Infuriatingly, as a non-well-connected victim of a boring (not going to be good PR) crime, I’ve found it is completely impossible to get the police to pull data for my own yard, warrant or no.
In my experience, these capabilities are only used to protect the politically connected or for oppression.
I’d be less skeptical if the program allowed any homeowner to pull any nest footage that included their property, and also allowed individuals to pull any footage that included them.
I gave the police a 4k camera video of a crime happening and they did nothing with it. This is pretty standard police laziness in the US, individual cops might care but departments overall give zero shits for small people except as revenue sources.
Data ownership issues like this in the US will never be pushed by existing political interests, hopefully we'll see more EFF-ish PACs in the future that take a page from the fascists and provide the written laws and bills they would like enacted to state and municipal governments so local representatives can edit the title block and get back to harassing their interns.
When I was younger our house was robbed and some prescription drugs stolen. Not only did we know who did it, we had text messages where they admitted it and a witness who came forward. The police refused to do anything about it, and told us that if we wanted them to do anything at all we should consider voting for a different mayor.
Because the mayor created policies that tied the police's hands? Or because they just wanted a different mayor ("vote that librul out or we ain't doing shit" type of thing)?
Probably because they just want a different mayor. Mayors and prosecutors don't have the ability to tie cops' hands. Even council and plebiscite acts to direct the police to treat certain crimes as "lowest priority" are routinely ignored. Mix in decades of copaganda and qualified immunity, and you get American cops that aren't accountable to anyone.
They didn't like the mayor because he supported a civilian audit board. This was eventually forced on the city anyways by the DoJ due to the unbelievably rampant corruption and abuse in the department.
Actually I think the police should take direction from a democratically elected mayor. The problem is that they are most often not politically accountable to anyone at all. Not sure about the particulars of your situation, but that is a very odd response.
If the police refuse to subpoena the security company, in the US you can get a civil attorney to file a "John Doe warrant" and use that lawsuit against that unknown defendant to subpoena whoever has the footage you need.
> I’d be less skeptical if the program allowed any homeowner to pull any nest footage that included their property, and also allowed individuals to pull any footage that included them.
I don't know how exactly it's in the US, but in EU security cam footage is considered to be personal information and as result of that GDPR applies. So whoever controls the security camera is the data controller and is required to e.g. provide access to people who were recorded. In this case it would likely be the home owner and unless Google was acting as data processor for the home owner they wouldn't be allowed to process that data.
As far I understand it, if the cameras are pointed towards your home the exemption applies. If there is even a partial view of the street it would not apply (like the case is with many doorbell cameras). If there was a fence and the camera did not see above the fence it would likely apply though if there is a gate on the view it might not.
OP is also raising the point that because only the police have the ability to retrieve Nest footage that pertains to them but is not owned by them, access to that data is gated by the police, who may not use that access evenly.
Coming from a small-ish area, how does this happen? Do they say "no" and then offer you the door, or how does it normally go? I assume it could be a manpower issue, if it is a city with more pressing issues, or a city without a detective unit maybe, but outright saying no is hard to justify. I can't imagine a situation that would make it normal to just say no with a straight face.
Manpower seems the most likely explanation. I have a friend who works in a bike shop. Recently, the shop was broken into and $20K+ worth of high end bikes were stolen, plus a fair amount of damage to the shop.
The next day, they found someone offering to sell the same bikes online (in the same geographical area even). They gave this info to the police, basically "hey here is someone trying to sell known stolen property" and the police told them to try and set up a meeting with the sellers themselves! Called back a week later, still had not even
assigned a detective.
$20k is not pocket change, so it does make me wonder exactly what kinds of property crimes they do investigate, if any.
I have heard that in some cases telling the insurance company that nothing is being done might get some movement, but I'm not really sure what they could do that you can't. Call the Chief of Police?
It's not a coincidence cops spend a large portion of their time busting consensual drug users and enforcing traffic laws (while armed to the teeth). That's where the money is. Helping find my stolen computer is way more difficult and provides the department with nothing of value.
This is especially true in jurisdictions where private prisons operate. Very (too) often the people who own the prisons and profit off of them have close ties to people of authority and power in local government. If you are skeptical, consider: otherwise the prison contract would have gone to someone else with closer ties or more leverage.
Corruption is rampant in the "developed" world but we just use different words for it.
I had not considered this hypothesis. I think my area may be small enough where it's not just a crime against me, but a crime against the community. For what it's worth, I hope your situation gets better. That has to be unsettling.
Police are revenue generators. It's the same in both big cities and small towns.
A town of 300 people I grew up next to, always had their one cop ticketing every car that didn't slow down from the posted 55 mph (but honestly, it was always faster) to 30 mph, or accelerated over 30 before they passed the city limits sign.
The city government loved that guy, because he brought in thousands of dollars every week.
When the NYPD threw a fit over de Blasio, they famously refused to arrest anyone unless "it was absolutely necessary". Why? The police union wanted to hurt NYC's[0] budget.[0] It's the same reason why civil forfeiture is so prevelant.
There are some towns where the police have so little headcount that they have enough "real crime" to keep their officers as busy as they want to be and so unpredictably the officers would rather bust drug traffickers and respond to violence than write tickets. These tend to be poor urban communities where the cops (very much like teachers) only work there for a short time early in their careers.
But yes, in the general case you're right that law enforcement is a revenue generator.
Why pay cops to pull people over when a camera can do it for far less and not cost the manpower? Where I live, you get an automated ticket for even 3 over the limit. The neighborhoods are actually safe to walk around because people aren’t going 50 in a 30. The cops actually wander around and talk to people, helping them instead of being seen as ticket-givers and a potential bad day.
I live in Chicago. It’s not uncommon for police to just not show up when you call in a non violent property crime. If that happens you can go to the station and fill out a report but they won’t actually do any investigating. Sometimes they’ll be honest and say this isn’t going to go anywhere, but usually you’ll just get ghosted.
Here in Boulder most property crimes are ignored by the police. They'll file a report to give to your insurance company, but they'll flat out tell you that they're not going to do anything.
I think it's a few things contributing to it. First is not having enough man power. And also a lot of stuff isn't worth the expense of investigating. A stolen laptop, phone, or bike just isn't worth the cost of detectives hunting it down. $20k of police work to get a $1000 laptop doesn't make much sense.
And yet they choose to go after people for $20 worth of weed, coke, MDMA, etc. It's not about cost, it's about police discretion when it comes to the crimes they choose to investigate or the laws they choose to enforce.
Because it’s easy to prosecute. You got the suspect dead to rights, with $20 worth of whatever on their person.
And it’s not like those cases even go to trial. I don’t have the exact data on hand, but I’d be seriously surprised if >90% of small-time drug crimes ended up with a plea deal that most of the time doesn’t even involve pleading guilty to a felony.
> Because it’s easy to prosecute. You got the suspect dead to rights, with $20 worth of whatever on their person.
Police regularly spend countless man-hours investigating people for selling $20 worth of marijuana. Those are not open and shut cases, they have to spend time building cases, use confidential informants or undercover officers to gather damning evidence that won't be thrown out in court, etc.
> I assume it could be a manpower issue, if it is a city with more pressing issues, or a city without a detective unit maybe, but outright saying no is hard to justify.
Why would they need to justify anything? They have no one to answer to. Look at groups like the Uvalde police who are internationally known fuckups at this point and they’re still just throwing other people under the bus left and right in response. The police only do their job when they feel like it and that’s usually never unless it’s writing down that they went to guard a construction site for the overtime pay.
They get more state funding, grants and incentives for focusing on things like drug crimes. Enforcement and investigation of crimes are completely at their discretion, so they choose to go after "sexier" and "fun" crimes and criminals.
Hmm, I think you're right. I was confused by the phrase "warrant or no", thinking it meant hedora had tried to get data both with and without a warrant and neither worked.
Since when does police issue warrants? A warrant is issued by a judge, unless it somehow works differently in the US. I assume police just didn't do anything with that warrant.
For this reason, I just cancelled my nest doorbell order. I will gladly share access with the police if the situation warrants it but I don't accept that Google (or any company) should be able to make that decision without my consent.
1984 was overly optimistic about people, government didn't even need to enforce putting spying devices in homes. Instead a huge chunk opted in voluntarily with doorbell cameras, Alexa, and other smart devices
There's absolutely nothing wrong with the technology, and it obviously makes peoples lives better to have it. I think the issue is that there are only a handful of vendors that happily operate like the monopolies they are and provide you with zero differentiation or choice within the market.
The government isn't particularly interested in ending this problem either, I suspect this is due to a combination of industry capture and intelligence agency interest in these products.
> There's absolutely nothing wrong with the technology
Oh, but there is. It's subservient to the manufacturer, not to you.
I'm still annoyed that no country decided to classify "selling" things where the manufacturer keeps complete control and denies you access as fraud. But just because no legal system decided it's a crime, it doesn't mean it's right.
You say there is nothing wrong, but then go on to list things that are in fact wrong.
You think the problems are a mistake or otherwise something to be "fixed" the products are working exactly as both the government and the manufacturers want them to, and it has nothing to do with "intel agencies"
Having your entire life "cloud connected" and them complaining about privacy, is like opening a window then complaining that the house is drafty.
I love home automation, not a single component of my home automation is cloud connected, if more people would accept, learn and support non-cloud systems, services and protocols everyone would be better off
No they ignore the problems with technology ( unencrypted cloud connection / data storage, or lack of zero knowledge systems ) and move the problem to political or other realms.
