EFF Warns: 'Think Twice Before Giving Surveillance for the Holidays' (eff.org) 28
"It's easy to default to giving the tech gifts that retailers tend to push on us this time of year..." notes Lifehacker senior writer Thorin Klosowski.
"But before you give one, think twice about what you're opting that person into." A number of these gifts raise red flags for us as privacy-conscious digital advocates. Ring cameras are one of the most obvious examples, but countless others over the years have made the security or privacy naughty list (and many of these same electronics directly clash with your right to repair). One big problem with giving these sorts of gifts is that you're opting another person into a company's intrusive surveillance practice, likely without their full knowledge of what they're really signing up for... And let's not forget about kids. Long subjected to surveillance from elves and their managers, electronics gifts for kids can come with all sorts of surprise issues, like the kid-focused tablet we found this year that was packed with malware and riskware. Kids' smartwatches and a number of connected toys are also potential privacy hazards that may not be worth the risks if not set up carefully.
Of course, you don't have to avoid all technology purchases. There are plenty of products out there that aren't creepy, and a few that just need extra attention during set up to ensure they're as privacy-protecting as possible. While we don't endorse products, you don't have to start your search in a vacuum. One helpful place to start is Mozilla's Privacy Not Included gift guide, which provides a breakdown of the privacy practices and history of products in a number of popular gift categories.... U.S. PIRG also has guidance for shopping for kids, including details about what to look for in popular categories like smart toys and watches....
Your job as a privacy-conscious gift-giver doesn't end at the checkout screen. If you're more tech savvy than the person receiving the item, or you're helping set up a gadget for a child, there's no better gift than helping set it up as privately as possible.... Giving the gift of electronics shouldn't come with so much homework, but until we have a comprehensive data privacy law, we'll likely have to contend with these sorts of set-up hoops. Until that day comes, we can all take the time to help those who need it.
"But before you give one, think twice about what you're opting that person into." A number of these gifts raise red flags for us as privacy-conscious digital advocates. Ring cameras are one of the most obvious examples, but countless others over the years have made the security or privacy naughty list (and many of these same electronics directly clash with your right to repair). One big problem with giving these sorts of gifts is that you're opting another person into a company's intrusive surveillance practice, likely without their full knowledge of what they're really signing up for... And let's not forget about kids. Long subjected to surveillance from elves and their managers, electronics gifts for kids can come with all sorts of surprise issues, like the kid-focused tablet we found this year that was packed with malware and riskware. Kids' smartwatches and a number of connected toys are also potential privacy hazards that may not be worth the risks if not set up carefully.
Of course, you don't have to avoid all technology purchases. There are plenty of products out there that aren't creepy, and a few that just need extra attention during set up to ensure they're as privacy-protecting as possible. While we don't endorse products, you don't have to start your search in a vacuum. One helpful place to start is Mozilla's Privacy Not Included gift guide, which provides a breakdown of the privacy practices and history of products in a number of popular gift categories.... U.S. PIRG also has guidance for shopping for kids, including details about what to look for in popular categories like smart toys and watches....
Your job as a privacy-conscious gift-giver doesn't end at the checkout screen. If you're more tech savvy than the person receiving the item, or you're helping set up a gadget for a child, there's no better gift than helping set it up as privately as possible.... Giving the gift of electronics shouldn't come with so much homework, but until we have a comprehensive data privacy law, we'll likely have to contend with these sorts of set-up hoops. Until that day comes, we can all take the time to help those who need it.
It's Christmas Eve (Score:5, Insightful)
This story about not giving certain gifts was certainly posted in a timely, helpful manner!
Re: (Score:3, Insightful)
Re: (Score:2, Informative)
He wasn't born in December, dimwit.
We know that shepherds were in the fields watching their flocks at the time of Jesus' birth (Luke 2:7-8), but the fact is that shepherds are not in the fields during December. Duh.
Also, it's claimed that Jesus' parents came to Bethlehem to register in a Roman census (Luke 2:1-4), but those censuses were not taken in winter when temperatures often dropped below freezing and roads were in poor condition.
History shows that December 25 was popularized as the date for Christmas
Re:It's Christmas Eve (Score:4, Funny)
Re: (Score:3)
This story about not giving certain gifts was certainly posted in a timely, helpful manner!
Don't worry. The story will be re-posted several times, making it useful for next year.
Re: (Score:2)
Well, other time zones were already in Christmas day! Anyways, better late than never. :P
Re: (Score:3)
DoH/DoT is better for privacy because the requests are no longer open for inspection/modification to every single node en route.
This also reduces the network admin's control, eg killing pihole functionality. Again, can be good (in a cafe), or bad (at home).
Where it fell flat on its face is when browsers added DoH support by simply pointing to BigCorp DoH servers.
Re: (Score:3, Interesting)
This also reduces the network admin's control
That never goes away. You use their infrastructure, you do so under their rules. Sure you *could* use DoH/DoT, but the network admin *could* also just block traffic to all of the publicly known servers. You try to circumvent it, and they get full grounds to sue you for unauthorized access to a computer system. Never mind that if anyone just so happens to try something like piracy, online harassment, fraud, CP, etc. while you were playing games with DNS and you'll instantly be suspect #1.
DoH/DoT is better for privacy because the requests are no longer open for inspection/modification to every single node en route.
