Ring Doorbell App Packed with Third-Party Trackers to Surveil its Own Customers

Internet of Things at Home: Ring sends the surveillance data of its own customers to third parties, including Facebook.

By Bill Budington, Electronic Frontier Foundation:

Ring isn’t just a product that allows users to surveil their neighbors. The company also uses it to surveil its customers.

An investigation by EFF of the Ring doorbell app for Android found it to be packed with third-party trackers sending out a plethora of customers’ personally identifiable information (PII). Four main analytics and marketing companies were discovered to be receiving information such as the names, private IP addresses, mobile network carriers, persistent identifiers, and sensor data on the devices of paying customers.

The danger in sending even small bits of information is that analytics and tracking companies are able to combine these bits together to form a unique picture of the user’s device. This cohesive whole represents a fingerprint that follows the user as they interact with other apps and use their device, in essence providing trackers the ability to spy on what a user is doing in their digital lives and when they are doing it. All this takes place without meaningful user notification or consent and, in most cases, no way to mitigate the damage done. Even when this information is not misused and employed for precisely its stated purpose (in most cases marketing), this can lead to a whole host of social ills.

Ring has exhibited a pattern of behavior that attempts to mitigate exposure to criticism and scrutiny while benefiting from the wide array of customer data available to them. It has been able to do so by leveraging an image of the secure home, while profiting from a surveillance network which facilitates police departments’ unprecedented access into the private lives of citizens, as we have previously covered. For consumers, this image has cultivated a sense of trust in Ring that should be shaken by the reality of how the app functions: not only does Ring mismanage consumer data, but it also intentionally hands over that data to trackers and data miners.

Findings

Our testing, using Ring for Android version 3.21.1, revealed PII delivery to branch.io, mixpanel.com, appsflyer.com and facebook.com. Facebook, via its Graph API, is alerted when the app is opened and upon device actions such as app deactivation after screen lock due to inactivity. Information delivered to Facebook (even if you don’t have a Facebook account) includes time zone, device model, language preferences, screen resolution, and a unique identifier (anon_id), which persists even when you reset the OS-level advertiser ID.

Branch, which describes itself as a “deep linking” platform, receives a number of unique identifiers (device_fingerprint_id, hardware_id, identity_id) as well as your device’s local IP address, model, screen resolution, and DPI.

AppsFlyer, a big data company focused on the mobile platform, is given a wide array of information upon app launch as well as certain user actions, such as interacting with the “Neighbors” section of the app. This information includes your mobile carrier, when Ring was installed and first launched, a number of unique identifiers, the app you installed from, and whether AppsFlyer tracking came preinstalled on the device. This last bit of information is presumably to determine whether AppsFlyer tracking was included as bloatware on a low-end Android device. Manufacturers often offset the costs of device production by selling consumer data, a practice that disproportionately affects low-income earners and was the subject of a recent petition to Google initiated by Privacy International and co-signed by EFF.

Most alarmingly, AppsFlyer also receives the sensors installed on your device (on our test device, this included the magnetometer, gyroscope, and accelerometer) and current calibration settings.

Ring gives MixPanel the most information by far. Users’ full names, email addresses, device information such as OS version and model, whether bluetooth is enabled, and app settings such as the number of locations a user has Ring devices installed in, are all collected and reported to MixPanel. MixPanel is briefly mentioned in Ring’s list of third party services, but the extent of their data collection is not. None of the other trackers listed in this post are mentioned at all on this page.

Ring also sends information to the Google-owned crash logging service Crashalytics. The exact extent of data sharing with this service is yet to be determined.

Data delivered to api.branch.io

Data delivered to api.mixpanel.com

Data delivered to graph.facebook.com

Data delivered to t.appsflyer.com

Methodology

All traffic we observed on the app was being sent using encrypted HTTPS. What’s more, the encrypted information was delivered in a way that eludes analysis, making it more difficult (but not impossible) for security researchers to learn of and report these serious privacy breaches.

Our dynamic analysis was performed using mitmproxy running on an access point to intercept and analyze HTTPS flows from an Android test device. To remove noise generated from other apps, we installed the AFWall+ firewall app and only allowed network traffic from Ring. mitmproxy generates a root x509 certificate which is to be installed in the OS-level certificate store in Android, allowing active interception to take place on otherwise secured traffic. This led us to the initial discovery that the root certificate was not being accepted as valid, and that some form of certificate pinning was being employed by the app.

App-level certificate pinning is when an app validates the certificates of a remote server against a record of that certificate stored within the app, rather than validating against the list of root certificates within the OS. This is often used as a security measure, to ensure that misissuance of certificates or mismanagement along the chain of trust in PKI does not compromise the integrity, confidentiality, or authenticity of HTTPS traffic. Unfortunately, it can  also prevent security researchers and users from seeing exactly what information these devices are sending, and to whom. In the case of Ring, we initially observed all intercepted traffic upon launch being rejected, and were not able to observe any communications.

mitmproxy screen displaying results of certificate pinning

It was only through the powerful dynamic analysis framework Frida that we were able to inject code into Ring at runtime, which ensured that the certificate provided by our mitmproxy instance would be accepted as valid. This allowed us to inspect all HTTPS traffic sent through the app.