The problem with the technology is it allows the company, political power, or police to access the data with out user permission, that is a technological problem, belief that just passing the correct laws to resolve this technology problem defy's recorded history and logic
You have confused transport encryption with storage encryption
Google and Nest use transport encryption to ensure only the device and google can see the data, but once it stored google can see everything
Zero knowledge data Encryption would require that ONLY the owner of the device has access to the data, not google
and example of this is say BitWarden Password Manager, even though the data is stored on BitWarden Servers, No one at bitwarden as access to any users password vault, The user holds the key, and only the user can view the passwords.
> I love home automation, not a single component of my home automation is cloud connected, if more people would accept, learn and support non-cloud systems, services and protocols everyone would be better off
• better if you could please provide links to how-to starter guides on how to do this
• I share your concerns, but one obvious huge drawback to a home system that's 100% off-cloud is security camera footage: how do you prevent a violent home invasion or burglary where the first thing they do is at gunpoint force you to show them where your server is so they can disconnect/destroy it? Not having a solution could easily be a $50,000 mistake or worse. Perhaps you just live in an area where violent home invasions are not a regular occurrence. It's not just about porch pirates stealing packages, or thermostats.
>>how do you prevent a violent home invasion or burglary where the first thing they do is at gunpoint force you to show them where your server is so they can disconnect/destroy it?
I would love to see a source of this being a common tactic of thieves, home invasion in general are extremely rare as most thieves are cowards and want to attack soft targets i.e unoccupied homes. Then of the home invasions I am aware of, I know of ZERO where the "first thing they did" was force the homeowner to show them the location of the storage server.
Even if that is a "common occurrence" which I doubt, what stops a home invader from cutting off the internet before the attack? and many of these cloud connected cams are wifi, there are several very easy attack vectors to knock them offline. I think your strawman is weak and easily defeated in a number of ways
>>> better if you could please provide links to how-to starter guides on how to do this
Some of the Technology I use, or sources I visit to look for new things
I clearly said "violent home invasion", not just simple "burglary". "Violent home invasion" means both a) somebody was in the home and b) there was violence involved (whether simple assault, tying up, or (rarely) kidnapping); in some cases it was the occupant retaliating against the criminals. I never said this was a "a common tactic of [all] burglars"; I did imply that violent home invasions is a small but non-negligible subset. [2] and [6] below give examples.
Basic statistics: [1]: The US averages ~1 million burglaries/yr, 3,300/day, or one every 25.7 seconds. (Most burglars are unarmed; most properties are unoccupied when robbed; most burglaries don't involve violence; most burglaries only last <10min;
only 12% of home invasions are planned in advance; 88% of burglars may be robbing to support their drug habit; 85% are not professional burglars)).
See [2] for an up-to-date dataset of individual incidents involving recent deaths or injuries in violent home invasions, listing no. of casulaties and deaths.
See [3],[4] for aggregate US statistics from 2017-2020, citing FBI/DOJ.
Some complicating factors in crime-tracking statistics [5]:"Elusive statistics":
> "The term "home invasion" isn’t standardized across jurisdictions, or universally defined; or necessarily used in crime-tracking data. Some jurisdictions use it and some don’t, but there is no universal definition or dataset. What would be called a home invasion is often reclassified as the eventual crime committed by the suspect — a robbery, a physical attack or so forth."
According to [4]
> 7. Only 7% of home burglaries involve violence.
> A State of the USA report found that 7% of these (on average) resort to violence on a yearly basis; though, only a few (12%) burglars had used a firearm. The most common type of violence present in burglaries is a simple assault, with 36% of cases resulting in only minor injuries and psychological trauma.
I see little point in arguing about how "rare" or "common" this is; personally I know people this happened to.
You could argue that when we subtract cases where the occupants shot the burglars, and exclude that some of the fatalities are homes of drug dealers or people who are known to carry large amounts of cash, that the overall number of injuries law-abiding-occupant home invadees who were threatened, injured or killed is "comparatively low".
For example, [6] reporting from ABC7 on a recent string of violent home invasions in South San Jose, CA; this sort of thing is admittedly rare:
- *"5/31/2022 home invasion in the 600 block of N Capitol Ave: 5-6 suspects bound an elderly couple with belts, brandished a handgun, assaulted the victims and stole valuables.*
- *The suspects, using a stolen vehicle, [then] committed a second home invasion in the 1000 block of Summerdale Dr, where they held a male victim and his 15-month-old child at gunpoint... threatened to shoot the child and kidnapped the victim, forcing him to go to his bank to withdraw money. The suspects also stole various valuables from the home."*
> what stops a home invader from cutting off the internet before the attack?
Nothing (other than speed, preparedness and competence; home invasion crews do not in general act like Ghost Recon). But that's missing the point; the truncated footage will still show when and how the home invasion happened, the number of criminals, their general description, may also show vehicles or weapons.
None of us are interested in debating strawmen; please just tell us your suggested best-practices in home security for self-hosted/non-cloud solutions.
This is not limited to Alexa or seemingly unnecessary tech gadgets.
This includes ALL your data. Gmail, Google, Android.
So unless you're opting for iOs (provided they're not doing the same as Google here) and not using Gmail or Google you're still falling under "Surveilled by the gov via tech company who serves their interests and not yours, even if you pay money for their services".
How accessible is that to your grandmother? Can you walk her through the process? (Are you willing to, given that now you'll be called if anything goes wrong?)
What I was trying to imply is that privacy should be for everyone, not just those who are technically capable enough to install an alternative OS on their phone.
This is why Apple is going to continue to crush it. They can build a subpar equivalent to google services and a large portion of the tech world will adopt it for its privacy benefits. The 'tech world' is a large influencer to the general public, leading to further penetration.
It's a great strategy as Google makes 80%+ of it's revenue from Ads, and their ad model does not work well with a privacy first mindset.
Apple designs with privacy in mind. Google designs with invasiveness.
I find that hard to believe when so many of their devices' functionality depends on you sending data over to them. Unless you go out of your way to make sure you're blocking all your devices from phoning home or sending any data over to Apple, then any supposed privacy benefit becomes a lie.
Either you're the only owner of your data or your data is not, by definition, private to you.
I think this dogmatic take is pretty useless. For the vast majority of people icloud is a QoL increase that is worth not “owning” our data. All Apple does with our data is keep it safe (CSAM not included), but I would love to be proven wrong.
I don't think using the correct terms to avoid ambiguity is "dogma". It would be "pedantic" except the concern regards pretty much the essence of the issue, so that doesn't apply either.
I think your being pedantic. Dogma is fine usage. They argued that Apple isn’t a privacy-focused company because they store our data on their servers, while the bar for companies to protect our data is so low it’s a tripping hazard.
I think the larger problem is that Apple treats privacy as a double standard. They assist China's government in mass-surveillance of their citizens, while simultaneously airing "Privacy is a human right" ads in the United States. Once you factor in the horrific irony of Uighur slave labor building iPhones, I think it's pretty easy to understand how people can call their efforts 'security theater'.
> Abstract — We investigate what data iOS on an iPhone shares with Apple and what data Google Android on a Pixel phone shares with Google. We find that even when minimally configured and the handset is idle both iOS and Google Android share data with Apple/Google on average every 4.5 mins. The phone IMEI, hardware serial number, SIM serial number and IMSI, handset phone number etc are shared with Apple and Google. Both iOS and Google Android transmit telemetry, despite the user explicitly opting out of this. When a SIM is inserted both iOS and Google Android send details to Apple/Google. iOS sends the MAC addresses of nearby devices, e.g. other handsets and the home gateway, to Apple together with their GPS location. Users have no opt out from this and currently there are few, if any, realistic options for preventing this data sharing.
Apple is the only one of the "big tech" to actually operate a datacenter in China, whose contents are entirely subjected to the whims of the regime.
I'm afraid your conviction in Apple is the product of a well-crafted fantasy by their marketing department, instead of based on some deep rooted philosophical belief regarding the rights and privacy of their users.
The ad revenue is mostly on App Store searches, where the intent is provided during the request.
That Ads devision can operate in a privacy first mindset while still seeing huge growth YoY. Where-as if Google operated in a don't be evil/privacy first mindset, they'd loose substantial revenue and likely no longer be profitable.
Apple would "crush it" if they would combine their privacy focus with a commitment to individual ownership instead of Apple Ownership of the product they "sell"
i.e Right to repair, Side Load Apps, no draconian app store policy, etc etc etc
Embrace both privacy and user freedom. that would be great
Google's ToS is 16 pages with what appears to be about 50+ hyperlinks, including several hyperlinks to "additional service-specific terms" which itself has ~50 links to other terms which are all multiple pages.
Perhaps instead of pinning all of the blame on users, we could have the companies producing labyrinthian ToS contracts written by top-grade lawyers and full of legalese (that no layperson should be expected to understand) shoulder at least some of the blame?
This doesn't even touch on the fact that many topics (as related to data aggregation and privacy) are highly technical and require at least a few years of post-secondary to even begin wrapping your head around (e.g. de-anonymization via large sparse datasets is not something I can reasonably teach my 85-year old parent, nor to my child, both of which use Google services in some capacity).
But, yes... Let's blame it on Average Joe, who just wants to watch their dog for a few minutes while at work and saw an ad on TV about a convenient way to do so. Shame on them for not being both a lawyer and a CS graduate.
I don’t understand why aren’t there any standard terms of service which are generally applicable and companies can make minor adjustments to them if they can justify it
More like "If you're not part of the solution, there's money to be made in prolonging the problem." (I don't know who said it, but I'm paraphrasing from something I've seen on a demotivational poster re: consulting)
A solution to this is for courts to limit what is applicable in a ToS to a certain number of words, and have overly broad statements always favor the entity who has to agree.
