Hacker Timesnew | past | comments | ask | show | jobs | submitlogin

This website---naturally, I think---weirds me out. Many of these cameras are in private spaces, with some places you most certainly don't want people to have live feeds of. It's quite disturbing how you can see personal snapshots of people's lives without them knowing. There's a perverse feeling of dread about being able to see into someone's life and being able to paradoxically watch someone eat dinner alone, seemingly so detatched from human connection even with someone watching like some kind of otherworldly spectator.


Every consumer tech company I’ve worked for had at least one guy who was a PM or a PM like role, who would say things like “InfoSec UX is confusing! Users don’t want to deal with IP addresses and firewalls and passwords and keys. We need to make the product easier to share by default!” This scenario seems to be what happens when anyone actually listens to That Guy.

Sharing on the internet should be one of the hardest things to do in your product. You need to make enough friction that the user can never do it by accident or by default. And the user should be warned at every step.


The answer is to make sharing secure, easy, and with informed consent. The answer is not to impose IP addresses, NAT routing, keys, etc. so that only technical people can give their consent.


How _does_ it work then, without imposing IP addresses, NAT routing, keys, etc?


One method (for many trans-NAT routing issues) is the manufacturer provides a proxy on the Internet, creates a secure connection between camera and proxy (controlling both ends, they should be able to navigate NAT issues, etc.), and then securely publishes the video. The manufacturer could encrypt the video E2E so they can't see it. This also hides the camera's location and IP.

All with informed consent of course.

Edit: Come to think of it, video chat apps (WhatsApp, Signal, etc.) seem to do this, at least sometimes.


But then you’re tethered to the device manufacturer and probably need other Terrible UX like an account/credentials, password resets, and so on. And that tether also opens the door for the company to remote control the product, spy through telemetry, and remotely “alter the deal” at their whim. Some people might be ok with this but a “tether to the company” is a deal breaker to me for most products.


For most, “these cameras might livestream your bedroom to the open internet if you aren’t tech savvy” is a bigger dealbreaker. And “the product from XYC corp is controlled by XYZ corp” is not concerning, but what they expected.

The idea of tech sovereignty for the sake of it is not an idea that resonates with many people outside of the tech community. Many people buy a product or service based solely on their immediate need.


While I agree about the current state of things ...

> The idea of tech sovereignty for the sake of it is not an idea that resonates with many people outside of the tech community.

That's a failure of the tech community to educate the public, and accepting the idea that it 'just doesn't resonate' is a failure of responsibility and a condescending arrogance. The people in the public are intelligent and learn many things, such as literacy and sanitation.

> for the sake of it is

It's not for the sake of it, it's necessary for security and freedom, and it's a practical, simple solution to the problem of technically analyzing every product and every update to every product.


Self hosting is not necessary for security. If it were, B2B and B2G services wouldn’t exist.

It could be necessary for “freedom” depending on your definition, which is a political argument and not a technical one.

I don’t know if you’ve ever tried to explain RMS’s opinions to anyone outside of tech before, but the primary disconnect is not an issue of education or literacy, but priority.

The primary reason people are not dissuaded by a services model is because they want a service.

Imagine you are reading a lawnmower enthusiast forum and everyone unanimously agrees that lawn services are immoral because they don’t let the homeowner own the mower or make adjustments to it. This is what this argument sounds like to many people. Many people just want their lawn cut, they don’t give a shit about the tool that accomplishes it.


> Self hosting is not necessary for security.

That moves the goalposts from 'tech sovereignty' to self-hosting.

The rest describes the tech community's failure to communicate its importance. Sanitation is also inconvenient, as is quitting smoking, wearing seatbelts, and forgoing lead where it might be eaten or breathed, but people are persuaded. We've failed so far, and it's even more embarassing to blame the circumstances.


For me too, but we can manage keys, firewalls, routing, IP addresses, etc. The issue is a solution for the vast public of end users who can't do those things. Anyway, the vendor could offer the proxy as an optional service, and let you and I do what we want in some advanced mode.


Here-in lies another issue, users see "$£€$" when it's a subscription, but oh look, a free version. Lets do that!


We technical people use IPv6 so that anything can access anything, and the camera people put a password on their camera so you can only see the video feed if you know the password.


Meanwhile users

"admin admin is fine"


The way that Nest/Wyze/Ring/etc all universally do it. They provide an service to intermediate and enforce access controls.

If you give laypeople a DIY project outside of their expertise, you can expect failures.


I mean, realistically: let us run your thing, uploaded all data to our cloud, and then let us handle access control.


Granted, I only have worked in B2B and never B2C, but as a technical PM, I care VERY much about security and am often the primary SME for several aspects of security (I was an engineer with a background in security for more than a decade before becoming a PM). Saying "Users don't want to deal with that and it should be easy" is not the same thing as "open a gaping security hole", the fact you are conflating them indicates either the people you're referring to or you yourself lack creativity.


People do want simplicity though. Plug in the device, be able to access it.

So you either host some infrastructure it calls back into, so you get around things like NAT. Or you punch holes in the network.

The same users who want simplicity don't want the complexity of having to remember passwords either...


What weirds me out is how empty it is of humans. These are some, but mostly empty rooms, empty roads, parked cars, empty gardens, empty warehouses, empty shops, empty chairs... page after page even of places like Mexico City or Berlin Germany where there are many millions of people.

You'd be forgiven for thinking this was the 'after' footage of an end-of-the-orld movie where all the humans have been disappeared, Mary Celeste style.


