My sisters bought a Ring camera for my parent's house. They asked me to install it. Before I did I said to my parents "Everything that happens in front of this camera is sent to a 3rd party. Police and others may be able to access this without your permission and you never really know who they are selling data to. Do you still want me to install it?"
They said No. It is still in the box on the counter after over 2 years.
Tell your parents a stranger somewhere faraway really, sincerely appreciates them. And you can tell them too, objectively, that they're 1 (or 2) in a million.
The Ring situation was already slimy, having smoothly accessible channels for LE to bypass customer's refusal to cooperate with informal footage requests. Live streaming at will, would really put things in perspective, exalting the morose, lone clinical cynic to an urban archetype.
I understand folks who are into traipsing through life before a perennial, unblinking audience of strangers. I've been afflicted with diseases myself. But foisting it on neighbors seems biblically ungood.
I know it's socially acceptable to mock and belittle snowballs, but I think this will be a big one.
Let me guess "opt-in" means checked by default and hidden 12 menus deep.
Or worse-yet, opt-in means "Hey our rates are going up, but not if you agree to this" (something comcast did recently).
Or opt-in is stored in some database somewhere and might "accidentally be misread" due to a "bug".
If they want real-opt-in then it should be a SMS message at the time they want to know, and a phone-number you can reach out to for more information. This would give an audit trail at the very least.
We have a number of Ring devices and are overall happy with them but your 12 menus deep comment is on the money.
Even workaday settings for devices are scattered haphazardly hither and thither through the many pages of their app’s interface and I regularly find myself having to Google for the location of settings.
It’s crying out for, at least, some sort of smart search box.
So “hard to find” for something like this is practically guaranteed.
I think there is an untapped market for providing "simplified" interface to important settings (e.g. privacy/security related) of various apps. Sort of a user-friendly settings-api for other apps' settings.
One of the best plugins I have in my browser automatically works through those cookie banners to select the least invasive option. The speed and way that it simplifies the process is fantastic.
But if everyone used that, wouldn’t it just encourage websites to get even more sleazy with those infernal cookie menus because instead of a human being forced to click through “performance cookies” vs. “cookies for ad targeting” vs. “cookies you really need” vs. “cookies you probably want” vs. “cookies that seem like the opposite thing to what they actually are” dark pattern web designs, your extension is hiding that burden (and sleaziness) from you.
It's a long time since I've visited the Oracle website but, the last time I did, which was sometime just pre- or early- pandemic for some work-related reason that I can no longer recall, I remember them doing exactly this. They had, without question, the most egregious cookie banner/popup combo I've ever encountered, and seemed to have deliberately engineered it to take minutes to "come back" if you chose to reject everything. Assholes.
Xfinity won't give folks in certain locales (maybe everywhere in the US?) unlimited bandwidth unless they use their modem/router. This seems like a good reason that practice should be illegal.
AzzyHN 19 days ago | parent | next [–]
If you want to remove the 1.2TB data cap, you can either pay $25/mo and get Xfinity's gateway router "included" OR pay $30/mo to use your own modem/router.
Yes, this is my take as well, and I think it's the correct one from both a technical and legal POV. It's one thing for the government to try to compel an organization or person to create a feature they want from scratch. They have made noises in that direction in the past (like the FBI vs Apple trying to invoke the All Writs Act) but it's been on very shaky ground, on both 1st and 13th Amendment grounds as well as others. But the government can be a lot more aggressive and courts a lot more permissive when it comes to merely making use of functionality that already exists. Even putting aside all the massive numbers of perverse incentives, but the thing is of course those shouldn't be put aside, we've seen this movie before over and over and over again. Once a feature exists that can generate a lot of direct revenue for a company and the only thing that keeps them from turning the knob up is "we're totally not evil cross our hearts!". Like holy shit, in 2025 who really goes "oh well it's opt-in!"
I think this particular one is pretty important to know about because a lot of people deploy Ring stuff almost by default, and some HNers (including me as it happens) have some level of influence or even control over it. I always meant to put some effort into updating my self-hosted security system efforts but this is a major kick in the butt. Have to know this exists and be able to offer solid credible alternatives.
Edit: to add a direct pertinent example, WE LITERALLY JUST HAD 5 DAYS AGO ON HN A 500+ COMMENT HUGE THREAD ON "Oakland cops gave ICE license plate data; SFPD also illegally shared with feds" [0]. And there are people really claiming "nothing to see here, move along, local and feds would totally never conspire to abuse anything in violation of the law let alone not in violation of the law"!?
I am less worried about local law enforcement. They will have little ability to strong arm Amazon and have oversight and regulation, as well as judicial review, even if it’s not always effective it’s always there.
DHS has become lawless, and they are eager to strong arm and over reach after having dismantled their own oversight and ignoring their own regulations. They are working hard to move fast and break the law faster than the law can keep up and the Supreme Court has made it very difficult to seek remedy. Because they are not doing criminal justice but instead civil administrative enforcement the web of oversight and review and stronger civil rights for criminal justice don’t apply. They have become the largest police force, militarized, and with enormous budget, latitude, and blank check support from the highest levels of political government.
They absolutely can strong arm Amazon into doing what they want, and absolutely will use Ring camera against their owners and neighbors.
In six months we created a secret police rivaling the KGB, gestapo, State Security Police, and SSD.
Ring already had this happen a dozen times with their own employees. Turns out giving random people access to other people's personal cameras is bad. Who would've thought?
Anyway, don't send potentially sensitive footage to a third party server.
In their minds, everyone is either a criminal or about to be the victim of a criminal. Developing this world view is a hazard of the job, and is completely understandable based on what they have to deal with every day. The problem is the lack of accountability from larger society, and their push back against that accountability under some mistaken narrative that it's everyone else with the warped world view.
You have to be totally naive to buy a Ring camera in the first place. Of course it will be used in ways you can't control, it uploads everything to "the cloud".
Dogwood bushes and Rose of Sharon grow rather quickly and make a nice "green screen". They lose some of their coverage in the winter, though, so you way want to mix in a row of evergreens for good measure.
I can't get past this comment without noting how invasive and aggressive spreading rose of sharon is, I'm constantly pulling out new growth due to my neighbor's plant. What a headache.
Chamaecyparis lawsoniana 'Columnaris'. Grows quite fast, at the rate of 8 in to 1 ft per year and stays green in the winter. We have a regulation regarding fence height. Whoever wants a higher fence uses this tree, it can grow up to 40 feet.
"thankfully" you can record your neighbors without their permission or knowing? You kinda sound like a creep, hopefully you're already known to the cops as a pervert.
But everyone else does, so what's the point? My privacy is always compromised because tech junkies (as opposed to techies) insist on indulging in stupid things like 21 and me, Gmail, or Ring and I get swept along with it.
The company sequences human DNA. The number in the name of the corp is the number of chromosomes in human DNA. I hope you and I both have more than 21 chromosomes…
It's time for regulation that no images of people may be retained for any commercial purpose without explicit permission of the person whose image is retained. Facial recognition performed on any person who has not granted explicit permission (or, in the case of government, against whom a search warrant has not been obtained) should be illegal. Nor shall any compressed version, broadly defined, of the data be retained (i.e., no training on any sort of facial or pose data without explicit permission of all whose images are used in training).
Penalties should be in the %s of revenue or company assets. Whistleblowers should receive large sums for identifying violations.
In a broader vein, it's time for regulation forbidding the retention or aggregation of any person's data for any commercial purpose other than the one most proximal to the actual transaction in which the person engaged, unless they explicitly opt in.
What would the latter mean? Among other things, targeted ads and recommendation systems would become illegal. Cross-user aggregation (or e.g., a company engaging in any user-longitudinal data analytics) would be illegal. In SQL language, ideally the only time you could do any query with a user ID returning multiple rows for further use would be to serve data directly back to the user. In the long run, such queries should be impossible by requiring something like a) per-user encrypted storage, b) user owned data, c) non-correlatable per-user IDs across transactions.
It will never happen because -- as noted in the article -- many folks in SillyCon valley and government are technofascists, but it should, because our current situation violates all reasonable notions of privacy.
