this post was submitted on 16 Jan 2024
330 points (98.8% liked)

Technology

59030 readers
3175 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

Private security footage is nothing new to criminal investigations, but two factors are rapidly changing the landscape: huge growth in the number of devices with cameras, and the fact that footage usually lands in a cloud server, rather than on a tape.

When a third party maintains the footage on the cloud, it gives police the ability to seek the images directly from the storage company, rather than from the resident or business owner who controls the recording device. In 2022, the Ring security company, owned by Amazon, admitted that it had provided audio and video from customer doorbells to police without user consent at least 11 times. The company cited “exigent circumstances.”

Archived at https://web.archive.org/web/20240116132800/https://www.themarshallproject.org/2024/01/13/police-video-surveillance-california

top 50 comments
sorted by: hot top controversial new old
[–] [email protected] 73 points 9 months ago (1 children)

I love technology but I don’t ever see myself installing a camera in my house that connects to the internet like this. It’s literally big brother…

[–] [email protected] 20 points 9 months ago (1 children)

I give my cam access to the internet when I travel. Outside of that it's LAN only.

Luckily most NAS's have software that can capture it and you can back it up to the cloud encrypted.

[–] [email protected] 12 points 9 months ago (2 children)

do you mind sharing a basic explanation about your setup? i'm looking at doing something similar with TrueNAS and NextCloud.

[–] [email protected] 13 points 9 months ago* (last edited 9 months ago) (1 children)

One way to get access, rather than a cloud solution, is to use a mesh network solution like WireGuard/Tailscale (and I'm gonna mention Hamachi on Windows, because I've used it since about 2005).

These solutions create an encrypted virtual network between devices that runs on top of whatever network you're currently on.

In this way you're never exposing internal resources, in any way, to the internet*. Only to other devices that are running the client app, using your encryption keys.

I'm currently running Tailscale on a desktop at home, all our mobile devices, and a Raspberry pi. I can connect to SMB shares on my home desktop from my phone, wherever I am (I mention SMB only because it's not routable, and insecure. Any network protocol can run over a mesh network. I also run FTP, SFTP. Html, etc).

I've kept my laptop in sync with my desktop at home this way (using Hamachi) since ~2005.

This approach means you're always using LAN connection methods, rather than relying on a cloud you don't control.

*With Wireguard/Tailscale you can expose specific resources to the wider world, but you have to specifically configure it.

[–] [email protected] 1 points 9 months ago (1 children)

Ah, yes. Tailscale. That's a pretty obvious solution that I hadn't considered... Thanks for the recommendation.

load more comments (1 replies)
[–] [email protected] 1 points 9 months ago (1 children)

That might be something I would consider but I doubt I have the know how

[–] [email protected] 2 points 9 months ago* (last edited 9 months ago)

With Tailscale, very little know-how is required. Install the app on 2 devices, see it in action.

Depending on your home devices, you may need to enable Subnet Routing on a device that can run Tailscale, since the DVR/NVR may not have the capability.

A Tailscale Subnet Router will route Tailscale traffic to the LAN on which it resides, so you can access devices that can't run Tailscale. For example, I've printed to my home wifi printer while remote. I've also used it to access a computer that didn't have TS installed yet because I'd just set it up, and a digital photoframe that only supports SMB. My subnet router is a Raspberry Pi, because it's always on. But it used to be my Windows desktop, because it's always on.

Tailscale documents it all pretty well. You install your first client, in the process creating a TS account (which is used to automate the encryption key management). Then install to your second device, and ta-da, you have a TS Mesh network.

To enable Subnet Routing, you open the management console via one of your TS clients, it'll open in a browser. Pick the device, check the box for Subnet Router, select the network (it'll be a choice, only one, because it's only on one LAN), and Bob's your uncle.

[–] [email protected] 57 points 9 months ago (3 children)

Obligatory reminder that just getting into a car (or walking past one) is considered by pretty much every car manufacturer to be acceptance of their privacy policy:

https://foundation.mozilla.org/en/blog/privacy-nightmare-on-wheels-every-car-brand-reviewed-by-mozilla-including-ford-volkswagen-and-toyota-flunks-privacy-test/

[–] [email protected] 42 points 9 months ago

It's supported by the famous first principle of Descartes: I think, therefore I accept the terms of service

[–] [email protected] 13 points 9 months ago (1 children)

Should there be an expectation of privacy in public? Definitely wrong for footage to be able to wirelessly, without the owners consent, leave a car.

[–] [email protected] 14 points 9 months ago (1 children)

Should there be an expectation of privacy in public?