This, in effect, nullifies all but the most important components of a Tos.
Due diligence is expected among a mature population. But you're right it's not entirely on individuals. There should be ways to disseminate information about the threats these products pose to personal liberty, especially in a nation that uses the word "liberty" so freely in its foundational documents.
>Due diligence is expected among a mature population.
I wholly agree.
But we're quickly approaching (and in some cases, past) the point where proper due diligence requires a 4-year post-secondary education in a related CS field, if not more.
We're talking about products that take multiple domain experts several years of collaboration to create. How is it reasonable to expect my mechanic, accountant, etc. to do their due diligence on how that product processes their data, especially when it's processed in a black-box created by several other domain experts, and their only source of information is purposefully opaque terms written by lawyers?
> proper due diligence requires a 4-year post-secondary education
I don't think that's the case here or indeed very commonly. You don't necessarily have to understand implementation details if some core tenet of popular ethics is being violated. One key feature of the domain -- namely that you don't own "your data" and so you don't get to decide what happens with it -- is pretty clearly in violation of principles that the vast majority of Westerners would at least profess to hold. Beyond the motivating principle that third parties should be required to receive explicit whitelist access to use privately-owned data, "implementation details" refers mostly to policy and enforcement, not really technologies.
Eh, it's exactly what you expect from America though. Ie the embodiment of short term thinking. Economy, environment, politics, etc - not that America is entirely unique here, just that the population seems to embrace this as a foundation in my experience.
Privacy to tech like this is very hypothetical till it happens, and it'll rarely happen. If it's not in our faces we won't vote against it.
>Eh, it's exactly what you expect from America though. Ie the embodiment of short term thinking.
I think this is the entirely wrong framing. My other comment covers some of it, but specifically in regards to your comment: it's a lack of education, not the embodiment of short-term thinking.
And really, we can't expect every person that uses Google (or whatever other large tech company) to thoroughly understand all of the bits and pieces of technology that could be used to fuck them. Or how things that we've been told are anonymous/private become non-anonymous/non-private when combined with other sparse data. These are complex topics that even many technologists don't understand (or are outside of their field of expertise).
These companies hire top lawyers to write complex ToS, use as many dark-patterns as legally possible, do illegal things until they get caught doing so, evolve their terms frequently, etc. Yet somehow they've convinced everyone to blame the layperson. It's remarkable, really.
What would be really swell is if we could, you know, not have companies spend millions of dollars on how-to-fuck-your-user initiatives.
But we can't live in a world where the responsibility isn't on the individual, can we?
Ie if we expect corporations to not fuck you over, who is there to enforce that? Who has the power to keep them in check? Okay, maybe Government should hold that role - but who then keeps the government in check? Who ensures that the spying or privacy from the Government is kept in check? etc
Ultimately the buck always stops at the individual. And we have to be hyper aware of long term implications, because money, greed and power has deep, deep pockets (as you also mentioned) and the fight will be never ending.
We, as a community, have de-propritized education, health care, public safety, privacy, etc. Sure, powerful forces have been pushing for that exact thing, but we can't expect them to "just be nice" or w/e.
I'm very pro "Big Government". However my ideas behind big government will not work without individual responsibility. Until then citizens are purposefully and willfully giving their power away with every tiny step. The blame is on us, and our current state is inevitable. My 2c.
My last sentence was more wishful thinking than a proposed solution. I am obviously aware the world isn't as utopic as the sentence would require.
The main point I wanted to get across is that it's baffling that companies aren't blamed in these conversations. It's always the user who is blamed ("well you read the ToS didn't you!"). And that's dumb, because the vast majority of users aren't lawyers and don't have CS degrees -- both of which are becoming increasingly required to provide informed consent to a ToS. (edit: in every other contract I sign, a lack of informed consent is grounds to void the contract, exception being tech-company ToS contracts)
If you still want to blame my 85-year old parent for not understanding what Google is doing with his data, go for it, I guess. Just seems stupid to do so, because he barely can open up a web browser but is somehow expected to understand the complexities of data aggregation and what impact it will have on him. And as time marches on, it's equally ridiculous to suggest that he just never use a computer to avoid the issue.
>And we have to be hyper aware of long term implications,
Without post-secondary education in niche fields, this is becoming impossible. Especially across multiple services with changing terms, in countries with changing laws, in a world where technology evolution outpaces curriculum changes.
> Without post-secondary education in niche fields, this is becoming impossible. Especially across multiple services with changing terms, in countries with changing laws, in a world where technology evolution outpaces curriculum changes.
I agree, but again i go back to, "but how else can it work"?
Of course i don't expect everyone to be knowledgeable on all low level systems. However, to the point of your 85 year old grandma, she is a tiny demographic in a much larger, much more reasonably informed demographic who also completely ignore the implications.
Name a demographic that isn't wildly ignorant of things that are reasonable to know?
But again, i repeatedly fallback to "But who else can do this?". This is why i'm pro Government, but not until people start pushing for responsibility on this front. It may not be reasonable for your grandma to be responsible for Google Data stuff, but she _(and the rest of us)_ have sat around for dozens of years watching authority figures have little to no accountability or oversight.
The issue isn't about Google. The issue is about us, and our inability to build a government and authority system that is in-line with our views. We hand our power over with no thought or oversight and then we're shocked when it all comes back against us. This has nothing to do with Google or CS, imo.
My argument is that the "reasonably informed demographic" is incredibly small. I can only say the same thing so many times, though, so I'm not sure how to explain it in a different way.
To restate my example, even very smart CS graduates may not realize that anonymized data joined with other anonymized data can result in de-anonymized data, because the linking and de-anonymization of sparse datasets is a niche subfield that has only recently begun being explored.
Many people may think they are reasonably informed (they look into the ToS, see that data is anonymized, and decide that they are okay with that) without knowing that the data may later by de-anonymized through advanced statistical analysis they've never been exposed to in all their schooling. So while they thought they were informed, they weren't. This repeats across several domains.
>But again, i repeatedly fallback to "But who else can do this?".
Why is that when a problem is identified, people demand a solution be provided at the same time? I don't have a solution, sorry. But that shouldn't preclude me from identifying a problem.
I honestly did not expect saying basically "Let's put some of the blame on Google, because they're the ones with the dark patterns and lawyers and experts, rather than solely blaming the layperson" would be met with much pushback.
> My argument is that the "reasonably informed demographic" is incredibly small. I can only say the same thing so many times, though, so I'm not sure how to explain it in a different way.
I think we're in agreement here. To be clear, i'm mostly talking about intent, an attempt to stay informed and a willingness to act - to push for centralized leadership who is informed.
Ie as i said before, your grandma is not expected to know this. She is expected to fight for a government that will be, and that will also be able to be held accountable.
We have neither the oversight on government current, nor the willingness to act. Your grandma built the same world we are building today. One of inaction and obfuscation.
If society cannot be informed and active on what is essential to build that world (whatever that may be), then we are doomed. Currently, the population at large is not. At least, not from what i can see in action.
I agree, but again i go back to, "but how else can it work"?...
Name a demographic that isn't wildly ignorant of things that are reasonable to know?
Who defines "reasonable"?
When you get delayed on a flight due to a maintenance issue, are you equipped to determine if that delay was reasonable? Most likely not, although many mechanically inclined people may be in a position to make that call. Those same people may not be in a position to arbiter the reasonableness of Google's ToS (side-stepping the whole obfuscation of details that was previously covered).
When society gets reasonably complex, we out-source those decisions. In the example of the aircraft, we have a regulatory body who makes the rules about what is reasonable. It wasn't always like that, of course, but the need grew out of the growing complexity and risk profile. So to your question and an earlier point, there may be room for regulatory bodies as an alternative for "how else can it work?".
Reasonable is defined by what it takes to outsource.
If you cannot determine factors by which outsourcing is successful or not, by which it is accountable or not, democracy fails, and you can no longer outsource it.
Agreed, and we do nothing to fight that. We're all complacent with it. Hell, not only did we not fight it, ie we didn't push for government control and oversight, but we signed up. We let them in and laid out welcome platters.
This isn't about being informed on obscure topics. As i said this has nothing to do with Google. It's about our willingness to fight for a government that can handle this, and fight to control said government.
This is absolutely by design and part of a larger pattern of propaganda that keeps Americans scared of the government and in love with the idea of becoming billionaire CEOs themselves because it's "moral". That holy "free market" has rewarded those rich people for being some damn smart and efficient--they deserve it, not the damn communist free loader leftists who hate America.
That's an odd take, I honestly don't find anything about this article, or the broader topic of privacy and overreach by companies and law enforcement, amusing in any way.
Fahrenheit 451 has a part where they get the entire city to go to their doors to try and spot a fugitive, this action is coordinated by the radios that everyone wears.
With these cameras and recognition algorithms, you don't even need people to go to the doors. Just pull the feeds.
I think Larry Brin's "The Transparent Society" is the best read on the topic. Not predictive of all outcomes, but many aspects of modern surveillance he did see coming.
This is confused. The Transparent Society is by David Brin[0]. Two of the founders of Google are Larry Page and Sergey Brin. The confusion is understandable given the name collision.
TikTok could be a spyware (lol) that requires your SSN and people would STILL download it and defend it just because it brings them mindless 10 second videos. I remember reading 1984 as a kid and thought it was so far fetched, that nobody would willingly let society get to that point... but it just only made more sense as I got older... people really just don't care...