The taliban actually have a fascinatingly (philosophically) based law where it’s illegal to photograph a living thing. I’m not sure about the reason. Maybe derived from the not being okay to depict Mohammed. But I kind of dig the concept especially for living things that can’t consent to be captured in images
both of my claims were subjective and thus not really refutable. As an outsider I think it is interesting, too. And think the flexibility is similar to many laws akin to what we have in the US via prosecutorial discretion
I should’ve included a source to where I read about it initially and that’s below
I'm saying we should not allow per-user analytics. Currently companies build a profile of each user and correlate that with all the other similar users. Then they target other users who are hypothesized to be similar.
I'm arguing that no per-user analytics should be able to be conducted. A store can track how many times product A is purchased, but not that product A and B were purchased by the same user. Using the latter info for anything other than providing a summary of what the user has purchased (to the user) should be illegal.
Yeah it would be complicated. But you could do it by creating a new obfuscated user ID for each transaction.
Or even better, by having each person store their own data and mandating that companies delete all records. The company can provide a signature on the transaction record (a receipt!) that the user keeps to prove the purchase if there's a conflict later on. But the company cannot keep a copy of any per-user info, the receipt, or the transaction info; nothing beyond the fact that product A was purchased on a certain date.
> In a broader vein, it's time for regulation forbidding the retention or aggregation of any person's data for any commercial purpose other than the one most proximal to the actual transaction in which the person engaged, unless they explicitly opt in.
Even if it were to happen, there would be a carve out for the state.
The DHS is collecting a massive database of facial geometry at the moment in preparation for nationwide constant realtime facial recognition, just China has.
The cameras are up and collecting data at every airport, as well as every traffic intersection in Las Vegas (and presumably other cities).
Really? You have that sort of attitude towards normal everyday people who absolutely don’t have the experience or knowledge that this is even a factor?
I’d be interested to know if anyone has a moderate cost system that doesn’t force you to use a company’s cloud (and thus making them prone to abuse like this). I personally have a POE setup with some commercial grade cameras ($400 a pop), with attached NAS on a private network, and home-rolled a means to access the cameras remotely, but it’s not exactly economical or practical
Just use some Reolink or similar ONVIF cameras like Axis or Dahua. Block traffic from them to anywhere other than your NAS. They're pretty simple, mine have the ability to just FTP captures to a given system, and thus I've got redundant captures (on a system with a bunch of drives, and on the microsd cards in the cameras). Maybe there's some spooky backdoor crazy way they can phone home, but I doubt it given how they're PoE and access to basically every other system is locked down my firewall.
Synology Surveilance Station [1], it supports 2 cameras per NAS for free, extra cameras $50 per device. I use an old 2 HDD NAS with 2 cameras for a few years already, it works perfectly well. (One Reolink camera, another Amcrest, both record video in h264).
Trying to find an affordable camera / baby monitor that was both secure and offline was a tough one for me, it seems every single consumer oriented camera has a remote access functionality (= a backdoor) nowadays, and the baby monitors that don’t use wifi are only secure through obscurity with some of them being as easy to hack as buying the same model.
I ended up with an Amcrest IP2M-841 and Tinycam on Android (as I understand using RTSP), and blocking internet access of the camera through the router. As I found out, just connecting it to the internet will automatically connect to servers for allowing “easy setup” of the remote access feature.
There is such a difference between listening in from within radio range vs across the entire internet. I have basically 0 worries about the neighbors; they have their own lives.
My consumer-grade “walkie talkie” had a very short range in a city, like one block.
HomeKit Secure Video has a cloud, but it’s locally encrypted with keys Apple doesn’t have before it leaves the house. It supports a bunch of cheap cameras and doorbells (which will try to phone home, but you can block them from internet access without breaking local HomeKit).
Not exactly what you’re asking for, but great ease of use at a good price, and good privacy.
+1 for Reolink. We have a reolink camera hooked into home assistant, the whole setup is local and reolink's API exposes every single feature in home assistant with no additional setup needed.
My house also came with an existing NVR camera network which I can view in home assistant over my router without it ever going to the cloud as well.
Thanks. You've answered my question about Home Assistant. I'm not familiar with Reolink and will give them a look.
I have a Wyze camera and their janky HA integration seems to have stopped working after a firmware update. They're also the epitome of enshittification and want to nickel and dime me for every feature -- I'd be glad to ditch them.
Maybe I'm paranoid, but I have a separate VLAN with its own WiFi SSID for iot things like cameras, sensors, washing machine, dryer, solar panels and a bunch of ESP32 based projects. It has no internet access, and is only accessible from my home automation server. Those devices really only need to send data to Home Assistant and expose some basic APIs to it.
Are you asking outside the context of the home surveillance cams? just whether it's possible to prevent backdoors to your iphone camera?
IME you have no control over the baseband chip of a cell phone, no reason to trust it's not enabling its camera or microphone at any time. I have a flip phone which comes in a non-camera version. I have an iphone without a SIM I can connect to its hotspot if I need to do something smartphoney.
Yes, I'm asking outside the context of home surveillance. I'm just curious how "paranoid" people deal with smartphones. I'm paranoid myself, but I'm also lazy ...
My grandparents solved that by putting their mobile phone number on their door. They're slow to come down and open the door so it makes sense for the post person or visitor to know they're on their way
Relatively low tech compared to somehow hooking up a camera livestream system to ring your phone via the internet in some way but it works
Sorry for bugging you about this. I'm not the person you are responding to but this is important to me before buying so if you don't mind, could you verify that this is your setup?
1. The doorbell cam is connected only to the LAN.
2. The doorbell cam is definitely blocked from accessing the internet.
3. Having access to the LAN from your phone through VPN allows you to watch the feed and talk to people at the door through the app.
2. I have not gone through the trouble of isolating them on their own VLAN, but I don't see any traffic coming from the devices. This is something you will want to audit on your own network if it is important to you.
3. I have viewed the camera output through VPN, but have not yet tried speaking through the doorbell (or through one of my camera's audio output). I don't see why it would not work.
I use a local NVR containing a couple of hard drives totalling maybe 8TB of storage attached to same-branded cameras (ranging between $80 and $150 each) that I can access locally, and remotely via Wireguard.
I'd say it's economical in comparison to cloud options, but, yes, not all that practical to the less technical crowd.
I specifically block the camera and NVR local IP addresses from accessing the internet. I don't really want the possibility of an private company accessing live (or recorded) video of where I live.
Brand is Reolink. I've been slowly building up the system over five-ish years and have not yet found any reason to kick myself for choosing that brand. I also have some TP-Link Tapo cameras for more temporary things, like monitoring pets.
I've also setup Frigate as an alternative system, both for my own interest and as a way to aggregate different camera brands to a single interface. Frigate can be a bit complex.
Is there anything that runs for a decent amount of time, wifi and essentially all-wireless? Blink somewhat works on its own local hub, but honestly its crap for detecting when things happen so I wont be upgrading from my used 2-pack + hub even though it does integrate well with HA.
I'd really like something that'd be apartment friendly so no drilling holes.
The TP-Link Tapo cameras I have are wireless and seem to work well enough. I'd recommend to run them through frigate or some other independent surveillance software if you don't want them internet accessible.
They're quite cheap when they're on special, and Amazon seem to have specials on them relatively regularly.
(as much as I don't like to recommend Amazon for anything)
They have to know only to achieve the goal of disabling the camera, but they would probably use it for everyone's, and hope for the best if they are desperate. I am not sure if you can tell if the camera has been disabled.
Doesn’t matter. Someone can walk into jamming range wearing a mask, fire up the jammer, and there is no record of the B&E that happens 60 seconds later.
Wireless cameras are mostly a false sense of security for homeowners, much like a deadbolt on a door with a glass window in it.
At least you can talkback and confuse the cat while you’re at work. Doesn’t do fuck-all for safety.
I also recently installed a Reolink system. I have 6 cameras (4 PoE and 2 WiFi) inside and outside my house. It’s amazing. I just set up a raspberry pi to act as an FTP server to backup files to cloud storage.
