No it isn’t! - CIA

There used to be a website with a map and you could see all these open unsecured cameras they'd found around the world. Mostly by searching Google for the page name they all had.

Some of them seemed intentional, like traffic cams, cameras on the roof looking out over the city, etc, but there were so many fat men sat around watching TV in their underpants, random families in the kitchen, and so on.

It would be fine if the footage was end-to-end encrypted, meaning you need to transfer the encryption/decryption keys from device (e.g. a phone) to camera, and then manually between all devices that should have access to the decrypted footage.

Camera would only ever send out encrypted footage, and thus it would be insufficient to have access to the cloud account if you want to view the footage - you would need both access to the account (to obtain the encrypted data) and the decryption key (to actually decrypt it). The decryption key must never reach any 3rd party servers and can only be manually transferred between devices that should have access.

There are still possible attack vectors, like malicious firmware updates, or the viewer client app updates, but those are very difficult to exploit, and pretty much exist in most "secure" software today (including from companies like Google, Apple, Meta, etc.). They could be mitigated by hardware design (do the encryption in hardware, camera's software never has access to decrypted footage) and open source viewer clients that the user controls, but I would consider a camera sufficiently secure (for non-sensitive locations) without those.

It is a bad idea. On one hand, we have the mean to make them quite secure. There is no such thing as an unbreakable encryption, but with proper key management and using decent enough algorithms we can totally do something that puts your camera out of reach of most thing that are not nation-scale organisations. On the other hand, it's mildly more inconvenient than "installing an app and entering your email", as it might require stuff like doing a tiny little bit of setting up.

So, the unsecure/"trust the service" way it is.

Oooh what was he v1 fiasco?

But How can I see stuff remotely?

That's why I only use inside cameras, eg dumb cameras where I can ensure that they are only accessible inside my LAN.

This is my father. We have about 10 ring cameras surrounding the house and I fucking hate it. Meanwhile, I'm also a distributor for security cameras and could easily replace all of them for free. He still insists no. He likes that he can easily prey on me when I go outside for 1-2 seconds to grab a drink or go outside for a smoke.

I already hate feeling watched but the need for audio is just ridiculous. Law enforcement can basically just intercept the feeds and listen/watch you anytime they want to. The FBI abused a spy tool 280,000 times this year, so I doubt they'll respect your rights, if you even have any at this point.

I wish I grew up during the days without cameras being on every single building.

Those are still around. They are the local services that people suggest instead of Nest or something, where “you control your own data”. Turns out nothing is foolproof.

You can still do this if you use https://www.shodan.io/

It’ll let you find IoT devices and cameras connected to the internet if you know what to search for and an alarming amount of them are locked behind an admin/admin login.

I advise against nosying around because there’s a near 100% chance that it’s illegal to do so in your jurisdiction.

That was Steam

I see you tried to make strike through text. You're missing one more pair of the... damn, can't remember what it's called. The home symbol.

~~strikethrough~~ ~~strikethrough~~

Edit: Tilde