My hope is that this is another push toward on-prem data management.
One of the things that the "computer revolution" spawned in the 90's was that there were a lot of "extra" computers around because everyone upgraded every 18 - 24 months. After a couple of rounds of upgrades, if you had kept the old parts, you had enough parts around to make another computer. In my house this typically became the "kids" computer and we would build it, them image it, and then use the image to restore it back to what ever it had been built to originally when the kids did something to make it non-functional.
Of course after a still longer period you had upgraded that "previous" gen computer and now you had a left over previous previous gen computer. And typically what I did was put Linux on it and have it for running this that and the other thing. These days a RasPi 3 is about as powerful as that generation -2 computer was.
Like a lot of people as my Internet speeds increased I started leaving computers on all the time as servers that I could access from anywhere. This was made easier (and without paying extra for a fixed IP) with dyndns, although these days it is easier still with IPV6 (no dyndns required if your ISP will give you an IPV6 prefix (so far this has been pretty easy).
So I think a number of services you use "in the cloud" might be implementable as local services where it is harder for the Government to get its hands on your data, (or at least it would have to serve you with a warrant and so you would know they were looking at you, an NSL doesn't work if the person being served is the person being observed :-)
This is exactly why we are building on-device private AI at Snips (https://snips.ai, disclaimer: I'm a co-founder)
We believe that the only way to have people trust AI is when we will make it possible to have privacy-respecting AI, we believe it is not only feasible, but it is our duty to build AI which respects people and is able to scale without presenting a danger to our societies
I know about Snips.ai for some time now, I was planning to play around with it soon, and then I learned about the token thing. I mentally put the project into the trashcan at that very moment, it only got out of there due to being repeatedly mentioned on HN as something legit.
> Did you take a moment to understand why they are doing this with a coin, or are you just anti-crypto-coins altogether?
They're promoting a security [1]. If a company can't bother with the law, I distrust their claims around privacy.
Also, if you're doing on-device AI, you have a natural business model: sell the device. (Maybe also subscriptions.) Adding in a token creates conflicts of interests.
Care to explain it to us? There's nothing obvious I can see as to why they're using coins, and based on the recent stories about the SEC investigating ICOs, skepticism seems warranted.
Oh, I don't know, I have just heard of these coins myself. But based on OPs response it is hard to tell if they just dislike cryptocoins altogether, or if they read about the specifics and disliked the specifics of this one cryptocoin.
I don't see how privacy and cryptocoins are related. Some cryptocoins can enable privacy, whereas some can make privacy more difficult. My question is if OP has a problem with the specifics of this cryptocoin or if they just dislike all cryptocoins.
What is your concern around this? I'm not aware of what this implies as being a negative aspect to using Snips. Please elaborate when you get a moment. :)
unless I misunderstand your web site implementation, you might want to fix the web site to respect also the user choice about storing cookies ;-)
I clicked "Deny" when asked to accept cookies (and analytics), but the cookie stored on my machine says {"cookie":true,"analytics":false}
It would be fine if keys were held locally or in a loyal-to-end-user way, and data stored dumbly in the cloud. This would break business models fundamentally and also require a lot of technical rearchitecting, though. (Ideally you'd be able to delegate/release a short-lived key to a subset of data to do certain operations remotely, on to-some-extent-loyal remote computing resources, but I think within 5 years people will realize that long-term/eternal data at rest under anyone else's control makes you a victim-in-waiting.
And why do half of these sentences not make sense?
Back in my day, journalism in forbes was still shitty but at least with coherent sentences.
edit: A link in the article does inform me of 'rap crew'
"O
n a June day last year, a skinny, dreadlocked 29-year-old rapper known as Tony Da Boss lay in bed in a redbrick apartment on a tree-lined street in Charlotte, North Carolina. It was not the kind of place you’d associate with a million-dollar criminal conspiracy. But Da Boss (real name Damonte Withers) was a leader of the FreeBandz Gang, an amateur hip-hop crew of twentysomethings who were into much more nefarious activities than laying down tracks."
jesus christ. get out of journalism and go write that pulp novel kicking around in your head.