Or the network adm [mozilla.org]
Re: (Score:3)
You know, the ones that cannot set up their own DNS resolver, use whatever pre-exploited network modem their ISP gave them to directly control everything in their home (and thus allow the ISP to snoop and data mine too), and solely use the internet through their pre-compromised BigCorp / BigGov approved "smart" leash. Err.... phone.
The mere fact that you run your own DNS server does nothing to prevent your ISP from snooping with deep packet inspection. The benefit of DoH is that the traffic is encrypted.
Re: (Score:2)
Re: Meh (Score:1)
Do you mean the fact that they (weâ"I work there) accept cryptocurrency donations? Or was there some other connection you are thinking?
Re: (Score:2)
> Or the network admin can just set up their network to tell browsers like Firefox to disable DoH
Patching my firefox to ignore that now. What now, network admin? Oh and I set up an obscure DoH resolver.
The point of.DoH is to masquerade DNS queries as normal HTTP traffic, rendering it immune from DPI in transit, and preventing ISPs from snooping and hijacking DNS traffic. And yes, it comes with other BIG privacy issues.
As I said before: DoH is both good, and bad.
IMO the best is to use DoH to an endpoint y
Ring cameras are a massive privacy nightmare (Score:1)
Thank god I use them only outside my house and they are a privacy nightmare. I did not want a security camera not able to identify burglars and other folks trespassing into my property. And authorities using my outdoor camera footage? Knock yourselves out: an outdoor camera is about as public as it needs to be anytime for the law enforcement to keep me safe.
About internal cameras, there are always the ones talking to local NVRs I can lock down behind two sets of hardware firewalls and will not talk elsewher
Dan Markel's inlaws. (Score:2)
Didn't Ring cameras crack the case of the murder of law-school professor Dan Markel?
That we have given up our privacy to cell phones and cameras everywhere appears to make it much hard to settle family disputes in this way.
Alexa, the gift that keeps on taking (Score:3)
Anybody who gives me a subscription service for xmas is on the naughty list
Is it racist to install a Ring camera? (Score:2, Offtopic)
This is the latest message we seem to be getting from the politically correct. Crime is Just Their Culture, after all.
Late to the party again, EFF (Score:2)
The EFF is late to the party again, this time by about a decade.
Have they been using Internet Explorer and just now heard about doorbell cameras?
The EFF are so far behind the curve that they're over the horizon.
Re: Late to the party again, EFF (Score:1)
Hello! We have been advocating against ring for about four years now, and Iâ(TM)d like to think that along with many other organizations and govt entities, we have made a difference.
https://www.latimes.com/business/technology/story/2020-01-29/ring-app-shares-personal-data-eff-finds
https://www.eff.org/deeplinks/2021/02/amazon-rings-end-end-encryption-what-it-means
https://www.eff.org/deeplinks/2023/06/ftc-forces-ring-take-user-privacy-seriously
Yay! Comprehensive privacy legislation! (Score:2)
Despite paying remarkably close total taxation rates to other industrialized nations, us Americans do not get any kind of healthcare, nor do we have any kind of consumer protection laws that are not unenforced punch lines. We also do not have protected borders, liability for vaccine manufacturers, or even access to the court system anymore since corporate America makes us give it up. Our law enforcement are state sanctioned pirates. It is a felony for you to lie to a bank, insurance company, or credit re
alternatives please (Score:3)
I'd like to have a few security cameras in my house - mostly so I can check in if my cats are doing ok if I'm out for a day or two.
I've not done it so far exactly because I don't want Ring/Amazon to have a view into my home. I'm ok with the Ring camera at my door - that shows the street, not me walking around naked after a shower.
To all the warners: Point me to alternatives. I have my own Debian server with a Nextcloud instance running, I can install some other software there to enable live-streaming or whateer. I just haven't so far found anything with a convenience factor similar to the Ring doorbell. Point me to one and I'll buy it.
Don't just warn people way from things. Accept that these things satisfy a real need and propose alternative solutions.
Re: (Score:2)
To all the warners: Point me to alternatives. I have my own Debian server with a Nextcloud instance running, I can install some other software there to enable live-streaming or whatever. I just haven't so far found anything with a convenience factor similar to the Ring doorbell. Point me to one and I'll buy it.
Don't just warn people way from things. Accept that these things satisfy a real need and propose alternative solutions.
Ubiquiti [ui.com]. They have some pretty nice hardware all around, especially for the consumer ("prosumer") space, and that includes doorbells and other camera systems. While they do offer cloud functionality (and have had issues like many companies, even a breach via an employee who was on their security team), it is NOT required. You can run the entire UniFi system locally. The UniFi controller software can be installed on your own hardware. I have a local-only setup myself, though I did purchase one of thei
Re: (Score:2)
I meant to add, while UniFi generally wants cloud if you want things accessible outside your network (mobile push, remote viewing, etc.), that's if you're fully remote and unconnected to your network. On the other hand, if you have VPN to connect to your home network from afar, the UniFi controller will happily talk to you without cloud and will remain LAN-only. That's how I
Re: (Score:2)
Thanks for the info. I do have a Ubiquiti Wifi router, so I'm a bit familiar with them.
But I'm looking specifically for a non-local solution - I want my camera to stream stuff to a server I control. Essentially what Nextcloud is - all the advantages of a cloud, fully under your own control.
I've thought about simply rolling my own solution with a RasPi and a camera module, but I don't have the time probably required to create a solution by myself with a bit of features (like only recording when there's movem