[andreasley]

A few years ago, while browsing the feeds from my country, I had spotted a camera showing a bedroom with a young child playing. The camera in question was using UPnP to enable port forwarding by default – with a standard password.

After looking up the ip address, I notified the ISP which in turn notified the customer and the camera was taken offline within hours.

While it may not be unexpected to us that such insecure cameras are sold, less tech-savvy users simply don't know about the risks.

[bchanudet]

Some time ago I went through the list of my country (France), and some were definitively not supposed to be here.

One was in a retail shop like 100m from our office, one of my colleagues actually went there to warn the personel, and it was taken down in the next minutes (I think they cut off the power of the cameras until necessary action was taken).

An other one was in a restaurant, right above the cashier and (most importantly) the credit card terminal. The name of the restaurant was visible on a floor mat, so I could find very easily the website and the e-mail address to send an e-mail to. But then I struggled when writing the e-mail. I didn't want to sound like a hacker (and was afraid to be prosecuted), but also I really wanted them to take it down, by citing some laws here in France that is very strict about video surveillance on the workplace.

In the end I didn't send any email. I'm not a lawyer, and there was too much risk IMO. Maybe I'll try going through the ISP next time I browse the cameras.

[netsharc]

Couldn't you have made a throwaway email address? Plus, connect through a VPN just in case they refer the case to the authorities.

It'd be ironic if they threw more resources at finding the "hacker" than at securing their network...

[bchanudet]

I had thought of that, but I think that would only have decreased the probability for the receiver to actually open the email. At this point it hit my own "Return Over Time Investment" threshold, and I figured I'd better use my time helping my own circle to secure their stuff.

[Abishek_Muthian]

Good work.

It's to be also noted that you live in a country, where ISPs understood what you were telling, understood its urgency, communicated properly with the affected party and remedied it within hours.

There are countries where, in order to talk to a person who understands there is a public facing IP camera it will take extraordinary effort at best and at worst you will be termed 'hacker' for visiting the 'Insecam' website and police will knock on your door within next couple of months to a year; Now good luck finding someone in the police who will listen to you and actually understands it.

[nefitty]

It’s great that you went through the trouble to alert them.

It would be nice to automate this flow as much as possible to reduce the friction for concerned people.

[myself248]

I like that idea. Maybe one of those auto-lawyer websites could send it, like to absorb blowback in case the recipient flips out. Because they often do.