> Cloud connected doorbells must die as well as dragnet surveillance.
I'd disagree and restate that cloud services willing to make these kinds of deals must die, painfully, in a fire after being stung by a million killer bees, after receiving a million paper cuts and having lemon juice poured all over them.
It is possible for a company to charge a monthly fee to provide a service and only that service without attempting to leverage their users and their data for any other form of income. Companies used to do it all of the time. It just takes a C-suite/board/founder to have the moral fortitude to not sell out their users.
The problem now is how can you trust any of these companies? The infrastructure is there to link this data if you have cameras that connect to the internet. How can you ever be sure this wont happen in secret? We have no guarantees that companies will follow the laws and laws are not even being enforced.
Craig Newmark (Craigslist) and Jimmy Wales (Wikipedia) come to mind, both founders could have made platfoms that would have been ad-ridden (and made a boat full of cash) but the founders chose not to
I think we can all agree the "ads" on CL are not even close to the same ballpark as the offerings of ad tech. Like to conflate the two as the same would be the most disingenuous bit of logic that I'd be embarrassed if I were the one to have made it.
How hard would it be to sell a solution that makes it easy for a consumer to set up on-site recording? Ship a small box loaded with Tailscale and some software that connects to cameras over a LAN, and runs a webserver that allows user logins through a web interface. Nothing needs to go into the cloud. Yes, then you sell it once to a customer and that's it. No subscription or planned obsolescence. Fine, so factor that into the price. Make your money and go on to do other good things.
It’s called an NVR and there’s a whole industry of companies catering to this, though you rarely hear about it in the news. There are plenty of consumer options in the space too.
They have been selling NVR based camera systems for decades. It's clunky. It takes a network savvy person to open up their home network to allow remote access. It takes an even savvier person to not do that in a way that guarantees getting their network pwnd.
Having a cloud based solution from an ethical company would be the consumer friendly solution people are actually wanting. Lots of people are willing to spend money to make problems go away.
I know businesses that have these setups and outside tech support to maintain them. I've also seen them have all kinds of issues when routers are replaced or they change ISPs. That's why I was saying a company could sell a box preloaded with Tailscale and a custom installer that walks a non-technical person through it. The default setup for a tailnet is pretty safe. Yeah you could have your own signaling servers or whatever, but TS usually manages to punch right through most NAT issues. They don't need a reverse proxy to login to their private webserver, although I guess you could provide that as an add-on service. They just need TS on their phone.
[edit] To my mind, the biggest hurdle wouldn't be networking to allow this box to host its own app that was accessible to the user from elsewhere. The hurdles would be things like lack of "smart" reporting / facial recognition, backup power, backup connectivity, etc..But in theory, a repurposed smartphone as the platform could solve the backup power and connection issues.
This isn't an inherently unsolvable problem. Peer-to-peer file sharing and video calls have been able to work around it for ages.
The same approach could be used for cameras - see for example Home Assistant's remote access. Sure, you'd still need a cloud-based STUN-like discovery service, but a small one-time fee should easily cover operating it.
Right..Or instead of STUN/TURN just use Tailscale for now. I think the reason no one's packaged this into a slick Ring-like plug-and-play probably comes down to corporate greed and how hard it is to raise money if your intention is to start a business that doesn't have ever-expanding verticals. Like, this is a set of solved problems. They just need to be smoothed and packed for the user.
You seem pretty sure of yourself. So when will you be releasing this product that you claim is such low hanging fruit? Right, now you know why this product doesn't exist.
He just explained why. Because packaging, QA, setting up a storefront, customer service, the sum total requires significant up front investment to get off the ground. Good luck raising money when your pitch is "we won't be greedy and do the things that could make even more money".
Or was your intent merely to taunt him for failing to be independently wealthy?
