Amazon unveiled a new tracking system at a time when Americans are debating the value of persistent surveillance.

A Super Bowl ad for Ring security cameras boasting how the company can scan neighborhoods for missing dogs has prompted some customers to remove or even destroy their cameras.

Online, videos of people removing or destroying their Ring cameras have gone viral. One video posted by Seattle-based artist Maggie Butler shows her pulling off her porch-facing camera and flipping it the middle finger.

Butler explained that she originally bought the camera to protect against package thefts, but decided the pet-tracking system raised too many concerns about government access to data.

“They aren’t just tracking lost dogs, they’re tracking you and your neighbors,” Butler said in the video that has more than 3.2 million views.

  • mlg@lemmy.worldEnglish
    57·
    4 days ago

    My personal choice for security stuff is ubiquiti, but I’m sure someone here can find a super cheap doorbell camera that saves to an SD card and accomplishes the same thing.

    I’m really glad people didn’t just fall over for this ad, and connected the dots on what Amazon is doing

    • AspieEgg@lemmy.blahaj.zoneEnglish
      33·
      4 days ago

      Reolink doorbell cameras don’t need to be connected to the cloud. They can record to an SD card or upload to an FTP server. You can connect to them with RTSP and run your own NVR if you want too.

        • FauxLiving@lemmy.worldEnglish
          5·
          4 days ago

          I have a few Amcrest cameras and they’re pretty decent as well. Outdoor rated, PoE, 4k, UV LEDs, they have PTZ variants too and offer standard RTSP streams without any kind of vendor software hassle.

          Running a local NVR with some image segmentation and classification models is goodbut also consider adding a bit of Kismet and SDR trickery. Having a bit more awareness is always useful and the radio spectrum is increasingly full of useful information that can be relevant to home security.

          Most people are also radio beacons of some form or another due to their tech/car/flipper zero and being able to detect things like modern cars, people wearing bluetooth earbuds, wifi deauthentication attacks or new radio sources which could indicate some kind of hostile surveillance or tracking… those are all useful and relatively simple things to monitor. With a bit more money you could make some good estimates about the location and relative motion of these sources.

          You could also add some cheap SDRs and listen to your local county’s dispatch trunking system. This is perfectly legal, it’s all broadcast in the clear. CB users and scanner owners used to do this but it became harder once they switched to trunking systems because you required some kind of processor to navigate the trunking protocol. Now you can do the same thing with 2 cheap RTL-SDRs and some open source software: https://www.youtube.com/watch?v=g9KJrtIO8_4 Language models reading transcripts of these could alert you to any major events near you, like a traffic accident (or active shooting, USA! USA! USA!).

          Obviously this is a bit more involved than ‘Press buy button on Amazon, login to camera, glue to wall.’, but the end product that you can create is better than anything that you can buy as a commercial product.

          • TunaLobster@lemmy.worldEnglish
            2·
            4 days ago

            The audio system in my car is broken. I use my SDR to stream the radio to my phone and play it on a Bluetooth speaker. Overkill? Yes. Learning experience? Yes.

            • FauxLiving@lemmy.worldEnglish
              2·
              4 days ago

              I had a similar experience, playing with a spectrum analyzer connected to the SDR and the first signals that I ‘found’ were the WFM broadcasts and celebrated by listening to the radio for a few hours.

              In hindsight, I didn’t realize how much the antenna size and just happened to have the right length antenna to get good WFM coverage.

        • AspieEgg@lemmy.blahaj.zoneEnglish
          41·
          4 days ago

          SD - Secure Digital (memory card you’d use for most things)

          FTP - File Transfer Protocol (a way to upload files to a server)

          RTSP - Real Time Streaming Protocol (a way to stream video)

          NVR - Network Video Recorder (a device that records video)

          • Atropos@lemmy.worldEnglish
            22·
            4 days ago

            I love lemmy. On the other site, you’d have 100 snarky and/or insulting replies. Here, there’s a single reply that is straightforward and helpful.

            I dunno, thanks for being a bright spot in otherwise somewhat bleak world.

  • Agent641@lemmy.worldEnglish
    33·
    4 days ago

    Imagine spending millions of dollars on an ad that costs your company millions more in lost sales

  • BanMe@lemmy.worldEnglish
    46·
    4 days ago

    They’ve backed off this and ended the partnership, claim Flock never got any footage, which I think is a total lie.

    They’ll re-partner when the heat is off, or just do it silently, Amazon shouldn’t be trusted. Explain why to your friends and neighbors.

