WingNews logo WingNews
top | item 47024790

(no title)

m348e912 | 14 days ago

> Cool, it’s encrypted on transit to me… now what about at rest with them? Is it encrypted and they absolutely can not view or hand that footage to police/gov? No.

Technically yes, e2e encryption means video hosted on their servers is only viewable by devices with decryption keys. So if the police/gov brought a subpoena to request the video, Ring could only offer them the encrypted video. They would have to take possession of your phone and gain access in order to decrypt and view the video.

In this case the "ends" in the e2e encryption is the camera and your phone.

discuss

order

Galanwe|14 days ago

I used to work for a well known communication app, the kind everyone here used. Couple things I learnt about "end to end encryption":

- You can call your service e2e encrypted even if every client has the same key bundled into the binary, and rotate it from time to time when it's reversed.

- You can call your service e2e encrypted even if you have a server that stores and pushes client keys. That is how you could access your message history on multiple devices.

- You can call your service e2e encrypted and just retrieve or push client keys at will whenever you get a government request.

m348e912|14 days ago

I just set it up e2e on Ring last week. It generates the a key and a word list (for backup) on your phone. You have to physically be in vicinity of the Ring camera to activate encryption on the camera. My impression is that Ring is truly offering a version of video collection which they can't access.

But I think your third point is valid, there is nothing stopping Ring from telling the app to share a user's keys and then give them to whoever is asking.

SV_BubbleTime|14 days ago

We already 100% know this is misleading though. Amazon has access to your ring footage.

They are acknowledging that the end to end TRANSIT is encrypted. They are not encrypting from themselves at rest.

m348e912|13 days ago

>They are not encrypting from themselves at rest.

They are encrypting at rest, that's my whole point and what everyone in this thread seems to be missing. When you turn on e2e, the video is not viewable anywhere but your phone. That's why you can no longer view your videos on ring.com and a myriad of ring features will no longer work.

https://ring.com/gb/en/support/articles/7e3lk/using-video-en...