CNet decided to ask makers of home security cameras about their policies when it comes to dealing with requests from United States law enforcement:
Ring, the Amazon-owned video doorbell and home security company, came under renewed criticism from privacy activists this month after disclosing it gave video footage to police in more than 10 cases without users’ consent thus far in 2022 in what it described as “emergency situations.” That includes instances where the police didn’t have a warrant.
[…]While Ring stands alone for its extensive history of police partnerships, it isn’t the only name I found with a carve-out clause for sharing user footage with police during emergencies. Google, which makes and sells smart home cameras and video doorbells under the Nest brand, makes as much clear in its terms of service.
Other manufacturers of home security cameras, such as Wyze and Arlo, only provide footage after a valid warrant, while devices that use Apple’s HomeKit Secure Video are end-to-end encrypted, so footage cannot be shared at all. In other words, if you live in the United States, it’s best to avoid Amazon’s and Google’s offerings – especially if you’re a member of a minority or are a woman seeking essential healthcare – and stick to Apple’s offerings instead.
Thom Holwerda,
I understand and concur with your concern, however you should be aware that “end to end encryption” doesn’t mean much unless the consumer (and only the consumer) controls the encryption keys. You may remember the media praising apple’s imessage over “end to end encryption”, but what they didn’t say is that the end to end encryption was literally under apple’s control so they technically could decrypt your data if they wanted to or were compelled to.
You might take a company’s word that your data is safe, but unfortunately they’re not always up front about real security weaknesses.
https://www.howtogeek.com/710509/apples-imessage-is-secure…-unless-you-have-icloud-enabled/
https://www.tomshardware.com/news/imessage-weak-encryption-matthew-green,32466.html
So I would advice that more due diligence is needed before posting that apple video monitoring services are secure from service provider snooping. IMHO the best solution is one where you have full control over all access controls data and keys on your own equipment. Real encryption works. The problem is these days it’s hard to find hardware & services that are truely under owner control. If you access your media & keys on a corporate website like *.apple.com they implicitly have access whether you want them to or not. If you use an app, then without the source code it’s unclear whether & how the app shares the keys with corporate. But if logging into your “cloud” account gives you access to your data & hardware, then once again it’s likely the company can access it too.
Agreed. Heck, unless remote access is a specific feature you intend to use, I’d consider a security camera system which has no connection to the Internet beyond maybe having the central hub upload client-side-encrypted backups of the video to a cloud storage service that doesn’t have access to the keys.
Ideally with the hardware made by a company that has no more connection to the cloud storage provider than how various games and apps will support the APIs of services like Twitter, Twitch, and Dropbox because they’re popular.
ssokolow,
Yeah. I am a proponent of IOT and there’s a lot of innovation there, but too often these devices monitor owners and hold our data captive. This is a major peeve I have with many modern IOT devices…intentionally making self sufficiency difficult or impossible while tethering us to a centralized service for normal use. In this way we become dependent on a remote service for the life of the device. If/when the service is discontinued: too bad, buy a new device. It’s for this reason I try to avoid anything that says “cloud managed”, but these days that’s almost everything.
I think most of us will agree that owners deserve to have control over devices and services. Ideally remote service integration should be done through standard protocols that anyone can implement and the owner gets to decide for themselves what remote services are used, including DIY options. The main obstacle is that manufacturers become greedy and their selfish motivations is to vendor lock the owners. Sadly I don’t think there are any great solutions to anti-owner engineering patterns caused by greed.
It depends. In a lot of niches, there are still products that meet that goal if you look.
Business-oriented security camera systems for businesses that wouldn’t tolerate that sort of vendor lock-in, HP laser printer models where the pre-sales materials explicitly say the chips in the cartridges won’t prevent you from refilling a genuine cartridge… thus being covered by that “you may break DRM to ensure your right to repair” ECJ ruling if HP ever decides to get shady with an update, wireless weather stations that aren’t IoT, etc.
…and when there aren’t, it’s still often a viable option to build your own if you’re technical. Slap a many-camera BNC capture card in a small Linux-based box, program an ESP8266 or ESP32 microcontroller board to be a WiFi sensor, etc.
ssokolow,
That’s true. But I still do have a problem when products don’t make it clear up front whether they can be used locally or self-hosted. Not long ago ordered a “bluetooth” light set for camping because I thought I could control the lights without the need to phone home. But I was wrong, the bluetooth feature was merely used to bootstrap the WiFi . The lights could only be accessed by phoning home via a 3rd party service rendering them 100% unusable off grid. Finding devices that work is often down to trial and error and this lack of clarity is frustrating as hell for those of us who don’t want to be tethered!!! It’s not for lack of trying, I’ve been bitten by this several times now.
Personally I don’t have fabrication facilities and off the shelf products are much cheaper, higher quality, and save tons of time compared to what I can make at home. I do prefer working with turnkey products if possible, but I can’t stand that so much of it has been vendor locked to proprietary service providers. Grrr!
Ugh. My brother ran into that problem with a wireless speaker.
That’s fair though, in all honesty, I don’t really have fabrication facilities either. I do have a soldering iron and perfboard, but, in this case, I’m just talking about what can be accomplished by plugging together an off-the-shelf ESP-01 breakout and a ready-made temperature/humidity sensor carrier for it that also provides a USB power input, both available on eBay, casing them in something like a film canister with holes poked in it, and then using a phone charger to power it.
Alfman,
Bluetooth might not be the right choice for IoT devices, but rather something like ZWave could give a more usable alternative.
As far as I know, it is possible to have entirely “local” systems using https://www.home-assistant.io/ and compatible controllers: https://www.home-assistant.io/docs/z-wave/controllers/
sukru,
That could be a possibility. My thinking with “bluetooth” was that devices advertised as bluetooth capable should be capable of being accessed locally via bluetooth and that would be it. Unfortunately it turns out that many products these days use bluetooth for their provisioning process, but you cannot use bluetooth directly to access the device. It’s idiotic!
For my camping application a zigbe hub/controller would be rather awkward without A/C power and wifi. On top of this all the zigbe hubs I’m finding are designed to require full time internet connected wifi anyways so it isn’t clear which if any of the modern zigbe hubs will work locally without having to go through any remote services.
Here they suggest a DIY solution using a rasperry pi and a usb zigbe adapter,…
https://www.reddit.com/r/homeassistant/comments/kh332g/zigbee_hub_that_requires_no_internet/?sort=qa
That should work without internet, although at this point it’s more cumbersome and complicated than the direct communication I actually wanted: phone->light stripe. Such a product must exist somewhere, but the Alexa/Google Home products seem to be drowning out all other untethered home automation tech 🙁
Alfman,
Again as mentioned there, there are USB sticks for ZWave.
Basically “bill of materials” would be:
1) Raspberry PI / ODroid / etc
2) USB battery pack
3) SD card / flash drive / emmc for OS
4) ZWave stick or “HAT”
5) a 3D printed enclosure to keep everything neat
This should make the setup entirely portable.
(But RPi is power hungry. At about 5W, for example, it will eat a 10,000mAh battery pack in a day).
Some random setup:
https://www.amazon.com/gp/customer-reviews/R2AHIWZT2TKYZX/ref=cm_cr_othr_d_rvw_ttl?ie=UTF8&ASIN=B089GSFKYW
(It could also double as a portable NAS/media server, or even a player if you attach a screen)
sukru,
Oh, I appreciate you are trying to be helpful and I’d like to say thanks for the links! Open source is a definite plus; proprietary products are just the worst for customization and tinkering. I do wish the controllers were a lot cheaper though. Yes I know that you can DIY everything, but sometimes I just want to use something prefabricated without having to macgyver it, haha.
Honestly for camping though it isn’t worth carrying around a separate raspberry pi server and power supply just to control lights from my phone. All these remote control lights already have all the necessary hardware built in. No additional weight/power/components should be needed. It’s just a real shame when engineers neglect to include a local access option without having a permanent connection over the internet 🙁
Personally is what i’m trying to do in my house, search for devices that works locally and without app provisioning, while the latter is complicated sometime is possible (I’ve managed to install a tado thermostat and speak with it using homekit without any app), the former is possibile but not easy, for local “smart” appliances going the zigbee way is good, cameras are more a trial and error, because or there are hacks like my yi cameras or you can go the homekit way, but still there is the possibility you need their app to install
lucac81,
I am in complete agreement, unfortunately many manufacturers have gone full force with remotely tethered products and as you know it’s become difficult to discover which products are tether free before buying them even when you know what you want. I’ve seen bluetooth apps that require remote accounts to use them, uck! Anyways I agree with you and sukru about using a local standard like zwave/zigbee for devices to increase your odds of success over wifi products, which all have their own connections to various data centers. You still have to be careful about the zigbee/zwave hub you buy unless you build your own like sukru suggested.
Can we please get a “flag spam” button on the WordPress version of the site?
+1 to this.
The spams are getting sophisticated, and start with an actually relevant sentence, before sharing URLs. Obviously automated filters were not working, so a report option would be very useful.
>especially if you’re a member of a minority or are a woman seeking essential healthcare
*rolls eyes*
*rolls eyes* at your *rolls eyes*.
The reason, I’m sure, for the “rolls eyes” is because the users of this site come here for computer news and information, not political or idealogical punditry. It’s the reason I quit looking at ArsTechnica. I don’t personally come to this site and many others for any other reason.
zombiehorde,
You may not like the politics, but technology and politics are intertwined whether we like it or not. This is especially true when it comes to government surveillance.
I think it’s fair to say the supreme court is opening up a can of worms in giving states the right to prosecute personal activities that were previously considered private. Who knows how far state legislators will go with their newfound powers, but one thing is clear: the information held in our profiles and on our devices is a gold mine for law enforcement. Law enforcement are unlikely to restrain themselves and will use whatever data they can find to incriminate and prosecute targets in court.
True, but the issue lies with the extreme polarisation where you instead of normal discussion have… god botherers vs handmaid’s tale cosplayers. Let’s get ready to rumble!
bubi,
I’m not familiar with those stereotypes or who they’re meant to refer to. I for one don’t mind that people have different opinions than myself, at least up until the point it turns into dogma and they insist on speaking for others, which is unreasonable. Civility requires a degree of respect for others who we disagree with.
I respectfully disagree ;^)
You are mistaken. 🙂
I work for a big organization and do lots of computer support. So people ask me questions about what door bell to buy and when I tell them what Amazing and Google do without their knowledge they are stunned.
They are also stunned to find out that their devices that listen to you and then play songs, etc., record EVERYTHING YOU EVER SAY AND NEVER DELETE IT! And the police can ask for it at any time and they hand it over, no questions asked. So yes, be very wary of anything you buy from either company that has the ability to listen or see you because you will eventually be screwed even if you don’t do anything wrong. Just because they can!