  • teft@piefed.socialEnglish
    321·
    4 days ago

    I hope what really gets people to pay attention is how the FBI said they searched that news ladies’ moms’ ring camera footage even though she didn’t have an active subscription.

    • bitjunkie@lemmy.worldEnglish
      5·
      4 days ago

      The subscription is ostensibly to cover the cost of bandwidth. But of course they’re uploading anyway…

      • Ghostalmedia@lemmy.worldEnglish
        73·
        4 days ago

        A big exception to the rule are the HomeKit secure video cameras that work in Apple’s ecosystem. If your HomeKit compatible camera is going straight into HKSV, and isn’t paired with manufacturer’s own cloud video service, then it’s all E2EE and it can’t be accessed by Apple, even with a warrant.

        Problem is, camera offerings are limited, and scrolling clips in HomeKit is paaaainful. Also, if you’re not in Apple’s ecosystem, you can’t use it.

          • AA5B@lemmy.worldEnglish
            6·
            4 days ago

            They’re pointing out that HomeKit cameras are specifically end to end encrypted and claimed inaccessible. Apple has really been pushing online privacy as a feature

            You can get a camera from anywhere and either use it locally only or implement your own encryption before saving to a cloud resource if you can get one with any expectation of privacy. But you have to do all the work and it is never end to end encrypted

            • cecilkorik@piefed.caEnglish
              3·
              4 days ago

              Depends on your precise definition of the camera “end” I suppose, but an IP camera absolutely can be and should be end to end encrypted. Even if the camera itself does not support native encryption, at worst the aggregation point/server should. Really, surveillance cameras should be on their own dedicated private IP network anyway, ideally with physical isolation on any wired connections. Besides a physical, on-site attack (which is what the cameras are for!) there really should not be any plausible method of an outside attacker breaching into the non-encrypted part of the network at all.

              And that’s the worst case, real-world scenario. Quite a few cameras do in fact support on-device encryption now so “never” is still definitely incorrect. You do have to do the work though. That’s how good security works, it doesn’t come in a box as much as many wish it would and even if it does it’s never one-size-fits-all.

      • partial_accumen@lemmy.worldEnglish
        21·
        4 days ago

        And the NEST camera apparently has some sort of free tier that saves a short amount (the last few hours) of video by default, so NEST users shouldn’t be surprised at all that their video feed is sent to the cloud as its one of the features of the subscription-less model.

        • spaghettiwestern@sh.itjust.worksOPEnglish
          11·
          4 days ago

          The problem isn’t that it’s being sent to the cloud, the problem is that it’s not being encrypted and Amazon is doing whatever they fuck they want with it, including giving it to law enforcement without a warrant.

          • WhyJiffie@sh.itjust.worksEnglish
            111·
            4 days ago

            encryption wouldn’t solve the problem, just raise more questions. how is it encrypted, with what algorithm? was the alg implemented securely? who has the decryption keys? how were the keys generated? were they generated from a good enough entropy source? these are non-trivial questions that have to be asked in an encrypted system where encryption is not just a gimmick or a marketing buzzword.

            having encryption and “secure!” plastered all over the box and the phone app does not mean anything, especially when you need protection against the manufacturer.

            • spaghettiwestern@sh.itjust.worksOPEnglish
              51·
              4 days ago

              When people in a Lemmy technology community say “encryption” it should be obvious we’re referring to effective encryption, not a marketing claim on a product box.

              • WhyJiffie@sh.itjust.worksEnglish
                31·
                4 days ago

                yes, that would be ideal, but at any point in time we will have newcomers, for them it won’t be obvious

                • spaghettiwestern@sh.itjust.worksOPEnglish
                  11·
                  4 days ago

                  Your prior comment was for newcomers?

                  "How is it encrypted, with what algorithm? was the alg implemented securely? who has the decryption keys? how were the keys generated? were they generated from a good enough entropy source? "

                  This was obviously written for people with quite a bit of knowledge. Most newcomers would have absolutely no idea what any of it means.

    • Dinosaur Ouija Board @lemmy.mlEnglish
      24·
      4 days ago

      Initially, NBC Nightly News (Savannah Guthrie’s network) stated that Ring cameras could only record 4-6 hours before the footage would start to rewrite over itself. Yet being able to uncover what they did after the fact seems hella sketchy.

      • AA5B@lemmy.worldEnglish
        10·
        4 days ago

        Not at all, that’s tons of time.

        That was a nest and I don’t know about them, but for Ring they store snippets activated by motion or ringing the bell. Once you’re only saving snippets, 4-6 hours video could be weeks

        Ring can also save snapshots, at regular intervals, but that’s a still photo taking much less storage.

        • Midnight Wolf@lemmy.worldEnglish
          2·
          4 days ago

          I used to have a nest doorbell. You can set it to record continuously, just FYI.

          E: that will also require a subscription, which includes 60 days of saved footage (and other stuff)

      • partial_accumen@lemmy.worldEnglish
        5·
        4 days ago

        Yet being able to uncover what they did after the fact seems hella sketchy.

        Not really if you know how this kind of computing/information technology works.

        A file consists of the data itself, and a pointer to the data location on the storage device or index record. When the computer wants to retrieve the data, it looks at the index to get the data location, then goes to that location to get the data. This is how the majority of computers/devices work. When a file is “deleted” the index is usually the only thing that goes away, not the data itself. Over the course of time, the data is eventually overwritten as its in areas marked as “free space”. So other new files will occupy some or all of that space changing it to hold the new file data.

        If you want to get rid of the data itself, that is usually considered “purge” where the data is intentionally overwritten with something else to make the data irretrievable.

        What the Google engineers were able to do was essentially go through all the areas marked as “free space” across dozens (hundreds?) of cloud servers that hold customer Nest camera data and try to find any parts that hadn’t been overwritten yet by new data. This is probably part of why it took so long to produce the video. Its like sorting through a giant dumpster to find an accidentally discarded wedding ring.

    • partofthevoice@lemmy.zipEnglish
      50·
      4 days ago

      My wife and I recently moved to a home with ring cameras preinstalled, but no subscription of course. We can only access a live feed via the cloud service. I told my wife, I don’t think it matters whether we have a subscription or not… if they want to use the footage from our home cameras for any reason at all, it’s in their power to do so. They can save it, scan it, watch it, … they don’t even need to save the video, they can save results from a scan to get out the important details more efficiently.

      My wife didn’t want to hear it. She said we aren’t paying them, so there’s nothing they can do. Then this news story dropped about Google Nest. I showed my wife. We no longer have the ring cameras.

      • krashmo@lemmy.worldEnglish
        3·
        4 days ago

        Theoretically they wouldn’t have internet access if a previous occupant set them up unless one of your neighbors has an unsecured AP. Or maybe I’m misunderstanding you and you’re saying you set them up on your wireless network after you moved in. Still a good move to get rid of them but I wouldn’t be as concerned about them if the only AP they were set up to use was no longer present.

        • wizardbeard@lemmy.dbzer0.comEnglish
          13·
          4 days ago

          Nope. Ring cameras are part of Amazon Sidewalk which is effectively an automatic, invisible, and not end-user-controllable wireless mesh network “meant to keep devices working during wifi outages” or in other words to ensure the data makes it back to the cloud at any cost.

          Their are more and more device manufacturers starting to use techniques like this to ensure connection regardless of owner intent.

          • krashmo@lemmy.worldEnglish
            2·
            4 days ago

            I can’t say that’s surprising but I have only heard of smart TVs having been confirmed to do that

        • partofthevoice@lemmy.zipEnglish
          2·
          4 days ago

          Interesting, I didn’t think about that nor did I know about the mesh network someone else mentioned in a reply to you. In my case, I’m renting the home. The landlord pays for a very small internet package that is reserved for the cameras. He stopped paying for the subscription at some point but he still pays for the Internet it connects to, which is how we were able to access live footage in the past.

          When I said “we no longer have the ring camera.” More accurately I could have said “we stopped charging it.” The landlord would probably have a minor aneurism if we tried explaining why we want to replace the camera he mounted a case for into the stucko by the front door.

      • CosmicTurtle0 [he/him]@lemmy.dbzer0.comEnglish
        132·
        4 days ago

        I wonder if removing the cameras is the best move.

        It might be better to let them run but have them watching a TV streaming Disney movies.

        Then drop the dime to Disney that they are copying their IP.

        • partofthevoice@lemmy.zipEnglish
          4·
          4 days ago

          I’m half curious if I cut open the box… you think there’d be an easy way to replace the camera with a video stream of my choosing? Because I wouldn’t mind cutting out the camera and leaving the device plugged into my PC for a constant headless stream of video content.

  • big_slap@lemmy.worldEnglish
    8·
    4 days ago

    the few that do this are the smart ones. I fear the ignorant/dumb wont follow when this story eventually dies

    • turboSnail@piefed.europe.pubEnglish
      11·
      4 days ago

      People still love Chrome, even though tech reviewers told us exactly how creepy that browser is. That info has been publicly available since day one.

      Same story with Facebook, but somehow that syphilis of the web is still alive. I have no idea what these people are thinking.

  • AmbitiousProcess (they/them)@piefed.socialEnglish
    191·
    4 days ago

    For anyone who has a Ring camera, wants to get rid of it, but still wants a doorbell camera for security/convenience reasons, I’ll point out that Ecobee has a fairly good rating on Mozilla’s Privacy Not Included page where they review products for their privacy.

    E2EE transmission of video from the camera to your phone when streaming, on-device processing of video feeds, auto-deletes any cloud footage when people uninstall the app (so non-technical users who think uninstalling an app deletes their data will actually get that benefit), only saves clips when actual motion is detected, first line of their privacy policy is “Your personal information and data belong to you”, and their subscription is 100% optional.

    Only real privacy concern is that if you choose to integrate yours with Alexa, it might get some data from that, but that’s optional. The main downside is just that they only have a wired option for outdoor setups, but they do have an indoor one that doesn’t require any kind of hookup directly into wires in your wall.

    As always though, if you have the technical ability to set something up yourself that runs only on your local network, do it.

  • Buffalox@lemmy.worldEnglish
    1017·
    4 days ago

    Question is why they bought a Ring camera in the first place?
    There is no way they can have been unaware that these gadgets can be accessed from outside.
    But it was only when the evidence was put right in their face they finally connected the dots?

    So my answer is quite simple: Because they are stupid, and bought a sleazy product from a known sleazy company, and when they found out it was in fact as sleazy as could be expected, they figured that maybe they didn’t want to to be voluntarily surveilled anyway.

    • ilinamorato@lemmy.worldEnglish
      31·
      4 days ago

      Question is why they bought a Ring camera in the first place?

      Probably because of marketing.

      There is no way they can have been unaware that these gadgets can be accessed from outside.

      (1) Clearly you’ve not talked to enough people outside the privacy-aware community. Absolutely they can have been unaware of that.

      (2) They may well have known, but not known the scope, or not cared. If you’re having trouble with (for instance) porch pirates, you might not care about the privacy ramifications.

      But it was only when the evidence was put right in their face they finally connected the dots?

      Yes. When you don’t live and breathe this stuff, a lot of times that’s what it takes.

      My mom used to use the same password for every service. It was a ten-letter password that she came up with in 1999, and she essentially never deviated from it; until I typed it in for her on haveibeenpwned and showed how many times it had been leaked. People who don’t care about privacy won’t care until they’re shown how it actually affects them.

      So my answer is quite simple: Because they are stupid,

      Profoundly uncharitable read on the situation. Are you “stupid” if you don’t know what you don’t know? We don’t have classes about this sort of thing in high school or anything. There are billions of dollars going toward telling people that sleazy products are actually great and companies actually care about their well-being, and only neckbeards like us on Lemmy spending $0 to tell them the opposite. If they’re not watching tech news because the regular news is too much, or because they have jobs and families and hobbies, or because they don’t know how to process or parse it, or just because they’re not interested and have never been convinced that they should be, they aren’t stupid, just propagandized.

      and bought a sleazy product from a known sleazy company,

      First of all, “sleazy” is a perfect word for this, and thank you for using it.

      But second, keep in mind that for a lot of people, most companies are still responsible members of society; “pillars of the community,” and generally worthy of trust. It’s not because they’re dumb, it’s because they’ve been propagandized into believing it.

      and when they found out it was in fact as sleazy as could be expected, they figured that maybe they didn’t want to to be voluntarily surveilled anyway.

      People are waking up to the reality of big tech “convenience.” That’s a good thing. Don’t shoot at them for coming to their senses.

      • Buffalox@lemmy.worldEnglish
        33·
        4 days ago

        But second, keep in mind that for a lot of people, most companies are still responsible members of society; “pillars of the community,” and generally worthy of trust. It’s not because they’re dumb, it’s because they’ve been propagandized into believing it.

        Oh boy that is so true, I was laughing my ass off during the financial crisis about how people were shocked that banks are businesses trying to maximize profits like any other business.

        They genuinely thought that banks were some sort of community institution that existed to help people with their finances, and not businesses that are selling products to make money.

        Still even if people are so ignorant that they are unaware of privacy issues, they have chosen to be willfully ignorant, because this issue has been talked about non stop for decades. For nothing to sieve in at some point, you have to be a special kind of willfully ignorant.
        Even people that are very low information on technology, know that the Internet is a source of potential surveillance, and having your info on the internet in any form is a potential for being surveilled. Everybody knows that all the big IT companies are trying to gather as much information as they can. And Amazon is right at the top among them.
        So to claim they were ignorant of Amazon possibly collecting and sharing their data is a bit far fetched IMO.

