Ring Spends The Week Collecting Data On Trick-Or-Treating Kids And Being An Attack Vector For Home WiFi Networks
from the going-to-have-to-mark-this-'needs-improvement' dept
Nothing owns like a self-own. And Ring -- Amazon's doorbell surveillance project -- is so into self-abuse, it's almost kinky. It's a DOM when it picks up another submissive law enforcement partner (400+ at last count, so maybe get tested if you install a doorbell without protection). Any other time, it seems to be a relentlessly cheery masochist. Hopefully it's deriving some pleasure from the endless negative news cycles. Maybe 95% market share heals all wounds.
Ring is putting the "creep" back in the phrase "surveillance creep." While there's some value to keeping an eye on your front doorstep when you're expecting an expensive delivery, the downside is Ring might be letting cops know you've got a camera on your house. What it won't be letting you know is that it will part with your footage at the drop of a subpoena.
If you're not eyeballing your neighbors by proxy, you're not living right. That's the message of the Neighbors app, which is pushed by Ring and cops alike. Breaking down "sharing" barriers is the first step toward bypassing the warrant process. Ring is the grease and the wheel.
The pushback against Ring's law enforcement adoption offensive has had minimal effect on the company. It continues undeterred, even as it attempts to explain both its lack of interest in adding facial recognition software to its doorbells and its retention of a facial recognition division head. It's things like this that make one believe the public's opinion ultimately doesn't matter, not if Ring can convince enough cop shops to start pushing its offerings on the public.
Ring is back in the news again. And, again, it's not because it did anything right. Or competently.
First, Buzzfeed reports the doorbell company is as tone deaf as it is dominant in its market sector. What Ring thinks is cute and fun is actually just very, very creepy.
In a company blog and series of Instagram stories, posted Monday and Tuesday, the company showed that it collects, stores, and analyzes sensitive data about how, when, and where people use its doorbell cameras. Ring said that nationwide, its doorbell cameras were activated 15.8 million times on Halloween. The company makes several other types of surveillance cameras in addition to its doorbell camera.
As it has on other occasions, like Super Bowl Sunday, Ring turned Halloween into a marketing opportunity. As reported by Mashable, Ring circulated videos of children on Halloween on Twitter. Ring also promoted Halloween-themed skins to decorate doorbell cameras on its company blogs and Instagram. However, in promoting itself as a family-friendly company, Ring showed that it collects user data on a granular level.
Friends, neighbors, visitors… children -- nothing but data and footage to be used to promote Ring's version of everyday life in the United States. The information a Ring doorbell collects belongs to Ring, not its customers. And if it belongs to Ring, it can be had without a warrant in most cases. Ring knows how often customers' doorbells ring. It says it anonymizes this data, but first you have to trust that it actually did what it said it did. And then you have to believe anonymizing data actually anonymizes it, which it kind of doesn't.
But trading trick-or-treating kids for social media impressions isn't the only headline Ring made this past week. It also showed it's not immune to the IoT curse: connected "smart' things tend to be attack vectors. And if they're not actually being attacked, they're just giving info away to whoever wants it.
A vulnerability in the Amazon Ring doorbells could have exposed homes’ WiFi username and password to hackers.
Discovered earlier this year by Romanian cybersecurity firm Bitdefender, the issue caused users’ WiFi credentials to be transmitted unencrypted while they were setting up the internet-connected device.
“When entering configuration mode, the device receives the user’s network credentials from the smartphone app,” Bitdefender notes. “Data exchange is performed through plain HTTP, which means that the credentials are exposed to any nearby eavesdroppers.”
While this method requires a hacker to be near the doorbell or on the targeted WiFi network in order to intercept the credentials, this doesn't mean exploitation is only a crime of opportunity. As Bitdefender noted, hackers could flood the device with de-authentication messages which would kick the doorbell off the network. When Ring users try to reconnect their doorbell to their network, hackers could jump in and grab the credentials as they sail by in plaintext.