The TP Link Tapo ecosystem is really good and can record directly onto SD cards. Seamlessly works with Google Home, I can access my cameras outside of the house without signing up for their cloud option.
Recently replaced my Eufy system with UI ones - I’m a big fan so far. Picked up a few new 4k ones for important areas and got the rest used on marketplace via a 4-pack of 2k ones for $150 from a hair salon that had changed systems.
If you have cameras the police can get a subpoena to force you to provide what you have saved. If you don’t have cameras, you can’t give what you don’t have.
Yes, but they have to subpoena you. That means process, that means getting a judge to sign it, and it means you can limit scope (i.e., if the incident under investigation occurred outside your home, you're not going to need to provide any footage from inside).
While the OP doesn't emphasize this detail, it says this is a tool that will allow police to request access from the camera owners. Police can, of course, also request footage from the owners of non-cloud cameras, so the legal basis of disclosure -- consent -- can exist in either case, cloud or non-cloud camera.
If you are subpoenaed then you're obligated to respond, and the same is true for Ring. But that's not what we're talking about here. This is law enforcement requesting access, and Ring doesn't require a formal subpoena or warrant. They can decide to comply to nothing more than "someone from a .gov email asked nicely".
It's written out in their terms of service:
> you also acknowledge and agree that Ring may access, use, preserve and/or disclose your Content to law enforcement authorities, government officials, and/or third parties, if legally required to do so or if we have a good faith belief that such access, use, preservation or disclosure is reasonably necessary to:
>
> (a) comply with applicable law, regulation, legal process or reasonable preservation request; (b) enforce these Terms, including investigation of any potential violation thereof; (c) detect, prevent or otherwise address security, fraud or technical issues; or (d) protect the rights, property or safety of Ring, its users, a third party, or the public as required or permitted by law.
So Ring is quite happy to hand over your footage to anyone so long as Ring believes it's "reasonably necessary" to protect the rights or property of anyone.
This isn't about Ring complying with a legal request. This is about Ring undermining the fourth amendment entirely by saying "we'll give law enforcement whatever they want".
The feature discussed allows law enforcement to request access from the end user. It's the end user whose consent is required under that regime, not Ring's.
The feature doesn't exist yet. Ring have said it'll be user consent, but we don't know that for sure. My point is that Ring can change their minds about this at any time without informing you, so it doesn't matter how they say it will work if this possibility is still there.
If you want to have a tangential discussion about how you interpret Ring's terms to permit them to do wild things behind the user's back, that's fine; but it would have been better to be more clear about the tangential nature of your comments. If the terms allow them to do wild things behind the user's back, then they can do those things with or without introducing this feature. And they can also introduce this feature with or without the wild things; and with or without terms of service allowing those things. They're orthogonal issues.
In any case, you're mistaken about what the terms allow. When you paraphrased the terms as saying they can "hand over your footage to anyone so long as Ring believes it's 'reasonably necessary' to protect the rights or property of anyone", you neglected to account for the clause: "as required or permitted by law". Under the Stored Communications Act, 18 U.S. Code § 2702 (b), there is only a short and narrow list of circumstances under which it is permissible for a provider to disclose communications content without a warrant. The most pertinent is an emergency involving danger of death or serious physical injury (exigent circumstances), which is what the link in the OP regarding warrantless and consentless disclosures is about. But exigent circumstances are also a longstanding exception to fourth amendment search protections in general: law enforcement can break into your house without a warrant if there are exigent circumstances requiring them to do so.
This isn't a tangential discussion. Ring has shown they're willing to work with law enforcement without due process, that's the entire point of the EFF's article.
> you're mistaken about what the terms allow. When you paraphrased the terms as saying
I didn't paraphrase. I quoted them directly. Feel free to check them yourself https://ring.com/terms
> you neglected to account for the clause: "as required or permitted by law". Under the Stored Communications Act, 18 U.S. Code § 2702 (b), there is only a short and narrow list of circumstances under which it is permissible for a provider to disclose communications content without a warrant.
There are so many exceptions it doesn't matter. From the same code, (b) (8) states "if the provider, in good faith, believes that an emergency involving danger of death or serious physical injury to any person requires disclosure without delay of communications relating to the emergency", and (b) (7) (A) (ii) "to a law enforcement agency if the contents appear to pertain to the commission of a crime".
>Ring has shown they're willing to work with law enforcement without due process, that's the entire point of the EFF's article.
No, the entire point of the article is the introduction of a new feature which allows law enforcement to request a certain kind of access from end users.
>I didn't paraphrase.
This wasn't a paraphrase? "hand over your footage to anyone so long as Ring believes it's 'reasonably necessary' to protect the rights or property of anyone"
>From the same code, (b) (8)
That is the exigent circumstances exception I mentioned.
> (b) (7) (A) (ii)
Only applies if (i) also applies: the contents "were inadvertently obtained by the service provider".
With a subopena you would be the one unencrypting your disk. Being in comptent of the court usually means imprisonment or daily fine until you comply with the court order.
Are they breaking the E2EE feature, or is this for folks that didn't care/were scared off by the red text that said they wouldn't be able to recover their videos if they lost their trusted devices?
This makes me seriously reconsider continuing with my Ring subscription. The chances this will be abused are 1000%.
* At the moment I only have sensors so that Ring tracks movement inside the house. Only when I'm out of the house for an extended amount of time (days), I turn on the cameras.
I was looking at security systems. It seems, Ring makes it very difficult to have any sort of offline operations. Recording onto SD card is limited or impossible. After seeing this, I realize this is likely by design. You have to be connected so that the surveillance state can get access at some point, somehow.
Yes, they have a feature with their 'Pro' base station and Premium subscription, to store video locally on SD card, but still the only way to access the video is through the Ring app. IMO they are just choosing not to compete with the on-prem closed circuit systems, which represent a niche market compared to normies who want a notification when someone rings their video doorbell.
That is wild, I think being able to record onto an SD card or whatever should be the bare minimum requirement. I personally would never buy anything that does not have an offline option.
I cannot imagine installing surveillance devices in my home but if I did set up cameras they would be on a private network and saving to devices I control.
At the rate the US is going, I wouldn’t be surprised if this becomes illegal. Add that most of these cameras are chinese and then maybe you won’t have that choice anymore.
American government is the biggest threat to American citizens, not the Chinese.
(Just as the Chinese government is the biggest threat to Chinese citizens, not the American.)
This is what the founders realized 250 years ago. They did a pretty good job with a constitution to limit government power. Not perfect though. I wish they had been able to foresee the risks of power-accumulating career politicians and had term-limited them. They thought the voters would reject abuses of power but turns out that voters will vote for promises of free stuff.
>Opt in means nothing in the face of a legal subpoena
Or scarier, a National Security Letter the government claims the company can't even talk about except maybe in secret court. Or perhaps scariest, a """"National Security Letter ;^)"""", ie, the company absolutely wants to gleefully cooperate with the government and give it whatever it wants for the right price, but also wants to maintain a veneer of "we totally care" and the government obligingly produces some demand and the company then goes "oh geez we totally place customers first and privacy is our highest priority ....but we had to because of terrorist pedo murder rioter jaywalkers, the government ORDERED us to not our fault nothing we could do!" while facilitating it without any challenge at all.
But I can't avoid it. 2 of my 4 neighbors have this installed. So now, everytime we are outside, on my own property, we're being captured without consent.
My strategy for Ring when I used it as it was cheapest option with cloud recording and notifications (what's the point of local recordings if someone can just steal them) was to just connect it to a smart plug and then to UPS. I simply disabled power to it just before I got home.
Google added exactly this to SWE role attributes, to be checked each performance review cycle. Managers managing managers, directors managing directors. Are you shorting GOOG right now?
It seems like people are missing the fact that it's opt-in from the police to the consumer. It's within the end consumer's control to allow the access or not, so by that standard it's not in any way abuse.
It's not Orwellian overreach or, as the EFF claims a breach of Ring's customers' trust, if the customer gives up the data willingly and knowingly.
This has been in Ring for years and police have their own dashboard. Most importantly, it was already found Ring or Police have enabled access on their own.