For me, the difference is that the phone (with voice assist turned OFF) is not supposed to be listening all the time, while a device like Alexa is supposed to be listening. I don't want devices listening so I turn that feature off when I can and avoid the device when I can't.
Is the phone listening anyway? Maybe, but that violates a privacy expectation, and there may be recourse if someone discovers it's doing that.
I work on Alexa and for whatever it’s worth, I can confirm that Amazon is telling the truth about how Alexa listens and about what is done with your data.
This is all publicly available info, and perhaps there’s no reason why you should trust me any more than you trust Amazon as a company, but as one privacy-conscious engineer to another, I promise that your ambient conversations are not being stored or sent to Amazon and that any data you delete in the app (either by specifying an auto-delete period or manually deleting it) is actually, really, truly deleted.
A process running locally on your Alexa device listens for the “wake word”.[0] This audio is only processed locally within a constantly-overwritten memory buffer, it is neither stored nor transmitted. Only once the wake word is detected does Alexa begin to transmit an utterance to the cloud for processing. I’ve worked with the device stack and it really isn’t transmitting your ambient conversations.
Within the Alexa app[1], you can see and hear all of your stored data and can delete any of it. You can also control the duration after which it is auto-deleted. From working with ASR datasets, I can confirm that deleted audio (and the associated text transcript) is really deleted, not just hidden from your view.
I never owned an Alexa or other smart home device before I worked on it, and I’m not sure I’d buy another company’s device where I lack the same ability to “trust but verify”, so I’m not sure how much weight my word should carry. But I can give my word that Alexa is not transmitting your ambient conversations or just setting “deleted=true” in a database when you tell it to delete your data.
I definitely understand your point, but I think the greater issue is why should this have to serve as a rationalization in the first place? Why can't we expect our phones to serve us rather than the other way around?
Now if only you could get your neighbors to quit too. The ones that have it are all still recording you. You really only need one or two per block to monitor everyone on the street. ML should easily be able to work out "Silver Corolla with license plate ABC123 left 1200 Sunnyside St at 4:32pm and headed East." Then another one 3 blocks away can report the same car turning North on 127th, and then another can report...
So you're saying it will only be a few more years then? Look at where cellphone cameras were 20 years ago, and where they are today. The present inadequacy of hardware doesn't give me any comfort.
Here in the north east metro areas, the toll plazas are everywhere and cash lanes are scant and backed-up. It is almost impossible to be without an electronic tag. Between my home in Princeton NJ and my office in Manhattan, there are probably 3 or 4 toll collections in each direction, depending on the route.
NYC was trying to do congestion pricing, in which case it would be pervasive.
Who needs the hassle and appropriations process when you can just send a friendly email to the country's biggest data broker and they'll give you whatever you want?
To be fair, though, there's a flip side. My neighbors seem to get more utility from my driveway feed than I do. Every couple of months, I get a text from a neighbor asking if I got footage of some such thing. Everybody knows who has cameras, and those people are invaluable whenever something nefarious happens (mail theft, break in, kids running amok, etc).
Note that this is already in-line with their policy, you've already agreed to hand over your data and allowed them to share it, so I don't understand why this single article suddenly changed your mind.
> To me, a Nest or Ring is pointed at a basically public space. So what if the cops can look at the feed?
Perpetual and pervasive surveillance completely changes the human expectation of public spaces.
For most of human history, even the most public of spaces was effectively mostly private most of the time. A few decades back you could be in, say, Times Square between thousands of people and yet your actions and presence was completely private. Because unless you did something particularly attention-grabbing, nobody would notice or much less remember. Even if you did do something that people took notice, few of them would really remember you individually a day later (let alone years later). If the cops wanted to interview people about your presence they'd have to find those few that noticed and remembered you, nearly impossible. Thus even public spaces were for most practical purposes private space, and that is the expectation human minds has.
You might say even decades back they could assign people to watch you. And they did. But only for select people so there had to be some cause and selectivity (sometimes unjust, but still). It was literally impossible to watch everyone everywhere all the time.
That's what changes now. It is possible to track everyone everywhere all the time. And not just at the moment, but recorded for posterity for future ML queries.
There's a video of a panel with Moxie Marlinspike who says something along the lines that there is value in being able to break the law. It's how society evolves. Complete surveillance means no broken laws, means a relatively static society.
This was also mentioned as a theme in passing in a sci-fi book I read. One of the trends across civilisations was that some would become total surveillance states, and they always failed because they stopped progressing at that point.
99% of what I do in public should be immediately forgotten or only available by interviewing the specific people that were there, while they still remember. It shouldn't be possible to passively profile me and everyone else by putting cameras all over.
If it's so hypothetical and highly unlikely, then we've nothing to concern ourselves with over the fact that Google will comply with attempts to rescue these hypothetical and highly unlikely endangered people. After all, if it basically never happens, Google will basically never grant the extrajudicial request.
The short answer is "yes," but I would be in favor of it being added. Of course, it's not going to secure your data if somebody that isn't you is the one under threat of imminent harm or death and Google believes the data you are holding could save their life.
I rented a house 2 years ago and it had some cloud trash with camera and mic in it. I said I will move out unless they remove it. They simply removed it as it was there only to appease prospective tenants.
and from my understanding of the ECPA, opened email on a third party server is legally considered abandoned property and enjoys all the protection that a smashed washing machine next to the highway receives. After 180 days all bets are off, regardless of the message being previously read or not.
This just seems extreme to me, considering how you've likely never been in this scenario and will in all likelihood not ever be in a scenario where you wouldn't give the police this information but Google would (e.g. your own home being robbed or a masked stranger ringing your doorbell).
Sometimes I think people covet privacy for its own sake, and don't think about the practicalities. The whole point of living in a collective society is that we give up some freedoms for the sake of overall increased prosperity, that's always been the tradeoff, and this is just one of those tradeoffs.
We already have that tradeoff. It’s called a warrant. If the police get one, you are forced to give them access to your otherwise-private affects.
This is a step beyond that. Warrants are granted at the discretion of a judge, the bar is high, the scope is narrow and you (theoretically) have recourse if it’s abused. Here, the discretion is Google’s, the bar is nonexistent, the scope is unlimited and you have zero recourse if you think you’ve been wronged.
This wouldn’t be an issue if people trusted Google or the police. But they don’t, and it’s pretty easy to imagine ways in which this could be abused to harm people.
Let’s say you live in Texas and get abortion pills in the mail. If the police have a warrant to search your house for something unrelated, they (theoretically) can’t see the pills and decide to charge you with an unlawful abortion (unless they were “in plain view”, etc). But if Google gives police access to footage of your house extrajudicially, police can use anything they see as evidence against you. And make no mistake — things like that will happen as a result of this policy.
I think you're taking this way further than anyone actually involved would. IF what you're saying ever did even come close to occurring, we both know Google would shut it down quickly. Not just because it's horrible, but because it's also bad for business, and they've shown a propensity to protect data when it would be used as you hypothesize here.
Google is smart enough to know that "snitching" on its users is bad for business.
Think "track a burglar as he moves through a neighborhood" not "snoop (illegally) on the contents of people's mail".
"I think you're taking this way further than anyone actually involved would"
Just because you currently seem to have a "failure of imagination" does not mean that law enforcement, corrupt/facist/dystopian government officials or even unscrupulous employees within the tech sector itself will not absure their observational powers now or in the future.
Or maybe you just haven't been paying attention to the news for the last "n" decades.
> Think "track a burglar as he moves through a neighborhood" not "snoop (illegally) on the contents of people's mail".
It’s not illegal, though. Google is (presumably) fully legally in the clear to just hand over footage to police. That means that, if Google decides to hand over your footage to the police, anything on tape can be used as evidence against you. And Nest offers indoor security cameras, so your entire house could be fair game.
> Google is smart enough to know that "snitching" on its users is bad for business.
Is it bad for business? That’s not clear. Your whole argument is that this is fine so long as you think the likelihood of abuse is low. My guess is that it actually won’t hurt Google’s business at all, even as we start to discover police misusing this.
“It only happens to a handful of people! And anyway, they were [doing drugs/stealing/etc], so they deserved it. It’ll never happen to me!”
It's illegal to go through someone else's mail, and that was the hypothetical you proposed.
My argument is not that it's fine as long as the likelihood for abuse is low, my argument is that it's fine as long as there hasn't been any actual abuse. When something does happen, we can respond to it.
Until then, it's not reasonable to go through a bunch of worst-case scenarios.
My hypothetical is that if your mail is in the footage Google turns over to the police sans warrant, they can use it as evidence against you. That’s not “going through someone else’s mail”.
All I’ll say is that I’d prefer to stop the thing that will very clearly harm someone before that actually happens, not pretend we haven’t seen a million times before what happens when you give police more power.
And I'm grateful people like you aren't actually able to implement pre-crime divisions!
It sounds arrogant, to me, to be so sure you know what the outcome will be of a given situation, considering all of the necessary ingredients for that outcome have existed for some time and what you claim is "inevitable" has still not happened.
I think we’ve reached an impasse. I’d just like to point out that advocating that companies not give police access to our private lives except when forced to by a warrant is basically the exact opposite of “pre-crime”.
It fits the very definition of a pre-crime because you don't have a problem with how they're currently using that information (sparsely to catch criminals), only with how they might, in the future, use that information.
In the vein of principals, yes, privacy for its own sake is valuable to me.
In the vein of practicalities, both Google and the justice system (USA for me) are monstrously large bureaucracies known to make difficult-to-redress errors. Google's capricious account banning, police raiding incorrect addresses, eg. The decision to share with them more information than the law requires is one I'd prefer to make myself.