Conclusion

Ring claims to prioritize the security and privacy of its customers, yet time and again we’ve seen these claims not only fall short, but harm the customers and community members who engage with Ring’s surveillance system. In the past, we’ve illuminated the mismanagement of user information which has led to data breaches, and the attempt to place the blame for such blunders at the customers’ feet.

This goes a step beyond that, by simply delivering sensitive data to third parties not accountable to Ring or bound by the trust placed in the customer-vendor relationship. As we’ve mentioned, this includes information about your device and carrier, unique identifiers that allow these companies to track you across apps, real-time interaction data with the app, and information about your home network. In the case of MixPanel, it even includes your name and email address. This data is given to parties either only mentioned briefly, buried on an internal page users are unlikely to ever see, or not listed at all. By Bill Budington, Electronic Frontier Foundation

“Felony Contempt of Business Model”: Lexmark’s Anti-Competitive Legacy. Read… Why Investors Call any Business Dominated by a Tech Giant the “Kill Zone”

Enjoy reading WOLF STREET and want to support it? Using ad blockers – I totally get why – but want to support the site? You can donate. I appreciate it immensely. Click on the beer and iced-tea mug to find out how:

Would you like to be notified via email when WOLF STREET publishes a new article? Sign up here.

 

  97 comments for “Ring Doorbell App Packed with Third-Party Trackers to Surveil its Own Customers

  1. Bobber
    Jan 28, 2020 at 11:52 am

    This let’s you understand the term “smart phone” from a different perspective. Could it be more aptly named a “spy phone”?

    • polecat
      Jan 28, 2020 at 1:00 pm

      Good God man! It’s ‘Stasi Steriodal Phone’ !

      • joe
        Jan 29, 2020 at 11:51 am

        Interesting point. Does the polarization of US society make it more probable that people will spy on and report people of different political/social/racial/religious viewpoints?
        Kind of voting by accusation.
        The red line laws are a starting point.

    • Willy Winky
      Jan 28, 2020 at 3:43 pm

      The author of this article is forgetting that millions of people PAY for spy machines such as Alexa to monitor there every sentence.

      99.999% of all people are ok with all of this monitoring or accept it as the price they have to pay to use a smartphone and be able to check their various social media feeds (which are also spying on them).

      • Zantetsu
        Jan 28, 2020 at 5:49 pm

        I’m personally OK with it. I know that I am not significant enough to be spied on personally, so I don’t really care.

        • Wisoot
          Jan 28, 2020 at 6:35 pm

          Until you do – then its too late to do anything about it. A government with all seeing eyes gets to choose who prospers and who doesnt. Equal opportunity doesnt exist. Fair play gone. Some lives are favoured at the expense of other lives. Racial selection and favouritism becomes the norm. Trust your government? Which corporations own your government? What do the board members of those corporations want for your community, water access, soil management, food supply. Lab rats all. You have already been programmed when you say – I am not significant – happy to hand the reins over to the loonies without challenge without question and with no care. Dont care was made to care … put in a pot and stewed til he was done.

        • Paulo
          Jan 28, 2020 at 6:53 pm

          There you go, just a few comments in and here comes a comment like, “Well if you have nothing to hide……” who needs privacy, who needs a lawyer, who worries about big brother?

          My wife and I do not own or use a smart phone beyond a fifty dollar flip in the glove box for emergencies, no internet capability. Ring spy device? Not likely. Here is how different living in a normal world is. We don’t know where our house keys are because we never lock the doors. If some stranger comes down the road or driveway neighbours will have already taken note. Ring? Are people crazy? (Yes they are)

        • Zantetsu
          Jan 28, 2020 at 9:40 pm

          Then care if you want to, Paulo. I don’t.

          Wisoot – I also don’t wear body armor every time I walk across the street which is fine … until the day I get hit by a car. Then it will be too late to put on the body armor. Guess I should wear armor every time I cross the street right? I think many models come with tinfoil hats built in so I should be all good to go.

        • Willy Winky
          Jan 28, 2020 at 11:52 pm

          That’s the common refrain.

          How about this then – would you be ok with letting me sit in the corner in your home listening in and recording every single conversation that takes place?

          Address please.

          Then there is that slippery slope where let’s say your government decides to strip away freedoms, because they think they can (because they have the goods on everyone).

          You put up your hand and shout – hey! – that’s not acceptable.

          Maybe you decide to organize and lead a protest. The protest grows and the government starts to get a bit concerned about your activities.

          That’s when a man in a suit shows up and says hey mate can we talk about your ‘activities’

          Sure you say. He then plays a tape of your greatest hits:

          There’s the one where you are moaning (you get the picture), then there’s that telcon to your mistress that got recorded, and the one where you called your wife a b%tch, and let’s not forget when you and your wife were talking about how your one kid is turning out to be a loser, how about the one where you tell your mate that your mother in law is a wicked beast.

