Amazon Ring Under Attack – Privacy Advocate Comments

The Ring doorbell app for Android sends personally identifiable information of customers to third parties without “meaningful” user knowledge or consent, according to new research by the Electronic Frontier Forum (EFF). Ring user names, private IP addresses, mobile network carriers, persistent identifiers, and sensor data are all sent to four analytics and marketing companies – branch.io, mixpanel.com, appsflyer.com, and facebook.com. EFF warned that these companies are able to combine this information to develop a “fingerprint” that follows the users as they interact with other apps and use their devices.

Separately, an Amazon software engineer is calling for the shutdown of Ring: ‘Ring should be shut down immediately and not brought back’

Subscribe
Notify of
guest

1 Expert Comment
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Paul Bischoff
Paul Bischoff , Privacy Advocate
InfoSec Expert
January 30, 2020 11:55 am

Ring and the Neighbors app prey on and exacerbate users\’ fears. Data sharing practices between users, Amazon, law enforcement, and other third parties threatens civil liberties, such as by creating a chilling effect on freedom of movement. All that being said, nothing that Ring does is illegal, so its doubtful that Amazon will shut it down. So long as the camera isn\’t pointed somewhere where a person on private property has an expectation of privacy, then there is no invasion of privacy, legally speaking. Furthermore, neighborhood watch groups have been a staple of many communities for decades, setting a precedent for this sort of grassroots surveillance.

Ring and Neighbors tend to create the perception that users\’ homes and neighborhoods are under siege. This could just be a growing pain that comes with new technology. But some people fancy themselves as crime fighters and will take every opportunity to report suspicious activity to neighbors and police. We\’ll all have to adapt and learn to be skeptical of online fear mongering.

I think a few actions could help alleviate fears of a surveillance state without shutting down Ring outright:

Ring users should have full rights to any video taken on their property. If they do not want to share it with police, police should not be allowed to go over their heads and get video from Amazon instead.

Ring should implement privacy by default. This is a principle that opts for the most private settings available upon initial setup of the device and software. In this case, that would mean not sharing videos with law enforcement or the Neighbors app. Video should be deleted after a reasonable amount of time. Any video uploaded to the cloud should be encrypted with the user\’s key, and that key should not be known to Amazon.

Passers-by who could reasonably be identified by a Ring camera should be informed as to whether they are being recorded. This could be done with physical signs, similar to neighborhood watch signs, and/or by creating a website where anyone—not just registered Neighbors users—can see which households have Ring installed.

Last edited 2 years ago by Paul Bischoff
Information Security Buzz
1
0
Would love your thoughts, please comment.x
()
x