News has emerged that consumers who use Amazon's Ring smart home security cameras may be inadvertently exposing themselves to Ukrainian developers.
Ring doorbells are supposed to offer people security and convenience. The smart-home devices are equipped with 720p HD video, a two-way talk feature, a motion detector, and, an active WiFi connection.
These features permit consumers to watch over their homes remotely, even using the talk feature to ward off unwanted visitors. What Amazon Ring camera owners may not realize, however, is that their footage may also have been accessed by employees working at a software development lab in Ukraine.
Terrifying privacy practices
Amazon markets its range of miniature cameras as a way of creating a virtual security force field for any home. The cameras, which can be purchased not only in the form of a doorbell - but also as miniature cameras that can be placed around the home - are touted as the height of home security. They permit consumers to oversee what is happening inside and outside their home in real time via the internet.
Now, whistleblowers with inside knowledge of the firm’s practices have come forward to reveal that the 2016 Ring allegedly gave a Ukraine-based research and development team complete access to cloud storage containing every video feed for every Ring camera in the world. A year later, Ring was acquired by Amazon for $853 million.
Example of an Amazon Ring advert
An article published by The Information, alleges that the Ukrainian team was provided access to everybody’s videos by a senior Ring member of staff called Jamie Siminoff. According to former ring employees, Siminoff wanted the team in Kiev to develop facial recognition systems for ring cameras that would permit them to tell when strangers approached the door.
A senior computer vision engineer called Jason Mitura expressed concerns that inexperienced developers were being given access to sensitive consumer video feeds. Allegedly, Mitura expressed concerns that the information could fall into the wrong hands - potentially allowing criminals to access information that divulged when people were away from their homes.
Facial recognition trumps security
According to the Ukrainian whistleblowers that have come forward, Siminoff decided to ignore Mitura’s privacy warnings. Reasoning that it would be much easier to train AI algorithms to complete facial recognition tasks if they were given access to large amounts of video containing a number of individual faces. This suggests that Ring customers likely had their privacy invaded by engineers in Ukraine.
What’s more, according to former Ring employees the firm refused to encrypt the data it held on its servers meaning the videos were all easily identifiable and could be traced back to individual customers. This means that all the video feeds produced by Ring cameras could, potentially, have been accessed by hackers.
As if that wasn’t enough, allegations have emerged that senior Ring staff in the US were given access to the company’s technical support video portal. That portal provided staff with access to live video feeds for any customer, with the need for just an email address. In theory, this means staff could easily have been snooping on random customer’s homes - or worst still looking up those they held a personal interest in.
Research still ongoing
Although Ring has quickly come forward to deny allegations that employees have ever had access to live video feeds, research at Ring Labs in Ukraine is ongoing.
It's clear that Ring cameras have vastly improved their ability to recognize people. A few years ago, large numbers of Ring customers complained that their Ring device had given them a false security warning. According to those consumers, Ring doorbells would often give false positives when a cat moved past the camera or a car drove past their home. The number of false positives appears to have reduced in recent years - meaning that something has improved Ring's systems.
An image leaked from an internal Ring document reveals how the cameras are being trained to differentiate between different types of objects.
Furthermore, recent Linkedin adverts appear to prove that the project is still active. Adverts have been spotted looking for data operators that must be able to “recognize and tag all moving objects in a video correctly with high accuracy.”
Inadequate privacy policies
“You may choose to use additional functionality in your Ring product that, through video data from your device, can recognize facial characteristics of familiar visitors.”
Unfortunately, the policy makes no mention of the human operators working behind the scenes to develop and improve those facial recognition systems. This might just be an oversight, but anybody with a Ring camera will now be aware of the possibility that their video footage is being watched by strangers in a lab in Ukraine.
A VPN will not be able to help with this issue, however, it a great tool for keep your data secure online. For more information about how a VPN can help and a list of the best services, take a look at best VPN page.