Based on the articles, do you really think Ring and police cannot just get whatever they want?
This is way overblown, since it's strictly opt-in and always requires the owner's explicit consent. It would only be a privacy issue if either of those things weren't true.
You could, and then it would be limited by available number of police officers, and time, and so the risk of, and potential scale of, abuse would be far lower.
The opportunity cost is often the difference between something being reasonable and nearly the same act becoming grossly invasive.
A real world example: Norway has traditionally had public tax lists where anyone could see everyones taxable income and tax paid. Before the internet this involved going to an office, and so the opportunity cost was high enough that most people never would without good reason (e.g. suspecting tax fraud and wanting to substantiate it before going to the police; or investigative journalism). When the internet arrived, the lists were soon made available online. Suddenly all the newspapers offered searchable interfaces where you could look up all your neighbours and friends in seconds.
What had been seen as a reasonable tradeoff between transparency of the tax system and transparency of society (though some would argue it was encouraging snitching...) became seen as grossly invasive, and the question was raised whether to shut off access entirely.
Instead restrictions were added to try to redress the balance, and now while you can still look it up, there are limits (500 views per month, unless you're registered as part of the press, which has special access), and the person you look up can see who has viewed their information if they themselves log in[1], which raises the barrier to just randomly snooping.
The same information has been available to the same people the whole time. All that has changed is how convenient accessing it is, and how likely it is that snooping at someones data might affect you, and the result has been wildly different perceived levels of invasiveness.
I mean people complained so Amazon stopped giving police access. Now as soon at Amazon thought they could get away with it, Amazon started giving access again. That's pretty shady behavior in my book.
So you are telling me the can get the data my Facebook, Google and any other US company without my consent but in this case it's somehow actually enforced?
If they can get the data without a user's consent, then it's independent of this new feature and thus unrelated. If you believe that the government has unlimited access, then it was most likely already possible before this feature.
Now, there is at least a "proper" way to give law enforcement access.
You’re missing the point. The last report in 2021 stated that they sold 1.7 million units in that year alone. The effect is that nearly every square inch of any populated area now has a camera pointed at it that police can access. Please tell me how you opt out of that.
That was the case before as well, as you could easily export Ring footage and share it manually with police if you want. This just makes it slightly easier.
I mean what are the privacy-friendly alternatives? Assume others in this market are equally shady. What is the safe, self-hosted solution where we can monitor CCTV from our phones?
There are plenty, but they're all very DIY and I don't think there are any turnkey solutions that you can just plug in and have work.
I think a better question is... why do we all need this? I get that everyone these days is afraid of everyone and everything, but it's not rational. Very few people actually need a doorbell camera.
And if something actually does happen where you think video evidence might be useful, nine times out of ten the police aren't going to help you anyway.
So if I enable this will the police at least use the feeds to only summarily execute me for partaking in my 2nd amendment right to night time home defense, and let the rest of my family live?
Why don’t we call this by its true name - Amazon? You guys do realize that Amazon intentionally keeps its name off the product for a reason, right? They have Amazon batteries, web hosting, makeup, and every other thing you could possibly imagine. This product though? It’s just “Ring” so that Amazon can avoid the brand damage that comes from facilitating a police state. That is their intention, and they are keeping it at arms length for that reason. The headline of this article should read “Amazon Ring introducing new feature…” not just “Ring”. If we want it to stop, we need to hold the company responsible for what they’re doing.
What's a good dumb way to check on pets via camera/talk to them while you're on vacation? I have ring cameras at home specifically for this use case. but I now want to get rid of them.
It feels like what is needed is some kind of protocol for decentralizing the police force (and judiciary downstream). It's a nice idea to have have choices (hopefully it is opt in) but it would be nice to have more choices for protection and law given our current situtation as it is unfolding in various countries.
I'm sad that we're quickly heading towards a future where there will be monitoring of all people, at all times. AI agents will flag people for leaving their house too late at night, or not leaving their house often enough. Our civilization is full of intelligence but it lacks wisdom.
My sisters bought a Ring camera for my parent's house. They asked me to install it. Before I did I said to my parents "Everything that happens in front of this camera is sent to a 3rd party. Police and others may be able to access this without your permission and you never really know who they are selling data to. Do you still want me to install it?"
They said No. It is still in the box on the counter after over 2 years.
Tell your parents a stranger somewhere faraway really, sincerely appreciates them. And you can tell them too, objectively, that they're 1 (or 2) in a million.
The Ring situation was already slimy, having smoothly accessible channels for LE to bypass customer's refusal to cooperate with informal footage requests. Live streaming at will, would really put things in perspective, exalting the morose, lone clinical cynic to an urban archetype.
I understand folks who are into traipsing through life before a perennial, unblinking audience of strangers. I've been afflicted with diseases myself. But foisting it on neighbors seems biblically ungood.
I know it's socially acceptable to mock and belittle snowballs, but I think this will be a big one.
Let me guess "opt-in" means checked by default and hidden 12 menus deep.
Or worse-yet, opt-in means "Hey our rates are going up, but not if you agree to this" (something comcast did recently).
Or opt-in is stored in some database somewhere and might "accidentally be misread" due to a "bug".
If they want real-opt-in then it should be a SMS message at the time they want to know, and a phone-number you can reach out to for more information. This would give an audit trail at the very least.
We have a number of Ring devices and are overall happy with them but your 12 menus deep comment is on the money.
Even workaday settings for devices are scattered haphazardly hither and thither through the many pages of their app’s interface and I regularly find myself having to Google for the location of settings.
It’s crying out for, at least, some sort of smart search box.
So “hard to find” for something like this is practically guaranteed.
I think there is an untapped market for providing "simplified" interface to important settings (e.g. privacy/security related) of various apps. Sort of a user-friendly settings-api for other apps' settings.
One of the best plugins I have in my browser automatically works through those cookie banners to select the least invasive option. The speed and way that it simplifies the process is fantastic.
But if everyone used that, wouldn’t it just encourage websites to get even more sleazy with those infernal cookie menus because instead of a human being forced to click through “performance cookies” vs. “cookies for ad targeting” vs. “cookies you really need” vs. “cookies you probably want” vs. “cookies that seem like the opposite thing to what they actually are” dark pattern web designs, your extension is hiding that burden (and sleaziness) from you.
It's a long time since I've visited the Oracle website but, the last time I did, which was sometime just pre- or early- pandemic for some work-related reason that I can no longer recall, I remember them doing exactly this. They had, without question, the most egregious cookie banner/popup combo I've ever encountered, and seemed to have deliberately engineered it to take minutes to "come back" if you chose to reject everything. Assholes.
May I ask the name of the plugin, please?
Good bet.
What’s the Comcast story? (just did a quick search)
was on HN a few weeks back. imaging through wifi and was auto enabled for their routers.
That can’t be what they are thinking of because (1) it is not enabled by default and (2) and is not associated with any price changes.
https://news.ycombinator.com/item?id=44426726
relevant quotes:
Xfinity won't give folks in certain locales (maybe everywhere in the US?) unlimited bandwidth unless they use their modem/router. This seems like a good reason that practice should be illegal.
AzzyHN 19 days ago | parent | next [–]
If you want to remove the 1.2TB data cap, you can either pay $25/mo and get Xfinity's gateway router "included" OR pay $30/mo to use your own modem/router.
Also any update resets your selected options.
And the updates are silent.
The feature exist and that guarantees the law enforcement will abuse this sooner or later. Opt-in doesn’t mean anything.
You have to be total naive if you still believe that this is a “safe” feature to enable.
Yes, this is my take as well, and I think it's the correct one from both a technical and legal POV. It's one thing for the government to try to compel an organization or person to create a feature they want from scratch. They have made noises in that direction in the past (like the FBI vs Apple trying to invoke the All Writs Act) but it's been on very shaky ground, on both 1st and 13th Amendment grounds as well as others. But the government can be a lot more aggressive and courts a lot more permissive when it comes to merely making use of functionality that already exists. Even putting aside all the massive numbers of perverse incentives, but the thing is of course those shouldn't be put aside, we've seen this movie before over and over and over again. Once a feature exists that can generate a lot of direct revenue for a company and the only thing that keeps them from turning the knob up is "we're totally not evil cross our hearts!". Like holy shit, in 2025 who really goes "oh well it's opt-in!"