          Now that would sure be an effective way to get you to end your little protest activities.

        • intosh
          Jan 29, 2020 at 2:54 am

          “I’m personally OK with it. I know that I am not significant enough to be spied on personally, so I don’t really care.”

          That’s the worst mindset, but unfortunately, a very common one.

          And I’m sick of explaining the obvious of why it is a terrible and dumb mindset. Suffice to say: you do not know what will happen in the future, what you (or your family) want to do or wish to do or compelled to do in the future. Just a simple example: your son might one day decide to be an investigative journalist denouncing corruption or abuse of power. I let you imagine the rest…

        • Heff
          Jan 29, 2020 at 7:41 am

          It’s not that you or anyone else is insignificant or have “nothing to hide” as many others say, It’s called privacy. I value mine and I’m sure you do to. If you don’t you can just put your email address, and password out here so everyone can go thru all your personal and professional information. Most people would cringe at that thought even though they consider themselves “insignificant”.

        • Saltcreep
          Jan 29, 2020 at 8:37 am

          Here we have a common adage, taken from the poem ‘You must not sleep!’, written in 1936 by Arnulf Øverland as a warning about the rising fascistic movements in Europe before WWII:
          ‘You must not endure so very well,
          the injustice that does not affect yourself! ‘

        • joe
          Jan 29, 2020 at 11:35 am

          So you have no assets that could be civil forfeitured? Such as cash, metals, property, vehicles?
          All you need is suspicion of a crime.

        • Zantetsu
          Jan 29, 2020 at 1:25 pm

          I find it somewhat humorous how shrill and fevered the pitch gets as people get more and more worked up when their concept of privacy is challenged. Now we’ve reached the point where people are coming very close to invoking Hitler arguments against me (see Saltcreep).

        • Saltcreep
          Jan 29, 2020 at 8:50 pm

          Errm, Zanetsu, you needn’t feel obliged to read much more into it than whatever was provided… And it is open for contestation!

          The message in the poem is likely meant more for introspection than for accusation.

        • Robert
          Jan 31, 2020 at 9:05 pm

          Maybe you’ll feel feel differently when a high-tech gang operation loots your home because some facial recognition program told them you were off on a Carnival Cruise.

    • Wisoot
      Jan 28, 2020 at 7:01 pm

      Spy tracker was the design spec back in the 50’s in defense sector. The only flaw to this design was the underpinning sensory satellite system. Who would have thought sending thousands of metallic objects into orbit and destabilising the planetary ionosphere would accentuate sun’s ray impact and heat the earth. Best kept secret.

    • p coyle
      Jan 29, 2020 at 12:08 am

      S urveillance
      Marketed
      A s
      R evolutionary
      T echnology

      hidden in plain sight.

  2. Just Some Random Guy
    Jan 28, 2020 at 11:58 am

    I kinda assumed it already did.

    I always laugh at these revelations, like OMG FB is selling my data? Whaaaaaaa? Yeah how did you think they made money dude? LOL

    These aren’t tech companies, they’re data companies.

    • Harvey Mushman
      Jan 28, 2020 at 12:27 pm

      I don’t think this is anything to laugh at. Ring devices are used for security and customers assume that their information is secure. I agree if you are a social media user, you got to know that your info is out there, but it should be different for Ring. I have been hearing the stories lately about how people’s indoor cameras video have been viewed without consent by Ring employees. This should leave a sour taste for all Ring customers.

      • Deanna Johnston Clark
        Jan 28, 2020 at 4:48 pm

        Not just Ring employees having some good laughs…people in smart houses are finding their own personal reality show online courtesy of adorable young hackers overseas.
        “How hackers use Smart houses to spy on you” CBC Marketplace
        You’re welcome…wonderful show

    • Prairies
      Jan 28, 2020 at 1:43 pm

      I just checked the Ring website, I do not see any mention of Facebook on the page other than them having a Facebook page to add to your feed.

      We can assume a lot of things, like the intentions of others. But security isn’t a measure of someone’s intent. Security is a business with access to very personal information, such a business can’t be allowed to share such valuable information and can’t be allowed to hide those acts from the consumer.

      The most sharing they advertise is among it’s app users for alerts. Like a neighbourhood watch feature, that sounds good. Last time I checked third party advertisers and data miners aren’t my neighbours though.

      It really sucks when you can’t trust anyone. Makes a guy want to get some home security, maybe I will check out Ring… /sarc

  3. unit472
    Jan 28, 2020 at 12:04 pm

    Almost 60 years ago a Sci-Fi TV show, The Outer Limits, presented an episode where a ‘Ring’ type device was acquired by our government only it was dubbed the ‘Obit’ machine. The operator was able to monitor and observe everything his target was doing.

    Naturally, things didn’t turn out well as people quickly began spying on each other and acting on what they learned from doing so. Suspicion and hatred started consuming the government agency operating the devices. In the conclusion of the story the device was the creation of aliens intent on destroying our society but the device was flawed in that the aliens could not be monitored on the Obit device which allowed the humans to detect them and defeat their sinister plot.

