from the fool-me-once dept
While Amazon Ring and other doorbells certainly deliver a certain convenience, they’ve created no shortage of entirely new problems. Problems that could have been avoided with just a bit of foresight and ethical behavior. First comes the fact they’re being integrated into our already accountability-optional law enforcement and intelligence apparatus. Then, like the rest of the “let’s connect everything to the internet but do a shit job on basic security and privacy because it costs money” IOT sector, they can’t be bothered to get the fundamentals right when it comes to consumer security.
The latest example involves Ring failing to adequately secure users information when they share to the Ring “Neighbors” portion of the Ring app. Journalists had already showcased how Ring’s security standards were hot garbage. And while Amazon has taken some steps to address those concerns (like making two-factor authentication mandatory), this week it was revealed that Ring?s Neighbors app was exposing the precise locations and home addresses of users who had posted to the app:
“While users? posts are public, the app doesn?t display names or precise locations ? though most include video taken by Ring doorbells and security cameras. The bug made it possible to retrieve the location data on users who posted to the app, including those who are reporting crimes.”
The disclosure comes on the heels of a similar report from Gizmodo last year that found it wasn’t too difficult to ferret out hidden data allowing journalists (and anybody else) to map the location of Ring users nationwide:
“Examining the network traffic of the Neighbors app produced unexpected data, including hidden geographic coordinates that are connected to each post?latitude and longitude with up to six decimal points of precision, accurate enough to pinpoint roughly a square inch of ground.”
Neat! Ring’s already facing a class action lawsuit from users not particularly happy about receiving death threats and racist slurs after their Ring smart cameras were hacked.
Purportedly, Ring’s Neighborhood functionality is generally supposed to help communities band together and discuss potential security threats. Kind of a neighborhood watch for the modern era. More often, however, the functionality results in people engaging in paranoid hyperventilation about minorities or homeless people getting a skosh too close to the azaleas.
If you’re going to be earning additional billions from selling access to consumer residential cameras to intelligence and law enforcement every year, it seems like the very least you can do is invest a little bit more in taking consumer privacy and security seriously, even if “caring about consumers” and “selling their camera surveillance and location data to any nitwit with a nickel” operate somewhat discordantly.