I didn't see any mention of the rap crew in the article... That blurb mentioning the rap crew was really an advertising blurb for another article. It just happens to be strategically placed between paragraphs of this article.
Between this and sites where scrolling past the end of an article loads the next one, media companies are really fucking with people's ability to understand what they're reading.
That is some "think of the children" legislation away from a rubber stamp subpoena system. Oh well, I don't assume privacy outside my bedroom anyway. Maybe not even in it soon enough.
If your data is not end to end private key encrypted, then you are inviting the government in to look at all your shit; photos, documents, logs, everything.
The real question: Why do we let governments get away with this kind of behavior?
Fighting a technology arms race with the government is a losing battle. They can ask for private keys to be handed over - on threat of jail time if you don't comply.
It is a technology problem. Technology created the centralisation that makes the target so juicy, and courts treat stuff entrusted to third parties with less care than stuff you keep in your mind.
The closer the storage is to you, the bigger a hurdle the government needs to jump to access it. Closer tech is more private tech. It's also much more expensive to snoop on.
The ballot box approach will last exactly as long as the next terrorist crisis.
I agree we should be divesting from centralized data management for the reasons you stated.
The parent poster also had a good point, though. If the public is going to bend over at every crisis and lose rights, how long until residential customers can only hook approved walled-garden devices up to the internet, with no true privacy respecting tools permitted in their app stores?
I'm curious at what point people decide that the government spying on them begins to be ok? How does the average person feel about the following:
1. A spouse going through your cell phone without your knowledge
2. A landlord requiring cameras in all rooms of your house to catch potential property destruction
3. A boss logging all computer activity at all times
I'd imagine the average person would be pretty pissed about all of the above. At some point though, when it gets scaled up to the federal government effectively having the power to go through anybody's phone records, cloud data, email, search history, and now surveillance cameras, a lot of people seem to be okay with that, because terrorism.
Terrorism is bad, but police states are worse, because at that point the government becomes the terrorist. If you're that afraid of terrorists that you're willing to give the government the power to spy on you (which is not even guaranteed to prevent terror attacks), maybe you should move to a rural location far away from any population center. Otherwise, it should be treated like any other crime. Perhaps we should think about why people become terrorists in the first place, and maybe get at the root of the problem, instead of increasing police power endlessly to try to solve the symptom and not the cure.
As someone from the first generation to live in democracy after 41 years of dictatorship, I would say people ignore the signs and when they finally decide to start taking action is too late.
All three of those examples are one person asking for themselves to be granted access to your private info. They're not really any less personal. To some extent, I'm just describing separation of powers, but there's also a difference between an individual with motives, and an organisation.
A better example might be an exec passing a policy requiring HR to have permission to see your X.
>The real question: Why do we let governments get away with this kind of behavior?
Not many care anymore about privacy except basically, us, the tech power user community and then a few stragglers. This new generation just doesn't care because they never really grew up with any in the first place, just shoved right into Facebook, Instagram, Snapchat. They probably didn't go too depth into privacy laws, why your privacy matters in their grade school either.
Just from observing my kid and his friends I think they are amazingly adept at privacy even if they don't realize it, yet. They are more concerned about trolling, being trolled, and in extreme cases, swatting. They share stuff on FB-IG-SC-YT but are conscious to give out just enough information. No real names, no addresses, no phone numbers.
Now the older generations (boomers, GenX, Xillenials) share way too much information, in my opinion. They get on FB, tag everyone in the photo, even those without a FB account. And share their phone number and directions to their house.
The essential problem is that the great majority of voters are vastly apathetic when it comes to privacy, and there are strong incentives for governments to infringe upon it, especially in law enforcement.
It's drastically easier to roll out a new technology than change a government policy which all major political parties are more or less comfortable with.
Governments take time to adapt to new technology, so keep the new technology moving faster than the government knows how to deal with it........