        • PostnataleAbtreibung@lemmy.worldEnglish
          2·
          4 days ago

          For the banks, the two biggest ones in germany were in fact exactly this: community owned and with supporting local residence and businesses in mind.

        • WhyJiffie@sh.itjust.worksEnglish
          2·
          4 days ago

          Even people that are very low information on technology, know that the Internet is a source of potential surveillance, and having your info on the internet in any form is a potential for being surveilled. Everybody knows that all the big IT companies are trying to gather as much information as they can. And Amazon is right at the top among them.
          So to claim they were ignorant of Amazon possibly collecting and sharing their data is a bit far fetched IMO.

          you are largely overestimating the capabilities of the average consumer. most don’t even know on a surface level how the internet works, and what dangers it poses.

        • ilinamorato@lemmy.worldEnglish
          4·
          4 days ago

          people were shocked that banks are businesses trying to maximize profits like any other business.

          Because every ad they see talks about how respectable and responsible they are. Like I said above, they’ve spent billions trying to cultivate this level of obliviousness in their customers.

          Still even if people are so ignorant that they are unaware of privacy issues, they have chosen to be willfully ignorant, because this issue has been talked about non stop for decades. For nothing to sieve in at some point, you have to be a special kind of willfully ignorant.

          In our sphere, sure. But most people don’t live in our sphere. Most people don’t mainline tech news and privacy updates. A lot of “normal people” (i.e. people you meet dropping your kids off at school, or in line at the supermarket, or on a bus) would have trouble telling you the name of the company that made the phone they stare at for seventeen hours a day. Some of the smartest, most world-aware people I know couldn’t tell you the difference between “encrypted” and “password-protected.” The stuff that breaks through into the mainstream are the huge breaches, but the problem is always spun to be the hackers, or one guy in the IT department who did something wrong, or whatever, not the fact that they’re even collecting all of this data in the first place.

          And this isn’t willful ignorance, it’s just not something they think applies to them. Maybe they bought the “if you have nothing to hide you have nothing to fear” line, but more likely they just don’t actively think about it at all. Like how, if you live inland, you probably rarely worry about tsunamis; they’re simply a reality, and they probably vaguely know about the danger, but they’re a fact of nature, there’s nothing they can do to change it, and it’s not a risk they face personally. That doesn’t make them willfully ignorant, it just means they think it’s something that really only matters to spies or whoever.

          Even people that are very low information on technology, know that the Internet is a source of potential surveillance, and having your info on the internet in any form is a potential for being surveilled.

          But usually only in the abstract. “Oh, as long as I just look for the lock in the top left of the browser, I’m ok.” They think the threat comes from hackers and foreign governments, not companies that make the funny cat meme service.

          Everybody knows that all the big IT companies are trying to gather as much information as they can. And Amazon is right at the top among them.

          No, I think you’re wrong about that, and I think that’s because–again–these companies have spent billions trying to convince people that they aren’t. Even in the rare cases that they do see a threat, they have completely the wrong idea about what the threat really is; think about those memes that go around from time to time saying “I hereby declare that Facebook doesn’t own my photos!” or whatever. Zuck doesn’t want their photos, he wants to be able to lock them and their friends in, he wants their personal data, and he wants exclusive, 24/7 access to their eyes so that he can cram personalized ads into them.

          All of that advertising may not necessarily convince people that the company is good, but it might cast just enough doubt or confusion to get them to focus on the wrong issue.

          And Amazon? If people have anything against Amazon, it’s probably just “oh, they’re trying to put mom & pop companies out of business!” (Which, in fairness, they are also doing). Do you think the average person knows that they even own Ring and Roomba and AWS? I would submit that a surprisingly large chunk of the population probably doesn’t even know that they own Alexa.

          Not because they’re ignorant, just because (1) it doesn’t matter to them, and (2) they’ve been aggressively propagandized to not care.

      • XeroxCool@lemmy.worldEnglish
        7·
        4 days ago

        Thank you for bringing the detail and tone I was going to type. You covered so many good points. It’s nice to see someone outside the tech-heavy, privacy-hyperaware echo chamber.

  • matlag@sh.itjust.worksEnglish
    9·
    4 days ago

    The most appalling thing is the advertisers and whoever approved this live in a bubble where people are ok with massive surveillance, and don’t imagine people will freak out when they see how Amazon can watch them. At least Meta knows their users hate them but are hostages of their network, that’s why Meta buys or crushes competitors before they become too big. I’ve not seen that since a Ford’s VP bragging about how much Ford will know absoltuely everything you do with “your” car (is it really?) and backpedaled live as he realized journalists were horrified. That was a long time ago. Today it’s common.