I think you guys are missing the point a little on this one. It's not that there is a picture of this dudes bare ass somewhere online and he's upset about it, it's that no matter what he did or tried he could be guaranteed in absolutely no way that the data was removed or under his control. Once it's in the pipes, it may or may not be there, there's no way to know. Anything you put online, in all sorts of incidental ways be it from giving your TV voice commands, sending your location to google maps, or your net connected security devices, becomes someones property other than just yours. Not that it's legal, or that people are spying on everything you do, but that you have no way of knowing about or controlling the data once it's there.
This isn't supposed to be scary, just a reminder that you can lose control easily.
This is a complex issue and if you think it goes away by saying things like "well then don't stand in front of the camera naked." then you are missing the point.
Somethings are not good for the cloud, not only is there a picture of your buttocks in the cloud, its a lot easier to get a warrant to peek at Dropcam/Google's data than it is to get one to get a computer from your house and scan its hard drive. And if someone is fishing for a reason to get your attention, well getting snapshots inside your house is a lot easier than getting a search warrant for your house.
I was looking at the comm vaults Comcast and others put into the ground where they are doing fiber pulls and realized that it wouldn't be that hard to put one in a back yard, or in a weird kind of data center (kind of like a cemetery but selling server vaults instead of burial plots) which would at least keep your data 'off site' in the sense that your house burning down wouldn't cause it to go away.
I want someone at HN to build a small network device which I can plug a NAS or USB drive into. Buy a pair, install one at your buddies/mothers house. They find each other over magically over the internet and any data you put on the local drive gets encrypted and put on the other remote drive.
Other drive burns down / is stolen, no problem. Your house burns down, go and pick up your photos, enter your passphrase.
I'll pay 200€ or so. The hard part is convincing another million people they want one, I guess.
It's not hardware, but the CrashPlan backup software (supporting Linux, too) has a nice way to "backup to a friend". You just have to "friend" each other on the backup (!) social network and you can select your friend's computer as backup destination and vice versa. While not default, there's an option to not store the encryption key with your account (otherwise there's some escrow going on in case you lose your PC).
> If you want to be safe against hard drives and Lima failures, we recommend you to install an extra Lima on your local network or on another location which will replicate your data.
No, it's not what I want. Best answer yet though :)
"Once Lima is installed on each of your devices, the memory of each device is replaced by one unique digital memory that contains all of your data."
Nope. I want a hard drive that is mirrored in a different physical location on hardware that I own. I want control over the content. I don't want to store data on other people's servers. I don't want another monthly bill. I don't want an agreement with another party in another country.
Agreed, if you want a HD mirroring that's not something Lima does (at least at the moment) but for data and photos Lima is pretty much exactly what you asked for: You don't have to store data on other people's servers. Buy two limas and two usb drives, install one set in your house and another in your buddies/mothers house.
From the kickstarter page[1]:
> You can install one Lima in your home and one in your office, for example. Your Limas will automatically work together to replicate your content. Two Limas are enough. But with each Lima you buy, your data gets more secure and also faster to access. If some of your friends have Lima, you can also ask your Limas to back up each other's content. Your data is encrypted[2], so your friends will not be able to read it.
The other company in this space to watch is http://www.tonido.com/ but I don't think their offering is as close a lima to what you want.
The software can be provided with Bittorrent Sync: launch, enter some code and you're in a shared space with whoever has the code. I'm currently writing an opensource equivalent.
The difficult part will be to come up with a packaged hardware that is simple to install, though, but you can start with friends' computers.
Seriously? That's a pretty straight forward project. Buy a USB drive, buy a Rasberry Pi, rent a VPS from Amazon or whomever. Export the USB drive as an NFS volume to the local lan, Run a cron job on the Pi that connects to the VPS over SSH and does an rsync. Done. If you want it locally encrypted you'll need an encrypted file system.
Error recovery is tricky of course. You can leave a copy of your files in the 'cloud' (depending on your situation could be good or could be bad). And it depends on whether you want it active/active (you can add files on either side) or active/passive (where the passive side is pulling the active side pushing).
Should cost about $100 or 80€ in parts per unit (so double that for two units). A bit more for the internet access and a monthly fee for the VPS. If its a lot of data there may be some bandwidth charges as well.
I understand your suggestion, but that seems to cost the same amount plus some hours of my time. And, the data is on a VPS, which is not under my roof (or a trusted persons roof). And I get another monthly bill.
I'm a user, this is what I want :)
Edit: Also, it should be easy to load the remote drive first locally with your dataset, before you drive to the summer cottage, so you don't have to wait days/weeks for the backup to be up to date.
Of course I (and the OP) can build one ourselves... but I want one that's easy to use. Ideally, just plug it in and configure its wifi access, and create some kind of "peer group" for it that my friends can join remotely with their own devices.
