If you buy the camera, plug it in, and forget to set it up, you just flat out can't use it right? I agree that proof of presence is way better but how many people are seriously going to be affected?

▲

bri3d a day ago | parent [-]

No, if you buy the camera, plug it in, and forget to set it up, then someone can use the default password and key material stored in the app to pretend to be the app and provision it on your behalf.

That's the only real vulnerability here, and it's no big deal, but it is A Thing and there is definitely a better way to do this that doesn't lose the freedom of full-offline.

	▲	2rsf 10 hours ago \| parent \| next [-]
		There could be another scenario. I assume that factory resetting the camera will bring back the default password. Factory reset is a long press on the power button (in some cheap TPlink camera), so in theory someone with physical access can take control over the camera without you noticing until you try and use it.
	▲	some_random a day ago \| parent \| prev [-]
		Ok yeah I think we're in agreement then.