No, but there should be an expectation of not being recorded by every car you come across.

[–] [email protected] 4 points 9 months ago

Again, the expectation in public is that you don't have privacy.

The expectation I would have is that your own car isn't going to collect evidence that could be used against you. And that it won't collect data in your own garage or on your property.

[–] [email protected] 11 points 9 months ago (1 children)

Said it in the other thread but: that isn’t legal.

[–] [email protected] 8 points 9 months ago (1 children)

You're right but it reminds me of that cop that killed that fumigator guy in Arizona. Total cold blood murder and that was illegal as well. I used to always tell me dad "no they can't do that" and he would look at me serious as fuck and say "They are the government they can do whatever the fuck they want" its the same idea with rich companies they steal wages and kill workers through incompetence or lax safety practices all the time and sure its illegal but that doesnt matter when you can do it and face no repurcusions anyway.

[–] [email protected] 3 points 9 months ago

Yep.

Legality is on paper.

[–] [email protected] 43 points 9 months ago* (last edited 9 months ago) (3 children)

The perks of being an electronic security installer and wiring up your own house with a real system with a dozen PoE cameras and a local NVR under your control only...😋

Stay away from the Harry Homeowner cloud-connected lick-and-stick BestBuy bullshit.

[–] [email protected] 15 points 9 months ago (1 children)

Gimmie some brands then...

[–] [email protected] 2 points 9 months ago

I use unifi. I have their dream machine (router/firewall/vpn) a POE switch, two access points, 5 cameras and their doorbell. I rarely have any issues.

[–] [email protected] 10 points 9 months ago (5 children)

Do you have particular recommendations? I somehow landed on Reolink as the option I'm going to buy in a few months

[–] [email protected] 8 points 9 months ago (1 children)

If you want something easy but not necessarily the cheapest, UniFi will do.

[–] [email protected] 5 points 9 months ago* (last edited 9 months ago) (1 children)

I like UniFi but they aren't inexpensive and to really make them work you have to go balls deep into the UniFi ecosystem. I HAVE that ecosystem and still went with Reolink for my cameras.

[–] [email protected] 3 points 9 months ago

Yeah they’re not crazy expensive but not cheap either, and I’m not a fan of Ubiquiti as a company. There are definitely better alternatives, I just don’t know anything that somebody who’s only used shitty cloud connected garbage could jump right into

[–] [email protected] 7 points 9 months ago* (last edited 9 months ago)

Reolink is perfectly fine. They can be setup with or without internet, just remember to put them on their own VLAN that doesn't have Internet access. If you don't want to use the Reolink NVR then build yourself a frigrate box or similar.

Mine don't have internet access and I can watch their feeds directly when I'm home and through my Home Assistant rig when I'm away.

[–] [email protected] 5 points 9 months ago

Bit expensive, but I run all Ubiquiti network and camera equipment.

[–] [email protected] 5 points 9 months ago* (last edited 9 months ago) (1 children)

Probably avoid anything by Hikvision if you don't want to risk having Chinese backdoors in it. My own system is just a hodgepodge of different used cams I pulled off job sites. Just need to make sure they can do ONVIF and they should be compatible with any NVR out there.

load more comments (1 replies)
[–] [email protected] 2 points 9 months ago

I’m using Reolink and highly recommend it. Without a doubt the best bang for your buck. I bought a bundle on Black Friday a couple years ago with the 2TB NVR and 4 cameras (5MP POE) for a couple hundred dollars, and I’ve since expanded to 6 cameras.

I’m in the process of setting up a NAS, so hoping I can get reolink backed up on it for easy access.

[–] [email protected] 1 points 9 months ago

Ubiquiti used to be the only one I knew about that I could host and block internet access. Is there anything else these days? Ubiquiti stuff is kinda shit these days.

[–] [email protected] 37 points 9 months ago (1 children)

Someone set off a bomb close to my house. Police asked me questions about it (time, what it sounded like, etc). They noticed I had security cameras and inquired what I had. The dumbfounded look when I said Ubiquiti (they've never heard of it) and that all footage was recorded locally on a hard drive. Like they didn't understand what that meant - obviously they were looking for an answer such as "google" or "amazon" so they could just circumvent me.

load more comments (1 replies)
[–] [email protected] 34 points 9 months ago

I had one of those Vivent door to door folks walk up to me one day, garage open. I was polite enough but explained I had no interest in storing a video feed of my house on their servers as I'd like to do illegal things if I want. They assured me it was stored with "aes256 encryption" - which they expect most laymen to be wowed by - but what good is encryption if they own the keys and crumble to government requests?