Because surveillance isn’t an issue of left vs right, it’s an issue of predator vs prey, and all of the elected officials are the predators as much as the voters are prey.
I completely agree with you but the challenge is how do you get people to care about privacy when they publicly post their current location and meal to public profiles daily? How do you convince people to PAY for services from companies that care about privacy instead of picking the "free" option where everything you do and say is tracked? We can blame the government but we are complicit in our apathy.
I am surprised that it is only 300 times - but this is probably because these devices are now bought by wealthy people who don't commit too many crimes or felonies.
You don't have to commit a crime to be targeted, spied on, harassed and have your life destroyed by the government.
When the government spies on innocent people en masse -- because they say they should have nothing to hide --, the government is the one doing harm to an innocent person, and it's the government who has something to hide.
Without accountability, and given the secret and anonymous nature of their interference, we can't trust that the government only spies on guilty people, because they will circularly claim that they are guilty because they are spied on.
And you shouldn't take solace that comparatively only a few innocent people get their lives destroyed, not just because it can happen to you, or because it shouldn't happen in the first place, but because not being accountable for their crimes gradually emboldens the government, and given advances in automation, to scale it up and encompass more of society until one day they come for you or your children.
I agree - it starts with criminals - because it is an obvious target, but once the capabilities are built then they are used in whatever way the government likes.
I'd wager white-collar crime happens more than street crime.
It's known that it costs us between 250 billion to 1 trillion dollars yearly, but pursuing the crimes isn't prioritized by the FBI/IRS because of the costs of litigation, the possibility of destabilizing the markets, and the war on drugs/terror.
I was recently looking for some security cameras for my house. I was considering Nest, but the fact that they are owned by Google makes me a bit weary, privacy-wise.
Does anyone have experience with other brands that you might recommend?
Ubiquiti's cameras are rock solid, both in terms of hardware and software. And if you don't like their software, the cameras provide a raw RTSP feed you can integrate with other open source alternatives. They're not too hard to hack on (official API docs are lacking but their forums are quite vibrant); I've integrated mine with my OpenHab control/display.
I've got a couple cameras that have been running outdoors for years in rain, snow, and heat. At this point I'm just waiting for them to die so I can finally upgrade to the latest and greatest models.
This post is late, but I definitely do not recommend Ubiquiti cameras following their decision to go back on their promise (and previous company focus) of having end user flexibility and instead tying their UniFi Protect offering exclusively to their own proprietary cloud key. They made it worse by having a marketer PR guy come in to a thread of the community offering concerns and spouting a bunch of transparently garbage excuses. UniFi Video is basically in maintenance mode at this point and will probably be EOL'd soon, Protect was what everyone was expecting (and has mostly been positioned as) the successor. And nobody objects to the existence of support in "Cloud Keys" (Ubiquiti's own little all in one computer/controller offering, think like a POE raspberry pi type deal) of course.
But making something like this exclusive to CKs is a new and extremely unwelcome thing for them, and should be a real red flag even if it's not tied to the cloud.
I have a Synology NAS (I wanted an always on network backup for 3 PCs) it came with 2 free security camera licenses. The standard I found is ONVIF, my first camera arrives tomorrow (the software looks good, online support looks promising).
Depending on features cameras are ~$25-$50 with the heavier duty hardware being ~$100 (there is also commerical grear you could easily spend $500 a camera)
Here are the questions I'd ask in making your choice.
1) device storage vs onsite storage vs hosted remote (my dad wants to setup a system, I'm hoping we can share an off-site backup solution)
2) internet required vs CCTV (local lan only)
3) WiFi vs wired vs Power Over Ethernet (I'd prefer wired PoE, but I don't want to run cable at this time, I went wireless, this requires a phone app to setup in my case)
4) fixed camera vs pan/tilt (I'm planning a mixed system, pan/tilt for living room with fixed cameras looking at doors)
Obviously this is putting most of the setup/maintenance onto you. If you're comfortable with that and setting up a network I believe this is the most privacy-wise solution as the data should never leave your house
Synology has been getting wierd, also, with privacy. A few updates ago, my private fileserver asked me to agree to a privacy terms of service. I'm considering airgapping it and ending updates.
