• EvergreenGuru@lemmy.world
    link
    fedilink
    English
    arrow-up
    195
    arrow-down
    3
    ·
    11 months ago

    This is why you shouldn’t use cloud services for personal security, because the cloud is just someone else’s computer.

    • deweydecibel@lemmy.world
      link
      fedilink
      English
      arrow-up
      60
      arrow-down
      1
      ·
      edit-2
      11 months ago

      Also, quit putting unnecessary, Internet connected cameras indoors.

      I seriously cannot fathom the amount of people that seem to want to put cameras up in their own bedrooms and just let them stream video constantly.

      It has nothing to do with any serious home security, and everything to do with mindless consumerism. Hopefully it’s a trend that will pass.

    • w2tpmf@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      11 months ago

      In general, cloud services have far better security than DIY systems. All of the hacked systems in this article are home based systems.

      • bruhduh@lemmy.world
        link
        fedilink
        English
        arrow-up
        0
        ·
        11 months ago

        You can’t connect home system that is never connected to internet, basically make home server and hook up cameras and don’t ever connect that to internet

        • w2tpmf@lemmy.world
          link
          fedilink
          English
          arrow-up
          0
          ·
          11 months ago

          Half the reason to own a security camera system is so you can monitor it while away. Can’t do that if the system isn’t online.

  • edric@lemm.ee
    link
    fedilink
    English
    arrow-up
    136
    arrow-down
    1
    ·
    11 months ago

    This is what you show people when they say they don’t care about privacy because they have nothing to hide.

  • jet@hackertalks.com
    link
    fedilink
    English
    arrow-up
    106
    arrow-down
    5
    ·
    11 months ago

    why the fuck would anyone put a camera in their bedroom, or bathroom?

    Outside of people making porn, securing the entrances to a home should be sufficient, no need to video yourself sleeping.

    • 01011@monero.town
      link
      fedilink
      English
      arrow-up
      75
      arrow-down
      2
      ·
      edit-2
      11 months ago

      They may have people working in their homes whom they do not fully trust - cleaners, maids, nannies etc.

      • jacktherippah@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        11 months ago

        I live in Vietnam. This is perhaps the most common reason for use of indoor cameras here. People buy random cheap Chinese security cameras on the internet and put them in their homes. They blindly trust these cameras, which leads to what you’re seeing in this article.

        • 01011@monero.town
          link
          fedilink
          English
          arrow-up
          6
          ·
          edit-2
          11 months ago

          That’s quite a reductionist and naive response. You never fully trust any other human being, you simply choose from the best of the options available. Furthermore, circumstances may change that drive people do to things that they wouldn’t otherwise. Besides potential property crimes there’s the added concern of accidents and legal issues arising from such. Cameras are useful tools to protect yourself from frivolous legal action by documenting everything that happens in places where employees are.

    • alekwithak@lemmy.world
      link
      fedilink
      English
      arrow-up
      9
      arrow-down
      1
      ·
      11 months ago

      Oh geez what do I do?? I’ve got an Internet connected camera in my hand right now!

    • lemmyvore
      link
      fedilink
      English
      arrow-up
      2
      ·
      11 months ago

      How is the room relevant here? Is it not a grave invasion of privacy regardless in which room of the house it was? What even is your point, that if the camera had been in the living room instead… then what?

      • jet@hackertalks.com
        link
        fedilink
        English
        arrow-up
        2
        arrow-down
        1
        ·
        11 months ago

        The room is extremely relevant. The activities that happen on your patio, in your living room, are different than the activities that happen in your bedroom. Some of those activities are more sensitive than others

        • lemmyvore
          link
          fedilink
          English
          arrow-up
          1
          ·
          11 months ago

          So you would be ok with your livingroom being watched 24/7 by unknown people?

