_gammel|14 days ago

When national interests require that, it can get a firmware update which sends a copy of data to comrades in U.S. Ministerium für Staatssicherheit even before that e2e encrypted copy reaches your phone.

unknown|14 days ago

[deleted]

SV_BubbleTime|14 days ago

>enable end-to-end encryption between the camera and your phone.

So… exactly not the part I care about?

Cool, it’s encrypted on transit to me… now what about at rest with them? Is it encrypted and they absolutely can not view or hand that footage to police/gov? No.

m348e912|14 days ago

> Cool, it’s encrypted on transit to me… now what about at rest with them? Is it encrypted and they absolutely can not view or hand that footage to police/gov? No.

Technically yes, e2e encryption means video hosted on their servers is only viewable by devices with decryption keys. So if the police/gov brought a subpoena to request the video, Ring could only offer them the encrypted video. They would have to take possession of your phone and gain access in order to decrypt and view the video.

In this case the "ends" in the e2e encryption is the camera and your phone.

drnick1|14 days ago

Who has the keys of the encryption algorithm?

m348e912|11 days ago

For a Ring user, the keys are generated on your phone via the Ring app. So technically just the user/owner. However there is no certainty that Ring can't obtain access to the keys, just like crypto wallet maker Exodus could decide one day to retrieve private keys from their user's wallets with a software update.