I think this particular one is pretty important to know about because a lot of people deploy Ring stuff almost by default, and some HNers (including me as it happens) have some level of influence or even control over it. I always meant to put some effort into updating my self-hosted security system efforts but this is a major kick in the butt. Have to know this exists and be able to offer solid credible alternatives.
Edit: to add a direct pertinent example, WE LITERALLY JUST HAD 5 DAYS AGO ON HN A 500+ COMMENT HUGE THREAD ON "Oakland cops gave ICE license plate data; SFPD also illegally shared with feds" [0]. And there are people really claiming "nothing to see here, move along, local and feds would totally never conspire to abuse anything in violation of the law let alone not in violation of the law"!?
----
0: https://news.ycombinator.com/item?id=44561716
I am less worried about local law enforcement. They will have little ability to strong arm Amazon and have oversight and regulation, as well as judicial review, even if it’s not always effective it’s always there.
DHS has become lawless, and they are eager to strong arm and over reach after having dismantled their own oversight and ignoring their own regulations. They are working hard to move fast and break the law faster than the law can keep up and the Supreme Court has made it very difficult to seek remedy. Because they are not doing criminal justice but instead civil administrative enforcement the web of oversight and review and stronger civil rights for criminal justice don’t apply. They have become the largest police force, militarized, and with enormous budget, latitude, and blank check support from the highest levels of political government.
They absolutely can strong arm Amazon into doing what they want, and absolutely will use Ring camera against their owners and neighbors.
In six months we created a secret police rivaling the KGB, gestapo, State Security Police, and SSD.
We’re going to get a news article of aome cop is going to be scanning for his ex-girlfriend, I guarantee it
Ring already had this happen a dozen times with their own employees. Turns out giving random people access to other people's personal cameras is bad. Who would've thought?
Anyway, don't send potentially sensitive footage to a third party server.
at least 40% of police would
in germany we found out about built trojans on PCs when a policeman installed that on the computer of his daughter to track her what she does.
In their minds, everyone is either a criminal or about to be the victim of a criminal. Developing this world view is a hazard of the job, and is completely understandable based on what they have to deal with every day. The problem is the lack of accountability from larger society, and their push back against that accountability under some mistaken narrative that it's everyone else with the warped world view.
You have to be totally naive to buy a Ring camera in the first place. Of course it will be used in ways you can't control, it uploads everything to "the cloud".
That doesn't matter when all your neighbors have one, and the one in front of you has theirs pointed directly at your house.
Dogwood bushes and Rose of Sharon grow rather quickly and make a nice "green screen". They lose some of their coverage in the winter, though, so you way want to mix in a row of evergreens for good measure.
I can't get past this comment without noting how invasive and aggressive spreading rose of sharon is, I'm constantly pulling out new growth due to my neighbor's plant. What a headache.
Chamaecyparis lawsoniana 'Columnaris'. Grows quite fast, at the rate of 8 in to 1 ft per year and stays green in the winter. We have a regulation regarding fence height. Whoever wants a higher fence uses this tree, it can grow up to 40 feet.
There is no solution to that as far as I can tell, and it really stinks.
Legislation would help. As one example, a neighbor pointing their Ring at your property without your consent is entirely illegal in Germany.
And thankfully this will run afoul of the First Amendment in the United States.
I think in the US it’s more like “everything you can see through the window is public”, which is also an extreme.
"thankfully" you can record your neighbors without their permission or knowing? You kinda sound like a creep, hopefully you're already known to the cops as a pervert.
"He's a pervert, but he's our kind of pervert"
lasers?
Even better: an infrared laser.
So you decided it's ok to be part of the problem because others are too?
Obviously i don't have Ring.
But everyone else does, so what's the point? My privacy is always compromised because tech junkies (as opposed to techies) insist on indulging in stupid things like 21 and me, Gmail, or Ring and I get swept along with it.
> 21 and me
The company sequences human DNA. The number in the name of the corp is the number of chromosomes in human DNA. I hope you and I both have more than 21 chromosomes…
Shows you how little I care about knowing my genome.
> The number in the name of the corp is the number of chromosomes in human DNA.
The number of chromosome pairs, not the number of chromosomes.
It's time for regulation that no images of people may be retained for any commercial purpose without explicit permission of the person whose image is retained. Facial recognition performed on any person who has not granted explicit permission (or, in the case of government, against whom a search warrant has not been obtained) should be illegal. Nor shall any compressed version, broadly defined, of the data be retained (i.e., no training on any sort of facial or pose data without explicit permission of all whose images are used in training).
Penalties should be in the %s of revenue or company assets. Whistleblowers should receive large sums for identifying violations.
In a broader vein, it's time for regulation forbidding the retention or aggregation of any person's data for any commercial purpose other than the one most proximal to the actual transaction in which the person engaged, unless they explicitly opt in.
What would the latter mean? Among other things, targeted ads and recommendation systems would become illegal. Cross-user aggregation (or e.g., a company engaging in any user-longitudinal data analytics) would be illegal. In SQL language, ideally the only time you could do any query with a user ID returning multiple rows for further use would be to serve data directly back to the user. In the long run, such queries should be impossible by requiring something like a) per-user encrypted storage, b) user owned data, c) non-correlatable per-user IDs across transactions.
It will never happen because -- as noted in the article -- many folks in SillyCon valley and government are technofascists, but it should, because our current situation violates all reasonable notions of privacy.
The taliban actually have a fascinatingly (philosophically) based law where it’s illegal to photograph a living thing. I’m not sure about the reason. Maybe derived from the not being okay to depict Mohammed. But I kind of dig the concept especially for living things that can’t consent to be captured in images
> have a fascinatingly (philosophically) based law
Is neither fascinating nor philosophically based. It's a long-running islamic tradition that gets broken and bent all the time. See https://en.wikipedia.org/wiki/Aniconism_in_Islam
both of my claims were subjective and thus not really refutable. As an outsider I think it is interesting, too. And think the flexibility is similar to many laws akin to what we have in the US via prosecutorial discretion
I should’ve included a source to where I read about it initially and that’s below
https://apnews.com/article/afghanistan-taliban-media-moralit...
> only time you could do any query with a user ID returning multiple rows for further use would be to serve data directly back to the user
What do you mean by that?
I'm saying we should not allow per-user analytics. Currently companies build a profile of each user and correlate that with all the other similar users. Then they target other users who are hypothesized to be similar.
I'm arguing that no per-user analytics should be able to be conducted. A store can track how many times product A is purchased, but not that product A and B were purchased by the same user. Using the latter info for anything other than providing a summary of what the user has purchased (to the user) should be illegal.
Yeah it would be complicated. But you could do it by creating a new obfuscated user ID for each transaction.
Or even better, by having each person store their own data and mandating that companies delete all records. The company can provide a signature on the transaction record (a receipt!) that the user keeps to prove the purchase if there's a conflict later on. But the company cannot keep a copy of any per-user info, the receipt, or the transaction info; nothing beyond the fact that product A was purchased on a certain date.
> In a broader vein, it's time for regulation forbidding the retention or aggregation of any person's data for any commercial purpose other than the one most proximal to the actual transaction in which the person engaged, unless they explicitly opt in.
This is basically GDPR
Even if it were to happen, there would be a carve out for the state.
The DHS is collecting a massive database of facial geometry at the moment in preparation for nationwide constant realtime facial recognition, just China has.
The cameras are up and collecting data at every airport, as well as every traffic intersection in Las Vegas (and presumably other cities).
> It's time for regulation that no images of people may be retained for any commercial purpose
And we know exactly how such a regulation will be met by both companies and the tech crowd. See GDPR, AI Act etc.
Fuck the police state, and all the technology companies and executives trying to cash in on fascism in the name of "security"
This will be abused by the government, by the police, and every othet nefarious organizations and individuals possible.
Fuck people for installing this shit. Parasites need a host.