          • jet@hackertalks.com
            link
            fedilink
            English
            arrow-up
            2
            ·
            11 months ago

            Not at all. But there would be less sensitive material to be observed in that instance. Just because there’s different severities, doesn’t mean anything except the ultimate severity is acceptable.

  • cman6@lemmy.world
    link
    fedilink
    English
    arrow-up
    67
    ·
    11 months ago

    I know it’s not 100% the same, but there’s a website that gives you access to insecure webcams and has been for ages!

    http://www.insecam.org/

    Obviously these aren’t hacked as per the article

        • Herbal Gamer@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          3
          ·
          11 months ago

          sure but not securing them in their own network somehow?

          There are driveways, front porches, some sort of office somewhere and even someones 3d printer all with rough coordinates and that’s without actually diving deeper into all of this.

    • ANGRY_MAPLE@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      3
      ·
      11 months ago

      Damn, that website almost has some of everything.

      I saw a building that looked like it was waiting to be boarded up. There were some streams with beautiful scenery. There was an official looking meeting room in Greece for, and I even found a stream of a train table!

  • dangblingus@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    54
    ·
    11 months ago

    Yet another reason why IoT crap sucks. You don’t need to put everything on the internet. This one should be obvious.

    • GigglyBobble@kbin.social
      link
      fedilink
      arrow-up
      16
      arrow-down
      1
      ·
      11 months ago

      People don’t think about that. You have to register somewhere in order to use your $12.99 cam, install some app and are good to go.

      How would a someone not interested in tech know that the footage data is stored on some online server and you are at the mercy of their itsec.

      • archomrade [he/him]@midwest.social
        link
        fedilink
        English
        arrow-up
        20
        ·
        11 months ago

        Which is why these companies that are marketing wifi and cloud-polling devices should be held responsible for the data breaches and regulated more rigorously.

        It should be cost-prohibitive to design a smart device that sends data to a centralized server, but they do it because the upside value of having the data is so attractive. They shouldn’t be allowed to hide behind a ToS agreement with mandatory arbitration when their security is inevitably breached.

        • AlfredEinstein@lemmy.world
          link
          fedilink
          English
          arrow-up
          8
          ·
          11 months ago

          Take it up with your congressman.

          Seriously. It sounds like you have an informed and well-reasoned opinion. They’re not 100% corrupt. And they usually only hear about tech from industry lobbyists.

          Let them hear from an intelligent constituent for a change.

          • KᑌᔕᕼIᗩ@lemmy.ml
            link
            fedilink
            English
            arrow-up
            2
            ·
            11 months ago

            Good luck with that, your voice is going to be drowned out by all the companies masquerading as “people” whom they really represent.

            • AlfredEinstein@lemmy.world
              link
              fedilink
              English
              arrow-up
              2
              ·
              11 months ago

              Taking the time to get in touch with representatives at all levels of government is just good citizenship.

              Sure, there are lobbyists. But there’s me too. We can’t expect to enjoy a civilized society unless we put in the effort.

              • archomrade [he/him]@midwest.social
                link
                fedilink
                English
                arrow-up
                1
                ·
                11 months ago

                I do it when I can, but that kind of influence just can’t be done by a handful of tech-literate terminally-online weirdos. It takes a buttload of money or a massive amount of public attention to push an issue like this forward, especially when political operatives absolutely benefit from both the data and the companies involved. The political calculus just isn’t there.

                More people need to know and care about this before any legislator is going to spend political capital on it.

              • KᑌᔕᕼIᗩ@lemmy.ml
                link
                fedilink
                English
                arrow-up
                1
                ·
                11 months ago

                Having done this before and being told to basically get stuffed from one of their underlings I have zero faith in it. It’s basically just another token thing that’s about as useful as “thoughts & prayers” for the most part.

        • Treczoks@lemm.ee
          link
          fedilink
          English
          arrow-up
          2
          ·
          11 months ago

          Good luck holding a company sitting in China “responsible” for about anything.

