What have strangers seen on Ring cameras?
Your security camera should make you safe. It shouldn’t make you feel like big brother’s creepy cousin is watch you. However, decisions Ring made regarding security put customer video in the hands of strangers. Ring claims engineers only have access to public videos, but Ring employees say otherwise. They report spying on their friends and coworkers, lax security that is easily avoided, unencrypted videos, employees downloading videos on to their own computers, and risky locations.
Ring, now owned by Amazon, tried to make giant leaps into AI-based security. Instead, they created a privacy nightmare.
If you often walk around your apartment naked, bring dates home, or have a Ring security camera in view of your valuables, you may want to swap it out for a different camera.
You could also stop being a nudist at home, but who wants to do that?
In This Article:
Ring’s AI
Ring makes external and internal security cameras. Using their “Neighbor” app, they hope to link all external security cameras into an AI-based neighborhood watch. This would create a web of linked videos to help produce security feeds for police. Of course, it’s also for personal security. These cameras have caught package thieves, burglars, and vandals. They help prevent crime as well as catch criminals.
It can also be used in your home or apartment. There it can give you peace of mind when you’re away. A Ring security camera can alert you to possible thefts so criminals can be caught before they get away.
Ring’s AI helps with this by identifying potential threats. If it finds people in your house that its facial recognition hasn’t seen there before with you, it can send you a notification. See someone coming on to your property? Notification. However, it’s far from perfect. Ring’s AI would often confuse things like a car passing, leaf falling, or dog as a potential threat, annoying users with pointless notifications.
That’s where Ring Labs, Ring’s AI-focused division comes in. They were supposed to make Ring’s AI better so they could improve security. Instead, it introduced customers to a new threat.
Ring Labs and Shared Videos
Employees had access to video like this, recorded from real customers.
Who would you want to have access to video of your yard, garage, driveway, living room, bed room, or doorway? No one, right? You’d want to be the only one to be able to see that video unless the police or insurance companies needed it.
Unfortunately, that’s not the case. To save costs, Ring set up Ring Labs in the Ukraine, a country that is both constantly a target of cyber attacks from Russia and also a frequent source of cyber attacks. Hackers love Ukraine. Furthermore, they hired inexperienced engineers to work long hours tagging videos. They’d put a bounding box around an object, give it a label, and send it to Ring’s AI. This would then teach the AI to interpret potential threats.
As it turns out, these employees were getting unrestricted access to unencrypted videos. Videos from all over the world were traveling through the Ukraine, unencrypted, under the watchful eye of many hackers.
Anyone with a Ring camera was fair game.
But the threat didn’t just come from outside of Ring. Employees could view any videos they wanted. With an email address, they could poke through anyone’s recorded videos. Sources within this group reported that employees would often tease each other about dates they brought home or what they did at home. Anyone with a Ring camera was fair game.
Ring’s Response
Ring attempted to lock down the videos. However, thanks to their lax security, unencrypted videos, shared employee accounts, and minimal oversight, nothing worked. Those close to the decision claim that ring decided to go without encryption because it would be too expensive to work on. So, when Ring says they take privacy seriously, know that they only mean they take it less seriously than anything else they do.
Ring Statement
“We take the privacy and security of our customers’ personal information extremely seriously. In order to improve our service, we view and annotate certain Ring video recordings. These recordings are sourced exclusively from publicly shared Ring videos from the Neighbors app (in accordance with our terms of service), and from a small fraction of Ring users who have provided their explicit written consent to allow us to access and utilize their videos for such purposes. Ring employees do not have access to livestreams from Ring products.
We have strict policies in place for all our team members. We implement systems to restrict and audit access to information. We hold our team members to a high ethical standard and anyone in violation of our policies faces discipline, including termination and potential legal and criminal penalties. In addition, we have zero tolerance for abuse of our systems and if we find bad actors who have engaged in this behavior, we will take swift action against them.”
– A Ring spokesperson’s written statement to Engadget
“These recordings are sourced exclusively from publicly shared Ring videos from the Neighbors app.”
Ring’s statement has a lot of holes. It doesn’t discuss increasing privacy, it doesn’t mention encrypted videos, and it doesn’t mention whether or not customer videos were accessed. However, reports from within the company are incredibly clear: employees could see your videos.
What Actually Happened?
Ring’s statements haven’t inspired confidence. They didn’t deny lax security, like no encryption, shared accounts, or a lack of oversight. Despite security experts warning Ring that Ukraine is a country under constant attack from hackers, as well as the source of many cyber crimes, Ring continued to send unencrypted video to inexperienced and potentially criminal contractors. In an effort to save a little money, Ring put every single one of their customers at risk.
Their response also specifically mentions live streams. They claim that employees do not have access to live streams. However, they don’t mention how easy it is to give Ring permission to access personal video recordings. It seems as though Ring’s lax security is the only barrier between personal videos and their employees and potentially anyone else. Furthermore, it seems simply downloading and using the Neighbors app is enough to give Ring permission to view your cameras. If you used this app with any indoor cameras, they’ve gotten a peek inside your home.
Where Do We Go?
Ring needs to improve their security and privacy. Most other companies, including Google’s Nest, Canary, and August Home use their own internal setups to train AI. They use employee video, given willingly, or video from their mocked up “homes” to train their AI. They don’t use customer video. Ring shouldn’t either. Unless you set an external camera up to be part of a grid, no one should ever be able to see your videos.
If you have a Ring device, you may want to try to return it or recycle it. You may want to go with a less smart security camera or buy one from a company that respects consumer privacy. As always, remember the core tips to having a security camera in your home. Use a unique username and password for the camera. Have a secure password on your WiFi router. Don’t share this information with anyone. If you have guests over, set up a guest network on your router and give them that WiFi SSID and password.
Keep your devices safe. You never know who could be trying to watch you.
Sources:
- Sam Biddle, The Intercept
- Matt Drange and Reed Albergotti, The Information
- Abner Li, 9to5Google
- Mallory Locklear, Engadget