Basically there are instances where e2ee was promised but not actually present.
I believe that images sent alongside notifications may lack e2ee as well but am unsure.
Kanzar@sh.itjust.works
on 16 Dec 2023 02:27
collapse
Still remote access so… 🤷🏻♀️
0110010001100010@lemmy.world
on 14 Dec 2023 20:36
nextcollapse
There’s a very good reason my cameras stay internal only and are blocked 100% from the internet. I can access them via the NVR with a Wireguard tunnel when I’m away from home if need be.
Ebby@lemmy.ssba.com
on 14 Dec 2023 20:52
nextcollapse
In this case however, the device hosting your VPN, NVR and blocking the camera could be the very router someone unknown has admin access to. It could be trivial to unblock, port forward, and find the IP with that access. It comes down to the authentication security of the camera as last resort.
BombOmOm@lemmy.world
on 14 Dec 2023 20:55
nextcollapse
Same here; LAN only with a VPN to get into the LAN. There is no reason to send my camera feeds to another party. All that can come from that is trouble.
Sixner@lemmy.world
on 14 Dec 2023 21:46
nextcollapse
What cameras/setup do you use (or just recommend)?
BombOmOm@lemmy.world
on 14 Dec 2023 21:55
collapse
Currently using BlueIris to read/record streams from Ubiquiti IP cameras* set to run in standalone mode. I chose that software since it is a one-time purchase rather than something monthly; and chose the cameras as they were fairly inexpensive when I bought them (5ish years ago) and they supported power over ethernet, which makes running cables to them so much easier (just have to run a single ethernet cable to them, don’t need to run a separate power cable).
I’ll probably be redoing my setup in the future. Most notably swapping out BlueIris (Windows) for something Linux based as my trust in Microsoft has steadily declined.
*I do enjoy the irony of these being mentioned given the thread we are in. I at least have them banned from talking to the internet.
Sixner@lemmy.world
on 14 Dec 2023 21:46
nextcollapse
What cameras/setup do you use (or just recommend)?
hillbicks@feddit.de
on 14 Dec 2023 21:51
nextcollapse
Reolink has always been a good choice. Very good hardware for the price and they support onvif on most devices, which you can then use however you like.
lemmylommy@lemmy.world
on 14 Dec 2023 22:02
nextcollapse
If you want cheap and good cameras: Some Annke cameras like the C800 are rebranded Hikvision models. Add a NVR like Frigate and you have a cheap and powerful local surveillance system.
0110010001100010@lemmy.world
on 14 Dec 2023 23:43
collapse
Reolink, Ubiquiti, Dahua, Amcrest, and Wyze. Nice thing about a third-party NVR is you can mix and match whatever is cheapest or best for a given spot. I’m currently using iSpy Agent for the NVR as it’s runs nicely in docker. Then I layer Codeproject.AI over top for person detection rather than just generic motion alerts. I’m using a 2090 Ti GPU (which is WAY overkill but I got it for free) to make the AI detection very fast.
Molecular0079@lemmy.world
on 15 Dec 2023 00:07
nextcollapse
I am still shocked that so many people are okay with cloud-based camera systems. It just seems like a security and privacy nightmare.
Granted, setting up a DIY NAS to host a server and store footage is a whole technical challenge for most people, but still…
frezik@midwest.social
on 15 Dec 2023 12:47
collapse
Thing is, Ubiquiti cameras aren’t cloud based. At least not to the same extent. The authentication system is cloud based, but the controller and storage is local.
You can pay for several years of a cloud subscription for the cost of either a NAS or a Ubiquity storage server.
The only safe data is data that no one can access, including yourself?
ripcord@kbin.social
on 14 Dec 2023 21:03
nextcollapse
No.
cubism_pitta@lemmy.world
on 14 Dec 2023 21:04
nextcollapse
Best place to start if you’re taking security seriously; Implementing file encryption for example has to start with “I would rather that I myself potentially lose access to this data than for it to possibly fall into another person’s hands.”
When I lose things it’s almost always because I’ve put them in a safe place. Safe from me!
But yeah it’s really about factoring in likelihood and opportunity. I think it helps to compare physical and digital spaces. If you have a CCTV system, then anyone could watch the monitors and see what’s happening - however they’d have to get into the building, find their way to the secure room, log in to the system, etc. When something is online it creates better opportunity for surreptitious access and also greater likelihood in terms of the number of people who could potentially come across it. While in the physical space you might get away with having staff control access during the day and locking the door at night, online you have to have far more robust security measures to achieve the same level of safety.
So it’s maybe better to say: the easier it is for you to access data, the easier it is for someone else to.
thefartographer@lemm.ee
on 14 Dec 2023 21:01
nextcollapse
That’s not true! I bet you can’t see this comment cuz I’m real super sneaky on the security.
bFxPnS*Z4
Shit, I accidentally pasted my password into a comment again. Guys? How do you delete a password from a comment?
dhork@lemmy.world
on 14 Dec 2023 21:03
nextcollapse
Hey, Lemmy’s security works awesome! All I see is
'********
Hey, someone else try posting their password here to see if it works!