    • Wisoot
      Jan 28, 2020 at 6:40 pm

      Compartmentalisation of defense sector is ripe for this scenario to occur today.

  4. Anthony Aluknavich
    Jan 28, 2020 at 12:07 pm

    And to think, I almost bought one of these things!

  5. curiouscat
    Jan 28, 2020 at 12:17 pm

    It’s far worse than we think. NSA can track any of our electronics traffic, anywhere by individual. See

    https://en.m.wikipedia.org/wiki/XKeyscore

    • VintageVNvet
      Jan 28, 2020 at 12:33 pm

      correct cc: Really folks, IMHO one MUST assume that anything and everything transmitted in any venue digitally is available to NSA and all the other alphabet agencies OF THE WORLD, not just USA; to think or assume otherwise is not only naive, but just plain ignorant.
      If, for some reason, you want privacy in communication, ya got two choices: face to face out side the now prevalent ”security cameras” that can read your lips from 1,000 meters horizontally and from satellites, as well as read the words spoken inside glass windows, etc… OR, so far as I understand at the moment, USPS snail mail — with proper envelopes, etc..
      This is NOT paranoia, defined as ”unreasonable” fear. It is just common sense when many years ago the NRO bragged about being able to read a wrist watch from their sats.

      • Lulu
        Jan 28, 2020 at 3:46 pm

        If a product has “smart” in its description, you can bet that it does nothing to make you smarter. But it does for the controllers…

      • Wisoot
        Jan 28, 2020 at 6:43 pm

        Agreed the only space for a conversation with privacy is outside under tree cover with the battery removed from your mobile phone.

      • GotCollateral
        Jan 28, 2020 at 7:55 pm

        Well a 3rd option is to poison the data wells… but that’s more work (for most people anyways :P) who rather scroll through their shitter feeds with for banalities de jour

      • Julius
        Jan 28, 2020 at 11:06 pm

        Snail mail secure?

        I think not:

        Approximately 160 billion envelopes, packages and postcards were photographed by the United States Postal Service last year, reports The New York Times.

        https://www.cbsnews.com/news/report-postal-service-uses-spying-programs-similar-to-nsa/

    • fajensen
      Jan 29, 2020 at 4:35 am

      The NSA is somewhat regulated.

      The people “we” have to worry about are the various “private initiatives” and “amateurs” who are utilising the current situation where “Markets” have basically put state-level surveillance tools that the DDR’s STASI would have creamed their grey regulation underpants fantasising about, into the much safer hands of just about everyone with a credit card!

      If the burglars want to burgle your house, they can find out when to best do it from the data that the add-slingers collects. Stuff like, when the new designer furniture is bought. This happened to someone I know. Twice!

      If one wants to stalk someone then FaceBook has an interface for that!

      If one want to “bash some fascists” then the Gravatar service creates a Globally-Unique Avatar from an email address supplied to f.ex. Disquis and linking that email to other accounts gives one the address one needs (this happened in Sweden).

      If one wants to bash some gays, then “Grindr” will splooge the user data all over and then Google will kindly collect the location data for us!

      Anyone can do this. The more thinking, time and money they are willing to invest, the more they can do.

      The more “global” and “digitalised” we become, the higher the odds that something, say, I just do in the way of normal life will attract an adverse response from someone else looking to take offence (or to steal, kidnap, extort or whatever is their pleasure).

      The NSA is not even a threat in comparison to putting sharp and effective tools into the hands of all the crooks, nutters and crazies on the planet!

      This *has to be* regulated!

    • Kent
      Jan 29, 2020 at 6:37 am

      How else could the Deep State work? Want to run for Congress? NSA shows up and says “unless you vote to increase funding for x, we’ll be releasing this data to the press…” FBI actually had to work hard at this in Hoover’s day. Now we give it up for free.

    • WSKJ
      Jan 29, 2020 at 2:37 pm

      Thanks for the link, curiouscat.

      And, as well, the query “Utah Data Center” at Wikipedia gives a photo of the storage facility where the federal government stores all electronic communication data.

      Oh, but here’s the good news:

      as I went back and forth from Wolfstreet and Wikipedia, I got the reassuring dropdown notification that Safari gives me an encrypted connection (AND with a digital certificate, no less) to Wolfstreet.

      Guess it’s all about fighting terrorism, anyway, so it’s all OK then, SARC.

  6. JoAnn Leichliter
    Jan 28, 2020 at 12:23 pm

    Technology is not your friend. It is, at best, a treacherous servant.

  7. 2banana
    Jan 28, 2020 at 12:27 pm

    The bottom line.

    The more “internet” linked products you have in your life and home…the more you will be spied upon and the more of your data will be sold.

    You will be bribed to do this with a few trinkets. Anyone seeing the new car insurance apps that track your driving for a small discount?

    It is all voluntarily at this point in time.

    Refuse to play the game as much as possible.

    • MB732
      Jan 28, 2020 at 12:47 pm

      It’s not voluntary at this point. If you opt in, you pay less. Therefore, if you opt out, you are paying more. If 90 percent opt out, you don’t pay much more. But what happens when 90 percent opt in and you resist?

