Increasingly, I'm of the mindset that you shouldn't create data you can't destroy; "smart" thermostats, cameras, and whatever else all seem to create a bunch of data and upload it to the cloud. Once there, it's out of your control, and can be subpoenaed and used against you.
I remember the brief period when teaching internet literacy involved teaching people that any text, photo, or video, uploaded to the internet should be considered public, regardless of how the access was limited at the time of upload. Now, people[0] are buying smart devices and uploading all kinds of stuff without even thinking about it.
To a lesser degree, we see the same situation with Event Data Recorders in cars. They record data that can be used against the user in the event of a crash. Are most people aware of this? I doubt it. Having sat on a couple of juries, I've witnessed how ruthless lawyers can be about picking apart an innocuous action to support the case they're making, whether there's malice/negligence/whatever behind it or not.
Maybe we ought to treat creating data as a special case of "Don't talk to the police"[1]
[0] Lay people, the HN crowd is probably making an informed choice. We aren't the majority though.
The real key is don’t put original data in the cloud, period.
If you save your surveillance data to a disk in your home, it’s subject to the traditional old fashioned warrant process. Once a third party has access, you have given up your rights in many ways.
Cloud for these use cases is dumb for many reasons. You don’t need cloud compute, don’t need cloud storage for the use case. I was able to do what these consumer cloud products do with raspberry pi type hardware a few years ago.
Yes. Once you give your data over to a 3rd party, any privacy or adherence to legal process is benevolence on their part. There is nothing (in the US) that requires them to treat (most) data as private information.
> create a bunch of data and upload it to the cloud. Once there, it's out of your control, and can be subpoenaed and used against you.
honestly don't know why anyone uploads to the cloud. there's tons of reasons not to, starting from the icloud hacks to [your favorite app]'s RCE bug.
it takes 5 seconds & $30 (pi) to spin up your own server. it's fun to do and at least you know the only possible F-up is between you, your linux server & your comprisable ISP
GDPR is a government regulation, and governments are routinely above their own regulations, especially when it comes to intelligence. To quote one former US Vice President: "Of course it's a violation of international law; that's why it's a covert action".
GDPR provides a legal framework through which Europeans are able to get companies to honor their wishes with data .
While it has teeth, it does nothing to physically stop a bad (or unconcerned) actor from don't something you don't want with that data, and once they have it you can't put Pandora back in the box.
Once the data is out there, though, you're vulnerable. You can "destroy" it later, from the perspective of a company, by asking the company nicely to destroy it for you, but that does nothing to protect you from state actors who may have had access to the data before. In fact, a state actor would likely take "asking nicely to destroy data in accordance with the rules and regulations" as a signal of which data was the most interesting to collect and retain.
Exactly, and one of the main points GDPR is to force companies to think twice before collecting data in the first place. Thanks to GDPR significantly less data will be out there.
Computers are machines for copying data. A good computer is one that copies well, quickly and cheaply. The internet is a machine for moving copies of data around. When the internet works well, it copies data quickly and cheaply.
Ideologically, this is difficult for some people to accept. If your fortune has been based on stopping people from copying information, it is an inconvenient truth indeed. If you earn your living by preventing copying, the only options are to change everything, or deny everything.
Whilst GDPR partly aims to help educate the user about data being collected, the extend and details of such data are underestimated. Mostly because no company specifically calls out the exact data they collect; They describe it broadly to avoid having to ask for consent again when they add a new product or feature. You only truly understand what data is collected once you make use of the obligated download feature and look through the data.
Also, GDPR does not apply to Intelligence Services, their legal limitations are dodgy at best (on purpose).
All data going over the internet cannot be destroyed by you since it can be copied by anyone who has physical access to the network (the government and ISP for starters). What you can do is apply strong cryptography on your data by default.
Yeah, I agree with your sentiment. We pay with our privacy.
On my home I use a few cameras for our little one plus the cats. I use a VPN on my router, and the cameras cannot connect beyond the router. I can however connect from e.g. a smartphone (with WLAN or 4G) to the VPN and access the cameras. As long as your cameras utilise standards such as RTSP this shouldn't be difficult to set up.
