Opinions on Cloud based video surveillance systems ?

wittaj

IPCT Contributor
Joined
Apr 28, 2019
Messages
24,450
Reaction score
47,588
Location
USA
Check out what Ring just added....

View attachment 155453
Ring doing more Ring things LOL.

Many of us here wouldn't use it, but for many that use Alexa, they had a cool feature that could listen for glass breaking and could trigger your Ring Alarm. It used to be free, but at some point it then moved to the $20/month Ring Protect Plan for it to work.

Well now they pulled it from that:

Beginning October 21, 2023, Alexa Guard Plus will transition to Alexa Emergency Assist, a new personal and family safety service. As part of this transition, we are removing Guard Plus from Ring Protect Plan subscriptions. Alexa Emergency Assist will not be included in Ring Protect Plan subscriptions.

So now if you want this feature, you will have to subscribe to Alexa Emergency Assist, that comes with a $5.99/month subscription.
 

Salcamo

n3wb
Joined
Dec 16, 2023
Messages
5
Reaction score
0
Location
USA
Absolutely no-no!

From reliability at the mercy of internet, to security and privacy. Bandwidth with large installations and high res cameras is also a limit. My recorder runs couple hundreds Mb/sec on 1000 interface, not something to keep internet constantly hot.

Not just internet/cloud based: all my installations are gray network (sub-net), with no internet access. I run my own NTP. If any operational issues without internet - device returned to seller.
I've encountered some cameras that can only be setup through app and mother-ship connection over internet. Those are immediately packed and returned to the seller, no exceptions. Only ONVIF/NetIP/XM are allowed and only with local web/NVR interface.
Moreover: No WiFi, only structurally secured wired connections are allowed.
And lastly: any camera that can be relatively easily accessed must be Analog HD and not IP, to prevent access to network. I guess it can also be achieved with IP cameras + managed router, but IMHO AHD in these situations just simpler and more secure, and no delay for live monitoring.

Security cannot be cloud based. it can be used as backup, live or automated, but it cannot be cloud based, this would be just illogical.

Ring and such are not secirity system, CCTV, but religion of incompetent consumers believing that it is. Complication here is occasional accidental apparent proof that it is, with lack of reliability and privacy being ignored. But many do not care about it.
 

spuls

Getting the hang of it
Joined
May 16, 2020
Messages
89
Reaction score
68
Location
at
if you use any public messenger like telegram, pushover,.. you´re in a similar situation. At that moment you relinquish control over the content.
 

fenderman

Staff member
Joined
Mar 9, 2014
Messages
36,897
Reaction score
21,250
if you use any public messenger like telegram, pushover,.. you´re in a similar situation. At that moment you relinquish control over the content.
How are those services similar in any way to cloud based surveillance systems? The issue here is not control over content.

Regardless those services are encrypted. If you dont trust the services then you might as well give up using the internet and email..
 

spuls

Getting the hang of it
Joined
May 16, 2020
Messages
89
Reaction score
68
Location
at
How are those services similar in any way to cloud based surveillance systems? The issue here is not control over content.
The typical cloud-based nvr user doesn't care about control, otherwise no that stuff wouldn't sell. But when it comes to content, everyone has a problem when it ends up with strangers. Almost every second incident concerns the camera's push/notification function. Like this actual issue with NetAtmo , the have a similar issue like ubnt: Unerwünschte Einblicke: Fataler Fehler bei Netatmo-Sicherheitskameras (in german).


Regardless those services are encrypted. If you dont trust the services then you might as well give up using the internet and email..
Sure, these services have a simple transport encryption for the traffic and call it "end2end ecrypted". If the cloud service screws up, the wrong recipient gets the data and is able to read it. Similar things can happen if your mobile provider screw up (sim swapping,..). And of course there is no question that the risk is much greater with cloud nvr's. The risk of a privacy disaster is far greater with these cloud nvr solutions than the manageable risk of a few messenger notifications reaching the wrong recipient.

In the end, everyone should always be aware - shit happens. If you use any nvr cloud connectors, cloud based nvr's or even messenger services, there is a residual risk that the data gets into the wrong hands. In my opinion, there is nothing to be said against using telegram/pushover/whatever. If sombody has privacy concerns, simply deactivate the notifications for "private" areas when you are present. This is quite easy to configure, especially with BI. Some already play around with a privacy filter in frigate and blur naked body´s down the head or send the notification without picture if they detect a naked person.
 

fenderman

Staff member
Joined
Mar 9, 2014
Messages
36,897
Reaction score
21,250
The typical cloud-based nvr user doesn't care about control, otherwise no that stuff wouldn't sell. But when it comes to content, everyone has a problem when it ends up with strangers. Almost every second incident concerns the camera's push/notification function. Like this actual issue with NetAtmo , the have a similar issue like ubnt: Unerwünschte Einblicke: Fataler Fehler bei Netatmo-Sicherheitskameras (in german).




Sure, these services have a simple transport encryption for the traffic and call it "end2end ecrypted". If the cloud service screws up, the wrong recipient gets the data and is able to read it. Similar things can happen if your mobile provider screw up (sim swapping,..). And of course there is no question that the risk is much greater with cloud nvr's. The risk of a privacy disaster is far greater with these cloud nvr solutions than the manageable risk of a few messenger notifications reaching the wrong recipient.

