https://www.theregister.com/2023/06/01/ftc_alexa_ring_amazon_settlement/ posted:

America's Federal Trade Commission has made Amazon a case study for every cautionary tale about how sloppily designed internet-of-things devices and associated services represent a risk to privacy – and made the cost of those actions, as alleged, a mere $30.8 million.

The regulator on Wednesday charged, via the US Dept of Justice, two Amazon outfits with various privacy snafus.

The e-tail giant’s Ring home security cam subsidiary was accused of “compromising its customers’ privacy by allowing any employee or contractor to access consumers’ private videos and by failing to implement basic privacy and security protections, enabling hackers to take control of consumers’ accounts, cameras, and videos.”

“Not only could every Ring employee and Ukraine-based third-party contractor access every customer’s videos (all of which were stored unencrypted on Ring’s network), but they could also readily download any customer’s videos and then view, share, or disclose those videos at will,” reads the FTC's complaint [PDF].

The document goes on to describe how “a customer service agent might need access to the video data of a particular customer to troubleshoot a problem, that same customer service agent had unfettered access to videos belonging to thousands of customers who never contacted customer service.”

Another nightmare: “Although an engineer working on Ring’s floodlight camera might need access to some video data from outdoor devices, that engineer had unrestricted access to footage of the inside of customers’ bedrooms.”

Ring staff weren’t trained on how to handle private data. And some abused it, horribly, according to the consumer watchdog.

The complaint details one employee who, the FTC said, “viewed thousands of video recordings belonging to at least 81 unique female users,” and “focused his prurient searches on cameras with names indicating that they surveilled an intimate space, such as ‘Master Bedroom,’ ‘Master Bathroom,’ or ‘Spy Cam’.”

The employee spent more than an hour a day on this revolting stuff, undetected by Ring, for months, it was claimed.

When a female coworker reported this activity, her supervisor “discounted the report, telling the female employee that it is ‘normal’ for an engineer to view so many accounts," the FTC noted.

“Only after the supervisor noticed that the male employee was only viewing videos of ‘pretty girls’ did the supervisor escalate the report of misconduct.”

Ring responded to that 2017 incident by restricting some access to vids for customer service staff, but other employees retained access to vids, the watchdog said.

The FTC complaint also alleges Ring knew its cloud services were susceptible to credential stuffing and brute-force attacks but did little to stymie such efforts. 55,000 US-based Ring customers’ accounts were therefore compromised, meaning “bad actors gained access to hundreds of thousands of videos of the personal spaces of consumers’ homes.”

The miscreants also had access to users’ accounts, which is where things get worse because Ring devices provide real-time messaging and communications, the FTC pointed out. Those breaking into people's accounts thus were able to interact with customers via their Ring devices. “Several women lying in bed heard hackers curse at them,” the complaint states, and “several children were the objects of hackers’ racist slurs.”

On another occasion “a hacker told an individual through her camera that the hacker had killed the individual’s mother and then directly threatened the individual: ‘Tonight you die’.”

The complaint details even nastier attacks – skip pages 13 and 14 to avoid references to incidents of a sexual nature.

We've previously reported stories of miscreants breaking into victim's Ring devices to terrorize them in their own homes, and of workers being fired for abusing their access to the equipment.

The complaint points out that customers were warned that Ring gave itself extensive rights to access their videos in its Terms of Service and Privacy Policy, but criticizes those documents as being a “buried half-explanation” that gave people “no reasonable way of knowing that hundreds of Ring employees and third-party contractors in Ukraine had unfettered access to live streams and stored videos.”

The FTC’s complaint pointed out that Ring’s main marketing message was that it's products improve safety, yet its actions meant its products did the opposite.
Alexa? Rat out my kids

The FTC also took on Amazon over its Alexa devices’ data-retention policies.

“Amazon retained children’s recordings indefinitely—unless a parent requested that this information be deleted,” the FTC alleged. “And even when a parent sought to delete that information… Amazon failed to delete transcripts of what kids said from all its databases.”

Amazon argued the data retention was necessary to, among other things, train Alexa’s underlying AI models to improve the recognition of children’s voices.

Shame Boy posted:

hey ring maybe automatically flag anyone that names a camera "spy cam" for further review, just a suggestion

post hole digger posted:

and made the cost of those actions, as alleged, a mere $30.8 million.

Expo70 posted:

Passive aggressive little poo poo. Or a typical incorrigible DCS player.

I like to imagine it was also playing buttrock while writing a greentext.



Source:

https://www.aerosociety.com/news/highlights-from-the-raes-future-combat-air-space-capabilities-summit/

edit:
I had to explain what this meant to my mom because she heard me laughing about it during a visit and I explained:
"imagine the most passive aggressive maliciously compliant person you can, like the worst rear end in a top hat lawyer imaginable, and now imagine they're also an armed unmanned plane."

Immediately she replied "like Stealth?" and I had to ask her what that was.
the buttrock is a nice touch, but no lol

infernal machines posted:

they've been wargaming these things for two decades. the simulations aren't weapons systems, and there's no guarantee that they can build effective autonomous weapons from them. they still have to draw the rest of the loving owl, so to speak

this specific thing reads a lot like something that's being reported on in this way because it dovetails with the current fears of ai, also being breathlessly reported by the tech and industry press. it's not new, it's not unusual, and it's no more of a threat than any of the previous times their simulations did broken poo poo.

Zohar posted:

It was literally just made up

https://twitter.com/harris_edouard/status/1664390369205682177

https://twitter.com/harris_edouard/status/1664397003986554880

post hole digger posted:

PIZZA.BAT posted:

$30 million isn’t even a slap on the wrist wtf. hopefully there’s an army of lawyers preparing an absolute spirit bomb of a class action over this

infernal machines posted:

https://twitter.com/harris_edouard/status/1664582667382267905

i assumed it was specification gaming, turns out it wasn't even that, it was bad reporting

post hole digger posted:

mystes posted:

maybe we need, I don't know, some kind of privacy laws? I guess actually having laws against bad stuff would be some sort of radical communism?

mystes posted:

maybe we need, I don't know, some kind of privacy laws? I guess actually having laws against bad stuff would be some sort of radical communism?

mystes posted:

maybe we need, I don't know, some kind of privacy laws? I guess actually having laws against bad stuff would be some sort of radical communism?

haveblue posted:

if especially bad, oopsie woopsie

Jonny 290 posted:

As an employee of one of the sites that serves up those 503 pages for some big names, the trend is dying off, fortunately.


At least were not cloudflare with their horrible default 503 page with the diagram proving Its Not Cloudflare - Blame The Customer! it's so loving embarrassing

post hole digger posted:

ya i love it when cloudflare always says its an origin server issue even if i can bypass cf and hit the origin server just fine

FMguru posted:

actiblizz: it was those rat-bastard unions that made us harass and abuse and molest our female employees!

Activision Blizzard CEO denies culture of harassment and blames unions for company problems

at least the verges writer isnt buying it

https://www.theverge.com/2023/6/1/23744109/activision-blizzard-bobby-kotick-denies-harassment-variety

infernal machines posted:

so if anything works it's completely accidental?

MeruFM posted:

we randomize between akamai, couldfront, and cloudflare