0110010001100010@lemmy.world
on 14 Dec 2023 21:04
nextcollapse
hunter2
CosmicTurtle@lemmy.world
on 15 Dec 2023 00:59
collapse
threaded - newest
Eufy users: first time?
As a eufy user, now I don’t feel so bad
You still should!
I mean I still feel bad
Just not as bad.
Wyze users: first time?
What’s the low down on this? I just bought a Eufy system thinking it was great because all the video storage is local.
theverge.com/…/anker-eufy-security-camera-cloud-p…
theverge.com/…/anker-eufy-security-camera-answers…
Basically there are instances where e2ee was promised but not actually present.
I believe that images sent alongside notifications may lack e2ee as well but am unsure.
Still remote access so… 🤷🏻♀️
There’s a very good reason my cameras stay internal only and are blocked 100% from the internet. I can access them via the NVR with a Wireguard tunnel when I’m away from home if need be.
In this case however, the device hosting your VPN, NVR and blocking the camera could be the very router someone unknown has admin access to. It could be trivial to unblock, port forward, and find the IP with that access. It comes down to the authentication security of the camera as last resort.
Same here; LAN only with a VPN to get into the LAN. There is no reason to send my camera feeds to another party. All that can come from that is trouble.
What cameras/setup do you use (or just recommend)?
Currently using BlueIris to read/record streams from Ubiquiti IP cameras* set to run in standalone mode. I chose that software since it is a one-time purchase rather than something monthly; and chose the cameras as they were fairly inexpensive when I bought them (5ish years ago) and they supported power over ethernet, which makes running cables to them so much easier (just have to run a single ethernet cable to them, don’t need to run a separate power cable).
I’ll probably be redoing my setup in the future. Most notably swapping out BlueIris (Windows) for something Linux based as my trust in Microsoft has steadily declined.
*I do enjoy the irony of these being mentioned given the thread we are in. I at least have them banned from talking to the internet.
I never ran BlueIris as I couldn’t bear to install windows. For Linux try Frigate NVR.
.
.
What cameras/setup do you use (or just recommend)?
Reolink has always been a good choice. Very good hardware for the price and they support onvif on most devices, which you can then use however you like.
If you want cheap and good cameras: Some Annke cameras like the C800 are rebranded Hikvision models. Add a NVR like Frigate and you have a cheap and powerful local surveillance system.
Reolink, Ubiquiti, Dahua, Amcrest, and Wyze. Nice thing about a third-party NVR is you can mix and match whatever is cheapest or best for a given spot. I’m currently using iSpy Agent for the NVR as it’s runs nicely in docker. Then I layer Codeproject.AI over top for person detection rather than just generic motion alerts. I’m using a 2090 Ti GPU (which is WAY overkill but I got it for free) to make the AI detection very fast.
I am still shocked that so many people are okay with cloud-based camera systems. It just seems like a security and privacy nightmare.
Granted, setting up a DIY NAS to host a server and store footage is a whole technical challenge for most people, but still…
Thing is, Ubiquiti cameras aren’t cloud based. At least not to the same extent. The authentication system is cloud based, but the controller and storage is local.
You can pay for several years of a cloud subscription for the cost of either a NAS or a Ubiquity storage server.
Ditto. “The Cloud” is just another name for somebody else’s computer which you don’t control
As always, relevant XKCD: xkcd.com/908/
If you can access the data, so can someone else.
The only safe data is data that no one can access, including yourself?
No.
Best place to start if you’re taking security seriously; Implementing file encryption for example has to start with “I would rather that I myself potentially lose access to this data than for it to possibly fall into another person’s hands.”
When I lose things it’s almost always because I’ve put them in a safe place. Safe from me!
But yeah it’s really about factoring in likelihood and opportunity. I think it helps to compare physical and digital spaces. If you have a CCTV system, then anyone could watch the monitors and see what’s happening - however they’d have to get into the building, find their way to the secure room, log in to the system, etc. When something is online it creates better opportunity for surreptitious access and also greater likelihood in terms of the number of people who could potentially come across it. While in the physical space you might get away with having staff control access during the day and locking the door at night, online you have to have far more robust security measures to achieve the same level of safety.
So it’s maybe better to say: the easier it is for you to access data, the easier it is for someone else to.
That’s not true! I bet you can’t see this comment cuz I’m real super sneaky on the security.
bFxPnS*Z4
Shit, I accidentally pasted my password into a comment again. Guys? How do you delete a password from a comment?
Hey, Lemmy’s security works awesome! All I see is
Hey, someone else try posting their password here to see if it works!
hunter2
Yup. Works!
How about mine: hunter3
.
Jokes on you, my password is just 8 asterisks... Wait crap.
Brb changing all my passwords.
Actually, it’s a best practice to not reuse passwords, so any site would block you from reusing one! You’re fine.
hunter2 jokes aside, that’s a pretty good password.
Thank you! I launched NordPass and generated it just for the bit!
Not anymore.
Yep, just confirmed there is no end-to-end encryption and that they can see anyone's cameras at any time (or anyone that compromised ubnt)