>bureaucracies known to make difficult-to-redress errors
Or just plain out refusing to fix errors where they would be relatively easy to fix; compare Scalia's "it's fine to fry a provably innocent person as long as the procedures are followed" argument.
And I think this view is irrational. Privacy for its own sake is effectively hoarding, and as you clearly show, hoarding can be caused by fear, which you have for Google and the justice system.
A numerate person would know how rare these things you're afraid of are, and not let those fears drive how they live. I (hopefully) follow that path, and I recommend you check it out!
I read what you wrote in the same way I suspect you would read someone who is afraid of space because meteors have killed people (as a rough example).
It just doesn't seem like the rates at which the things you're worried about are happening in a volume that would actually matter to a society.
What was the discussion I remember seeing long ago, about two kinds of surveillance-in-society?:
Kinda-good, 1, so and so can just go check the camera that points at the central plaza fountain that anyone can access, and sees that his spouse has arrived and is waiting for him as agreed.
or Bad, 2, cameras all over that everyone has no idea who controls, watches, and/or is recording
'prosperous society' ~= convenience, less human hours wasted on boring stuff. The convenience of a video doorbell and connected home sure seem worth it to me.
Agree to disagree. Systems that frustrate the accumulation and concentration of power seem to be integral to a functional society, nevermind a prosperous one, historically speaking.
“Convenience, less human hours wasted on boring stuff” is fine as an individual consumer mindset, but does not form sufficient criteria for evaluating complex social systems.
I'm not saying they are, just that consumers are giving up privacy for some sort of return. It's not required, as there are E2E HomeKit alternatives, but it's inaccurate that 'all you do is give up privacy'.
That attitude is the start of a slippery slope. If the end always justifies the means then none of your freedoms will be protected if someone else decides it's more convenient for you to not have them. This is the major problem with the big government authoritarianism that has infected the republican party.
Slippery slope arguments are a fallacy. If something bad happens, or is proposed, we can address it when the bad thing happens or is proposed. Nothing actually bad is happening or is proposed here.
As noted above, the trade-off our society has chosen to make is search warrants. Otherwise, it might as well be "for the police to peruse at their leisure". Is Google going to rigorously vet every "emergency" request for data the police make?
> “If we reasonably believe that we can prevent someone from dying or from suffering serious physical harm, we may provide information to a government agency — for example, in the case of bomb threats, school shootings, kidnappings, suicide prevention, and missing person cases,” reads Google’s TOS page on government requests for user information. “We still consider these requests in light of applicable laws and our policies.”
So this is just an article pointing out something in the TOS.
National security requests are common for any big company[0-2] since they'd rather play ball today, under their own terms, than resist and trigger new legislation that forces them to hand over information in any warrantless circumstance.
Maybe this would just make me a bad service admin, but if I believed that I would be literally saving someone's life by sharing data from one of my users with law enforcement, I would be hard pressed to hold their privacy above another's life.
Exactly what it takes to be reasonably convinced that I would be saving someone's life is of course not a simple question, but in at least some situations it seems like it would be worth the tradeoff.
One that I've run into several times is suicide. Most of the time, the person isn't in immediate danger. I've been around when people were.
I'm not going to go into any detail for people's privacy, but it took over an hour to figure out who a regular member of a community was in real life and then get emergency services in another country to them. Got independent confirmation they got dragged to a hospital in time. They weren't exactly grateful afterwards, but they stayed in the community and didn't repeat the attempt.
Faked requests for situations like this are routinely and frequently used for harassment/attempted murder in gaming. Unless this is solvable, this is rather problematic and dangerous.
Maybe I should have clarified, I don’t act on the vast majority of things in this manner, especially when I don’t know the person or the circumstances. Unless I have some method of confirmation, escalating to emergency services is not happening. Even then, it’s last resort for precisely this reason.
I think you're probably right in your analysis of their thought process, but I'd almost rather they force legislation's hand. Then there's a chance to hold elected officials accountable if they pass it, and there's a chance (IANAL) for a Supreme Court to throw it out as violation of the 4th amendment to the US Constitution.
Even in the worst case (law passes, court upholds, and people re-elect the politicians) at least we have a definition somewhere on what is and what isn't ok. Today where it's ambiguous and "Company X may or may not" leaves a person to wonder.
I suspect because Google and Amazon want to use the data from the video feeds for their own purposes. I think using it for CV modeling and advertising can make them more money than not using it.
Also, they can charge police for these data.
I won’t buy their products because of their decision to monetize over privacy. What I find interesting is that their products aren’t cheaper than other privacy preserving products from Wyze and Apple so this extra revenue is pure profit or gravy. This isn’t some essential need of their business model, they just don’t respect user privacy enough to avoid this extra revenue.
It’s probably because it’s somewhat more complex to implement encrypted end of end video and storage, with a slightly more complex user experience. So they cut corners, knowing most people don’t care about encryption.
Complexity is not an issue.
It a very basic thing to do in these days.
UX might be a bigger issue, as it is harder to view this data in any device and still keep keys unaccessible by Google. But still not too hard. People use Whatsapp web in daily basis.
Main problem is the ML use for video feed to trigger some stuff etc.
Has Wyze ever provided privacy guarantees on their cloud service? Their privacy policy says they will gladly share data.
> In response to a request for information if we believe disclosure is in accordance with, or required by, any applicable law or legal process, including lawful requests by public authorities to meet national security or law enforcement requirements;
IANAL but that sure sounds to me like they will provide data in cases where they aren't legally required to (as in a warrant) as long as they believe it's "in accordance with" the law. Which could mean almost anything other than a clearly illegal request.
I like Wyze and think they are acting in good faith, but I wouldn't assume they would say no to a request from government/police. They may offer local recording and RTSP, but AFAIK they are still cloud connected unless you otherwise block them or use alternate firmware and hence not private.
Probably because of the ML processing (event recognition), which is the only good reason to subscribe to Nest/Google home in the first place. Otherwise, you just have streams of video without much context. If the analysis could be done on device, then that would be a different story.
Unfortunately, either Ring or Nest is required in my neighborhood given our property crime issues.
>> either Ring or Nest is required in my neighborhood given our property crime issues
What do you do with that footage? I have a full resolution video of a dude stealing $300 worth of crabbing equipment from my porch. What’s next? Police is not going to do anything about it even though there’s probably technically a way to track him down.
The footage isn't that useful. Instead, I use it for real time intevention ("Hey! Get away from my car!") or just awareness that something is going on.
How do you expect Ring to provide live notifications that are processed server side if you enable e2e encryption? If Ring.com can decrypt the data, they can always share the feed with 3rd parties.
It's a sensible design choice given the current constraints of the hardware.
They don’t. As you note, it wouldn’t make any sense for them to do so.
It’s one of those perverse things that they are some of the few companies that actually don’t sell user data, and yet they’re the ones that are most frequently accused of it.
I don’t think it helps us in keeping big tech companies to account when we spread false information about them.
Because Apple's HomeKit stuff is significantly inferior. HN privacy nattering aside, consumers clearly want cloud-accessible home surveillance. It's what they pay for. And if you can get to it from that website using only your Amazon or Google account, so can Amazon or Google.
I have a hub (multiple actually thanks to a few HomePods and Apple TV's) for HomeKit. I can control all of my HomeKit devices remotely and I can view any video remotely.
Yet it is still end to end encrypted because the processing happens locally on device (on the hub) instead of on a cloud server.
I have the ability to detect people, animals, vehicles, and packages and set recording settings based on that. In addition to if I am home or not based on the existing detection round that built into HomeKit.
This narrative around Apple's products missing major features is no longer true and has not been for a while.
Nothing in the process requires a token/authentication/blessing be done from a pre-existing hub machine that would have to control the encryption. Apple can remotely grant your device HomeKit cloud video based on nothing more than your ability to attest ownership of your new device.
And if they can do that, they can certainly recover the video internally for anyone who wants it. They just choose not to, and you believe them (where you clearly don't for Amazon).
You can't view the video from the web but you can from the Home app on Mac, iPhone, or iPad.
Technically yeah you need to leave the Apple TV running (or a HomePod) but it just stays in standby mode anyways. But I don't know 100% how that works power wise.
When I look in my Home app at the hubs, I see all of my HomePods and Apple TV's there. The living room Apple TV is marked as "Connected" and the others "Standby". Assuming that means the Apple TV is the one processing things, it does not appear that the Apple TV is doing a ton. The light isn't on and it isn't generating really any heat.
To my knowledge Android can't use HomeKit but maybe there are third party ways to use HomeKit with an Apple hub. But I would be surprised if those third party ways could access the secure video. But I honestly don't know.
I have never used the package or the vehicle recognition.
But it seems to work decent enough. However the face recognition works off of the faces you have categorized in photos. So actually recognizing specific people will only be as good as that database is. I assume in the backend it is largely the same tech so you can get an idea of how well it will work based on that.
I can't compare it to other offerings since I have never used them, but it does what I need it to do.
I have had issues with false positives, but I also am using a not great quality camera with it so it is limited with that. I plan on getting a better camera but just have not had a need for it yet.
You can still store the data on the cloud and access it anywhere. I think the only features that probably need to be limited are video-analysis features such as who is at your door and what is moving across the lawn.
HomeKit secure video stores an encrypted video in your iCloud account so you can access it from anywhere. It does require a paid subscription and a hub (HomePod, Apple TV, or iPad) where the hub does the video analysis on device.