In the end, everyone should always be aware - shit happens. If you use any nvr cloud connectors, cloud based nvr's or even messenger services, there is a residual risk that the data gets into the wrong hands. In my opinion, there is nothing to be said against using telegram/pushover/whatever. If sombody has privacy concerns, simply deactivate the notifications for "private" areas when you are present. This is quite easy to configure, especially with BI. Some already play around with a privacy filter in frigate and blur naked body´s down the head or send the notification without picture if they detect a naked person.
There has never been a reported incident where telegram or pushover sent the data to the wrong account....
There's always an extreme possibility which can only be prevented by not connecting your system to the internet which is insane....
The point that people are simply making is that it completely cloud-based system is nuts....
More importantly this entire thread was started by a spammer who works for eagle eye a cloud-based the service...
 

Teken

Known around here
Joined
Aug 11, 2020
Messages
1,521
Reaction score
2,747
Location
Canada
At the end of the day, the growing trend is people like easy. It simply affirms the public will sacrifice their privacy for convenience. The only thing to do on this forum and many more is to highlight the negative impact in doing so.
 

The Automation Guy

Known around here
Joined
Feb 7, 2019
Messages
1,377
Reaction score
2,738
Location
USA
if you use any public messenger like telegram, pushover,.. you´re in a similar situation. At that moment you relinquish control over the content.
Not the same at all....

If your internet connection or the actual cloud server goes down in a "cloud based" CCTV system, everything stops. There is no live footage being recorded/archived, no way to review previously archived footage (either while on the locally network or remotely), and no alerts/notifications. I don't have the ability to "fix" the cloud server either, so the length of any outage is completely out of my hands.

On the other hand, I use BI and if my internet connection goes down or the "pushover/telegram" systems goes down, I still am recording live footage and I can still review any archived footage from my local network. If the internet goes down, I won't be able to view my system remotely until the connection is restored, but everything that was recorded during the outage will be available remotely the moment the connection is restored. If the internet or Pushover/Telegram. etc goes down, I won't get any custom alerts I've set up through those services during the outage.

If you think the outcomes/long term effects in those two situations are equally detrimental, then you don't actually need a CCTV system in the first place.

EDIT - I read your responses and it seems you are worried about the information getting into the wrong hands if you use any sort of "cloud" service and it is "hacked."

Again, the two systems/situations are not even remotely equal.......

If a cloud based DVR system gets hacked, that person has EVERYTHING. Every recorded image and second of footage from every camera attached to that system - whether those cameras were set up to send out alerts or not. They are likely able to view live footage anytime they want, make changes to the camera settings, and delete/modify archived footage, etc. In a worst case situation, they even could use the live access to the local cameras to perpetuate a larger hack on my local network. Honestly it wouldn't take much to install a "firmware update" that was modified to include nefarious programming that could be used as the launching point for a larger hack.

If telegram/pushover/etc service gets hacked, that person has a single image/frame that was sent out only on a triggered alert and only on the cameras that I set up to send those types of notifications. They cannot view my cameras live or review/modify archived footage and they have no access/control over my camera system and/or local network. That is a VERY different situation/outcome. Plus, there is no requirement that you use pushover/telegram/etc at all. If you are super hyper sensitive to these types of risks, you don't need to send out alerts using those systems. It's completely optional, where as using a cloud based camera system REQUIRES the use of those cloud services.
 
Last edited:

TonyR

IPCT Contributor
Joined
Jul 15, 2014
Messages
16,458
Reaction score
38,187
Location
Alabama

spuls

Getting the hang of it
Joined
May 16, 2020
Messages
89
Reaction score
68
Location
at
Not the same at all....

If your internet connection or the actual cloud server goes down in a "cloud based" CCTV system, everything stops. There is no live footage being recorded/archived, no way to review previously archived footage (either while on the locally network or remotely), and no alerts/notifications. I don't have the ability to "fix" the cloud server either, so the length of any outage is completely out of my hands.
thats depends your the system. Like Bosch, Netamo, Unifi,.. will still take local recordings and, "only" the cloud management and notifications are gone.



If a cloud based DVR system gets hacked, that person has EVERYTHING. Every recorded image and second of footage from every camera attached to that system - whether those cameras were set up to send out alerts or not. They are likely able to view live footage anytime they want, make changes to the camera settings, and delete/modify archived footage, etc. In a worst case situation, they even could use the live access to the local cameras to perpetuate a larger hack on my local network. Honestly it wouldn't take much to install a "firmware update" that was modified to include nefarious programming that could be used as the launching point for a larger hack.

If telegram/pushover/etc service gets hacked, that person has a single image/frame that was sent out only on a triggered alert and only on the cameras that I set up to send those types of notifications. They cannot view my cameras live or review/modify archived footage and they have no access/control over my camera system and/or local network. That is a VERY different situation/outcome. Plus, there is no requirement that you use pushover/telegram/etc at all. If you are super hyper sensitive to these types of risks, you don't need to send out alerts using those systems. It's completely optional, where as using a cloud based camera system REQUIRES the use of those cloud services.
Hacking is of course a possible danger. But it doesn't need the worst scenarios, mistakes and shit just happen. Up to now the manufacturers of such systems have simply supplied the data to other customers due to simple configuration errors. Or there are employees who have access and share the images. You can also have similar situations with various messangers. Hacking and sim swapping is not common and typically these attacks are aimed more at your money accounts. Many services are simply tied to a phone number. If you don't migrate your account or remove it from the notifications, someone else may get access.


i'm not simply making a 1:1 risk comparison, but there is a simple summary:

1. you don't want risk to provide butt-naked live streams? then avoid cloud-connected nvr systems.

2. you also don't want risk to have butt-naked pictures/vidos from your notifications on the net? then don't send them via services where you don't have full control.
 
Top