Then everyone in my peer group gets an encrypted backup of my files, and I get an encrypted backup of theirs.
The main difficulty will be making sure this baby has seriously expandable storage. I have terabytes of stuff to back up. So do the people I want to connect to. This thing needs to scale up to 10-20TB min to be useful today.
This could be avoided if encrypting files before uploading them to the web was the standard. Granted, the system wouldn't be as user friendly, but at least the chances of exposing your naked ass on the internet would decrease significantly.
A communication vault, built much like a burial vault (seriously, it's usually one company that casts both). It is made of thick concrete, buried underground, and (with a water intrusion alarm) fairly well protected from above-ground ills.
Pretty much, but the one Commcast was dropping in had an AC power feed, a set of lead acid battery boxes built into one side, and a moulded in space for holding about 40U of rack gear (telcom depth though so it looked like 12" not 40". Oh and a ladder in one side and a lockable lid. Very interesting kind of box.
We called those "CEVs", or Controlled Environment Vaults when I worked for the phone company. I felt like a secret agent the first time I went into one to build a T1 circuit. Just an unassuming lid at street level, but when you climb down the ladder (about 16 feet down to the bottom) you're in a 12' x 24~40' lair‡, with racks and cable frames, batteries, a little desk with an ancient teletype on it, some switch gear, etc. A whole secret world that most people don't know about. And these things are all over the place!
Nice to put a name to it, it was definitely a CEV. It wasn't quite that large but Googling around I can see that you've correctly identified it from my description.
On the one hand, "If you don't want naked pictures of yourself in the cloud, don't take naked pictures of yourself and put them in the cloud."
But this is like saying "If you don't want to get scammed, then don't respond to scammy emails." That is, it's perfectly good advice, which is fine for people who visit Hacker News, but maybe not sufficient for the vast majority of people who aren't aware of the ins and outs of our rapidly advancing technology.
There are whole communities of people devoted to the practice of finding women who accidentally configured their phones to upload all pictures to a publicly accessible cloud storage server. The women whose nudes are distributed this way may not realize their pics are being mirrored- or they may assume it's to a private site (because why the hell isn't that the default?!?)- or they may have shared these pics with a dude who made the same mistakes.
But regardless, the point remains- any individual is easily capable of being immune to this problem. But there's a whole population of vulnerable victims who don't even know they're being victimized. And that is a real problem.
You can't "violate your own privacy" though. It's like wondering why someone who likes to eat a lot of strawberries might frown on being forced to eat even a single strawberry, or why someone who is perfectly fine with some permutations of the letters of the alphabet would protest others. "But I did the same thing that other guy just did, I just arranged some letters! Oh, the irony." Well no, details and context matter.
If you don't want naked pictures of yourself taken, then you don't undress in front of a running video camera, right? Seems kinda obvious.
This fellow put together a setup that automatically takes pix of whatever happens and uploads them to a company's server and ... he's shocked when it does what it's supposed to?
I don't get it.
--------
EDIT. Been pondering this. Perhaps he began with a misconception akin to that of a politician who wants a backdoor for the good guys to use, but who doesn't understand that if the good guys can use it, then so can the bad guys. Then the e-mail and his resulting thoughts showed him that he wasn't thinking about the world properly; thus his feeling of shock.
You make a good point, but perhaps you're being slightly unfair to the author. My take on his piece wasn't that he was "shocked" when the camera did what it's supposed to do. Rather, he realized -- upon seeing a very jarring stimulus -- that he has no idea who else can see what he sees, or what they do with that information.
A general consumer assumption with devices like these is that only the end user sees the footage. That's a naive assumption. But psychologically, it's understandable. We believe that the walls of our homes are "privacy shields" -- Faraday cages, of a sort, that somehow prevent anyone outside from seeing in, or anything inside from leaking out. At the same time, we bring connected devices (including cameras) into those homes. Few of us consciously put two and two together.
Seeing himself naked was sort of a wake-up call for the author. He'd always known the camera was connected to the cloud. But then he became cognizant of who's on the other end of that cloud. I think it's fair to recoil upon coming to that realization, regardless of who the company might be (Google or otherwise). Consumers are embracing the "cloud," but they really have no idea what the "cloud" is, or what it can mean. Again: naive, certainly. But still an interesting thing to consider.
This happened to me, and "wake-up call" is exactly right. I set up the camera to check my cats when I was away, and found myself realizing I walk around naked a lot.
The principle of the matter and all, I know, but you've got to love his response here: "now there's a web-accessible picture of me naked! Here, it's this picture: <insert web-accessible image>"
He stuck a black bar on that one (and references that in the post). Although that might seem a trivial difference, that there is an edit implies the author's knowledge of and control over the image. That makes all the difference.