      • baseless_discourse@mander.xyz
        link
        fedilink
        English
        arrow-up
        11
        ·
        edit-2
        11 months ago

        depends on the device.

        If the device dont provide local connection, there is nothing home assistant can do about it. Some device will also send data to the cloud even it is locally controlled by HA.

        • books@lemmy.world
          link
          fedilink
          English
          arrow-up
          4
          ·
          11 months ago

          Oh for sure. But unlike smart things or any other hub, only the data that needs a cloud connection will go through the cloud…

          • archomrade [he/him]@midwest.social
            link
            fedilink
            English
            arrow-up
            1
            ·
            edit-2
            11 months ago

            Home assistant is great at what it does, but the problem is too big for HA to really fix it by itself.

            It’s the end-devices that are the biggest culprits, paired with the apps installed on your phone. It’s the reason Google was basically giving away their home-mini’s the last couple years.

            If you use a smart device that comes with - or requires - an app, it’s almost guaranteed that app collects a certain amount of data from you to be sold or utilized for user profiling.

            The problem is that everyone has half a dozen of those devices already, and swapping them all out takes time, effort, and money that most people simply don’t have.

            It’s a challenge even for the truly dedicated and privacy-minded individual to know which devices are locally hosted and which ones use local internet access or a permissive phone apps to function. Even if you DO manage to keep a clean slate, there are always companies that change their policies once they have high-adoption and force cloud integration on their users. See Phillips, Chamberlain, Microsoft, Google, Amazon…

            I love Home Assistant, but it’s a nightmare trying to cut out all the unsecured bullshit I’ve found myself with even in the past two years.

        • derpgon@programming.dev
          link
          fedilink
          English
          arrow-up
          1
          ·
          11 months ago

          Thanks to laziness of the device manufacturers, a lot of them either expose some data endpoints locally, or just use Zigbee which can be easily paired to be used local-only.

          Those that require Wi-Fi access can be filtered on the router to disable internet access.

    • realharo@lemm.ee
      link
      fedilink
      English
      arrow-up
      1
      arrow-down
      1
      ·
      edit-2
      11 months ago

      With end to end encryption, and requiring manual key transfer (no key sync), this would not be an issue.

  • smackjack@lemmy.world
    link
    fedilink
    English
    arrow-up
    50
    arrow-down
    2
    ·
    edit-2
    11 months ago

    Why the fuck do people put security cameras in their bedrooms? It’s so weird to me that people do this. Even if you think (or at least thought) that you were the only one with access to the footage, won’t the presence of a camera make you feel like you’re being watched? Are we not on camera enough as it is that we have to be on camera in the supposed privacy of our bedrooms? Imagine if you told George Orwell that people would willingly put cameras in their most personal and private spaces.

    • Water@real.lemmy.fan
      link
      fedilink
      English
      arrow-up
      22
      ·
      11 months ago

      Some do it to potentially document accidents - I know some racial minorities in my country that say they are accused of child abuse and investigated at the drop of the hat if they bring their kid to the doctor and they have any kind of bruise. I heard of a Muslim woman who lost custody of her kid for 48 hours until she was able to produce CCTV footage of her child breaking his arm in a playground accident, and not due to some act of child abuse.

      So, having a cam that catches your kid experiencing an innocuous fall wherever it may be in the house is a good security measure, particularly if the justice system comes at you preloaded with bias.

  • nutsack@lemmy.world
    link
    fedilink
    English
    arrow-up
    15
    ·
    edit-2
    11 months ago

    it’s funny the vnexpress would publish this. vietnamese people are obsessed with security cameras. they see them as a deterrent, or as a way to find the perpetrator later and get all your property back. they put them everywhere.

  • fhek@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    15
    arrow-down
    1
    ·
    11 months ago

    Hypothetically I want to secure my home with Cameras…

    What’s the best way to do this? OSS preferably.