I was actually curious about this. I didn't realize that HomeKit-compatible doorbells existed. The product page for the Logitech Circle View Wired Doorbell (the least expensive listed on apple.com) notes "Receive rich notifications with two-way audio across all your Apple devices whenever a person or package is at the door." So maybe access via PC/web is what's missing?
Knowing the car your neighbor(s) drive and what times they come and go are very valuable marketing tools, to someone. Just like knowing what they search for and the content of their emails tells them other things about you, and your neighbor who didn't sign up for this service.
I'd find this much more acceptable if the system told people when their data was provided to police without a warrant. There's less potential for abuse if they're transparent about it.
Then you might want to read the linked article and not the headline, because CNET asked that question and... got an affirmative response, that Google will try to notify users whose data has been shared.
Really almost all the top comments on this topic are people overreacting to the headline without realizing that the circumstances involved are emergencies and not just routine LE requests. Clickbait has ruined everything.
> the circumstances involved are emergencies and not just routine LE requests.
Fine, every routine LE request is now an emergency. Because one thing US LEOs are known for is their reserve in only requesting just the absolute minimum to do an investigation.
Consider the circumstances. The context in which this data is shared is imminent danger to life. That includes kidnapping.
If Google had a magic system for getting information to a kidnapping victim reliably, they wouldn't need to share user's private data with law enforcement, they could just share the information on where to reach the kidnap victim.
What this will predominantly be used for is abusive partners, who also happen to be law enforcement officers (police) to terrorise their victims, or, more generally, abuse of powers by LE.
Here in Australia the police already have 30% more domestic violence charges than the average, and have been caught way too many times abusing their powers as LE.
A subpoena is based on merely somebody's claim that there's reasonable suspicion of a crime. All this policy by Google does is shift the set of people who are making the decision of what "reasonable suspicion" looks like; one's reaction to that depends on one's relative threat models of judges (and time delay of interacting with judges) vs. Google employees.
FWIW, anyone still doing business with Google probably has a relatively high trust of Google, so that comparison is probably closer to equivalent than many might imagine for Google's users.
They will try but can be legally prohibited from notifying you. A server you control and have the keys to can be compelled by the police, but not without your knowledge.
Every supposed attempt to protect you is really just an attempt to justify an inherently unethical business model because it is profitable.
"A robot may not injure a human being or, through inaction, allow a human being to come to harm."
“A provider like Google may disclose information to law enforcement without a subpoena or a warrant ‘if the provider, in good faith, believes that an emergency involving danger of death or serious physical injury to any person requires disclosure without delay of communications relating to the emergency,'”
s/provider like Google/robot/
s/may disclose.*if the provider/may act to protect any person if the robot/
s/requires disclosure without delay of communications/requires action/
“A robot may act to protect any person if the robot believes that an emergency involving danger of death or serious physical injury to any person requires action without delay of communications relating to the emergency,'”
It's funny how things like this surprise people, as if the legal system is a trustworthy blob on their architecture graph. One fundamental thing about it is that it's made up of different people and a huge amount of people, all with differing levels of competence (so not only is it untrustworthy, but it can't even consistently do whatever its goals are) as opposed to having any coherent goal or ideology.
> “If we reasonably believe that we can prevent someone from dying or from suffering serious physical harm, we may provide information to a government agency — for example, in the case of bomb threats, school shootings, kidnappings, suicide prevention, and missing person cases,” reads Google’s TOS page on government requests for user information. “We still consider these requests in light of applicable laws and our policies.”
Another article pointed out that most other cloud based offerings will still provide it if there is a warrant.
But it seems like Apple is the only cloud based offering that cannot actually respond to these requests even if they get one?
I just checked my HomeKit Secure Video camera and it seems like it isn't just the default setting, but the only setting. I see no way to tell it to not encrypt the data when storing it in iCloud (not sure why they would give that option at all TBH)
> “If we reasonably believe that we can prevent someone from dying or from suffering serious physical harm, we may provide information to a government agency — for example, in the case of bomb threats, school shootings, kidnappings, suicide prevention, and missing person cases,” reads Google’s TOS page on government requests for user information. “We still consider these requests in light of applicable laws and our policies.”
This is in line with the reasons cops can do things that otherwise normally require a warrant. This is generally 'a good thing.' The issue, for me, is in the abuse and interpretation of these exemptions.
Right, exactly. Google could have this and make it perfectly accountable. Just surface a user notification that X entity accessed your camera's data for Y time range, ideally with a reference to a case number. People will push back if the police abuse their power. They won't become as complacent, because they'll know when the cops are spying.
Iam not sure. That means that it has to log every triggered sensor.
I only have nest protect (stove heating) with occupancy sensor/pathlight and I really dont think it will record motion events nor submit them later (while connected). Could be wrong.
For nest thermostats, they advertise that their cloud based algorithm uses your phone location and occupancy sensor data to switch between “home” and “away” set points, so they have to be sending the sensor readings to the cloud. From there I can’t understand why they wouldn’t log those.
Illinois actually has some of the strongest privacy legislation in the country. I got a $350 check from Facebook for running facial recognition on my photo without permission, and Google owes me a similar amount when it's class action gets approved.
Check out the Illinois BIPA, it's the reason tech companies are trying to get federal privacy legislation that preempts state law.
FWIW, Illinois sometimes does crazy things the other way too. They banned facial recognition altogether, so Nest (and other cameras) can't offer the "familiar faces" feature, like to not alert you when a spouse comes home instead of a stranger.
Facebook also paid me several hundred dollars because they were auto tagging faces for Illinois users.
For those of you old enough to answer: 30 years ago, did you foresee people spending significant amounts of money to install spy cameras in their homes and tracking devices in their pockets?
30 years ago (which was the early 1990s, eek!), analog CCTV was all the rage. Costs for cameras and VCR units plummeted, tapes became cheap commodities, and multiplexing video became trivial. With time-lapse and multiplexing, you only needed one VCR for four cameras, which could record for 24-48h on a single tape. It became cheap enough for businesses, hotels, apartment complexes, and the like to install them everywhere. Private CCTV became a staple of police procedural shows like Law and Order (1st season was 1990), which made people expect to be able to "check the tapes" after an alleged crime.
Edit: This same issue was also a problem in the 1990s with private CCTV! If a police officer or detective tells a business owner that a crime has been committed and there might be evidence on the tape, the owner doesn't have to show the police the tape without a warrant. But they usually did, because it looks suspicious if they don't.
Here's a quote from Max Headroom (of Pepsi commercial fame, for people old enough to remember Pepsi), from 1987:
Edison Carter: Security Systems has its tendrils into every element of our society - the government, our homes, the police, the courts - I'm not gonna spike this story just because it deals with dollar amounts beyond your comprehension! It's too important!
Murray: ...cerebral...
Theora Jones: Murray, we're trying to play this takeover as a threat to our average viewer. Nobody knows who's doing it. I mean, we all deal with SS every day - what if some really dangerous people got control of it?
Actually yes. 30 years ago I was 8 and the first home CCTV setups were just coming out. People loved that shit. But then Im a brit and we're all nosey neighbours...
There were 7 instances in the entire year where this happened.
Folks - while it's definitely disturbing from a legal perspective and needs to be addressed 'proportionality' is also something we have to consider.
If this only happened '7 times' in a year, I'm doubtful this is arbitrary handing over of data.
'Real Life' is complicated, and sometimes processes don't line up as we would like. Neither Google nor the Police are corrupted institutions, rather, they can in some instances do things we don't want them to or that are actually bad. Meaning, I suggest in all likelihood there was likely some kind of material reason fore these '7 disclosures'. They used the term 'emergency' and I buy it.
What we need to do is close the loophole and adapt the judicial process so as to be able to accomodate such situations.
People are yelling about 'Orwell' - well that Dysoptia takes more than '7 times a year' in a nation of 350M to have surveillance abused on them. Again, needs to be sorted out, but we have to contextualise this.
So glad I ditched Gmail several months ago. I have a single Google Home device that was gifted to me by a friend, but I’m tempted to just unplug it at this point.
If you have a hosted website, check your provider. I have my domain at Dreamhost and they have IMAP included at my tier.
I moved off Gmail to them about 9 months ago and it's be good.
The worst part is that Dreamhost's spam filtering is abysmal compared to Google's. But my desktop is always on and I just keep Thunderbird running on it. TB's spam filtering is pretty good after training.
I figure some of the dedicated email hosting services do a better job with spam.
> prevent someone from dying or from suffering serious physical harm
These are exigent circumstances, which allow police to enter your home without a warrant. Extending that access to include video cameras seems reasonable.
This is a "In Case of Emergency Break Glass" type of situation.
How do you define this though. If someone say talks about XYZ politician. And the current governor feels if said XYZ person takes his position that it’d cause you personal harm. Can the current governor access your camera?
If a police officer comes to your house without a warrant are they allowed to break in? If not they shouldn’t be given access to my camera feeds without my permission.
The move by google here just re-affirmed that I made the right choice to not buy their products.
> circumstances that would cause a reasonable person to believe that entry (or other relevant prompt action) was necessary to prevent physical harm to the officers or other persons, the destruction of relevant evidence, the escape of the suspect, or some other consequence improperly frustrating legitimate law enforcement efforts
I am not a lawyer. But, there seems to be a pretty clear difference here. If you have time to ask google you have time to call a judge. If you don’t have time to call a judge, google doesn’t have time to vet your decision and is effectively just streaming your cameras to your law enforcement office.