[–] [email protected] 28 points 9 months ago

But they still won't catch the delivery packages thieves.

[–] [email protected] 23 points 9 months ago (1 children)

You should always assume any camera to be hostile, unless you have full and complete control over all related software and connections.

Basically, the people who supplied the device will always have more control over it than you do. And big tech just looooves to abuse that and/or cave in to pressure from governments and police agencies.

[–] [email protected] 2 points 9 months ago (2 children)

Sadly there’s little option for some stuff. Robot vacuums have become super useful, even if they are arguably the biggest security risk that exists. And that will never change, no matter how capable the products get

[–] [email protected] 9 points 9 months ago* (last edited 9 months ago) (2 children)

There are open source solutions for robot vaccums provided you get a compatible robot

https://valetudo.cloud/

Unfortunately it's not something the average person's going to undertake.

[–] [email protected] 3 points 9 months ago (1 children)

I'm trying real hard to develop advocacy for this stuff. I think there's a genuine business to be made helping people use privacy-respecting stuff like this.

[–] [email protected] 2 points 9 months ago (1 children)

What we need to do is organize and push for a right to privacy rather than work around the system in place.

load more comments (1 replies)
[–] [email protected] 2 points 9 months ago (1 children)

The link doesn’t work, but I just found out it’s actually supported on mine! Although I probably won’t mess with it, since I’m not alone here

[–] [email protected] 1 points 9 months ago

Thanks for the heads up, fixed the link.

[–] [email protected] 2 points 9 months ago

Why would you consider robot vacuums to be particularly dangerous in terms of security? I’m certainly more weary of things like Google Nest, Amazon Alexa, pet cams, doorbell cams, that sort of thing.

I know that some but not all vacuums have cameras, and I’d assume some might have microphones as well. But in general it doesn’t strike me as inherently more dangerous to one’s privacy.

[–] [email protected] 21 points 9 months ago (3 children)

A lesson for people that think proprietary internet connected cameras are a good idea. You can literally make open source cameras with a SBC like raspberry pi as the controller. And then using a VPN, you can connect to it from the outside.

[–] [email protected] 12 points 9 months ago

Sadly the average person buying such proprietary cameras does not possess the technical know how for that. Also the average person buying those ultimately also does not care about privacy, unfortunately. They definitely should, but they usually don't.

[–] [email protected] 10 points 9 months ago (1 children)

You can also use proprietary cameras but put them on a separate network segment or otherwise restrict their access so they can't get out of your local network.

Not ideal to use proprietary cameras at all, but if you are doing then that's the way to do it.

[–] [email protected] 2 points 9 months ago

yeah, if you can't find FOSS cameras, I'd recommend getting a good old CCTV connected to a device that does not have internet access.

[–] [email protected] 7 points 9 months ago

Compare this to the setup for a Google camera: Plug it in, scan a QR code from the Home app, and that's it. I understand there are security implications, but I'm not particular concerned about privacy in my backyard.

[–] [email protected] 13 points 9 months ago

Sadly, since our country is governed by dinosaurs, the responsibility falls on us to help our friends and family avoid sketchy cameras that force the use of their cloud services.

At least until we can convince them to elect people who weren’t born before computers were invented.

[–] [email protected] 12 points 9 months ago (2 children)

Does anyone have a rec for something you can buy and selfhost beyond a pi setup?

[–] [email protected] 7 points 9 months ago (1 children)

Any closed circuit security systems, ones that aren't cloud based will come with an NVR (like a DVR) that hosts your recordings locally. Most are wired but some support wireless as well. Generally more expensive but in my opinion worth it.

My mom bought a simple setup for I think 3 or 400 dollars at Costco.

INAL but law enforcement can still request or subpoena your video if they suspect a crime has been witnessed by your cameras AFAIK. But at least you'll know about it.

[–] [email protected] 3 points 9 months ago

Thanks! Very helpful to start looking!

[–] [email protected] 1 points 9 months ago* (last edited 9 months ago) (1 children)

For "commercial but free" There is AxxonOne (was AxxonNext) But free only allows 4 cameras. However this is better than all the FOSS choices in terms of what it can do (and so it should, more than 4 cameras or face detection, fire etc costs money).

For FOSS there is:

  • Frigate
  • Shinobi
  • Zoneminder
  • iSpy
  • Viseron
  • Moonfire NVR
  • motionEyeOS

Lots of options but you will need some baremetal or a decently powered server and hypervisor to run in a VM.

load more comments
view more: next ›