    • vortic@lemmy.world
      link
      fedilink
      English
      arrow-up
      21
      ·
      11 months ago

      So, just an FYI, I bought Eufy cameras because I believed their marketing bullshit about being secure and end-to-end encrypted. About two months later they changed how they describe their security and quietly modified their privacy policy. Turns out they’re not really end-to-end encrypted and it is possible to gain access to the streams sometimes.

      My recommendation, after doing my research is not to buy anything that is able to be viewed remotely. Buy something that stores the video locally, in your home. If possible, buy and install wired cameras.

    • vpklotar@lemmy.world
      link
      fedilink
      English
      arrow-up
      9
      ·
      11 months ago

      I’m just about to setup TP-link cameras connected to Frigate (NVR software) with a Coral TPU for offline object detection. This means I can block access to internet for the cameras and use a VPN home if I want to watch them.

    • Adanisi@lemmy.zip
      link
      fedilink
      English
      arrow-up
      5
      ·
      11 months ago

      No-internet cameras hooked up to local storage.

      For remote access, you could use whatever you want to use for remotely accessing local files.

    • Blue_Morpho@lemmy.world
      link
      fedilink
      English
      arrow-up
      5
      ·
      edit-2
      11 months ago

      Onvif camera (It’s the standard. Any camera that supports onvif will be plug and play). Block the cameras’ Mac addresses at your router so they can’t get out directly. Install zoneminder on Linux. If you need remote access follow all the guides to securing a Linux server that has ports open to the Internet. (Ssl, tailscale etc.)

      Blueiris for Windows is great but it’s not open source.

    • baseless_discourse@mander.xyz
      link
      fedilink
      English
      arrow-up
      2
      ·
      edit-2
      11 months ago

      I use a old phone with IP cam on it, and only allowed local network access connected to my home assistant.

      I can view it remotely via home assistant cloud, which is E2EE from instance to phone.

      I presume Raspberry Pi Camera is also a great solution. And also I dont put any camera in bedroom or bathroom, because there is no reasonably accessible entrance there.

      • WetAndFlummoxed@lemmy.world
        link
        fedilink
        English
        arrow-up
        9
        ·
        11 months ago

        Didn’t they just have a security incident where people could access other people’s full unifi account including devices?

        • Empyreus@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          ·
          11 months ago

          Correct but that’s only if you enable the remote connection through ubiquity, if you have that turned off its all local.

          • WetAndFlummoxed@lemmy.world
            link
            fedilink
            English
            arrow-up
            1
            ·
            11 months ago

            Ah, I wasn’t aware there was an option to keep it local. Does that keep your entire site from being remote manageable or just the camera system?

        • lama@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          11 months ago

          The security issue you mentioned I think only affected when they handle access to the cameras. I think you can set up a VPN and then turn off remote access on the NVR, so it seems possible to avoid that issue.

          That being said that’s a lot of work for something they should have handled securely in the first place and doesn’t give me much confidence about their security in general.

          • Empyreus@lemmy.world
            link
            fedilink
            English
            arrow-up
            1
            ·
            11 months ago

            It’s an interesting read since the cause of the issue was something to do with a database change that caused an overlap of groups.

    • jivandabeast@lemmy.browntown.dev
      link
      fedilink
      English
      arrow-up
      17
      arrow-down
      6
      ·
      edit-2
      11 months ago

      Sus af bruh wtf

      Edit because im being down voted, i find it so insane that you guys are actively seeking out hacked ip cam footage from innocent people that’s being leaked online.

      There’s tons of porn on the Internet, and no reason for you all to be trying to PAY SOMEONE for non-consensual sexual footage

        • jivandabeast@lemmy.browntown.dev
          link
          fedilink
          English
          arrow-up
          7
          arrow-down
          6
          ·
          11 months ago

          Maybe, but i disagree because the way to make that joke would have been to use /s or quote the well known IASIP line.

          The way they wrote it, someone literally responded where they can find the telegram user for access