TWIT 749: At Least She Double Bagged It

Beep boop - this is a robot. A new show has been posted to TWiT…

What are your thoughts about today’s show? We’d love to hear from you!

Hearing Owen JJ Stone refer to Leo as “Uncle Leo” always makes me smile

5 Likes

Always great when he is on.

To answer Leo’s question I think the biggest difference between Ring and other companies in the same field is that (so far) they are the only one personally catering to the police. It’s a concerted, focused effort to get police all across the country intertwined with their products and network.

Personally, it leaves a bad taste in my mouth.

2 Likes

I’m a bit curious about this. I haven’t been following this story too closely as I don’t really have skin in the game; I run my own camera system.

From the on air discussion I wasn’t quite able to discern specifically what Ring’s relationship with law enforcement is. Heard plenty of speculation about worst-case scenarios from the panel but I’m not sure anyone had solid info on how Ring actually has this setup. Is there some sort of LEO-only portal that allows them to access cameras? Is this an opt-out situation for end users?

If Ring is simply complying with warrants for camera access I’m not sure that’s such a terrible thing. Even if Ring were allowing access to cameras owned by users who’ve explicitly opted-in to such a program I think I’d be ok with that.

The panel has been talking about the issues with Ring Camera’s and amazon sharing the data with police and that this is somehow enabled by the Neighbors feature and you have to opt out. I have ring cameras and have since the first model. I have been all through the Ring app and as far as I can tell there is no opt in/out for automatically sharing camera video. I can share a video voluntarily to warn people. I guess the bottom line here is that if Amazon is giving police departments access to these cameras I can’t see any connection between that and the neighbors feature where people are sharing videos voluntarily.

Yeah if Amazon is giving back door access without our permission that is really bad. I’ve been all through my Ring App and I can’t find any opt in/out of any kind for sharing videos. I also don’t see any connection to the neighbors community which is just basically a forum where you can share a video for other people to see but that has to be done by you voluntarily - there is no automation. So if Ring is doing this I think it is 100% backend.

Ring just sent out this email about the breach:

The facts about password security.
You may have seen reports recently about our customers’ Ring accounts. Rest assured, we’ve investigated these incidents and did not find any indication of an unauthorized intrusion or compromise of Ring’s systems or network. However, even though Ring’s systems were not compromised, we do want to share how these issues occurred, and some easy steps you can take to further protect your Ring account and other online accounts.

Here’s what happened.
Malicious actors obtained some Ring users’ account credentials (e.g., username and password) from a separate, external, non-Ring service and reused them to log into some Ring accounts.

When people reuse the same username and password on multiple services, it’s possible for malicious actors to gain access to many accounts.

We’ve taken appropriate action to block these malicious actors and contacted all affected users directly.

Here’s what you can do now.
Even if your credentials were not obtained by malicious actors, we strongly encourage everyone to enable Two-Factor Authentication and follow these password best practices.

Enable Two-Factor Authentication.
Turn on this enhanced security feature in the Ring app to receive a unique code via text message to your phone whenever you or someone else attempts to log into your Ring account and is asked for your Ring password. Many other online services offer Two-Factor Authentication as well, and we encourage you to turn this feature on wherever available in your other online accounts.
Turn On Now

Add Shared Users.
Don’t provide your login information to others. If you want to share access to your Ring devices with other people, simply add them as a Shared User. This allows you to maintain control of your account. And if you currently have Shared Users, please ask them to enable Two-Factor Authentication and follow the password best practices below.
Learn More

Use different passwords for each account.
By using different usernames and passwords for your various accounts, you reduce the risk that a malicious actor could reuse credentials compromised from one account to access another of your accounts.
Learn More

Create strong passwords.
When creating a password, use a mix of numbers, letters (both uppercase and lowercase), and symbols – embracing long, non-dictionary based words or phrases.
Learn More

Regularly update your passwords.
It’s good practice to update your passwords every 3-6 months. If it has been more than 6 months since you last updated, we recommend updating it now.
Learn More

As a neighbor of Ring, your safety is our highest priority. We’re committed to helping you keep your home safe and protected – and that means keeping you informed with best practices for your online security, too.

If you have questions or need assistance turning on Two-Factor Authentication or changing your password, please contact help@ring.com.

Wishing you a safe and happy holiday,
The Ring Team

1 Like

Last week’s TNW had a great interview that went into more depth. @cmccorkle2005 this should answer more of your questions as well. Basically the neighbors app (like all social media) has ownership over your video once you post it. It’s basically a community that uses fear mongering and social networking to amass tons of video (not just Ring stuff) and allow Ring to have rights over it. They can then share it with whoever they want.

As for opting into giving Police your video I think the request must come from the department first, then Ring will prompt you to share your video with them, then you can decline. Anyone can correct me please if I’m wrong.