      • Michael Fiorillo
        Jan 28, 2020 at 1:15 pm

        “But what happens when 90% opt-in and you resist?”

        That’s when you’ll see everywhere the kind of disparities (100% and more, and rising) between highway and bridge tolls paid via E-Z Pass, versus cash.

        Then again, given widespread camera use and computerized license plate identification, cash provides no privacy premium on the road, so what then?

    • raxadian
      Jan 28, 2020 at 4:15 pm

      I don’t use my bank app, it has not been updated since 2017. Same for their online services, is just too risky

    • Zantetsu
      Jan 28, 2020 at 5:52 pm

      I don’t mind being “spied upon” if I get cheaper products or better services out of it. If I was famous I would care about people using my info for purposes that hurt me, but since I am not, I do not have the personal hubris to believe that my data means anything to anyone, except that it allows advertisers to advertise to me more specifically. I ignore most ads anyway, so again, don’t care.

      • Wisoot
        Jan 28, 2020 at 6:54 pm

        Dont care – blissful willful ignorance – rose tinted glasses – that way you wont notice when your civil liberties are removed. Civilisation died and you didnt notice or care. The act of being civil. Spying tracking is tantamount to being a hunted animal. At least animals know who their predators are – if they learn from their parents and elder pack wisdom. Corporations get to choose who gets suicided when how and who, no warning, no rulebook, just predation.

      • Wisdom Seeker
        Jan 28, 2020 at 7:06 pm

        Zantetsu, your data gets used against you in far more ways than just “advertising”. The entire matrix of information that you see online is tuned to a digital profile that each major data corporation has created just for you. Search results and news sources are filtered to appeal to your brain. Product _prices_ (not just advertisements) are honed based on your shopping habits.

        As I said in the previous thread, you live in a predatory world, where those with economic power exploit everyone else as much as they can. Economic parasites are siphoning off as much of your output as they can get away with, as much as you let them.

        Is a search engine “good” if it only shows you what you want to see, and not the whole picture? Is a newspaper “good” if it only shows you what the media owners and their advertisers know you want to see, rather than ALL the news?

        You should be concerned because a significant fraction of “people using your info” ARE using it “for purposes that hurt you”.

        • Zantetsu
          Jan 28, 2020 at 9:42 pm

          Hi Wisdom Seeker, I know how to use private browsing if I feel the need to. Problem solved in one sentence?

        • Jos Oskam
          Jan 29, 2020 at 4:25 am

          @Zantetsu
          You do your “private” browsing through an IP address. Nothing private about it.

          Have you read “1984” by George Orwell? If not, please do. If you have, I fear all hope is lost.

        • Zantetsu
          Jan 29, 2020 at 1:27 pm

          If I really cared, Jos, I would use IP obfuscation services. I know how this stuff works. I know so well in fact that I know very well what to worry about and what not to worry about.

      • farang
        Jan 31, 2020 at 12:13 am

        Sure, I understand, and if for some reason you decided something in your life was actually important, such as protecting your children from “Tranny Storytime”, you wouldn’t care if that labeled you a “suspicious person” in some government agency and you started being followed, denied access, computer hacked senseless.

        Because you aren’t “important.”

  8. Iamafan
    Jan 28, 2020 at 12:28 pm

    To assume that Ring is your only IOT, or your phone, tablet, laptop, Alexa, Smart TV, etc. is not sending anything that affects your privacy to someone else is crazy.

    I’ve had a Ring since it was sold and before Amazon bought it. I bought the Ver 2 during the last super sale. Haven’t installed it yet. I don’t rely on Ring for anything other than being a doorbell. Why? Because I preferred to use Samsung SmartThings devices to monitor the rest of my house and property.

    I want to monitor my doors, driveways, garage doors, etc. Not only do I have the sensors but I have dozens of cameras pointed to what I want to see. I don’t turn on lights in my large 3 level home. Almost all of that are automated and turn on movement. In addition, I talk to Alexa all the time because it has a SmartThings skill.

    Before, I go to bed, I look at each of my cameras to make sure doors are closed and locked. When my kids come home, their presence is announced and all movements are logged. I divided my whole house in zones. Even the outside is monitored and filmed with outdoor cameras.

    When I am overseas, I get notifications. I’ve had these for years, and in my opinion, they have improved my security. Go ahead, you’re free to live the life you want.

    • Harrold
      Jan 28, 2020 at 12:34 pm

      Whats happens when the power goes out?

      • Iamafan
        Jan 28, 2020 at 2:46 pm

        Battery and backup generator.

    • Seneca's cliff
      Jan 28, 2020 at 12:58 pm

      “…most men and women will grow up to love their servitude and will never dream of revolution.”
      ― Aldous Huxley, Brave New World

      • Willy Winky
        Jan 29, 2020 at 12:19 am

        Great quote. And if they dare dream the regime will threaten to release video of them enjoying themselves watching porn.

        We deserve exactly what we get because so many have failed to care about freedom.

        On the bright side, the shit show will end before we get to see what it’s like to live in China.