I have a Dropcam in my garage for miscellaneous reasons. I, too, have wondered the implications of providing the Google/NSA complex video evidence of my comings and goings...
It'd be nice if Dropcams were more hacker friendly, and allowed recording to personally-owned devices, instead of forcing you to use their (fairly expensive) cloud recording service.
(Not to mention the ~100ish GB/mo bandwidth savings to stream this video, which is a fairly nontrivial requirement.)
I actually have my laptop set up to take a snapshot every 20 minutes (unless I'm connected to work wifi - never know when it might be pointed at confidential data on a whiteboard, and it felt unfair to opt all my coworkers into it.)
It has definitely made me more mindful of situations like this.
(It actually sporadically refuses to take a photo on the new laptop right now, so http://lishin.org/pavelcam.jpg doesn't always get updated.)
I'd probably do that. Give the link to a few friends. It's pretty harmless, sort of an automatic snapchat. It'd definitely make me more conscious of when I'm being watched by my webcam, and I'd definitely want to have an opt-out when it was about to snap a picture.
That aside, he seems to do this because it is pure nightmare fuel. This is the pic from right now: https://i.imgur.com/xuDp4Kk.jpg
Because we live in a surveillance society, and it's a way of reminding myself that privacy can be compromised. Some people put a bandaid over their camera, and forget about it; I always remember.
I have a device similar to a Dropcam but by D-Link, and have it configured to transmit data to my NAS, rather than the cloud. I can then SSH in to view the images on it.
If you want a camera monitoring your home, but don't want it stored on someone elses' system, it's pretty easy to roll your own with a variety of configurations.
Well, in principle you could toss your public key on that camera. In practice, I don't know if anyone does this as anything remotely approaching off-the-shelf.
What would bother me about this is that picture is far too small and blurry to identify a criminal. Is that the best this product can do? If so, are there any competing products that do better?
I'm sure they're accessible via a customer account. That's sort of the point of this system - you can be on vacation and peek into your home. Web accessible doesn't mean not password-protected.
I've heard stories of break ins where the crooks destroyed all the local hard drives. Cloud is the only way to avoid that, but a solution is to encrypt before uploading.
Even shitty ipcams will upload images to FTP (old school, right) upon motion detection, or can upload whole videos. In fact I'm syncing my ipcam's video stor on my vps. A dumb lftp script that just works.
If you buy cloud-enabled ipcamera and then complain your ass is online, you're a prick.
Ideally the camera would cover that as well. Or you could use cell towers.
In the story I read (I think on reddit but I can't find it now) they destroyed all his hard drives but he had one camera that uploaded to the cloud so he still got some footage from that.
Having written stuff to manage cameras, it can be a relief to buy something that just uploads stuff and you don't need to manage squat besides a credit card.
Of most IP cameras, Dropcam's form factor is enviable. The lack of local storage is not. I've been on the search for something inconspicuous and similarly-priced for a while.
I've been down this road a bit. There are many ip video cameras made in Asia that are locally controllable. The Dericam H502W is particularly hackable, but the content is not encrypted unless you add that at the internet router via stunnel or a VPN. But if you do that you have an encrypted 720p video feed that records on motion in the dark that you can fully control for less than $100 per camera.
You can choose to use the other camera features like email, ftp or http photo alerts just realize that all that data will be "in the clear" as they travel past your router unless you encrypt them.
NOTE: Simply using an SMTPS to Gmail SMTP server is not protecting your content. That's just wrapping your content up in a pretty box for direct delivery to Google.
The automated analysis is pretty useful. How would you know if someone is robbing you until it's after the fact? I would like it as a stand alone program too.
If you're being a responsible provider, you will be doing backups, in case your primary data dies. But backups are not all that useful if they can just be wiped out by an online process. There's a potential secret copy lying around.
Another possibility is that they run a caching system, that store cache on faster but still persistent storage (or even in memory on systems that don't reboot often). Does their caching setup ensure that it tells all involved caches to delete their copies of the data?
Many systems do some kind of transcoding, generating thumbnails or more highly compressed versions of uploaded video. Does requesting that a file be deleted immediately delete every file it was based on or derived from it?
Furthermore, when you delete data from most filesystems, it doesn't actually get overwritten, just the reference to it is removed. So even if you do delete all the copies that you know about, there's a good chance that the data is still on the disk, ready to be accessed by an off-the-shelf data recovery/forensics tool.
If you're a provider that runs a large amount of storage, you likely run through hard drives at a fairly regular rate, once they start throwing enough SMART errors. Do all providers properly securely erase failing hard drives before sending them off to recycling? Swapping out a failing drive and sending it off to recycling without securely erasing it first likely leads to other copies floating around in the wild that the provider no longer even has access to erase.