No PrivaCorp? Make / fund PrivaCorp and migrate after a stable Beta
Normally we don’t care about our online privacy (proof is in the pudding with facebook et. al) so historically there isn’t a big enough market online for megacorp-level privacy-oriented web-product stickiness and growth... But I think a very tangible line is crossed inside the home that consumers can resonate with as networked home devices start to become ubiquitous.
Online is so abstract. But at home? That’s where your wife sleeps. That’s where your baby sleeps. We won’t spend a dime on a password manager but we will spend a good amount on fencing and window curtains and locks and home security systems.
Amazon provides government there own portal to view the video footage via an app. SO at least google makes the government ask before handing it over...Amazon gives it to them plus the upset on their facial recognition tech.
See their marketing video to police on the portal here:
The video you linked contradicts your statement. The portal lets law enforcement request video footage from a camera owner before handing it over, but the owner still has to approve the request. Personally, I don't see a problem with that.
That's not how it actually works in practice. this is the feel good video representing the most positive version of this type of transaction. ring police portal is not only deployed in America but also in the Middle East. Not everyone who signed up for a cool doorbell gadget, paying for the service to store your videos, expected it would be used for mass surveillance.
This is how China operates. The police merely 'request' footage before an owner hands it over right?
Either way this shouldn't be deployed with our law enforcement because it's fundamentally not a secure application. It's not encrypted, there are no controls in place for need to know for access to make these civilian requests and can be hacked by an 11 year old. Police didn't buy this product or ask for it on the market....Ring just gave it to them...from the ukraine.
Any decent sized tech company is going to have a team, structured process, workflow, and yes, custom software for dealing with law enforcement requests. It’s easier to enforce company policy and have specialized lawyers make sure data turned over is confined to the scope of valid court orders that way vs. having whatever having random employees LEOs can find deal with them.
That video states that local police can ask Ring users for their security footage. No where is it made evident that it would be handed over automatically.
So, wit.ai got bought by Facebook. Any players left in this space that aren't data hoarding companies? Does the market still care for privacy and a close-to-open-source/hackable intelligent assistent?
The entire market seems to care about data rather than privacy.
From your smartphones to your cars to your watches to everything else, it seems like the economy is about getting as much information about you to advertisers/corporations/governments. And data collection looks to be accelerating if anything.
It's like the system is giving us the rope and we are mindlessly putting it around our necks.
The orwellian nightmare was that big brother was going to forcibly install telescreens and listening devices all over your home to deprive you of an ounce of privacy. He never imagined it'd be us installing the telescreens and microphones all over our homes to deprive ourselves of privacy.
Hey man, when I was working in that field, we had really strict controls on who could access the data. I had to sign A PIECE OF PAPER agreeing not to misuse customers' personal data before I could get at it. Plus I'm pretty sure the company did a cursory background check before they hired me. And there's a form that government intelligence employees have to click through sometimes before they get the data.
Hey, good for you! But how am I to verify that other companies take the same level of care?
Also, just because engineers have to jump through hoops to be able to run SELECT on a database, doesn't mean marketroids and sales don't get free rein on using it (or passing it to other parties).
There's a niche market for such products, in which a high premium would be paid for a product that successfully meets the needs of its purchasers. Unfortunately, successfully is defined by the high floor of convenience provided by multibillion dollar companies, so I understand that it's tough to compete with that.
I've participated in adjacent niche markets where consumers 1) most likely work in tech 2) have needs that 99.9% of people don't care about 3) are willing to pay a premium 4) have the means to pay that premium.
It's too bad that there are so few businesses willing to tap into this market. Part of me believes this is a marketing issue, though. I've yet to see a campaign that really nails our core concerns and does so elegantly.
You create it for the part of the corporate market that wants good on prem services. On-prem that ends up also being something for prosumers is basically the missing thing we are looking for, kind of like ubiquity wifi.