Presuming you don't go with Arecont cameras, what cameras are you considering? HikVision seem to hit a sweet spot but not sure of they call home --although being CC makes it matter less.
I've been using Wyze cameras. They're notable for being very inexpensive but still including high quality cameras.
The tech in home security cameras is basically a lens and a cable, usually some software with questionable UI. I'm really skeptical of companies that manage to take that commodity hardware and ask for hundreds of dollars.
It's also a field that's still iterating pretty rapidly, so tech that's priced at near disposable levels is extra appealing to me.
With most home devices I'm assuming there will be security issues, so the fact the Wyze team is at least transparent when they are working on a vulnerability (and hint at how they prioritize) seems above average to me: https://support.wyzecam.com/hc/en-us/articles/360009314072-S...
How is Wyze's compatibility? I was looking at the hardware however I couldn't determine if I could connect it to my NAS.
It looks as if ONVIF support isn't high on their priority list (see recent Reddit AMA)
It's non-existent. If you consider them disposable cameras with local storage and minimal functionality, they're great for the price.
Wyzecam is considering adding 'RTSP' protocol to allow other devices to retrieve the video stream. Doubtful that it will be implemented as it directly impacts their business model.
From WyzeCam subreddit:
"We want to create an ecosystem of products that work through our app. If people stop using our app, what are we providing (given that we don't make the hardware ourselves)? We don't have a specific plan for subscriptions at this point but we are considering it so that we could provide cloud storage options beyond our baseline.
We might enable RTSP (still working on deciding that). We also may add features to our app that would reduce the need for RTSP by making things work through the app itself. It's a bit up in the air right now."
I recently installed a Ubiquiti Unifi Video system and am happy with the product so far. It is a walled garden, but it was easy to set up and the NVR software is better than most of the others I've tried.
I think the time has come for a The Wire reboot. Anyone else?
Edit: Downvotes, why? The Wire was a critically acclaimed series whose major themes included abuse of power, the use of technology to both surveil and evade surveillance, perverse incentives, and failure of institutions, among other things that are as relevant as ever in the post-Snowden era. But instead of pagers and burners we'd get tech circa 2018.
A series where people used technical surveillance using devices like these (IOTINT? IDK what the term of art is yet), OSINT from online things like FB, various forms of legal process (civil, LE, NS, and extralegal), etc. to go after "terrorists" down to criminals of various crimes down to "enemies of the Party" down to "people who slightly antagonize employees of the Agency" to "for the lulz" would be interesting.
More like Homeland than The Wire, though. Or, uh, Black Mirror.
It's interesting how many hardware and software services are "in the cloud" now. For example Slack monitors the conversations of thousands of businesses, and there's no telling what they do with the data behind the scenes.
Without being too cynical:
There is what they say they do, and what they actually do.
I'm not picking on Slack specifically here, but this is just healthy skepticism when dealing with cloud services all in all.
All bets are off with governments involved. There are lots of compelling reasons for secretly disregarding the already set privacy policy. Including but not limited to patriotism, anti-terrorism, child abuse, human rights, crime or flat out regime criticism, political reasons such as opposition.
Pick your providers carefully. You trust them more than you think.
Hopefully they are trustworthy, but there is no way to really certify they are not monitoring conversations. And even if the company as a whole does not, that does not negate the risk of the insider threat, which is the source of many of the huge data breaches these days. At least in the government classified systems have to go through a rigorous accreditation, regular audits, contain all sorts of logging, and there is some modicum of external oversight by congress. As consumers, we have zero visibility into Slack. I really don't understand why using Slack is not perceived as a risk.
I love the Sonoff series of smart switches/plugs. They're super cheap, well-made and flashable with open source firmware (ESPurna, for example) that's secure and very featureful.
