[gduffy]

Sorry, but that shows a fundamental misunderstanding of the problem space. We entered the "IP camera" market in 2010, when all the competitor products booted a 7-year old Linux kernel with busybox and UPnP'd a port to the public internet. Admin/admin, no string escaping, buffer overflows, inadvertently indexable by Google, rooted and/or turned into botnets.

Dropcam v1.0 eliminated all of those security problems.

The only gotcha is that we required cloud storage. However, my plan for v2.0 Dropcam was to go with open-source verified builds + kill the cloud-storage requirement (but offer it optionally with e2e crypto).

If I had required that at v1, the company wouldn't exist today, and worse stuff would have taken its place. Good product engineering requires prioritization and stepwise problem-solving, not ivory tower ethics.

[imglorp]

> open-source verified builds [...], kill the cloud-storage requirement [...] optionally with e2e crypto

In your opinion, in the current space, do you think there's room for this kind of product now? I bet most of the readers here know why these are good features if you don't like adversarial software running sensors on your home network and uploading stuff, but I also bet we're in a tiny, tiny minority in the market.

[gduffy]

No, for two reasons:

1) You get no credit with customers for security features, only blame if they get hacked. You must invest in good security engineering because you believe it is a good thing and a good long term investment, it will only cost you in the short term.

2) Unfair competition from large tech and China-based companies, in terms of pricing and incumbent advantage. (And yes, I helped create this situation by selling Dropcam to Google, and profited from it)

In order to win, you'd have to make something better in every other respect (or find some yet-unknown killer feature that average customers actually care about), sell it for the same price, beat them in price wars, and spend enough on marketing to undo the PR damage they've done to the space AND rise above the noise floor.

[Despegar]

Doesn't Apple's HomeKit do this the best? It was designed to be secure (so much that they had to backtrack on requiring hardware encryption chips) and it works locally.

[perspective1]

With all respect, just because the state of the market was terrible doesn’t make a more secure insecure product good for the end user. And more than take market share away from less secure cameras, nest created a great ux helping expand use to unsophisticated consumers.

[gduffy]

We'll have to let god balance that out on the scales of morality when I reach the pearly gates someday.

There's a lot of good and bad that came out of Dropcam but I think it's been mostly good. Lives saved, murderers in jail, happy moments captured that would otherwise have been lost.

Plus, we had every intention of improving this aspect, and I'm even commenting unpaid on the internet to put as much pressure as I can on Google to follow through on that!

  nest created a great ux helping expand use to unsophisticated consumers

Thanks for the compliment though. Maybe god will pardon those who create good UX. :)

[ThrowawayR2]

> With all respect, just because the state of the market was terrible doesn’t make a more secure insecure product good for the end user.

With all respect, let us know when you (or anyone else) releases a perfect version of a product. Nobody has unlimited money and time in which to polish a product to perfection.

I'm in the throes of this right now, trying to beat a once-miserable codebase into something that that improves our customers' lives, is stable, is secure, etc. on a shoestring budget. It's a hard, wretched slog but we're doing it, one point release at a time.

[gduffy]

This is exactly right, and way better than my reply.

Your polish can improve as you scale and get more resources. That doesn't mean there isn't a min-bar of basic security practices and ethics, but if min-bar is perfection on all counts, get ready for a long and fruitless existence...!

[perspective1]

Nobody's asking for perfection, just something that doesn't get hacked and play pornography for 3 year olds. Nest had polish. Security took a backseat to UX, and here we are.