The Low-Down on Ring and Privacy
Updated: 31 March 2020
Leading smart security camera company Ring has been getting headlines for all the wrong reasons of late. With criticism coming from security researchers, privacy advocates, and even some Amazon employees, it’s easy to grow concerned about what Ring is doing and whether the growing social media chorus of “don’t buy Ring” is justified.
Is Ring evil? Objectively, the answer is no, but they are a for-profit operation which can lead to some poor decisions when it comes to consumers. Does Ring need some serious work on their privacy stance? Absolutely.
The question inevitably returns to whether you should steer clear of Ring, or drop them if you’re a current owner. That can potentially mean a sizeable lost investment, so it’s worth careful consideration. Let’s look into all the negative press and see how things really stack up in context, taking a good, bad and ugly approach.
The following is quite in-depth as we try to look at all the reporting that has been generated around Ring over the years. If you want the short version, jump to the conclusion at the end.
Firstly, it’s fair to look at the non-privacy related benefits of Ring devices as these are clear considerations when making a purchase decision. Ring was a pioneer in the smart doorbell space, the philosophy was always one of perimeter security (hence the ‘ring’ of security), and being able to know what was going on around your home no matter where you were, so the expansion into security cameras and, later, security lights and sensors was a logical step.
Before being acquired by Amazon, Ring had established a good reputation with their customers through first class customer service, with knowledgeable staff and a willingness to do whatever was necessary to make a customer happy this no doubt played a factor in getting Amazon’s attention.
As an example, I had an original Stick-Up Cam (not the current version, but basically a Ring Video Doorbell without the button) in the garage. It was getting low WiFi signal, but worked OK.
Ring contacted me proactively and said they noticed the signal was low, so were sending me a Chime Pro to help boost it up at no cost. The Chime Pro is a remote doorbell chime and WiFi extender, so not a cheap accessory.
It’s worth noting, however, that the quality of support has dropped somewhat in recent years, both in terms of staff knowledge and effort. Support requests are still handled promptly, but this looks to be a case of growing pains as Ring’s market share has ballooned.
Product quality is another benefit. Ring products have been largely well designed and well built. Indeed, that original Stick Up Cam continues to work flawlessly to this day. This is a significant consideration in a world where low cost, mass produced electronics can often be expected to only last a couple of years.
Ring also offers good value, both with their device features and storage subscriptions. Take for instance, the Ring Spotlight Cam. The device comes with LED floodlights, a siren, infrared motion sensor, HD night vision camera, dual battery slots, and two-way talk, plus the option to hard wire or use an inexpensive add-on solar panel. An equivalent feature set on an NetGear Arlo Pro would run about twice the total cost, and many other competitors simply don’t offer all those features.
Their streaming service continues to be solid, and can perform better than other brands that use purely cloud based video storage. Initiating playback of recordings or Live view is generally very quick and reliable (Your Mileage May Vary of course, depending on your internet and location). While not the cheapest on the market, and not offering an offline alternative, their top tier plan offers an unlimited number of devices for a flat rate, and adds lifetime warranty cover to all of them as a bonus.
Moving onto privacy and security, Ring was one of the first smart device makers to standardize automatic over-the-air updates, a crucial factor in security design as it allows any issues to be rectified across the fleet in short order.
On top of that, In their early years they had actually earned respect in security circles for their good security practices (at the time) and their responsiveness to the rare discovery of vulnerabilities.
No matter how good the brand, hardware will always have some defective units, just as all software is subject to flaws, especially when it comes to security and privacy. In both cases, how the company handles an issue is what matters.
Ring is no exception, and has had a number of vulnerabilities discovered and reported. Many smart device makers drag their heels taking action on these reports, if they act at all. Security conscious companies respond quickly and push updates to close these holes, and Ring has consistently done precisely that.
Ring has actually had relatively few vulnerabilities reported, in spite of their market prominence. Lets take a look at what’s been found and how Ring reacted.
In 2016 security researchers found the previously configured WiFi network and key were stored in the WiFi chip in clear text, so putting the device into configuration mode allowed that data to be accessed. This required physically removing the doorbell from the mount so it wasn’t very practical, but nonetheless, Ring responded quickly with a firmware update.
In 2017 Ring doorbells where found to be incorrectly sending dropped call data to a Chinese IP address. The address was supposed to be a dead end so the call data would be dropped. Ring issued a firmware update immediately when it was discovered.