Really? You have that sort of attitude towards normal everyday people who absolutely don’t have the experience or knowledge that this is even a factor?
I’d be interested to know if anyone has a moderate cost system that doesn’t force you to use a company’s cloud (and thus making them prone to abuse like this). I personally have a POE setup with some commercial grade cameras ($400 a pop), with attached NAS on a private network, and home-rolled a means to access the cameras remotely, but it’s not exactly economical or practical
Just use some Reolink or similar ONVIF cameras like Axis or Dahua. Block traffic from them to anywhere other than your NAS. They're pretty simple, mine have the ability to just FTP captures to a given system, and thus I've got redundant captures (on a system with a bunch of drives, and on the microsd cards in the cameras). Maybe there's some spooky backdoor crazy way they can phone home, but I doubt it given how they're PoE and access to basically every other system is locked down my firewall.
Synology Surveilance Station [1], it supports 2 cameras per NAS for free, extra cameras $50 per device. I use an old 2 HDD NAS with 2 cameras for a few years already, it works perfectly well. (One Reolink camera, another Amcrest, both record video in h264).
[1] https://www.synology.com/en-global/surveillance
This was a good answer, but Synology is making their new devices increasingly hostile towards non-Synology-branded HDDs.
Trying to find an affordable camera / baby monitor that was both secure and offline was a tough one for me, it seems every single consumer oriented camera has a remote access functionality (= a backdoor) nowadays, and the baby monitors that don’t use wifi are only secure through obscurity with some of them being as easy to hack as buying the same model.
I ended up with an Amcrest IP2M-841 and Tinycam on Android (as I understand using RTSP), and blocking internet access of the camera through the router. As I found out, just connecting it to the internet will automatically connect to servers for allowing “easy setup” of the remote access feature.
Had the same requirements, I used the DXR-8 PRO from Infant Optics.
I got me a hand me down...It was a Motorola and had no Internet access. All I had to do was replace the battery.
Lots of the radio baby monitors are trivial to listen in on with RTL-SDR kit.
There is such a difference between listening in from within radio range vs across the entire internet. I have basically 0 worries about the neighbors; they have their own lives.
My consumer-grade “walkie talkie” had a very short range in a city, like one block.
I'm full Unifi. With all of Ubiquiti's faults considered. I still feel 10000000x better about it than Ring.
My fear is that we just don't know about Ubiquiti.
HomeKit Secure Video has a cloud, but it’s locally encrypted with keys Apple doesn’t have before it leaves the house. It supports a bunch of cheap cameras and doorbells (which will try to phone home, but you can block them from internet access without breaking local HomeKit).
Not exactly what you’re asking for, but great ease of use at a good price, and good privacy.
Through various different apps HKSV supports ALL cameras. :)
I've got a bunch of POE Reolink cameras and their doorbell cam. LAN only, no centralized cloud server. So far happy with them.
+1 for Reolink. We have a reolink camera hooked into home assistant, the whole setup is local and reolink's API exposes every single feature in home assistant with no additional setup needed.
My house also came with an existing NVR camera network which I can view in home assistant over my router without it ever going to the cloud as well.
Thanks. You've answered my question about Home Assistant. I'm not familiar with Reolink and will give them a look.
I have a Wyze camera and their janky HA integration seems to have stopped working after a firmware update. They're also the epitome of enshittification and want to nickel and dime me for every feature -- I'd be glad to ditch them.
> LAN only, no centralized cloud server.
Until one day they auto-update ...
Maybe I'm paranoid, but I have a separate VLAN with its own WiFi SSID for iot things like cameras, sensors, washing machine, dryer, solar panels and a bunch of ESP32 based projects. It has no internet access, and is only accessible from my home automation server. Those devices really only need to send data to Home Assistant and expose some basic APIs to it.
I take a simpler approach and block such devices in the router. This is a bit riskier as devices may in theory change their MAC address.
How do you handle smartphone cameras?
Cameras (like other iot devices) should be forbidden from going outside LAN.
How do you deal with your smartphone camera(s)?
Are you asking outside the context of the home surveillance cams? just whether it's possible to prevent backdoors to your iphone camera?
IME you have no control over the baseband chip of a cell phone, no reason to trust it's not enabling its camera or microphone at any time. I have a flip phone which comes in a non-camera version. I have an iphone without a SIM I can connect to its hotspot if I need to do something smartphoney.
Yes, I'm asking outside the context of home surveillance. I'm just curious how "paranoid" people deal with smartphones. I'm paranoid myself, but I'm also lazy ...
Can you use the app to talk to someone at the door if it’s LAN only?
My grandparents solved that by putting their mobile phone number on their door. They're slow to come down and open the door so it makes sense for the post person or visitor to know they're on their way
Relatively low tech compared to somehow hooking up a camera livestream system to ring your phone via the internet in some way but it works
As far as I've tried, it's fully functional if you VPN into your LAN.
Sorry for bugging you about this. I'm not the person you are responding to but this is important to me before buying so if you don't mind, could you verify that this is your setup?
1. The doorbell cam is connected only to the LAN.
2. The doorbell cam is definitely blocked from accessing the internet.
3. Having access to the LAN from your phone through VPN allows you to watch the feed and talk to people at the door through the app.
1. Correct
2. I have not gone through the trouble of isolating them on their own VLAN, but I don't see any traffic coming from the devices. This is something you will want to audit on your own network if it is important to you.
3. I have viewed the camera output through VPN, but have not yet tried speaking through the doorbell (or through one of my camera's audio output). I don't see why it would not work.
Thanks for taking the time!
I use a local NVR containing a couple of hard drives totalling maybe 8TB of storage attached to same-branded cameras (ranging between $80 and $150 each) that I can access locally, and remotely via Wireguard.
I'd say it's economical in comparison to cloud options, but, yes, not all that practical to the less technical crowd.
I specifically block the camera and NVR local IP addresses from accessing the internet. I don't really want the possibility of an private company accessing live (or recorded) video of where I live.
Brand is Reolink. I've been slowly building up the system over five-ish years and have not yet found any reason to kick myself for choosing that brand. I also have some TP-Link Tapo cameras for more temporary things, like monitoring pets.
I've also setup Frigate as an alternative system, both for my own interest and as a way to aggregate different camera brands to a single interface. Frigate can be a bit complex.
Is there anything that runs for a decent amount of time, wifi and essentially all-wireless? Blink somewhat works on its own local hub, but honestly its crap for detecting when things happen so I wont be upgrading from my used 2-pack + hub even though it does integrate well with HA.
I'd really like something that'd be apartment friendly so no drilling holes.
The TP-Link Tapo cameras I have are wireless and seem to work well enough. I'd recommend to run them through frigate or some other independent surveillance software if you don't want them internet accessible.
They're quite cheap when they're on special, and Amazon seem to have specials on them relatively regularly.
(as much as I don't like to recommend Amazon for anything)
All wireless means all of your cameras can be disabled at any time by anyone with a $20 jammer off eBay.
They’d have to know you’re running wireless, though.
They have to know only to achieve the goal of disabling the camera, but they would probably use it for everyone's, and hope for the best if they are desperate. I am not sure if you can tell if the camera has been disabled.
Pretty obvious by looking at them. Everyone has one of the same 5 brands, and the models are obvious when you see them.
By the time you’re close enough to see the brand, I would assume you’ve already been caught on camera.
Doesn’t matter. Someone can walk into jamming range wearing a mask, fire up the jammer, and there is no record of the B&E that happens 60 seconds later.
Wireless cameras are mostly a false sense of security for homeowners, much like a deadbolt on a door with a glass window in it.
At least you can talkback and confuse the cat while you’re at work. Doesn’t do fuck-all for safety.
Best to keep Reolink stuff off the Internet anyway, and ideally in their own isolated VLAN: https://news.ycombinator.com/item?id=37586457
I also recently installed a Reolink system. I have 6 cameras (4 PoE and 2 WiFi) inside and outside my house. It’s amazing. I just set up a raspberry pi to act as an FTP server to backup files to cloud storage.
>home-rolled a means to access the cameras remotely, but it’s not exactly economical or practical
Cloudfare tunnels are free. You just pay for your domain name. Ngrok is also an option.