        Alexa …. Alexa???? Hello, Alexa… the grocery store is closed where can I get food?

    • Zantetsu
      Jan 28, 2020 at 6:01 pm

      I don’t lock my car and have no devices to monitor my person or property (except that done by google or Alexa or whatever other devices I use that gather information for their own purposes), and I don’t usually lock my apartment door if I’m going to be gone for a short time. I am not worried about my personal security nor am I worried about my precious bodily fluids being corrupted. But then, I live in Sunnyvale, CA, which is known to be pretty safe.

      • Mean Chicken
        Jan 28, 2020 at 6:26 pm

        I didn’t lock my door in San Jose either, until someone came into my home sometime during the night and stole from me. I had never locked my door at night anywhere I’d lived, up until that point.

        Now, I do.

        • Zantetsu
          Jan 28, 2020 at 9:46 pm

          The worst thing that has happened to me is someone sat in my car for a while (the cigarette ashes left on the steering column were a giveaway – I don’t smoke) and stole the petty change from my change drawer. I think I lost about $2. If that’s the worst I can expect from 10 years of not locking my car, I can live with it.

          I feel that if someone wanted to break into my apartment, they would, whether my door was locked or not. But I do lock it if I leave for any significant length of time.

          I am not trying to tell everyone else what they should or shouldn’t do. Just some counter points to people who suggest that we should all be as paranoid and untrusting of one another as possible, full-on, 24 hours a day. I prefer living with my view of the world, it makes me feel that the world is basically a good place, and I enjoy being proven true year after year …

      • Jan 28, 2020 at 7:47 pm

        Zantetsu,

        You’re probably better off not locking your car. This way, thieves don’t have to break your window ($100 to fix, plus huge mess with shards of glass everywhere inside). Just put a note on the window, saying: “Door is open, please don’t break anything. Last guy stole my last dime. Nothing left.”

        • fajensen
          Jan 29, 2020 at 2:14 am

          Heh. Living in England some 15 years ago, one would have a fixture fixed with magnets to go over the radio which simulated a bunch of wiring from where the radio used to be! Or one would have a hole with a bunch of wiring where the radio used to be!!

          They would nick radios for the same reason and in a similar time that a dog pees on a lamppost!

    • Paulo
      Jan 28, 2020 at 7:08 pm

      I know a guy like that. He has 5 game cameras around his property to see if anyone has come around. As for the internet, he seldom uses it because he is afraid his use is monitored. His computer is always turned off. Using ring is the same thing, except for the acceptance of being spied upon.

      This is what is absolutely hilarious about ring and other surveillance devices. Who. Are. You. Going. To. Call? The police? They can barely make it out to serious crime scenes. Some vigilante group?

      Whatever……

    • Robert
      Jan 31, 2020 at 9:25 pm

      Why buy Ring for a doorbell when you could just buy a doorbell?(When I was a kid my house has a mechanical ringer that you just turned)

  9. Ron
    Jan 28, 2020 at 12:39 pm

    We purchased a newly build home from Lennar in Sacramento which comes with Amazon Ruckus wireless router when activated links your smart appliances and the front door Ring camera.
    We opted not to activate the unit since we were aware that 3rd parties would be getting information and we didn’t see the Ring App as providing any more security then a common door hole. This setup is common in new homes throughout Sacramento and my guess nationally. It also required a significant effort on our part to register for a variety of apps and software that the unit required which seemed unnecessary given our lack of interest. The Ring doorbell works only as a doorbell now but many of our neighbors have activated the unit under the security sales pitch which seems to be its biggest sales point.

    • Iamafan
      Jan 28, 2020 at 2:53 pm

      You understand you need to pay 30 bucks a year to be spied on by Ring, right? Then you have to live with the Neighborhood Alert BS. You did the right thing, limit Ring to be a glorified door bell. There are better cameras, sensors, and alarms out there. Most important is the right to be armed and defend oneself and to get a permit to carry.

      • Lisa_Hooker
        Jan 29, 2020 at 6:25 pm

        A permit is not worth the co$t and effort when it is invalid when used with public transport, public buildings, public gatherings, establishments serving alcohol and sundry other locations prohibited by law. Discretion is the better part of valor.

  10. Brant Lee
    Jan 28, 2020 at 1:02 pm

    You could give the government a little slack twenty years ago for being behind the tech curve regulation, but to this day, nothing has been done stopping these companies from collecting private info. Can you imagine the next twenty years with AI crawling into our lives? Watch out your bedroom antics, yourself and spouse coming to pornhub soon.

    • Robert
      Jan 31, 2020 at 9:32 pm

      Oh, that is great Brant!- I never thought to ask whether my new mattress had wireless and built-in apps (much less my toilet- I understand the CIA used to capture Kruschev and Breshnev’s poop to analyze their health status- for all I know Jeff Bezos may have the poop on me already)

  11. polecat
    Jan 28, 2020 at 1:08 pm

    A Limrick for Monkeywrenchers

    RING around the nosies
    Packet full of scoldies
    Crash it Crash it
    It ALL Shuts Down !