Would depend on my budget (because it would certainly cost more than hovering up all training data for free).
Perhaps: Pay/reward for data sharing, decentralized training, differential privacy, local training and submitting the weights, local fine-tuning of pre-trained model, marketplace of third-party (open source) models, ...
... or just have the user repeat some phrases for 5-15 minutes during initial setup? Like you could do with good ol' Microsoft SpeechAPI from the first decade of this century?
The obsession with cloud-based machine learning is creating half of these problems.
The minute you allow a device you do not 100% control to send data to a service provider, you should not consider that information private. The service provider has no legal obligation to keep the information or data private- I assume somewhere buried in the Terms of Service it says as much.
The Ring devices are frequently pointed at the outside of people's houses. Its effectively giving Amazon a bunch of surveillance cameras all over the street from people's doors.
He didn't, actually. Clearly explaining is "Amazon (edit: I originally mistakenly said Google)". That way people who don't read to the bottom of the thread can figure out what happened... right now it looks like rafaelc has a nonsensical complaint, if you stop reading at his comment.
Synology + 3rd party SW allow you to set up your own CCTV. My main concern is most of the mfgs (outside Arecont, etc., who are pricey) are unknown entities like Hikvision; however, being CC, on a private net makes it less a concern..
Are any of you Ring/Dropcam/Nest users thinking of switching?
I’d love it if IoT devices could store data in my own encrypted storage (S3, sftp, whatever); then give me apps to see my usage reports and stuff. Why must everything be controlled by whoever I buy the hardware from?
> Why must everything be controlled by whoever I buy the hardware from?
Because they can, and they don't give a fuck whether you like it or not. Compare yesterday's article, "I Pay for News; Why Do I Still See Intrusive Ads?"[0].
There is some merit to argument that "non-techies can't manage their infrastructure", but I question its general validity. For one, an IoT device or a companion box can serve as a local endpoint, things don't have to go into the cloud. For two, a configurable device using open APIs could enable community-level support. I.e. my mother won't be able to set up a server for her smart thermostat data, but I can do that for her, and for her neighbours.
Alas, most IoT equipment is sold as loss leader, meant to lock you into whatever bullshit "platform" the vendor is pushing, and to hold your data hostage. Personally, I avoid IoT because of that - companies are just disrespectful. The design of their products is one big middle finger in the face of the potential customers.
This is my experience with IoT devices. Often it feels like a grab for customer data provided by the device and a way to get the customer locked into the device ecosystems.
I wish there were more IoT style systems that cared about privacy and portability.
Because you can't expect non-techies to manage their own crap beyond an app and do their own devops managing their own servers. And most techies do not want to manage yet another server anyway.
The furthest you could go is something like an app that reads data on the free icloud / google drive allotment they have. Then you'll have to deal with instances of losing their password / changing their broken devices / etc and all the lock out situations that happen.
You start to say fuck it and provide your own backend and now you're back at status quo.
Can a non-techie provide their Amazon/Google/Apple login? There’s your S3/Drive/iCloud storage. Done.
I understand they mostly do it “because they can”, but that was the same reason that cell carriers locked down phones & controller the installed software pre-iPhone. There is precedent, and thus hope, to break this logjam.
I remember the brief period when teaching internet literacy involved teaching people that any text, photo, or video, uploaded to the internet should be considered public, regardless of how the access was limited at the time of upload. Now, people[0] are buying smart devices and uploading all kinds of stuff without even thinking about it.
To a lesser degree, we see the same situation with Event Data Recorders in cars. They record data that can be used against the user in the event of a crash. Are most people aware of this? I doubt it. Having sat on a couple of juries, I've witnessed how ruthless lawyers can be about picking apart an innocuous action to support the case they're making, whether there's malice/negligence/whatever behind it or not.
Maybe we ought to treat creating data as a special case of "Don't talk to the police"[1]
[0] Lay people, the HN crowd is probably making an informed choice. We aren't the majority though.
[1] https://www.youtube.com/watch?v=d-7o9xYp7eE