If you want to be extra secure, you can do ssh port forwarding through the cloudfar
Personally I'd look through the brands listed in the Home Assistant integrations, either Local Push or Local Polling :
https://www.home-assistant.io/integrations/?cat=camera&iot_c...
https://www.home-assistant.io/integrations/?cat=camera&iot_c...
The documentation for setting up the integrations should also indicate whether there's any cloud involved.
The TP Link Tapo ecosystem is really good and can record directly onto SD cards. Seamlessly works with Google Home, I can access my cameras outside of the house without signing up for their cloud option.
They're a little pricey but https://www.ui.com is nice. It's what I want to replace my Ring with
Recently replaced my Eufy system with UI ones - I’m a big fan so far. Picked up a few new 4k ones for important areas and got the rest used on marketplace via a 4-pack of 2k ones for $150 from a hair salon that had changed systems.
I think you would basically want to do custom firmware on your camera basically.
There's also thingino, I have not gone this route yet.
https://thingino.com/
There exist third party firmware for $10-20 cameras available on Amazon.
Install that and your open source backend of your choice and Bob's your aunty.
If you have cameras the police can get a subpoena to force you to provide what you have saved. If you don’t have cameras, you can’t give what you don’t have.
Yes, but they have to subpoena you. That means process, that means getting a judge to sign it, and it means you can limit scope (i.e., if the incident under investigation occurred outside your home, you're not going to need to provide any footage from inside).
While the OP doesn't emphasize this detail, it says this is a tool that will allow police to request access from the camera owners. Police can, of course, also request footage from the owners of non-cloud cameras, so the legal basis of disclosure -- consent -- can exist in either case, cloud or non-cloud camera.
The two are very different.
If you are subpoenaed then you're obligated to respond, and the same is true for Ring. But that's not what we're talking about here. This is law enforcement requesting access, and Ring doesn't require a formal subpoena or warrant. They can decide to comply to nothing more than "someone from a .gov email asked nicely".
It's written out in their terms of service:
> you also acknowledge and agree that Ring may access, use, preserve and/or disclose your Content to law enforcement authorities, government officials, and/or third parties, if legally required to do so or if we have a good faith belief that such access, use, preservation or disclosure is reasonably necessary to: > > (a) comply with applicable law, regulation, legal process or reasonable preservation request; (b) enforce these Terms, including investigation of any potential violation thereof; (c) detect, prevent or otherwise address security, fraud or technical issues; or (d) protect the rights, property or safety of Ring, its users, a third party, or the public as required or permitted by law.
So Ring is quite happy to hand over your footage to anyone so long as Ring believes it's "reasonably necessary" to protect the rights or property of anyone.
This isn't about Ring complying with a legal request. This is about Ring undermining the fourth amendment entirely by saying "we'll give law enforcement whatever they want".
The feature discussed allows law enforcement to request access from the end user. It's the end user whose consent is required under that regime, not Ring's.
The feature doesn't exist yet. Ring have said it'll be user consent, but we don't know that for sure. My point is that Ring can change their minds about this at any time without informing you, so it doesn't matter how they say it will work if this possibility is still there.
If you want to have a tangential discussion about how you interpret Ring's terms to permit them to do wild things behind the user's back, that's fine; but it would have been better to be more clear about the tangential nature of your comments. If the terms allow them to do wild things behind the user's back, then they can do those things with or without introducing this feature. And they can also introduce this feature with or without the wild things; and with or without terms of service allowing those things. They're orthogonal issues.
In any case, you're mistaken about what the terms allow. When you paraphrased the terms as saying they can "hand over your footage to anyone so long as Ring believes it's 'reasonably necessary' to protect the rights or property of anyone", you neglected to account for the clause: "as required or permitted by law". Under the Stored Communications Act, 18 U.S. Code § 2702 (b), there is only a short and narrow list of circumstances under which it is permissible for a provider to disclose communications content without a warrant. The most pertinent is an emergency involving danger of death or serious physical injury (exigent circumstances), which is what the link in the OP regarding warrantless and consentless disclosures is about. But exigent circumstances are also a longstanding exception to fourth amendment search protections in general: law enforcement can break into your house without a warrant if there are exigent circumstances requiring them to do so.
This isn't a tangential discussion. Ring has shown they're willing to work with law enforcement without due process, that's the entire point of the EFF's article.
> you're mistaken about what the terms allow. When you paraphrased the terms as saying
I didn't paraphrase. I quoted them directly. Feel free to check them yourself https://ring.com/terms
> you neglected to account for the clause: "as required or permitted by law". Under the Stored Communications Act, 18 U.S. Code § 2702 (b), there is only a short and narrow list of circumstances under which it is permissible for a provider to disclose communications content without a warrant.
There are so many exceptions it doesn't matter. From the same code, (b) (8) states "if the provider, in good faith, believes that an emergency involving danger of death or serious physical injury to any person requires disclosure without delay of communications relating to the emergency", and (b) (7) (A) (ii) "to a law enforcement agency if the contents appear to pertain to the commission of a crime".
This is exactly how Ring shared content with the cops previously. https://www.cnet.com/home/security/ring-google-and-the-polic...
>Ring has shown they're willing to work with law enforcement without due process, that's the entire point of the EFF's article.
No, the entire point of the article is the introduction of a new feature which allows law enforcement to request a certain kind of access from end users.
>I didn't paraphrase.
This wasn't a paraphrase? "hand over your footage to anyone so long as Ring believes it's 'reasonably necessary' to protect the rights or property of anyone"
>From the same code, (b) (8)
That is the exigent circumstances exception I mentioned.
> (b) (7) (A) (ii)
Only applies if (i) also applies: the contents "were inadvertently obtained by the service provider".
You don’t have to keep your recordings for a long time. It’d be pretty easy to set up a system that only keeps records for a few days.
Good luck unencrypting my drives.
With a subopena you would be the one unencrypting your disk. Being in comptent of the court usually means imprisonment or daily fine until you comply with the court order.
There's lot's of generic NVRs and cameras for relatively cheap at the usual far-East retailers.
Ubiquiti's ecosystem. You own the NVR, it stores locally and they have a doorbell w/ camera.
Eufy Security?
Sounds oxymoronic.
Are they breaking the E2EE feature, or is this for folks that didn't care/were scared off by the red text that said they wouldn't be able to recover their videos if they lost their trusted devices?
Key point is police can request, they can't just log in to your cloud and take footage
Then again, doesn't seem like the law matters anymore at least on a federal level.
This makes me seriously reconsider continuing with my Ring subscription. The chances this will be abused are 1000%.
* At the moment I only have sensors so that Ring tracks movement inside the house. Only when I'm out of the house for an extended amount of time (days), I turn on the cameras.
+1 here.
The last time I checked, they're custom (read: expensive) and require building out your own backend video storage.
Let me know if you find a good privacy-focused alternative. I’m absolutely replacing mine after this.
I was looking at security systems. It seems, Ring makes it very difficult to have any sort of offline operations. Recording onto SD card is limited or impossible. After seeing this, I realize this is likely by design. You have to be connected so that the surveillance state can get access at some point, somehow.
Yes, they have a feature with their 'Pro' base station and Premium subscription, to store video locally on SD card, but still the only way to access the video is through the Ring app. IMO they are just choosing not to compete with the on-prem closed circuit systems, which represent a niche market compared to normies who want a notification when someone rings their video doorbell.
https://ring.com/support/articles/pmod0/Using-MicroSD-Cards-...
That is wild, I think being able to record onto an SD card or whatever should be the bare minimum requirement. I personally would never buy anything that does not have an offline option.
I cannot imagine installing surveillance devices in my home but if I did set up cameras they would be on a private network and saving to devices I control.
At the rate the US is going, I wouldn’t be surprised if this becomes illegal. Add that most of these cameras are chinese and then maybe you won’t have that choice anymore.
American government is the biggest threat to American citizens, not the Chinese. (Just as the Chinese government is the biggest threat to Chinese citizens, not the American.)
