[elliotbnvl]

Definitely an invasion of privacy. I can’t visit this website in good faith. It should be taken down.

The point is valuable, and the mission is important, but the ends do not justify the means. If this must be shared, at least use static pictures and don’t stream the content for viewers.

[nik282000]

Yes and no? The owners of these devices made them publicly available by design or through ignorance. While they should be notified of their (maybe) mistake, it's no different from a person who doesn't understand that their neighbours can see into an open window at night.

Should Shodan be taken down because it can search for these devices? What about Google because it can find admin consoles?

[pibaker]

There is a difference between you taking a look through your neighbor's window, and compiling a list of houses known to have curtains open in your city and publishing the list to the public.

> What about Google because it can find admin consoles?

Intention and proportion matters. Google is overwhelmingly not used for discovering unsecured endpoints and that is what makes it OK. If you build a search engine that only serves admin consoles and markets itself as the search engine for admin consoles then you have a problem. There is a reason why DDOS for hire services market themselves as selling "stress testing for your own servers," because they are smart enough to know the consequences of knowingly breaking the law.

[IanCal]

> it's no different from a person who doesn't understand that their neighbours can see into an open window at night.

And standing out in the street staring through with binoculars is still wrong and creepy.

> Should Shodan be taken down because it can search for these devices? What about Google because it can find admin consoles?

It’s not a new idea, nor that controversial, that we restrict things specifically aimed at doing something rather than ones just capable of it.

[gblargg]

The site even lets you see if any of your cameras are exposed, where it switches to a map view and shows any near you.

[nik282000]

I know that my cameras are behind an auth layer but, as it is painfully obvious here, many people do not. A 'check my cameras' feature is a nice way to find out if you messed up.

[imglorp]

It's not the site's fault.

These things are open server ports on the wild internet. Anyone with a "for" loop can find them easily. If they care about privacy they shouldn't have them public.

[TZubiri]

"Your honour I just scanned a list of all devices in the planet and filtered those that looked like cameras and made a website such that even more people can access it even more easily."

I get it if you think this is a legal gray area (it's not), but it's surprising to see how many people seem to think this is plain justified. Makes me think that there's some users that gravitate towards this site because the hacker in hackernews refers to hacking as in accessing systems without permission.

If you think hosting a website like this is ok, I encourage you to talk to a criminal lawyer and consider if you are a criminal. At least do it knowingly, do not pretend shit like this is fine.

[mike_hock]

No, the world's job is not to make itself safe for you if you don't give a crap.

If you roll your eyes at the thought of having to manage credentials or refuse to learn how the internet works on a basic level, you're not fit to set up devices connected to the internet.

Secure your shit or don't play with technology you can't handle.

[Mistletoe]

I think the website is kind of awesome. If you put a window in your home and opened it to the world is it wrong to look through the window? If someone installed the camera and didn’t understand what they are doing that is on them.

[IanCal]

If you’re aware the person wouldn’t want you to do that, yes it’s wrong. Being able to do something is not the same as it being right to do something.

[Mistletoe]

https://www.quora.com/Is-it-legal-to-look-through-someone-el...

[IanCal]

Maybe I missed it but this only seemed to be about the legality (which is always also specific countries)

Being able to do something, even if you can do it without the police showing up, is not the same as it being right to do something.

I think it’s wrong to cheat in a relationship but it’s probably legal.

[mannanj]

Do you feel this is true for government agencies too?

[nik282000]

If I set up a camera in my money laundering room and put it online, I would not fault a government from using it against me. If they bruteforced a password or used some undisclosed zeroday then I might take issue.

[eszed]

Hell, yes. (Not GP.)