My problem with this is defining exigent circumstances as it relates to video or similar data. I can't easily think of a circumstance where the police are outside my house, encounter an exigent circumstance, but also have the time to request/obtain data from Google. And if the police are made aware of to something in advance, they have time to get a warrant.
> You don't have that control here. Your footage can just walk off, no clue. No accounting, no reporting, no post-hoc punishment for mis-use.
The supreme court recently ruled that a woman beaten by police didn't have standing to sue. Good luck with breaking qualified immunity in a court of law in the coming years.
I literally can't find the case you are referencing. The only one coming back is a ruling on Marion's single-container 4th amendment statue which sounds unrelated.
Heh, exigent circumstances? If somebody is hurt or calling for help, by all means knock down a door or bust a window. But exigent circumstances for rifling through my documents? Get a fucking warrant!
> This is a "In Case of Emergency Break Glass" type of situation
The only difference being that when you pull the alarm for lols there are consequences -- for you. Members of law enforcement on the other hand do that on the regular and face zero consequences.
That said, Google doing this might ease the pressure to enable this across the board through legislation. So maybe a positive in the end; I wouldn't really expect any privacy with Nest anyways.
> This is a "In Case of Emergency Break Glass" type of situation.
The problem is there isn’t any broken glass here. No judge is stamping this, and I see no duty to warn the customer about what device and data was accessed, and there doesn’t seem to be a way to opt out ahead of time. This removes a lot of checks in the name of expediency.
Yes, the only sensible comment is downvoted to the bottom of the page. In U.S. jurisprudence "exigent circumstances" gives police all kinds of powers including warrantless searches of all kinds, up to and including electronic surveillance and phone taps.
The "process" to which you are "due" when it comes to these things is if the police try to use this information to prosecute you, they have to explain it in court, whereas if they obtain it through a search warrant, they have to explain themselves in advance. It's all "due process".
It's up to the police to show they have probable cause before they collect data. That's what warrants and judges are for. Anything collected without a warrant should be de-facto considered suspect. Why would you give agents of the government the benefit of the doubt here?
Exigent circumstances is a real thing and goes back a long time. If a cop sees someone being murdered through a window, we obviously don't want them booking a call with the DA and local judge before helping.
That being said, that power is obviously easily misused without checks and limits.
A close family member works in law enforcement, I have seen the form. Though for facebook not google. They could have changed it or google's could be different but I have no particular reason to think it's materially different. It's up to the cop to decide what constitutes an emergency and there is no verification or consequences beyond that. It's literally a checkbox.
> “A provider like Google may disclose information to law enforcement without a subpoena or a warrant ‘if the provider, in good faith, believes that an emergency involving danger of death or serious physical injury to any person requires disclosure without delay of communications relating to the emergency,'” a Nest spokesperson tells CNET.
I sympathize with this dilemma. It's a real-life version of the Trolley Problem[1].
But "to any person", e.g., a CIA asset in the field might be exposed by a gmail user, thus threatening her/his life, thus pre-emptively disclose the gmailer's info to law enforcement?
Or imagine an idle threat is made off-hand in a private gmail, so pre-emptively disclose that threat to law enforcement?
In the sci-fi Minority Report scenario, Google could use AI language models on all gmail to make a judgment call on "emergent danger of serious physical injury". If I plan to go bunjee jumping with an unreliable provider, Google scans my gmail and tells law enforcement?!?
Yes good examples of how it can be abused. I'm certain the interpretation could be very liberal depending on the person making the decision.
I know a person who was banned from twitter and was nearly fired because he dead-named somebody. The explanation was that it was literal violence against the person he dead-named, because so many trans people self harm if they don't feel that their identity is affirmed. The person who was banned says it was a force of habit because the person had only very recently went public with their new identity, but it did not stop the ban hammer. He almost lost his job as well because the tweet was posted in a public slack channel. HR left it up the person who was dead-named to make the decision, and they decided not to fire him.
I could absolutely see a scenario like the above happening in gmail or some other Google product, and the decision-maker deciding that it was a threat to a person's life and should be disclosed. To some people that makes perfect sense. To others it does not. The point is simply that when we let humans make subjective decisions like that, we get all the downsides of human judgment.
I have difficulty understanding Googs (or Amazons etc) motivation to do this. What do they have to gain by being excessively cooperative with police force, especially on a local level? I can understand that having good rapport with feds might have benefits, but this doesn't sound like that
Amazon's motivation is quite clear - they want to reduce shrinkage by discouraging "porch pirates" from stealing Amazon deliveries. Not sure what Google's motivation is, but it might just come down to optics. Consider how Apple gets raked over the coals in the media by DAs when they refuse to unlock a suspects phone.
> Amazon's motivation is quite clear - they want to reduce shrinkage by discouraging "porch pirates" from stealing Amazon deliveries.
You say they hand all the information to the police to prevent package stealing? Iam pretty sure thats not the reason at all, maybe a very very little part of it.
Simple, if they cooperate without being asked by warrant they might hope that their using the underlying data may be overlooked and not reviewed by say oh US Congress.
I used Reolinks in the past... Had them save locally on the camera's SD card and upload via FTP on the server on my local network... I also blocked their internet access
How easy would it be for google to, you know, program an interface that allows the police request to be shown to the owner and have them say yes or no to the video wanted?
It should never be possible for a cloud provider to decrypt data from your devices. It should be encrypted by a public key you load on the device and only decrypted by your private key. The cloud prouder should be a dumb provider of the service and not get in the way. As soon as the cloud provider gives your decrypted data away to random people then that is a massive security hole.
Is anyone really surprised? I am not. Google has such a bad relationship to data privacy, they don't see the problem. Getting a warrant is so easy in the US right now, so there is very little reason to disrespect your customers privacy. They just don't see the problem.
Anyone operating under the assumption that their government doesn't already have unfettered, at-will access to all their data is deluding themselves. News like this should come as a surprise to no one, least of all the technically literate crowd here.
At this point I cannot believe that anyone in Tech would have a Google account being that they should know better. Anyone could be made to look guilty when the authorities have enough data.
Adding this for the people who keep downvoting this:
"Google – one of the largest and most influential organizations in the modern world – is filled with ex-CIA agents. Studying employment websites and databases, MintPress has ascertained that the Silicon Valley giant has recently hired dozens of professionals from the Central Intelligence Agency in recent years."
We are imprisoned by our addiction to convenience. I am in the middle of dealing with this now, switching my services where I can: dumb phone, linux laptop, swisscows, openstreetmap and an old Garmin GPS, and just being OK with uncertainty.
I have Garmin Drive 51. Yes, up to date maps. The only PITA is that you need windows or MacOS to update the system and the maps. I have a windows clone I put on my laptop every few months to accomplish this.
Just use Osmand on an old smartphone without a SIM. It's less worse than old Garmins and map updates are constant. Keep your system clock accurate for fast GPS lock.
Phones without a SIM can also always call 911. Funnily enough Google Maps and Waze works without Google Play services. Just click past the modal that shows up very rarely complaining about it.
They still have facial recognition feeds, car feeds, and they purchase data from third-party consumer surveillance firms, including credit card purchase histories for non-Google users. You don't need to have a Google account to be tracked by AdWords, and there's no practical opt-out, other than staying logged in all the time, and then being tracked in other ways, and agreeing to all sorts of things in their (ever-changing) EULA.
Homekit doorbells use iCloud services and storage to host/serve the video; that's how Apple is involved even though they don't make the doorbells.
I had a Nest at my previous house - decided to try the Wemo Homekit doorbell this time and I'm very pleased with it. I also use an Apple TV to drive all the content on my TV and the Homekit video notifications are amazing - instantaneous since the Apple TV is my local homekit hub. Way faster and far more reliable than the Nest doorbell ever was.
Any RTSP camera, frigate and homeassistant makes it pretty easy for tech related folks to have a state of the art surveillance system with every feature you could imagine.
In fairness, there is good reason to release footage without a warrant for the reasons they list (including "school shootings, kidnappings, suicide prevention, and missing person cases"). I'd like a robust monitoring of how the information is used. But the law already recognises that you don't need a warrant in urgent, life threatening cases. And let's get real, getting a warrant is so easy these days as to be meaningless...
I'm not sure they're much better. From the SHARING PERSONAL INFORMATION WITH THIRD PARTIES section of their privacy page:
We may share your personal information in the instances described below
Third parties as required to (i) satisfy any applicable law, regulation, subpoena/court order, legal process or other government request, (ii) enforce our Terms of Use Agreement, including the investigation of potential violations thereof, (iii) investigate and defend ourselves against any third party claims or allegations, (iv) protect against harm to the rights, property or safety of Eufy, its users or the public as required or permitted by law and (v) detect, prevent or otherwise address criminal (including fraud or stalking), security or technical issues.
If we should ever file for bankruptcy or engage in a business transition such as a merger with another company, or if we purchase, sell, or reorganize all or part of our business or assets, we may disclose your information, including personally identifiable information, to prospective or actual purchasers in connection with one of these transactions.
We may also share information with others in an aggregated and anonymous form that does not reasonably identify you directly as an individual.
At least it's not owned by American company, so doesn't technically _have_ to give the government institutions whatever they ask for. It's Chinese though, and that's not much better.
So I could see what the hell my nanny is up to with my children.
I also don't want to have to spend 2 days setting up some hacked together system that I also have to spend time supporting when I simply don't have the time or will.
That's why!
For streaming, I have a few pi's (and cameras) running v4l2rtspserver, and it seems to work pretty well. It appears to be using the Broadcom hardware support for H.264 encoding, so it's pretty light on the CPU. I'm currently using Shinobi on a different host to receive and archive the RTSP streams. (Although I'm interested in checking out Frigate, which was mentioned elsewhere in this discussion.)