The good news is this issue has been fixed. The bad news is this is the second time Ring's doorbells have been caught handing out WiFi credentials. At least last time, malicious hackers needed physical access to the doorbell. The last misstep allowed hackers to stay in their cars.
The further bad news is Ring is still Ring and mainly interested in turning doorbells in spy cams that can be easily accessed by its hundreds of law enforcement "partners." It has never expressed any sincere desire to protect the privacy of its users. As far as it's concerned, every camera is just another eye it owns, feeding it footage and data it can use at will.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: doorbell, halloween, police, ring, surveillance
Companies: amazon, ring
Reader Comments
Subscribe: RSS
View by: Time | Thread
Yeah, certain things Amazon does makes it a garbage company but unfortunately they are actually one of the better ones compared to their peers in other areas.
[ link to this | view in thread ]
They are the best security cameras around.
Nothing to hide, nothing to fear.
[ link to this | view in thread ]
So Ring is basically becoming the type of creepy stalker that doorbell cameras should be used to protect you against.
[ link to this | view in thread ]
IANAL but it seems an argument could be made that by posting the vids to Twitter they ran afoul of COPPA.
[ link to this | view in thread ]
Re:
A "Halloween-themed skin" certainly makes it look like they're targeting people under 13 years of age.
[ link to this | view in thread ]
Kidnap Victim Rescued, Suspect Arrested
For all the hand-ringing on this site over police using footage from these Ring doorbell cameras-- which, let's be clear, is completely VOLUNTARY on the part of the homeowner-- it might be nice to balance it out with a story like this, where a woman's violent attack and abduction was captured on a Ring camera and police were able to locate and rescue her after being given the footage by the resident.
https://ktla.com/2019/09/30/man-arrested-on-suspicion-of-assault-kidnapping-after-violent- incident-caught-on-camera-in-arcadia/
According to the prevailing attitude of the authors and commenters here, the homeowner should have withheld that footage as a principled fuck-you to the cops and just let fate take its course with the woman who was kidnapped.
[ link to this | view in thread ]
Private citizens voluntarily sharing evidence they have with the police is NOT "bypassing the warrant process". Consent has ALWAYS been a recognized EXCEPTION to the warrant requirement since the founding days of the republic.
Cushing has said this before and he was corrected then as well. One can only assume he has no interest in being accurate with regard to this topic.
[ link to this | view in thread ]
Re: Kidnap Victim Rescued, Suspect Arrested
That is not a voluntary arrangement.
The next bit of creep, if it has not already happened, is the cops getting a live feed from a camera to keep your neighbour under surveillance.
[ link to this | view in thread ]
Re: Kidnap Victim Rescued, Suspect Arrested
Do you have a vested interest in this?
[ link to this | view in thread ]
Re:
How nice of my across-the-street neighbors to give "consent" to unceasing surveilance of my comings and goings, which you claim is an exception to the warrant requirement for 24x7 surveilance required by US. vs Moore-Bush (2019).
But you know those pesky Supreme Court decisions upholding fundamental constitutional rights. Those are always less important than unimpeded government surveilance.
[ link to this | view in thread ]
Re:
The issue is not what owners share with law enforcement with their consent. The issue is what gets shared with them without the owners consent, or by the consent of a third party such as Ring.
Honestly this would not be much of an issue if
A) cops would just get a search warrant every time, and
B) Ring would would not be doing everything they could to assist them in bypassing getting a search warrant.
[ link to this | view in thread ]
Freely sharing video evidence with the police, not the police just taking it from a camera you may happen to have are 2 different things.