  12. Michael Fiorillo
    Jan 28, 2020 at 1:29 pm

    This comment may just reveal my tech ignorance, but if surveillance capitalism is increasingly inescapable, then perhaps one response (aside from the most important ones, however unlikely, which are strict privacy and anti-monopoly legislation) by individuals could be to “contaminate the data,” by introducing false inputs.

    If you normally listen to rock and hip-hop, tell Alexa to play some Mozart, followed by the Red Army Chorus, followed by Rosemary Clooney… Anything that misdirects the surveillance machine is a defense of privacy, however slight.

    • Wisoot
      Jan 28, 2020 at 7:12 pm

      AI is logical. Humans are illogical. It is our strength and best defense.

      • polecat
        Jan 29, 2020 at 12:19 am

        Worked against NORMAN#1. Harcourt Fenton Mudd would be glad to give you a testimonial.
        ‘;]

    • Lisa_Hooker
      Jan 29, 2020 at 6:29 pm

      Talk radio can be a wonderful companion for Alexa. Music is too easy to identify and ignore.

  13. BenX
    Jan 28, 2020 at 1:33 pm

    Does anyone doubt that the phones you carry send far more data to far more 3rd parties with far greater personal data? The problem isn’t the device, it’s that we need laws to protect our privacy. They slurp because we allow them to.

  14. Xabier
    Jan 28, 2020 at 1:50 pm

    In the ancient Iranian legend, Shah Jamshid acquired a magical mirror which showed him everything that was going on in the world, no matter how far away.

    He became rich, arrogant and corrupt.

    Hated by his oppressed and enslaved subjects, he was overthrown……..

    • Zantetsu
      Jan 28, 2020 at 9:49 pm

      But couldn’t he could see them coming?

      • Xabier
        Jan 29, 2020 at 4:58 am

        Good question. Didn’t do him any good: Fate……. :)

      • Adammu
        Jan 29, 2020 at 2:50 pm

        Wolf this is incredible analysis. You are a polymath!

      • LB
        Jan 30, 2020 at 11:40 pm

        He was unable to monitor and read their thoughts.

    • Deanna Johnston Clark
      Jan 29, 2020 at 10:53 am

      I love the Burns and Allen show version…George had a personal tv that showed every one he knew and what they were up to.
      Didn’t think the 50s were so avant garde, did ya?

  15. c1ue
    Jan 28, 2020 at 2:09 pm

    Mixpanel is a product management service – they gather user behavior to understand why products are or are not used.
    Note that what Mixpanel does is enable a capability which otherwise would be built into the code itself.
    The facebook bits are probably similar – using Facebook SSO or other technology in order to gather data for user analytics.
    No idea if they also resell data, but their presence itself is not a red flag.
    Branch.io and Crashalytics are also user analytics services.
    The use of this data gathering itself is likely not intended to be privacy invading; the problem is that the data can easily be used in that way.
    So the question is what Ring and/or these service providers do with the data besides its intended use case.

  16. A
    Jan 28, 2020 at 2:44 pm

    Every app has mixpanel and either Google/FB trackers. If you opened up any app on your phone this is all being tracked. Every tech company is exploiting you and your data since there’s no regulations to compensate you it.

  17. DR DOOM
    Jan 28, 2020 at 3:19 pm

    Humans willingly will hand over anything when it is about them in the context of a first person conversation. Humans conflate the false intimacy of control of operating the device as equal to being a first person private event without a device. The device is a multiple of persons . You would not buy a bulldozer with the intent to operate it until after serious thought about learning how to operate it and the un -intended consequences if you attempted to operate it without knowing. The Bulldozer is however is (not normally) an object of our normal and ever present narcissistic behavior . The device called a smart phone would proabaly be viewed by Sigmund Freud in the term of a sexual experience instead of communication. Old Sig would drool when observing the female first experience of fondling the smooth firm powerful and intriguing topography of the I phone 13 . We all know that the best intelligence is gathered post sex during “pillow Talk” . Psssst, your lover is talking about you behind your back,be careful.

    • Brant Lee
      Jan 28, 2020 at 3:36 pm

      Oh Gosh, buying a backhoe (not a bulldozer) was the best thing I ever did for myself. But you are right, fortunately, I had a few acres to learn in or I would have run over anything in the way.
      However, I stay in the dark about most tech and what is happening behind the scenes. The Chinese and Russians probably know much more about myself than I do.

    • Mean Chicken
      Jan 28, 2020 at 6:17 pm

      “The device called a smart phone would proabaly be viewed by Sigmund Freud in the term of a sexual experience instead of communication.”

      Perhaps this explains why the battery needs charging more often than anticipated.

  18. Willy Winky
    Jan 28, 2020 at 3:38 pm

    Wolf – off topic but Hong Kong has ordered all public employees to work from home – and urged private employers to do the same with all staff.

    Hong Kong is much more important than Greece or Lehman. It’s economy is in tatters and in deep recession.

    Tourists have been staying away from HK due to the protests but this latest blow will mean nobody travels to Hong Kong. Hotels, restaurants, retail, you name – will get hammered even harder.

