| ▲ | m348e912 7 hours ago |
| I know Ring is getting a bad rap for enabling state level surveillance, but the Ring app offers an option to enable end-to-end encryption between the camera and your phone. The stored video is encrypted with key generated on your phone. You have to be physically close to the camera in order to share the key and complete the set-up. Once encrypted, the video can't be analyzed by AI or used in a broad surveillance effort. It's entirely possible that the encryption keys have a backdoor, but I doubt it. Although there is no way to verify. |
|
| ▲ | sillywabbit 7 hours ago | parent | next [-] |
| End-to-end encryption only means something if you trust the endpoints. |
| |
|
| ▲ | drnick1 an hour ago | parent | prev | next [-] |
| Who has the keys of the encryption algorithm? |
|
| ▲ | ivan_gammel 7 hours ago | parent | prev | next [-] |
| When national interests require that, it can get a firmware update which sends a copy of data to comrades in U.S. Ministerium für Staatssicherheit even before that e2e encrypted copy reaches your phone. |
| |
|
| ▲ | SV_BubbleTime 6 hours ago | parent | prev [-] |
| >enable end-to-end encryption between the camera and your phone. So… exactly not the part I care about? Cool, it’s encrypted on transit to me… now what about at rest with them? Is it encrypted and they absolutely can not view or hand that footage to police/gov? No. |
| |
| ▲ | m348e912 6 hours ago | parent [-] | | > Cool, it’s encrypted on transit to me… now what about at rest with them? Is it encrypted and they absolutely can not view or hand that footage to police/gov? No. Technically yes, e2e encryption means video hosted on their servers is only viewable by devices with decryption keys. So if the police/gov brought a subpoena to request the video, Ring could only offer them the encrypted video. They would have to take possession of your phone and gain access in order to decrypt and view the video. In this case the "ends" in the e2e encryption is the camera and your phone. | | |
| ▲ | Galanwe 3 hours ago | parent | next [-] | | I used to work for a well known communication app, the kind everyone here used. Couple things I learnt about "end to end encryption": - You can call your service e2e encrypted even if every client has the same key bundled into the binary, and rotate it from time to time when it's reversed. - You can call your service e2e encrypted even if you have a server that stores and pushes client keys. That is how you could access your message history on multiple devices. - You can call your service e2e encrypted and just retrieve or push client keys at will whenever you get a government request. | |
| ▲ | SV_BubbleTime 2 hours ago | parent | prev [-] | | We already 100% know this is misleading though. Amazon has access to your ring footage. They are acknowledging that the end to end TRANSIT is encrypted. They are not encrypting from themselves at rest. |
|
|