This is what the founders realized 250 years ago. They did a pretty good job with a constitution to limit government power. Not perfect though. I wish they had been able to foresee the risks of power-accumulating career politicians and had term-limited them. They thought the voters would reject abuses of power but turns out that voters will vote for promises of free stuff.
Opt in means nothing in the face of a legal subpoena
>Opt in means nothing in the face of a legal subpoena
Or scarier, a National Security Letter the government claims the company can't even talk about except maybe in secret court. Or perhaps scariest, a """"National Security Letter ;^)"""", ie, the company absolutely wants to gleefully cooperate with the government and give it whatever it wants for the right price, but also wants to maintain a veneer of "we totally care" and the government obligingly produces some demand and the company then goes "oh geez we totally place customers first and privacy is our highest priority ....but we had to because of terrorist pedo murder rioter jaywalkers, the government ORDERED us to not our fault nothing we could do!" while facilitating it without any challenge at all.
In that case they don't need consent anyway and it's not about this new feature.
As if privacy-minded users needed any more reason to avoid Ring…
But I can't avoid it. 2 of my 4 neighbors have this installed. So now, everytime we are outside, on my own property, we're being captured without consent.
Such a great feature, for the police.
My strategy for Ring when I used it as it was cheapest option with cloud recording and notifications (what's the point of local recordings if someone can just steal them) was to just connect it to a smart plug and then to UPS. I simply disabled power to it just before I got home.
"Show proof that you use AI to get promoted." Yep that company won't last too much longer. Managers managing managers managing lemmings.
Google added exactly this to SWE role attributes, to be checked each performance review cycle. Managers managing managers, directors managing directors. Are you shorting GOOG right now?
No, I put all my chips on red. Started a startup to do the deep user-focused innovation work they no longer care to do.
It seems like people are missing the fact that it's opt-in from the police to the consumer. It's within the end consumer's control to allow the access or not, so by that standard it's not in any way abuse.
It's not Orwellian overreach or, as the EFF claims a breach of Ring's customers' trust, if the customer gives up the data willingly and knowingly.
And lots and lots of people will.
People aren't missing the fact - they're getting bad information from a supposedly reputable source. I don't really know how to solve that problem.
> It seems like people are missing the fact that it's opt-in from the police to the consumer.
There is no such thing short of a physical switch. To believe otherwise is the absolute height of naïveté.
This has been in Ring for years and police have their own dashboard. Most importantly, it was already found Ring or Police have enabled access on their own.
Based on the articles, do you really think Ring and police cannot just get whatever they want?
https://consumer.ftc.gov/consumer-alerts/2023/05/rings-priva...
https://www.reviewed.com/smarthome/features/ring-changes-pol...
https://www.silicon.co.uk/e-regulation/surveillance/amazon-r...
https://theintercept.com/2019/01/10/amazon-ring-security-cam...
Did you audit the code?
[flagged]
yikes - and I also wonder how many people have these installed inside their house (as in filming the interior).
Don’t think anyone vaguely tech savvy is buying these anymore
Wow, that is completely terrible.
This is way overblown, since it's strictly opt-in and always requires the owner's explicit consent. It would only be a privacy issue if either of those things weren't true.
The owner isn't the only party whose privacy is being affected unless you believe these cameras will never capture anything other than the owners.
You could also invite a police officer over to your house to watch recordings from a completely offline air-gapped camera pointed at the street.
You could, and then it would be limited by available number of police officers, and time, and so the risk of, and potential scale of, abuse would be far lower.
The opportunity cost is often the difference between something being reasonable and nearly the same act becoming grossly invasive.
A real world example: Norway has traditionally had public tax lists where anyone could see everyones taxable income and tax paid. Before the internet this involved going to an office, and so the opportunity cost was high enough that most people never would without good reason (e.g. suspecting tax fraud and wanting to substantiate it before going to the police; or investigative journalism). When the internet arrived, the lists were soon made available online. Suddenly all the newspapers offered searchable interfaces where you could look up all your neighbours and friends in seconds.
What had been seen as a reasonable tradeoff between transparency of the tax system and transparency of society (though some would argue it was encouraging snitching...) became seen as grossly invasive, and the question was raised whether to shut off access entirely.
Instead restrictions were added to try to redress the balance, and now while you can still look it up, there are limits (500 views per month, unless you're registered as part of the press, which has special access), and the person you look up can see who has viewed their information if they themselves log in[1], which raises the barrier to just randomly snooping.
The same information has been available to the same people the whole time. All that has changed is how convenient accessing it is, and how likely it is that snooping at someones data might affect you, and the result has been wildly different perceived levels of invasiveness.
[1] https://www.skatteetaten.no/en/forms/search-the-tax-lists/
There is a major qualitative difference if it becomes something like police AI systems analyzing it all continuously.
They could use dark patterns. E.g. make you click yes in an inattentive moment.
Or use a checkbox that mysteriously takes on the checked state while you are sure you didn't check it.
If they do those things, then it would indeed be a privacy issue, but right now they're not.
I mean people complained so Amazon stopped giving police access. Now as soon at Amazon thought they could get away with it, Amazon started giving access again. That's pretty shady behavior in my book.
So you are telling me the can get the data my Facebook, Google and any other US company without my consent but in this case it's somehow actually enforced?
If they can get the data without a user's consent, then it's independent of this new feature and thus unrelated. If you believe that the government has unlimited access, then it was most likely already possible before this feature. Now, there is at least a "proper" way to give law enforcement access.
You’re missing the point. The last report in 2021 stated that they sold 1.7 million units in that year alone. The effect is that nearly every square inch of any populated area now has a camera pointed at it that police can access. Please tell me how you opt out of that.
That was the case before as well, as you could easily export Ring footage and share it manually with police if you want. This just makes it slightly easier.
Reason #37 why I went with Eufy instead.
I mean what are the privacy-friendly alternatives? Assume others in this market are equally shady. What is the safe, self-hosted solution where we can monitor CCTV from our phones?
There are plenty, but they're all very DIY and I don't think there are any turnkey solutions that you can just plug in and have work.
I think a better question is... why do we all need this? I get that everyone these days is afraid of everyone and everything, but it's not rational. Very few people actually need a doorbell camera.
And if something actually does happen where you think video evidence might be useful, nine times out of ten the police aren't going to help you anyway.
[dead]
I personally use unifi doorbell, mostly because I already had dream machine, but AFAIK they have also less expensive options.
[dead]
Is there some open source alternative to stuff like Ring?
I feel vindicated by my choice to have local-only security cameras
Not only do the prisoners have almost no rights, the innocent are treated like criminals too
So if I enable this will the police at least use the feeds to only summarily execute me for partaking in my 2nd amendment right to night time home defense, and let the rest of my family live?
Why don’t we call this by its true name - Amazon? You guys do realize that Amazon intentionally keeps its name off the product for a reason, right? They have Amazon batteries, web hosting, makeup, and every other thing you could possibly imagine. This product though? It’s just “Ring” so that Amazon can avoid the brand damage that comes from facilitating a police state. That is their intention, and they are keeping it at arms length for that reason. The headline of this article should read “Amazon Ring introducing new feature…” not just “Ring”. If we want it to stop, we need to hold the company responsible for what they’re doing.
> Ring introducing new feature to allow police to live-stream access to cameras
Don't worry, you have nothing to hide, don't you ? They forgot "legaly" in this sentence. Police already has access to it.
What's a good dumb way to check on pets via camera/talk to them while you're on vacation? I have ring cameras at home specifically for this use case. but I now want to get rid of them.
It feels like what is needed is some kind of protocol for decentralizing the police force (and judiciary downstream). It's a nice idea to have have choices (hopefully it is opt in) but it would be nice to have more choices for protection and law given our current situtation as it is unfolding in various countries.
Thanks, I think I’ll stay with the old school non-malware version ;)
I'm sad that we're quickly heading towards a future where there will be monitoring of all people, at all times. AI agents will flag people for leaving their house too late at night, or not leaving their house often enough. Our civilization is full of intelligence but it lacks wisdom.
Stop putting this shit in your homes people.
Earlier: https://news.ycombinator.com/item?id=44608681
fuck this bullshit
"feature"