I'm not a fan of Ring, but I felt pretty let down by Dan Calacci's presentation.
The fetid political slant casts doubt on any and all facts claimed in the video, but if I do verify that Ring shares the address of my cam with police, I'll change that address to the local police department or the nearest officer's house if I don't finally just take it down.
PTO-TIP: if your car's nav system lets you save your home address, and you keep a garage door opener inside your car too.... Change your home address to the biggest nearby gun-nut you know, or the nearest cop's house, so whoever steals your car someday can sit in their driveway while they crush their dreams of an easy home burglary.
Dan hypothesizes that doorbell video could be "streamed into police fusion centers" What's a fusion center? The emergency services call center for JoCo has regular public tours last I checked. They're free, and the county citizen's academy is a fun way to spend 10 Thursday evenings. Dinner's included. Y'all should check out. Every cubicle has a half-rack of gear on desk-side ups inside a building in a building designed to withstand a direct tornado for days! And they still have failover plans!
The presenter continues "The number of cameras in a census block should be available to the public daily"
-- Say's who? That's not tech. Keep your 'should' to yourself. That's foaming zealotry. What other private property does hipster glasses think should be counted up and made available to the public daily, I wonder.
Ring "didn't really have any security in their app at all".
-- The API is intended to be publicly visible. It's part of a free public app available without pay or ID. The trees in the park don't have any security either. <Gasp, this el173 h4x0r dumped a crit 0-day Sugar Maple vuln>
By the way, most police calls in JoCo are publicly mapped and timestamped in XML and JSON feeds. The archives go back like ten years or more.
I wish the presentation had been more technical and less whinging about racial injustice in policing. --quite overplayed at this point. Dan also willingly conflates posts on Ring Neighborhood (Ring's obnoxious and unappealing attempt at a social network) with actual Ring Doorbell cameras.
The truth of course is that anyone can post to 'Ring Neighborhoods' any video or pic from any camera, or (more commonly) just a one-line text message about some stray cat they saw taking a shit on their lawn. A post does not equate to a Ring Doorbell. They seldom equate to cognitive ability.
Every living being has the inalienable right to preserve a record of any thing they can experience, especially outdoors viewed from the land they own. Dan's sense of entitlement and obsession with other private persons possessions and actions was palpable. If he wants to walk to the train without any cameras "looking at him", he can simply buy all the land along the route and build a tunnel.
"moooom They're looking at me again. make them stop"
And funny it is that the cameras on the train/station don't bother him. I'm personally MUCH more concerned about government-owned cameras than those owned by my neighbor.
But no, porch cams are a "Threat to civil liberties" Dan says! Stop scratching your nuts in front of my house and you won't be worrying about your privacy being violated.
Ring cams "Capture wide swaths of public street" ... Yes. The same public street that the camera owner paid for via property tax.
He admits he was motivated by searching for 'racial patterns". Well that explains it.... I thought HOPE was a technical conference or at least focused on hacking.
I'm not sure that using a public API to gulp down public data and then saying he can't share it with the peasant audience because of PII concerns is hacking really either, but okay. I guess God told him he was uniquely permitted to posses what he calls other people's PII, and we aren't. Legit.
Two stars on the presentation 'One Ring to Surveil Them All'. The statistics on language used were somewhat interesting, if completely anecdotal and predictable.
I've been waiting for years for a way to overwrite Ring's firmware with something I could control. Supporting RTSP or local storage, encryption. Kinda sad that wasn't a priority.
The most I've 'hacked' my ring was I set up an RPi to act as an access point for mine. (Inspired by all the time spent at home last year.) I used a hall effect sensor on one of its gpio pins to detect when my front door opens. When the door opens, a systemd service inserts a netfilter rule to block all traffic from the camera so it can't cause the damn chime to go off when someone in the house walks the dogs. But if the door is closed and someone walks up outside it works the same it ever did. Reminds me.... I need to add the garage door and its Ring stickup cam to that system.
I did try using Ring's away/home api for this, but with sometimes less than a second between opening the door and walking outside, the API latency was too great, and it beeps everyone's phones anyway when the away/home toggles which defeats the point of trying to reduce interruptions.