I have 5MP PoE cameras around my house. They are out in the open and can easily be seen. Its main purpose is a deterrent. A person sees 1 or more of my cameras and thinks, maybe I should go onto the property to steal that package or break-in. Leave and find a safer target. In the process, all my neighbors around me are gettered better protected. I'm on an inside corner and so can see a bunch of houses. In the short time of having them, I already gave the police a clip of a hit and run on a neighbor's pretty new Truck. Which was parked across the street on my side of the road in front of the neighbor's house next to me. I have audio also and so you can HEAR it as the Truck is hit. It was pretty lough for th Mic to pick it up from that far away.
The police have NO direct access to my cameras and never will. It also costs me ZERO per month. I can see my cameras anywhere with internet access. So right on my phone. I knew Amazon buying RING was a bad thing. I thought Spying form Amazon was bad enough, but direct spying from the police? No thanks. Let alone PAYING for that honor every month for the cloud storage you need. Cloud storage that is always eating up some of your Internet Data CAP. Data that is being saved in the cloud. That means, cut your COAX cable, you now have no Internet service, and your Cloud Based camera there isn't recording anything. It's worthless!!!
I'll stick with my $10 wireless Doorbell. I've been using it for the last 7 years?!?! I can't remember the last time I replaced the batteries. It's good enough. While I can't speak to a person with my cameras, I can hear them.
I have 1 CHEAPO Cloud-based Camera. It's a WYZE camera that I have mounted inside my Garage. Mainly to make sure the door is closed as my Dad who lives with me is known to leave the garage door open when he takes off. My garage door will warn me if it's left open for longer than 5 and 10 minutes. So I can look and see if he's working inside the garage or his Truck is gone. If so, I can close it remotely. While it saves motion clips in the cloud, which is 100% FREE. I think like 15 seconds in length. It does save locally on that device with a MicroSD card. It's a cheap, perfect camera for the job it's doing.
Don't get stuck in these forever paying plans for as long as you're using their cameras. PoE cameras, it's just an ethernet cable to run. It gets it's power from it also which is why it's PoE (Power over Ethernet). You can buy a bulk role of the cable and make the length you need pretty easily. You'll have a better picture as it's digital and not analog. I'm using an NVR (Network Video Recorder) that I have mounted up high in a lock box. With Analog Cameras, it's a duel cable. One for Video and one for Power. You can't really cut the cables, just bundle up. You use a DVR (Digital Video Recorder). You can use PoE cameras with a NAS and software running on it as an option also.
I have 6 cameras currently. One is a Dome that that PTZ. So I can move it all around. I have it mounted on the corner of my house and so I can turn it to see my front door and porch and turn it all the way around to see down the side of my house. That is the normal direction I have it pointed. I can even control it on my phone.
A lot of times the Ring Doorbell is in sleep mode, especially if it's running on its battery. By the time it wakes up, you may only see the back of the person. The same goes for these completely wireless cameras. They wake up when seeing movement, but that takes a few seconds. By then they are recording the back of the person as they're walking or running away. With a stick, can be easily knocked down onto the ground. You have to charge them up every few months. That means up and down a ladder and re-aiming them every time.
Things to think about!!! If you're a renter, then you may be limited on what you can do. If you own your own home, installing a camera system yourself really isn't all that hard. I liked to just connect up a long ethernet cable from teh NVR to the camera and then hold up the camera where I think would be best and look on my iPad at the picture in real-time and see if that's the best view/location. Once I have the right spot, mark it and then do my drilling and running the ethernet cable the right way. I didn't need to do it for all my my camera locations, but a few of them. I also make sure they overlap each other. That way one camera would be recording a person tampering with another camera. If a person could just walk up behind a camera and then do whatever, that's not good. I still have plans to mount 2 more cameras. My NVR supports 8. In the future as all my cables have been ran, I could easily upgrade to 4K Cameras in the future. 2MP are 1080P cameras, 8MP cameras are 4K. I'm in the middle with 5MP cameras. The higher the MP means better the resolution, which means better detail when you go ZOOMING into the video or picture.
A blurry image is a worthless image!!! The last thing they don't tell you is having to clean them!!! Dome Cameras are the hardest, but you get spiders that string their webs around, or across the lens. It may not be touching it, but that close, you see this thing wiggling right in front of your lens block a big part of your view and can be quite annoying. Also notice at times that the IR lights that allow them to see in the dark, it does attract bugs that are attracted to light and swarm around in front of the camera for a period of time. So once in a while, you have to clean off the camera, at least the lens area.
[ link to this | view in thread ]
Re: Re: Cop holsters badge bunny
Ol’ brt is a cop sucker of the first order. He never met a cop who’s ass he couldn’t wait to kiss.
[ link to this | view in thread ]
Re:
Exactly. Why put your security in the hands of someone or something you have no control over, or that may not be there in the future.
While Amazon isn't going away in the near future, it is still possible that they could pull a Google Nest like move and shut down your doorbell cameras.
[ link to this | view in thread ]
Re: Re:
You have no reasonable expectation of privacy in what you do in full view of the public.
I'm not the only one who claims it. Every court since 1778 has claimed it.
That requirement only applies to government, not your neighbor. And it doesn't suddenly apply because your neighbor decides to share footage of a crime with the cops.
Unless the surveillance was conducted by or at the direction of the government, your pesky Supreme Court decision is inapplicable here.
[ link to this | view in thread ]
Re: Re: Kidnap Victim Rescued, Suspect Arrested
LOL! Pointing out a case in which a young woman's life was saved by the very thing y'all decry suddenly means I have a vested in doorbell cameras, huh?
You're a cartoon.
[ link to this | view in thread ]
Re:
Not as such. But watching you bend over forewords to “accomodate” the police state makes you a Brownshirt collaborator at best. And speaking of cartoons your profile pic is at least an accurate descriptor of what kind banal type of evil you are bro.
[ link to this | view in thread ]
Re: Re: Re: Kidnap Victim Rescued, Suspect Arrested
That's great that someone was saved, however - I still will not be attaching that security nightmare to my lan.
Call me anything but late for supper
[ link to this | view in thread ]
Creey AF, Amazon. Creepy AF
15.8 million photos of kids. Wow, Ring doorbells must be a pedophile's wet dream!
{ew}
(´ཀ`」 ∠)
[ link to this | view in thread ]
It is possible to respect someone and their ideals, even if you strongly disagree with them.
I know, it is hard to believe, but it is true.
[ link to this | view in thread ]
Re:
Respect is earned bro. So is derision.
[ link to this | view in thread ]
Re: Re:
..or they could pull a Google and sell all that footage to some company who they "partner" with, you know, so they can "customize the user experience".
Or allow would-be thieves a way to take inventory of your possessions and make a burglar's Christmas Wish List......
[ link to this | view in thread ]
Re: Nothing to hide, nothing to fear
I believe this post says it best....
http://www.abovetopsecret.com/forum/thread340387/pg1
[ link to this | view in thread ]
Re:
There is an inherent difference between things I want to keep secret and things I want to keep private....
[ link to this | view in thread ]
Re: Re: Re: Kidnap Victim Rescued, Suspect Arrested
It could have been any camera, but it wasn't - it was Ring, therefore Ring is OK? Not a valid argument for Ring, nor any sort of "viewpoint balancing".
[ link to this | view in thread ]
Re: Re:
A fellow human being is deserving of respect.
Treat others how you wish others to treat you.
[ link to this | view in thread ]
Re: Re:
How do you get employment when you meet people and show them zero respect?
[ link to this | view in thread ]
Re: Re: Re:
I suggest that there is a big difference between "respect" and "regard", many people misuse the word respect intentionally while most simply do not know its meaning.
Meanwhile, there are some who demand respect when what they really desire is adulation.
Employment interviews are not necessarily the best example of people being honest. I think that honesty and trust are prerequisites for respect.
[ link to this | view in thread ]
Re: Re: Re: Kidnap Victim Rescued, Suspect Arrested
Is there a "it worked once" fallacy?
[ link to this | view in thread ]
Re: Re: Re:
What's your address again? I have a privately-owned camera to point at the front of your house that does ALPR and face recognition and livestreams everything to the web and keeps a permanent timestamped log.
And the "pesky" decision(s) said nothing about, or placed no limits on construction or direction, but the use by the government. Do you even read, bro?
[ link to this | view in thread ]
Re: Re: Re: Re:
Soon, the doorbell spy cams will be able to detect the aroma of pot
/s (of course)
[ link to this | view in thread ]
Re: Re: Re:
You seem very confused on how the world works bro.
[ link to this | view in thread ]
Re: Re: Re: Re: Kidnap Victim Rescued, Suspect Arrested
If there was, how many times would it have to work before that fallacy becomes inapplicable?
Twice?
Ten times?
[ link to this | view in thread ]
Re: Re: Re: Re:
1) I've never given you my address before, so I'm not sure why you're asking for it again.
2) The fact that I have no expectation of privacy in the public exterior of my home does not obligate me to publish its location to help someone play malicious games with me.
It prohibits the government from using the entirety of the aggregated data to construct an intrusive record of someone's daily life over time. It does NOT prohibit a private citizen from doing the same with a home surveillance camera. And the citizen giving the cops one snippet of that data to help solve a specific crime does not mean the cops are using that entire database to construct an intrusive record of the porch-pirate's (or rapist's or burglar's) daily life which therefore makes your pesky Supreme Court decision inapplicable.
Apparently much better than you do, Beto.
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Kidnap Victim Rescued, Suspect Arrested
Twice is a start. Let us know when that happens then we can talk about a percentage of total views vs creating a massive easily excesses surveillance state. Oh wait that’s what we are already talking about before you tried to deflect.
[ link to this | view in thread ]
Re: Re: Re: Re: Re:
Ah, just what i figured -- another chickenhawk. "Tyranny for thee, but liberty for me."
[ link to this | view in thread ]
Re: Re: Re: Re:
Just your world sis
[ link to this | view in thread ]
Re: Re: Re: Re: Re:
Well you tried bro... sort of.
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Kidnap Victim Rescued, Suspect Arrested
When the end justifies the means, all means are justified.
[ link to this | view in thread ]
Re: Re: Re:
Agreed, but you did not identify which fellow human being it was, or reasons for this unexpressed view.
[ link to this | view in thread ]
Re: Re: Re:
"A fellow human being is deserving of respect."
What has this fellow human being done in order to earn your respect?
[ link to this | view in thread ]
Re: Re: Re: Re:
They were born human. I don't care what color, sex or gender, they are human.
Treat me with zero respect and I will respect that and return same.
[ link to this | view in thread ]
Re: Re: Re: Re: Re:
"They were born human. I don't care what color, sex or gender, they are human."
"Treat me with zero respect and I will respect that and return same."
Your stated response to provocation is understandable, what might that provocation look like? If I ignore you, you will just ignore me ... or is there more to it? Will I get a beatdown for not listening to you?
[ link to this | view in thread ]
Re: Re: Re: Re: Re:
Did I discuss anything relating to those factors?
No?
STFU then.
Did I say he earned his derision?
Yes
Ok STFU THEN
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re:
Impotent rage.
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re:
Such impotent rage.
Perhaps you should call a hotline.
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re: Re:
Womp Womp
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re: Kidnap Victim Rescued, Suspect Arrested
Okay, there are legions of reports in local media and on neighborhood chat sites about porch pirate package thieves being identified and caught with these doorbell cameras.
So if all we need is two instances of it working... done and done.
https://www.youtube.com/watch?v=oFmbJE6J5nU
https://www.youtube.com/watch?v=koHP-qAJX7s
https: //www.kgw.com/article/news/doorbell-cameras-help-catch-package-thieves/283-498124427
[ link to this | view in thread ]