It’s 2024. Everything is connected to the internet. Dropbox, Google, and Apple all offer multiple terabyte level plans. The default today is to store in the cloud. We are all storing data in someone else’s computer.
Instead of blaming the users, we must hold the companies responsible. Data privacy laws must be stricter and these incidents must be taken more seriously.
You can indeed make laws to hold the companies responsible, but that's not going to change the situation where it's dumb to store private information on systems that aren't under your control.
You might be able to cause consequences after the fact, but your data will still get leaked first. You can't undo a privacy violation with tort law, and there won't ever be criminal penalties.
If you want your information to stay private, don't store it on other people's computers. IDGAF what "the default today" is. (Also, that's wrong - everyone that is serious and actually wants their data to remain private doesn't store it in the cloud. This is why the CIA got Amazon to build a custom airgapped on-prem AWS region at Langley, for instance.)
A main draw of these “security” cameras is to be able to remotely monitor the locations where they are, including being able to events in the event the devices are stolen. Should I build my own off site, redundant, data centers to make this possible without using a cloud service?
> Also, that's wrong - everyone that is serious and actually wants their data to remain private doesn't store it in the cloud. This is why the CIA got Amazon to build a custom airgapped on-prem AWS region at Langley, for instance.)
Do you think that “everyone that is serious and actually wants their data to remain private” is the default? In a random sampling of 100 people, how many do you think fall into this category?
> This is why the CIA got Amazon to build a custom airgapped on-prem AWS region at Langley, for instance.
Is your threat model the same as Langley’s? Or might there just be different levels of what people’s needs are?
There’s ideals and there’s practicality. It’s impractical in today’s world to completely avoid cloud services. If you can do it, congratulations, more power to you.
Or buying cheap, no-brand or upstart brand cameras with cloud capabilities.
I had a heck of a time finding a proper POE recording DVR camera system for my mom's house without online or cloud bullshit, but still I isolated it on the network to not take any chances of UPnP port opening or dial-home crap.
The only system I would trust would be one that laid out their security model, source to their apps, and had a self-hosted server DVR option. The captological signals of 99.9% of security system websites do not instill confidence in my mind.
I have 30 POE IP cameras connected to BlueIris (Running on a server). It records based on activity, and is entirely local (including being on a dedicated VLAN).
The cameras are a wide variety of IP POE cameras which is helpful as I am not stuck to a single brand.
Instead of blaming the users, we must hold the companies responsible. Data privacy laws must be stricter and these incidents must be taken more seriously.