Home..where you pick your nose, scratch your crotch, walk naked, have sex with the lady next door, get angry at your kids and so on. Why would I want all this stuff backed up at Google.com? No thanks, unless it has end-to-end encryption and only I have the key. Also I'd delete all items older than x days (unless on vacation, I'd know that I was robbed, no need to store months of "tape")
does google have a choice when authorities come knocking down? Maybe they should encrypt the data in such a way that only the user can decrypt it. We need to think about privacy as a design requirement and not something that is optional. Companies wouldn't do it because that is the only way they can monetize thier profit seeking craze.
Reading the above comments, it seems that companies don't have much say when the government comes knocking.. Which is precisely why I think privacy should be a requirement and not an option in the design stage. The company heading towards that right now with the most advancements in technology is Snips. Data is stored on the device primarily. To help with AI(As an option), your data will be encrypted and sent to the developer along with all the data from other users as a whole big data(Data generating).
So if you forget your password, your data is just gone? That doesn't seem like a good solution. I worked on a system in a previous life that encrypted data based on user passwords, and we had to add a backup encryption key (tied to security questions) because we had so many issues with people forgetting their password and losing their data.
If this surprises you, you must not understand Google's business model at all.
They give you services for "free" (or cheap) so they can use your data for marketing analysis. The thermostat tells Google when you're home and when you're not, tells them when you go to bed and when you wake up. Tells them when you go on vacation, and with the Nest Mobile App, where you went for vacation. Tells them how frugal you are with energy.
This is a lot of valuable data to a marketing company, so of course they aren't going to lock themselves out of it.
> The company also noted it has never received a National Security Letter. Such NSLs are typically filed by intelligence agencies looking for company data. They also normally come with a gag order preventing businesses from revealing their very existence. That means that if Nest ever removes its disclaimer that it hasn’t received an NSL, it likely has been sent one.
Whenever I read copy like this, I read it as "no dragnet this time, nothing to see here! Keep buying Nest and other great products from Alphabet, Inc!" But is it possible that no NSL was ever sent and Google simply provides a data feed of all relevant info and video to their national security partners? (A generously paid-for feed, of course.)
I guess what I'm asking is, is an NSL required for Google to legally surveil its customers on behalf of the host government? Beyond sheer EULA license legal weasel-wording, I'm wondering if the fourth amendment restricts the US government from arranging for a dragnet-style data feed from some willing corporate partner.
> I'm wondering if the fourth amendment restricts the US government from arranging for a dragnet-style data feed from some willing corporate partner.
it doesn't. NSA has had room 631 at AT&T for over a decade now. and, of course, everywhere else. there's almost certainly an API for government agencies that they can query without any new warrants -- think facebook, google, amazon, etc.
i remember back in the day people used to say that these things were just conspiracy theories.
One of the things that the "computer revolution" spawned in the 90's was that there were a lot of "extra" computers around because everyone upgraded every 18 - 24 months. After a couple of rounds of upgrades, if you had kept the old parts, you had enough parts around to make another computer. In my house this typically became the "kids" computer and we would build it, them image it, and then use the image to restore it back to what ever it had been built to originally when the kids did something to make it non-functional.
Of course after a still longer period you had upgraded that "previous" gen computer and now you had a left over previous previous gen computer. And typically what I did was put Linux on it and have it for running this that and the other thing. These days a RasPi 3 is about as powerful as that generation -2 computer was.
Like a lot of people as my Internet speeds increased I started leaving computers on all the time as servers that I could access from anywhere. This was made easier (and without paying extra for a fixed IP) with dyndns, although these days it is easier still with IPV6 (no dyndns required if your ISP will give you an IPV6 prefix (so far this has been pretty easy).
So I think a number of services you use "in the cloud" might be implementable as local services where it is harder for the Government to get its hands on your data, (or at least it would have to serve you with a warrant and so you would know they were looking at you, an NSL doesn't work if the person being served is the person being observed :-)