this post was submitted on 09 Sep 2023
783 points (99.1% liked)
Technology
59402 readers
3123 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
It is a bad idea. On one hand, we have the mean to make them quite secure. There is no such thing as an unbreakable encryption, but with proper key management and using decent enough algorithms we can totally do something that puts your camera out of reach of most thing that are not nation-scale organisations. On the other hand, it's mildly more inconvenient than "installing an app and entering your email", as it might require stuff like doing a tiny little bit of setting up.
So, the unsecure/"trust the service" way it is.
What's the alternative to putting them on the pUbLic InTeRnEt? I pay my ISP $2000 per month for my own private commercial circuit? It's not a bad idea because there is no reasonable alternative. Risk mitigation is the key, as you seem to be aware.
There's certainly a middle ground between IOT cameras sending a constant stream out to an internet server and a completely private circuit.
First, let's put the NVR inside the network so that we aren't constantly broadcasting to the internet.
Then let's not allow direct access to the cameras from the internet. Instead, we connect to the NVR via a VPN.
You keep control of all the recording and storage infrastructure, and you don't place your trust in these corporations that have been found over and over again to be lying or overstating their security stance.
It's a bad idea because of the de-facto "requirement" that people want everything available everywhere with zero setup, causing cheap, completely insecure solution to become the norm. Just don't use "cloud-based, app-enabled zero-config ultra easy trust me bro I know what I'm doing" camera and get proper stuff that allows you to control what goes where and use decent encryption.