I don't 'hate' this but how the heck would google detect something like this? Why do I feel like they're analyzing every word we say in our homes and building some kind of profile (for ad reasons). On second thought I do hate this
Most consumers don't want to (or can't) deal with managing encryption keys, and aren't going to be keen on the idea that if you lose the key, you lose the data permanently.
Your daily reminder - if you don't host the data, someone else does. And their interests may or may not align with yours. And even if their interests align with yours today, that's no guarantee they will tomorrow. If you don't want audio, video, etc potentially shared with authorities, don't install cloud-enabled audio/video devices in your home.
It could be your private cloud therefore your computer. <5% of people probably have their own server. When that % changes significantly, we may need to stop saying this.
There's no way it's 5%, but Gmail addresses are a pretty poor indicator to use. Hosting your own email is one of the most difficult sysadmin tasks out there because keeping your server off the blocklists is not trivial; it's becoming more and more common for blocklists to just block entire CIDR ranges if a single IP in it gets blocked. I don't fault anyone for not going down that rabbit hole.
Granted, they could be using Proton or some other alternative. But you still have the same inherent problem that someone else hosts/owns your email data.
I think server/app deployments would need to be just a little more happy-clicky and lower friction and less risk before more non techies would venture into that space. All the "best practices" a sysadmin performs would have to be baked into it or at least be checkboxes that enable them at a cost with simple explanations of each functions cost/benefit in video format. Some VPS providers are slowly going in this direction but have quite a ways to go in my opinion. They have lowered the bar for new techies at least.
I'm building an early stage startup where the application requirements are constant GPU usage, 30TB of VERY fast NVMe storage, 512GB of RAM, LOTS of bandwidth transfer, and roughly 130TB of local storage (dataset for training). There is no combination of abstracted API-driven cloud services that can be pieced together to do what we need to do.
I didn't want to bother dealing with the advanced calculator but the AWS EC2 instance to handle this bespoke application would be $130k/yr with one year upfront and 12 month reservation:
This doesn't include bandwidth (which AWS has an insane markup on) or nearly enough storage.
Needless to say you can lease the hardware from $VENDOR and host it for years with an all you can eat 10gig port. Oh and the cost is absolutely fixed - no worries about getting that shocking AWS bill we all know of.
With a lease and hosting it's still an operating expense and with Section 179 it's actually preferable from a tax standpoint.
With datacenter remote hands and vendor support you're still not dealing with hardware - you don't have to even step foot in the hosting facility. Ever. If a hardware component fails the vendor dispatches someone and it gets handled (same day). That said hardware failures are (in my experience) exceedingly rare until you get to some significant scale where it's a numbers game.
Because ec2 is OS up anyway from a dev ops standpoint it's pretty much identical.
Let's say you keep it for three years and upgrade. The old hardware is still worth something so you can repurpose, sell, trade, whatever.
Rough math but let's call this approach 1/4 the cost (but likely much less).
At AWS markup you can hire a dedicated full time person to manage just one server and still come out ahead. Want five of them around the world? Now you're saving a TON of money vs different AWS regions.
Even with this when I tell people we deployed our own hardware they look at me like I'm crazy. We have an entire generation in tech from jr devs to the C suite to investors that are terrified of hardware and will pay anything to avoid it.
Because of this they don't even know what hardware, bandwidth, etc actually costs. It's assumed the cost is whatever $BIGCLOUD offers it at. I know this is an extreme case but it probably happens more than most would think.
It's going to be an "if," not a "when." The percentage of users who want to manage their own cloud is vanishingly small. If people are sensitive to the risk of handing over their data to a trusted (well, trusted enough) corporation with a reputation to lose and money on the line, how safe should they feel putting their data on a cloud they manage, essentially stacking themselves up against every Joe Random Hacker on the Internet without the benefit of a Google, Microsoft, or Amazon SRE team to keep the shields up and the lights on 24/7?
The risk surface for self-hosting is higher, on multiple axes, than cloud-hosting. Hosting your own cloud is the "I don't trust auto mechanics so I'm going to become an auto mechanic" approach and most people have neither the time nor the talent.
I think this is missing the forest for the trees. There are plenty of products that make self-hosting seamless and transparent. Take the Ubiquiti Protect series of home video cameras as just one example of self-hosted plug-and-play.
It is a 'when' not 'if' since it is becoming easier and easier to self-host, and more people are realizing the benefits. I did it this year and convinced many others to do the same or use mine.
Hackers go after value targets which are companies or organizations holding a lot of valuable data. My little home server with social media, XMPP, Home Assistant and Nextcloud for pictures and such is not something they can do anything with. Good enough security is built into most self-hosting platforms.
Hackers go after two kinds of targets: centralized high-value targets and distributed targets with common failure modes, via scripting. There's definitely risk in centralization, but there's risk in distribution as well: known exploits take forever to patch out of the distributed ecosystem. There's a reason Microsoft became so aggressive about patching Windows: without the aggression, people didn't put the effort in and internet-connected desktops became weaponized.
I predict a correlation between small self-hosting projects and more entries on shodan.io. Your small home server is probably secure enough... Probably. But you're the sort of person that posts on a site called "hacker news..." How much should we trust the average soul to do the bare minimum to not get owned? Do we imagine they're checking in regularly on https://www.cvedetails.com/vulnerability-list/vendor_id-1723... ?
Keeping things patched to latest was difficult in the past, but it is much easier these days. Unattended upgrades run every day on my server, and I get an email from my server that tells me any issues and if packages or applications have updates available. I open the web UI on my phone and make a couple clicks to update them all. The community at Yunohost is one of a few maintainers who have really simplified things.
>handing over their data to a trusted (well, trusted enough) corporation with a reputation to lose and money on the line
Not sure how anyone who understands how Internet works could claim Google is in any way trusted, or trustworthy. Or has any reputation it could lose by a mere data leak.
The last major data breach Google suffered was in 2009, via a targeted Chinese espionage program involving personnel intrusion.
Contrast that with, well, gestures widely to most of the Internet. While Google's security model is "We secure your data," so the trust interface between the end-user and Google is significant, Google for their part does an execllent job holding tightly to that data. If anything, the biggest risk working with Google is losing access to your own data because they stop believing you are you, not some third party getting your data out of Google's clutches.
The last major data breach Google "suffered" is continuing as we speak, as mandated by US national security laws. "Most of the internet" looks better in that regard.
US national security law is perfectly capable of applying the same subpoena pressure and sealed requests for data to any provider operating in the United States that it is to Google. If your argument is "Google is bad because it complies with the laws of the countries it operates in," I have bad news about enforcement authority and governments in general.
"Someone else's computer" would be misinformation in any other medium SOLELY because it makes it sound like it's being stored on the same kind of computer that an average person has - that another average person is using. There was a smear campaign in 2013 for cloud computing under this very message.
>> “ During this process, the HomeKit data is encrypted using keys derived from the user's HomeKit identity and a random nonce and is handled as an opaque binary large object, or blob.”
If you don’t control the keys, to me, that’s not end-to-end encrypted.
You do control the keys though, "Because it’s encrypted using keys that are available only on the user’s iOS, iPadOS, and macOS devices"
"The authentication is based on Ed25519 public keys that are exchanged between the devices when a user is added to a home. After a new user is added to a home, all further communication is authenticated and encrypted using Station-to-Station protocol and per-session keys"
"The user who initially created the home in HomeKit or another user with editing permissions can add new users. The owner’s device configures the accessories with the public key of the new user so that the accessory can authenticate and accept commands from the new user. When a user with editing permissions adds a new user, the process is delegated to a home hub to complete the operation.
"
Also, are these HomeKit “keys” in iCloud backups unencrypted? Meaning that the HomeKit data is encrypted, but the keys are not; to be clear, not saying they are, asking if they are.
The client side software can easily verify that. Whether you can trust the software running on your device is a somewhat different question that has nothing to do with whether or not you're storing things in "the cloud" (though it is still a valid concern).
If the backup password to these encrypted files is known, it can be rather trivial to access the data within.
Recently, a certain head of state's son had 100s of GB of iCloud backups thrown onto a torrent, and within a day rogue manchildren living in their parents' basements cracked most, if not all of it open.
With the backup password in hand, all one needs is this README.md file [0] to be off to the races.
That's how Apple's encryption in iCloud works. There are plenty of modern encryption standards that are not broken by a random user merely entering a random passphrase string.
Your low-effort posts can barely even be called legible sentences, let alone all the misspellings. I'll stop criticizing your posts if you stop criticizing mine. You are obviously following me around the site, there's no other way to explain the creepy behavior you're engaging in.
By the way, the users on this site are almost entirely losers. There are a cabal of perhaps 12 impressive people on here, the majority of you have no real connection to the big tech capital funds YC ingratiates itself with. I could care less what you fuckheads think about me or my comments. If I reach even one of you retards in a meaningful way, it's a victory to me.
Wildly fascist. The warning sign was when AT&T got retroactive immunity for sharing customer data with the NSA. I wonder when Americans will decide to push the reset button.
Some may be uncomfortable with a company that has access to the most private data of so many people being ready and willing to cooperate with the police state, but voicing your support for this policy is actually a great way to demonstrate your Googleyness during the interview process!
In my experience, these capabilities are only used to protect the politically connected or for oppression.
I’d be less skeptical if the program allowed any homeowner to pull any nest footage that included their property, and also allowed individuals to pull any footage that included them.
Of course, that will never happen.