1 Like

I’m getting this a lot at the moment in response to recent press on Ring cameras, people saying no way they would have them. But like some of the TWIT panel, when you ask what the issue is, there’s no real detail.

Have a 4 cam set up here that we find invaluable. Isabelle can answer the door without getting up, when we’re away we can check-in on the house and deal with deliveries, keep an eye on the animals etc.

My understanding is…

  • You can join the Ring neighbours initiative. This is opt-in. This is where the sharing to law enforcement happens, but you still get asked if it can be used.

  • Law enforcement may request to see any Ring users video direct from Ring/Amazon. This only happens if a valid and binding legal demand is properly served.

I’m comfortable with the above. Our local police have always put out appeals for dashcam or surveillance camera footage to help with investigations, don’t see this is any different.

It’s not that I’m uncomfortable with law enforcement using the new resources these types of devices provide, it’s the motivation.

Amazon has one motivation and one motivation only. It is not to keep you safe, it’s to make money. If they can use contracts with law enforcement all over the country to do so, they will. The motivation from the ground up is not to make your community safer or even catch more bad guys, it’s to make money. In the end, that’s likely not doing as much good for your community as it is made out to be.

Also, I don’t trust the police.

Or amazon

Just saw this on Twitter, @ohthatflo posted it:

thought it might be relevant

Would be more useful if that article did the same tests and compared Google/Arlo/Logitech/Wyze etc etc.

Well at least w/ Nest do you not login with your Google account? Therefore it at least has that security, ie, it dings you when you get a new login from a new device, it will ding you if a login happens from an unknown or suspicious IP etc.
It also keeps a log of all IP’s and devices that have signed in.

Those are all issues outlined in the article.

1 Like

If you’ve migrated your account, yes. Some people I know have stuck with their old Nest accounts as they don’t want to lose IFTTT integrations.

Agree tightening up on these accounts is needed though. Make 2FA mandatory?

1 Like

For cameras? Absolutely.

Me either. You can’t put a camera anywhere where it can see the roadway or pavement outside the house, you cannot record people on your driveway or in front of your door and, if you live in a block of flats, it can’t record if it shows a communal hallway.

You can record parts of the propery that aren’t “public access”, i.e. your back garden or inside the house.

That makes a video doorbell that records footage basically illegal - you can use a video entry system, which doesn’t record footage or send it outside its closed, in-house system (i.e. the camera on the doorbell and a fixed monitor in the house/flat).

I am not sure whether Ring is any worse than the other cameras, assistants with cameras, etc. from a security perspective, but I would treat any kind of cloud-managed or remotely controllable device that runs cameras and microphones with caution. Although providers will no doubt tell you that your footage is secure, we have ample reason not to expect much in the way of privacy, and even to think that any such device could be used as part of a mass-surveillance network. Think about it - if there are breaches of trust that we know about that the company may have given assent to, how many more are there likely to be that we don’t know about that are as yet unexposed, involuntary or unintentional? If police can get the footage, black hat types (remember here that security incidents are often undiscovered for years) and intelligence agencies (obviously) alike are certainly capable of it as well. All you need for that is for the footage to exist and be stored somewhere, really. I would say it is quite likely that any device like this is the source of some kind of privacy breach, we just don’t know about them all yet.

The way I see it, either you make a trade-off and are OK with surveillance and potential security breaches, you don’t use these devices at all, or make some kind of compromise, like cameras only outside, no cameras in the bedroom, assistants only in certain areas of the house, and so on. That said, I think it’s important for the public, including non-tech savvy people, to understand what is likely to happen if they put a camera in their bedroom or an assistant in a living room where ‘sensitive’ conversations are likely to occur. Perhaps a little more caution from consumers will push companies into producing devices that are less inclined toward surveillance and mass-hoovering of potentially sensitive personal data.

1 Like

Here’s an article, somewhat sensationalist but still containing some good research, which suggests Ring is helping create a surveillance state:

Most of this would be illegal under German law from what I understand from previous posts.

Interesting the Neighbor’s app isn’t available in the UK. It was for a while, I’m sure I saw it in the Android app but has now vanished.

A neighbourhood watch app is pretty pointless without the location of the observation being made public, and even if they remove this ability to extract the exact location Gizmodo has uncovered, you have a video to cross-reference with.

The more I read up on this from Gizmodo and other publications the less I’m convinced Ring has done anything wrong from a technical standpoint or even from a moral standpoint. From this article, I gather the following:

  • Camera data is available to LE after users acknowledges request for access
  • Camera data is voluntarily shared by users on a public forum
  • Camera data includes location data
  • No evidence of unauthorized access of anyone’s device

The focus of this Gizmodo article seems to be concerns about being recorded while in public, which is being linked solely to Ring because they’re a popular product in the market space. I think thats a crummy reason to lambast Ring and I’d like to know the why/who behind this narrative.

2 Likes