    This will suck the life out of the HK economy and call into question the viability of HSBC and other major corporations

    I was thinking that this rather grim announcement would result in a big move down in global markets yesterday, and that your short would have benefited from this.

    But nope. Markets ignored this and moved higher.

    Plunge Protection teams hard at work?

    Nothing makes sense.

    • Wisoot
      Jan 28, 2020 at 7:17 pm

      You are ahead of the curve, maintain your position and the world will catch you up.

  19. Mean Chicken
    Jan 28, 2020 at 4:24 pm

    It seems Facebook posses all the characteristics of a mutating multi-virus capable of, among other things, jumping from specie to specie and influencing political elections.

    Would a VPN immunize your household?

    • c1ue
      Jan 28, 2020 at 5:35 pm

      No, because VPN only protects data in transit.
      Apps that you install on your own phone – they are collecting data and acting as you.

    • gunther
      Jan 31, 2020 at 11:02 am

      Start by un-googling your android phone.
      Root it, get rid of play services, put in a firewall and ad blicking and so on.
      Use as much free and open source apps and get the rest from mirror sites since there is no play store in rhis setup.
      That limits tracking and advertising.

  20. Javert Chip
    Jan 28, 2020 at 6:16 pm

    Well, this is what you get for free stuff that’s really paid by advertising.

    Advertiser ethics are…not well developed…these are the people proudly selling cigarets & beer to your underage kids.

  21. David Hall
    Jan 28, 2020 at 7:03 pm

    Browser tracking cookies might spy on your web surfing habits to allow advertisers to target you with ads.

  22. Wisoot
    Jan 28, 2020 at 7:27 pm

    Trusted certification authentication can be mimicked easily by seasoned hackers. As another commenter mentioned once data is out there its ripe for the pickings.

    As for sensors on the mobile phone, ask yourself why on the day you purchased your first mob fone you were not told about the full capability of the phone including sensory info.

  23. Dynamo
    Jan 28, 2020 at 9:31 pm

    This analysis is missing the most important part: all this information and more is also packaged and sent to the mothership, ie the Ring or its parent Amazon. From there, nothing is stopping them from reselling it without any consent or interference, a true black hole.

  24. DanS86
    Jan 29, 2020 at 7:49 am

    Walk around with your photo id pasted to your forehead.

  25. Thomas Roberts
    Jan 29, 2020 at 7:55 am

    What also sucks,

    Is that when you buy most smart devices, the manufacturers can drop support for them at any time. Even though you paid for it, they are often designed so that after support is dropped, the device permanently loses much or all of its functionality. So that you gotta buy a new one.

    I bet though, even after support is dropped, the smartphone app used to control/set it up and sometimes the device itself continues to spy on you.

  26. Rich
    Jan 29, 2020 at 11:08 am

    Thanks for this important article. Many of my friends use Ring. Not me. I bought a Nest thermostat but I didnt register it nor connect it to the internet to get my 100$ rebate because of privacy concerns and also the provincial electrical utility said that they could turn-off your utility if there was an electric shortage. Im giving up all of this for 100$ !!!

  27. Double D
    Jan 29, 2020 at 11:57 am

    To me the shocking reality is there is no regulation to keep this stuff from happening. Pretty alarming really. I knew Facebook, Google & others spy but I had no idea of the magnitude with products like Ring. In fact we just signed up for the $30 yearly plan to have the video recordings saved & available. We figured it was cheap insurance in the event something does happen & we need to retrieve the data. I should have known it’s all a scam to steal our privacy. So now I worry about getting rid of the Ring product while my Iphone serves a more diabolical purpose. I used to think all this technology was making our lives safer & more convenient, when in reality it’s just the opposite.

  28. Mary
    Jan 29, 2020 at 12:51 pm

    Depending on where it is installed, can a Ring device spy on one’s neighbors? I live in a townhouse complex arranged in a rough oval. Many residents are installing Ring so that the device either faces our common circular walkway or faces the next door neighbor’s front porch.

  29. Unamused
    Jan 29, 2020 at 7:40 pm

    How easily the slaves have learned to love their chains.

  30. Sandy Toes
    Jan 29, 2020 at 7:41 pm

    My thanks to Mr Budington for writing this article and to Wolf for publishing it.

    Count me as one of the many Ring customers that trusted their claims of privacy, and bought 2 Ring Pro models. We liked how it operated & even shared with neighbors and friends.

    However, their underhanded invasion of our privacy is intolerable.

    We will remove our Rings shortly unless we find a way to eliminate/disconnect/mitigate their actions. We already began to share this article with friends & neighbors.

    I hope that Amazon takes action to restore trust in this product.

    In the meantime, I would really appreciate specific guidance to eliminate or mitigate Ring’s invasive actions.

    Thank you

  31. Mike
    Jan 29, 2020 at 10:12 pm

    Transmitting data to Facebook? Nonsense. Mark Zuckerberg under oath promised they never did and would never do such a thing without the explicit permission of the user. Why would he lie?

    :)

Comments are closed.