Like, thank you. Obviously. This is why I don't want to start a public facing business and why it's almost impossible for a person with some good ideas and a modest savings account who could build something better to do it without putting themselves in a compromised position by taking investment. If you go it alone, you basically have to put your entire net worth on the line to see whether something works, and then the second it takes off, God help you you are going to be litigated or bullied into the ground. But I still kind of have some of that old 90s / early 2000s faith that I will one day hit upon the Big Idea that I can code and bootstrap myself, and turn a profit from day one when I launch it, and never need investors. I doubt a home camera system is the one. But I have a whole wall in my office with taped-up post-its and index cards and papers, each with hand-written startup ideas. Any of which I could conceivably code and profit from if I wasn't afraid to spend 6-12 months on it and thought it could survive the regulatory environment and everything else that might come with releasing it onto the world. And that's not my job - I just keep those up there and add to them for inspiration. I just want to make shit, not deal with the business of navigating the whole corrupt world of funding and kosherizing it.
> Any of which I could conceivably code and profit from if I wasn't afraid to spend 6-12 months on it and thought it could survive the regulatory environment and everything else that might come with releasing it onto the world.
The problem is, you have to be young and dumb and oblivious enough to think that your idea is golden, while also being old and wise enough to be able to implement the idea. You don't want to wake up one day, a decade later, and someone's independently thought of the same idea, and gotten rich, and you're still driving a taxi. My email address is on my profile page. Email me.
Friend, while I was driving a taxi in 2001, I conceived of a system that would let anyone directly order a taxi driver from a pool of drivers who signed up through a central SMS messaging system and updated their zip code when they were waiting for a fare. The main problem with that idea was that it was completely illegal because it was outside the licensed taxi system.
When Bitcoin emerged, I wrote a gambling site. That also was illegal in America, so I kept it closed to the US but tried to get my original games licensed in Nevada, which was a fool's errand since it takes $500k just to get them to look at a game and there's a 3 year waiting list, mostly Bally. And look where we are now with online gambling.
The lesson of my life isn't that I need ideas with a bigger moat. It's that being able to code my ideas well is meaningless compared to having half a billion dollars to buy off a legislature. I'm a coward, I guess, because I never wanted to break the law. Now I live in a timeline where every major company in those two sectors achieved market dominance and legality because the people who started them were willing to flout the law, raised enough capital and fought off lawsuits long enough to bribe their way into legitimacy.
I have a fantastic idea for an AI service, too, and it wouldn't be hard to implement... but it will almost certainly raise dozens of legal issues until someone with more balls than me comes along and just does it. Money is nice but I don't need that kind of trouble. That's why those ideas stay on the wall.
hey dude, it's a free idea, you're more than welcome to it. I just thought of it a couple hours ago as I was writing that. I thought it was pretty good - especially the part about using an old smartphone with Tailscale as the hub because it has backup connectivity and power. Maybe I'll throw a prototype together this weekend if I have nothing better to do. Or maybe you should. You could be that guy.
I never had to use a "network savvy person" to have people connect to their TP-Link or Reolink cameras at home. The cameras record to SD cards (or NVRs) just fine.
In America, whether a deal is publicly made or not, if your personal data is stored on the cloud, it is neither private nor your data any longer. Any belief to the contrary is just to help you sleep better at night.
A lot of us don't actually have to imagine anymore. ICE keeps harassing people in remarkably personal ways, like showing up at the homes of people who make a video of them
The data doesn't have to be in someone else's hands. The interface could just be the management and extra features that just stream the data from your device(s) to your mobile app. There's plenty of things that could be added as a service that would make a SaaS viable even if all of the data is stored locally on the user's devices.
No it is not. Your mandate is to grow your company’s revenue and profits, not act according to your conscience as an executive, especially if something is not illegal.
This is why regulations are extremely important. There need to be a strong enough counterincentive or companies will eventually always follow the path of least resistance to growth.
Ethics when present may create some form of friction along some specific paths, but it’s never enough for those to not become, eventually, that very path.
Why, in this given scenario, does the individual’s mandate to their company automatically trump the mandate given to them by an ethical society, or even their own moral code? Why is this position held up as infallible? The situation could easily be re-framed as “my corporate mandate is to grow revenue, but the larger mandate I have is to my own ethical truth.” Why are corporate desires allowed to get the “shrug, that’s just what I’m supposed to do” treatment?