I would be more surprised to find providers that actually did securely overwrite every copy they had of a given piece of data when you asked for it to be deleted, than I would by a revelation that providers that "secretly kept a copy around".
> Are you claiming that, when Dropcam says it erased your video, it's lying? That they're secretly keeping a copy around?
Why should you trust them? Because they say so?
And even if they intend to really delete the data instead of just setting the hidden flag - how do you know that one of their employees isn't a "bad seed" and has some weird hobbies like scanning through the Dropcam servers for nudes?
A little paranoia and mistrust isn't a bad thing when it comes to personal data. You can't really control the whole chain so your only option to keep data private that should be kept private is not to hand it out in the first place.
No reference, absolutely, I don't want to accuse anyone of anything but as his(or anyone's) video/image/anything is now "in the cloud" I feel like there really very little control over what we have there and what is not. Sure, they might be telling the truth that they deleted it, but can you be 100% sure that there have been no copies made? backups? OP mentions that he received an email, what about that? will it be deleted too? Any cached copies somewhere?
Even if they intend to genuinely delete the images, it wouldn't surprise me if there were occasionally copies. Backups, as dulker101 said below, but also file systems often leave things around rather than scrubbing them. For that matter, rm 'really means "erase indexing of dropcam video"'.
The blog post illustrates that applications of technology can have unforeseen, unintended consequences (even though it may appear obvious in hindsight). Regardless of whether the device works as intended, the non-technical but human question of whether it should function that way in the first place is a valid question to pose.
Much as I care about privacy and the exploitation of people's data for commercial gain, I find this a bit histrionic. If you put the automated camera inside your house and you are the sort of person who sometimes wanders around naked, then the two are eventually bound to collide (which is why I don't have automated cameras inside the house).
On the plus side, everybody has an ass and this one is so far into the background of the picture that the only conclusions I can reach about the subject are 'Mathowie is quite pale' and 'he has an ass like every other member of the human race.' In other words, this isn't really awkward enough to serve as a cautionary tale to anyone else. Now if he had been dressed up as a lobster that would be quite a different kettle of fish.
Except that image isn't accessible to anyone except the owner, or MAYBE the NSA.
But I'm pretty sure the NSA doesn't care about looking at some random guy's ass.
In the unlikely case that they do need to investigate the ass for national security reasons, they aren't going to disseminate the picture to the world, similar to how they don't disseminate intelligence data.
Which means the ONLY way the public will see the ass-picture is if:
a) The ass is of interest to national security
AND
b) The ass is of such concern to national security it is stored in the NSA's internal ass-database
AND
c) There exists some kind of ass-Snowden that leaks all the asses in the NSA arsenal.
> Except that image isn't accessible to anyone except the owner
Good point, it's true that cloud servers containing personal information are never hacked, this is probably because most companies take security very seriously.
> But I'm pretty sure the NSA doesn't care about looking at some random guy's ass.
Exactly! It's not as if NSA employees have ever been known to abuse their power for personal or purely entertainment purposes!
> they aren't going to disseminate the picture to the world, similar to how they don't disseminate intelligence data.
Agreed, rest assured that your private photos and correspondences are safe in the hands of professionals who would never be interested in leaking personal or embarrassing data about innocent law abiding citizens.
Rephrasing Hanlon's razor, there's no need for malice where a simple fuck-up would suffice ;)
They don't need to be interested in leaking personal data, they just have to make a mistake that would allow such leak. And introducing bugs isn't not something unheard of, even for pros.
This picture will remain in the cloud for eternity.
When assial recognition software becomes more prevalent, they can use this image to match his identity to future crimes (in which he leaves an ass print behind).
For example, G+ photos are accessible to anyone who knows the URL, no matter what privacy settings say.
I bet, one don't need to work for any mighty TLA to steal URL from someone's browsing history. And one may be as security-conscious as possible, but still mis-paste the URL into a wrong window. Or something like this.
I think OP dismissed his own privacy concerns when he walked bare-assed in front of the camera he set up to email him pictures of whatever moves in front of it.
This is not an issue of privacy, it's just an absence of common sense.
> I think OP dismissed his own privacy concerns when he walked bare-assed in front of the camera he set up to email him pictures of whatever moves in front of it.
And he owns up to that fact. He knows that he was acting carelessly. And then he realized that it was not a good idea, and so he stopped doing it. He's not saying that Google planted a camera in his house without his consent!
It's just a "I fucked up; don't make the same mistake and trust a company with that kind of data"-story.
This isn't supposed to be scary, just a reminder that you can lose control easily.
This is a complex issue and if you think it goes away by saying things like "well then don't stand in front of the camera naked." then you are missing the point.