Ring – Perfect storm of security issues – Part II

Ring

The BBC has published two news reports that are damning in the extreme to Amazon-owned Ring.

In February US correspondent Sam Bocetta published Ring is a perfect storm of security threats which should be mandatory reading before you go further.

The BCC reports are not a witch hunt. Ring devices are far more than security or doorbell cameras.

Ring

The first report was Ring doorbell ‘gives Facebook and Google user data’ among other information it provides to Amazon.

Let’s start at Amazon’s response

First, the firm declined to elaborate on what information it collects beyond its privacy notice’s mentions of “data about your interactions”, “device characteristics” and other such inexact terms.

Gathering data allows us to give customers a better service or tailor the service to your needs (paraphrased).

Seriously, do people really fall for that nonsense?

Now the BBC has uncovered what it considers far more nefarious use of Ring Data. It logs every door press and app action.

The BBC originally made the data subject access request (DSAR) in January to tie into a broader investigation into the ways Amazon gathers and uses information about its customers.

We don’t want to steal the BCC’s thunder (you should read the articles) but to summarise

Ring (Amazon) knows (and the user cannot opt-out)

  • When your doorbell activates
  • How often (patterns)
  • Using facial and object recognition could know who is coming or going
  • Can use geofencing to know how long you are at home
  • Camera coordinates

The article concludes

Data access requests only ever show us the tip of the iceberg of the amount of data that companies collect about us.

There’s enormous value – and power – in collecting non-personal data for all sorts of purposes: market research, training and AI.

Even anonymous data can have privacy implications, for instance, about the collective privacy of, say, a housing block, a group of people, or a household unit.

GadgetGuy’s take – Ring may be a good company, but it is making a hash of this

Privacy should not depend on a multi-page end-user agreement that gives Ring/Amazon limitless power to do whatever it wants to with your information. It all boils down to ‘Can you trust Amazon‘ and the overwhelming fear is probably not. Sam Bocetta describes Amazon as creeping cancer.

Will Ring substantively alter its business model to stop gathering unnecessary data or sharing that with the world’s largest online shop? We suspect not.

Ring Update 16 March – too little, too late.

We have temporarily paused the use of most third-party analytics services in the Ring apps and website while we work on providing users with more abilities to opt out in Control Center. In early spring, we will provide customers with additional options to limit sharing information with third-party service providers.

Users can now opt out of sharing their information for the purpose of receiving personalized ads. If a user opts out, Ring will not share their information with third parties to serve them personalized Ring ads. If they visit Ring.com and are not logged in though, Ring will not know to apply this preference to the user’s visit. Although we believe personalized advertising can deliver a better customer experience, beginning this week we will provide users with a choice to opt out in Control Center.

Ring has used its wordsmiths to put lipstick on a pig! Instead of forcing users to opt-out it should simply ask whether they want to opt-in as most country’s privacy legislation mandates. Sorry Ring – you had an opportunity to fix things and you blew it. GadgetGuy cannot recommend any Ring product and it is looking closely at its parent Amazon!