In 2019, researchers demonstrated a complex attack which allowed the video stream between the device and the Ring app to be intercepted and potentially replaced with false imagery. The attack required access to the home WiFi network via another means, but the lacking security on the video stream was promptly addressed in an app update.
Another WiFi exposure exploit was discovered in 2019 where the user’s WiFi credentials were sent unencrypted over WiFi when setting up the device. While the window of exposure is brief, an attacker could potentially disrupt the Ring devices connection and force the owner to initiate the set up process, during which the attacker could sniff the WiFi password from some distance away. The issue was fixed promptly, but the fact these credentials were transmitted in the clear at all is a baffling oversight from an otherwise security conscious company.
Looking again at non-privacy factors first, functionality is an area where things have not gone as well as they should have. A common gripe of mine is their lack of sensible notifications. It’s all or nothing in many cases, and false positives are common from swaying trees and passing vehicles. Most of the competition has effective person detection features and more customizable notification behavior.
We’re starting to see this on some Ring models, but it’s not across the board. Battery powered models (even with solar panels) have decidedly less options than their hardwired cousins, even though competing battery powered devices offer those features.
As a consequence, Ring has had to fall back on armies of humans trolling through video data to tag objects in an effort to improve their machine learning. Ring has come under fire with this approach as it was not clear to customers that their videos would be reviewed by humans, and the privacy controls applied to those teams was definitely lacking.
Amazon’s involvement seems to have led to some attempts to tighten the screws, but it’s anyone’s guess as to how effective these controls are now.
Speaking of controls, the spate of complaints about privacy violations and the subsequent class action have raised concerns about Ring’s handling of security and privacy controls on the customer side. It’s been long recognized that two-factor authentication is an essential component of effective access control, but Ring has been a laggard in implementing that feature.
While two-factor is now available, the Ring app has not been helpful to consumers in understanding their security settings or status. Indeed, the Ring service has been found to be exposed to brute force password hacking, as it does not prevent repeated guess attempts. Exacerbating that issuer was the failure to have even basic notification of new or suspicious logon attempts as should be standard practice for any online service.
This could be a factor in some of the hack reports feeding the lawsuit, but it’s also likely that many are a case of password reuse, which is still very common among users of online services. Unfortunately in these cases, it’s trivial for attackers to harvest millions of username/password combinations from data breaches on other services and apply them elsewhere, including Ring, to see if they work.
Amazon has responded with significant improvements to the Ring app, including a privacy dashboard to allow people to better understand who and what has access to their cameras. Of course, this doesn’t resolve the issue of password sharing. While Ring supports multi-user access to a homes cameras, some folks still use the old method of password sharing.
While never a good idea, it’s a hold over from before Ring implemented shared access controls. Unfortunately Ring wasn’t handling access tokens very well, and even after a password changed, previously logged in devices would retain access. It took Ring a long time to fix this one, which left a lot of people exposed. The delay here may have been due to some deeper engineering challenges, and it remains an outlier in Ring’s update response.
Thankfully, two-factor authentication is now mandatory for all accounts, and email notifications are being generated for unrecognised Logon attempts. This should go a long way to putting a stop to these invasive password hacks.
As an aside, until recently Ring cameras could not be turned off. There was no option to not record a detected event, only the notifications of events could be disabled. This was likely a conscious design decision with a view to not inadvertently compromising perimeter security monitoring. However, there are cases where you want some privacy, and other connected security vendors provide more control.
A standout in this area is Canary, which started up around the same time as Ring with their All-in-one indoor security device. Canary devices come with physical relays to shut off the camera, which can be controlled via the use configurable modes based on user presence or time of day. Ring would do well to offer some kind of equivalent.
Ring has now rolled out a similar feature allowing for Home, Away, and Disarmed modes. Each mode can be configured to enable or disable recording and notifications as desired. This is a great step forward, but it’s worth noting that Ring hardware doesn’t have the physical ability to switch off the camera like some competitors. This leaves us with some uncertainty as to just how private this behaviour will actually be.
Finally, the EFF (Electronic Frontier Foundation) recently discovered that the Ring Android app uses multiple third party analytics tools which are harvesting a whole host of personal information from users smart phones. Five tools were found, being Facebook Graph, Google Crashlytics, Branch, AppsFlyer and MixPanel.
While these data are gathered across the various tools, it’s possible this gets passed onto other third parties and could be combined to build a device fingerprint used for ad tracking and other purposes. That’s a worst case scenario, but there is plenty of precedent in the ad tracking world to justify being very wary of this kind of behavior.
As noted before, Ring is not alone here, and these are widely used commercial products used by many app vendors. Ring’s lack of transparency is the issue, if not there dependence on such third party tools in the first place. In response to this coverage, Amazon will be adding the ability to opt-out of most of the data gathering in a coming update.
It’s also unclear how much the iOS app is effected as Apple places much more stringent limits on the data apps can access. Many of these data points are explicitly blocked by Apple for privacy reasons, specifically to prevent them being used to build profiles of their users.
Here’s where corporate shenanigans begin to take a toll on trust. In some Markets (such as the United States) Ring offers a second app called Neighbors. This app is a kind of local social media network intended to allow members of a neighborhood to communicate about events that may be of concern to each other. Specifically it allows sharing of Ring recorded videos to other members ostensibly to make them aware of suspicious behavior.
Another key feature that Ring has been pushing hard is the ability for law enforcement to request videos in a given time window from Neighbors users in a general area. This manifests as an email request and allows conscientious citizens to provide video evidence to aid police in an investigation. You don’t have to, and the police are not provided with details of who does and doesn’t consent.
This doesn’t sound like a bad thing, and is not much different to police door knocking a street to ask home owners for CCTV footage that may be of help. The issue comes with how it’s being pushed, and the effect it has on communities.
Racial profiling is a clear issue, such as the case of a black real-estate agent being stopped by police for ringing doorbells. The Neighbors app, and similar localized social networks being sold by others, enable this kind of paranoid community self-surveillance.
The chilling effect of this kind of visibility of ‘suspicious’ behavior is that it creates an overblown impression in people’s minds that their neighborhood is unsafe, or that suspicious behavior and crime is prevalent. This can be seen on the many community Facebook groups, where members constantly decry the decay of their community because all they see are criminal acts and vandalism reported by others, regardless of their good intentions.
Amazon is attempting to counter this effect by adding “Neighborly Moments” as a new sharing category. This is intended to add some warm fuzzies to the Neighbors app by allowing people to share acts of kindness and cooperation in their communities. It’s doubtful that alone is going to be enough to overcome the negativity, especially when users can filter the sharing categories they are notified about to focus on the more severe ‘crimes’.
The reality is that crime rate statistics are falling in many of these areas, and the impression to the contrary is due only to the filtered and exaggerated negative view of events. Ring has been playing on this effect to sell more devices, partnering with police departments to promote their products, and even offering them credits to sell ring cameras to their residents.
Not only does this turn police into sales people for Ring, it furthers the belief that there is a need to protect yourself. After all, it’s the police encouraging you to install these things. Some agencies in fact run give always in their communities, handing out Ring devices for free to improve community safety. Unfortunately some of these giveaways have come with a ‘requirement’ that you share with the police any time they ask.
To be fair, Ring has stated they do not endorse this model, and are reaching out to any police ‘partners’ that run giveaways to ensure that no obligation on the user is implied.
To further the conflict of interest, Ring handles all the communication with police departments regarding their products, and even provides press releases and instructions to police on how to most effectively convince (or coerce) people to hand over their videos.
While Amazon maintains they will not hand over customer’s video content without consent, unless under warrant, the fact that Ring does not encrypt the video data on a per user basis means that they can, and their terms of service give them an “unlimited, irrevocable, worldwide right” to your videos. While this is pretty boilerplate language for cloud service providers, the lack of any express clarification is noteworthy.
This all leads to a messy and worrying situation where Ring users do not have clarity as to the motivations of police departments, and even the true identities of those answering their questions about the Ring program while it contributes to a broader social media spiral of reported bad behavior making people afraid.
The Neighbors app also leaks camera locations, as discovered by Gizmodo’s analysis of the apps network traffic. While the specific locations of users are not provided to police through their portal app, any Neighbors user can perform a similar analysis if so skilled. The app provides the GPS coordinates of any cameras that have shared video in the last 500 days, down to 6 decimal places of precision.
That’s enough to place a person 4 to 6 feet from a specified location. The app doesn’t show this level of detail, but rather places the ‘reported incident’ at the nearest intersection, but that data is there and accessible in the traffic for anyone to collect.
This also means that anything a user opts to post in the Neighbors app is completely public, even though user’s are under the impression it’s limited to their immediate neighborhood, and you don’t need to have a Ring device to use the app.
Add to this talk of Amazon about incorporating facial recognition into this service to alert you to ‘known suspicious people’ being seen by your cameras, and the concerns about profiling and the wholesale demolition of privacy in our neighborhoods is greatly enhanced.
This development would seem to be related to a recent marketing program encouraging people to report ‘suspicious activity’ to Ring in exchange for product discounts. This would likely be to help train their machine learning system to recognize things they want the app to alert owners about, which gives credence to the concerns about Amazon’s longer term plans.
The proliferation of Ring cameras pointing at public streets and the Neighbors app making that data essentially globally public could be seen to create a situation equivalent being tailed by police or private investigators 24/7. The only difference is it’s happening silently and unseen.
Ring makes the argument that it’s just public information, the same as walking down the street, but as ACLU policy analyst Jay Stanley notes, persistence matters. The ability to track and profile someone is greatly enhanced if that data is recorded and can be compiled at will after the fact.
Ironically, an investigation by NBC failed to turn up significant evidence that Ring’s surveillance network actually helps solve crimes. This could be due to a number of factors, such as the deterrent effect of having visible security cameras, the lack of Ring specific statistics recorded by police departments, or that crime rates have been falling anyway.
While the potential for creating anxiety and an exaggerated perception of threat is not specific to Ring, any cameras that send notifications or allow for easy video sharing are equally complicit, the bulk of the concerns raised here revolve around the Neighbors app and the proliferation of Ring devices connected to it, and largely doesn’t impact Ring owners that don’t have it, although the scope of the recognition systems work will remain to be seen if it comes to light.
In the end we come back to the question of whether to buy Ring products, or keep them if you already have. The short answer to that is ‘maybe’.
While the statistical proof of the effectiveness of security cameras is still open for debate, there is testimonial evidence from former criminals that the visible presence of security cameras is the number one consideration in selecting burglary targets. This places cameras significantly higher on the list than alarm systems, which sat at number thirteen.
While there are some inherent limitations to choosing wireless cameras, there are clear benefits around ease of installation, and flexibility of placement. Cloud based storage also has the benefit of simplifying management of the system for the end user, and keeping that video safe from would be thieves who may look to target an on-site recording device to cover their tracks.
There are now many brands which offer similar products to Ring, but Ring sits above many of these in terms of build quality, durability, service performance, and hardware features. They aren’t necessarily the best in terms of video quality or motion detection, and need some more work on their notification options, but they sit comfortably in the top tier on all of these fronts for a middle of the road cost.
Any camera provider that stores data in the cloud carries some element of risk. These services are all proprietary closed systems, and thus we have little confirmation that they store the data securely. As with any cloud data provider, the obligation here is to not only secure the data from external attackers, but from their own employees in order to ensure privacy is maintained for their customers.
We have insider evidence to suggest Ring’s performance in this aspect is lacking, and while there have been improvements under Amazon’s influence, there is good reason to believe it’s not to be trusted. That’s a key consideration, but as with any connected camera, it’s wise to assume a lack of privacy and deploy them accordingly, and make use of the account security features Ring is now rolling out to the fullest.
This means only using them to cover approaches to your home that are not used by your family for any significant periods of time (driveways, laneways, boundary’s etc), and definitely keeping them out of the home. Ring devices are good options for these kind of perimeter deployments due to their above average WiFi performance, swappable battery options, solar panels, and general durability against the elements.
Regarding the Neighbors app and Ring’s conflicted involvement with law enforcement agencies, there are some very valid concerns about the effect on community mind set, growing large scale self surveillance, and public access to long term recorded data about innocent people’s movements and locations. This aspect of Ring’s ecosystem should be firmly avoided, not only to protect the user’s own mental health, but to send a clear message to Amazon that this direction is not beneficial to society at large.
If you’re prepared to steer clear of the Neighbors program and the local feed feature and, as with any internet connected camera, assume a lack of privacy controls over the video, then Ring devices do still offer a robust and reliable solution that can provide the desired security deterrent benefits, along with a growing integrated security platform of alarms, lights and sensors.
You can also help reduce the broader privacy impacts of ubiquitous surveillance technology. Simply limiting the capture of public areas in motion events using the motion zones controls provided in the Ring app will eliminate the ability of these devices to be misused to track and identify people going about their business.
This also improves your own experience by preventing the bombardment of notifications for events that, really, should not be of any concern to you anyway. After all, what good is a security system that you learn to ignore because what it’s warning you about is never a threat.