If the answer is you lose your job and your means to provide for your family if you don’t put corporate desires first, then we’ve constructed the society we want already and no one should be complaining.
"Companies primarily consider profit" is not the gotcha you think it is. It's possible to consider profit via goodwill towards customers. A number of companies do this. This doesn't mean that you're inherently wrong, but this argument certainly isn't the right one.
You can easily put it into the corporate charter that you will not "do evil". At that point, you have a mandate to grow revenue while abiding by the charter..
Just because majority of people choose to be assholes does not mean everyone has to be. Be the change you wish to see in the world, or something
I worked across several facilities and obviously cannot talk specifics about those. It is public knowledge that one of them housed a large metro area's main ISP "meet-me room."
During Snowden revelations I'd already been apprenticing for years; nothing Edward documented surprised me. I'd literally walk around our 500,000sqft elevated floors knodding my head [none of this exists, officially].
----
Nothing is as it seems.
----
During DEF CON ~XX~ (approximately same timeframe as story above) it was publicly revealed that intelligence communities had redefined the word "intercept," to mean when a human operator catelogs a certain piece of data/traffic (i.e. not algorithms sorting). #1984 #newspeak #elevenyearsago
----
I no longer carry a cell phone. Don't use email. PO Box in profile
I'm not quite there yet, but after Netanyahu made that comment like "if you have a phone you're carrying a little piece of Israel with you" right after the pager attack stuff.. I keep the phone in the back of my backpack away from my meat bits.
A one-way beeper allowed me to phase out mobile phone usage. Obviously presents inconveniences, but I'm semi-retired with no rush to be anywhere. Bonus health points: no locally-generated EMRadiation.
If you use numeric-only paging, bots haven't figured out how to SPAM, yet. Also available is alphanumeric email-to-page; two-way pagers also exist (but why?).
Yeah well aware of that stuff here. Two companies I worked at had entirely airgapped infrastructure because they knew the adversarial situation wasn't winnable. Everything was checked for implants at goods in. It's shocking some of the shit that goes on.
I run grey man where I can. Stuff that's private stays private. Paper and physical security is still good.
Possession is nine-tenths of the law (e.g. physical bullion; offline crypto keys; bullets; counter-bugging).
>checked for implants ... shocking some of the shit that goes on
I've seent some bullshit, myself — "shipping delays" — smelt their pure evil. Our facilities necessarily existed to be networked; but definitely had isolated departments.
Pretty sure government agencies will have no trouble finding you from that bit alone, and then tracking your movements is trivial. I mean, you have to show up and check the box periodically..
They implement a physical Tor each time their check their box - layers of Taskrabbits hiring Taskrabbits. One picks up the Mail and hands it off to the next. The owner is one of the Taskrabbits somewhere in the chain.
Back in 2006, I became involved in a USPS investigation (witness/victim); barring specifics, the perpetrator's PO Box [0] was involved: the investigated would send minors in to retrieve packages, which is allowed ("possessor of key possesses mailbox privileges").
This made it extremely difficult to capture the actual perp. He eventually walked away with minimal consequence, for lack of evidence/possession.
Agreed, but this would then inconvenience millions of non-techies.
Could a solution be forcing Amazon (and Google and Flock and...) to open their backend software either for self-hosting or for running on somebody else's "cloud"? So subscribing to such a device isn't that different from getting web hosting from Dreamhost or Hetzner?
Maybe there's a host or IP field in the settings that users can easily change?
If there was an IP setting users could change, all the self-hosting etc. forums would be talking about how to change it instead of explaining other options. I'd expect not just fixed hosts and an ecosystem dependent on their proprietary protocols, but also pinned certificates and secure boot so you can't change any of it.
N.B. Flock isn't really targeting the consumer market.
Cloud connected doorbells must die as well as dragnet surveillance.