I wonder how plausible it would be to deduce where a given webcam is (some combination of IP data, context clues, visible landmarks, maybe face searching) and then contact the owner to let them know. There used to be this fun site called where-is-this.com where people could share images of public places for others to try to track down; it would be nice to harness something like that for good.


I feel like I’ve read about three letter agencies using the humming of power lines to geo-locate where a video/audio was recorded.

“Electrical Network Frequency (ENF) analysis”.

I’m going to dig more and will leave some links when I get back to a computer.



You don’t need to be a TLA.

Google “4chan tracks down Shia LaBeouf”


>images of public places for others to try to track down

isn't this handled by AI nowdays? In my experiments (some time ago) AI was extremly good at it.


At least one of them seems to be in an office, and the office has it's own netblock.


If the room has an IP camera in it, it is by definition not private. Since cheap cameras have begun to appear everywhere I treat them all as if they were publicly viewable. I'm not going to hide from them, but I save my more thorough ear cleanings and ass scratchings for home.


> If the room has an IP camera in it, it is by definition not private.

While right, there are multiple definitions of "private" and for others OP's point still stands.


> If the room has an IP camera in it, it is by definition not private.

No. No. No. No. No. No. No. No. No.

So if I put an IP camera inside your bedroom without your notice or consent, and hook that up to the Internet, you'd be okay with that? Because it's public!

A lot of these are probably from default or misconfigurations. A lot of these people with IP cam feeds visible to the Internet probably do not know they are open.


You've read the comment the wrong way.

The intent was to say "You cannot call a space private if it has a networked camera in it." Not "only a public space can host a camera".


I know what the comment said, thank you very much. They were conflating two senses of 'public' in two sentences. I was responding to the implication that because these are, in one sense of the word, public, that means that it is OK to treat them as if they are public in a different sense of the term.

This:

> If the room has an IP camera in it, it is by definition not private.

Does not necessarily mean this:

> Since cheap cameras have begun to appear everywhere I treat them all as if they were publicly viewable.

The implication is that if someone misconfigured or otherwise didn't know their camera was broadcasting to the world, anyone is morally and legally correct in doing whatever they want with it, and it is their fault because it is "public". That is wrong.


> anyone is morally and legally correct

I think it's more so similar to that if you leave something shiny and expensive in a visible position in a car in a neighborhood known for high rate of thievery there are good odds of your stuff being stolen. They are not claiming that the thieves are morally or legally correct.


I agree with you.

That said, there are many people for whom "blaming the victim" is forbidden at all costs, and thus don't seem to have the facility to understand not making oneself a target. I suspect that you are replying to somebody possibly like that.


> I know what the comment said, thank you very much.

I'm not sure you do. Or at least you're replying to a very uncharitable interpretation.

From my perspective, this read as: the moment you put one of these IP cameras in a room, you should assume you're now in public, no matter what assurances you might have from the manufacturer or what safeguards you might have put in place. So if you intend for a particular space to remain private, don't put one of these cameras there.

> it is their fault because it is "public"

From my reading at least it didn't seem to imply that "it's the camera owner's fault", or that they should know better or that they deserve what they get, etc.


Ok. The original commenter said:

> "Many of these cameras are in private spaces"

To which the gp answered

> It's not private if it has a ip cam in it

So what? Either he meant to contradict the op (and then it's correct to push back), or this is an entirely superfluous comment given they both understand what the problem is.


A space can be considered private by the occupant, but the addition of an IP camera makes it not private.

They are not contradictory statements.


This is both completely wrong from a concrete standpoint (if I put an ip camera in your home broadcasting without your knowledge, your home doesn't become magically "a public space"- you still have a full right to privacy); and completely trivial from a literal standpoint (if everyone can see you then you are in public, hey no shit Sherlock).

Which makes me think that people proposing such view are not, in fact, trying to communicate its (obviously wrong or entirely trivial, depending on the interpretation) content; they're trying to say "hey look at me, how tech savvy I am, I'm so in it that for me an open port is, like, a window open on the village square yeah".


OK, I won't bother trying to talk further with someone who thinks in false dichotomies and cannot understand that two things can be true at the same time.

When I'm in my home, I can consider that private and have a right to privacy, and at the same time there can be a camera in there broadcasting to a million people so in no stretch of the word do I have privacy, and my home is not private, and those two truths are not dependent on whether the camera being there, or people watching the feed, is right or wrong.


> When I'm in my home, I can consider that private and have a right to privacy

Agreed

> at the same time there can be a camera in there broadcasting to a million people so in no stretch of the word do I have privacy and my home is not private

Agreed.

And this is the situation we're discussing now: people who are in a private space, whose privacy is violated by an ip camera that makes their private things accessible to the public. This is the description of the website this entire thread is about. What did you add to the conversation?


What I am doing is correcting you on your asserting that my statement was "completely wrong from a concrete standpoint"

You just said :

"> When I'm in my home, I can consider that private and have a right to privacy Agreed > at the same time there can be a camera in there broadcasting to a million people so in no stretch of the word do I have privacy and my home is not private Agreed."

So, to paraphrase, "A space can be considered private by the occupant, but the addition of an IP camera makes it not private.", right?

Those are not contradictory statements.


It’s not superfluous. It’s saying “it’s unsafe to assume any space is private.”


possibilities exist.

a] they may be exhibitionists

b] they dont realise they are misconfigured

c] someone hacked them to whatever end

d] they are doing nothing wrong thus believe they have nothing to hide.


Or they don't even know the camera is there. I've heard of landlords doing that in tenant's private spaces, including bathrooms. When caught, they like to claim they are just keeping an eye on the property, but everyone knows they are just perverts.


I think this kind of websites show you the humanity true colours, we don't usually think about that.




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: