For a video security service that has found its way into millions of homes, privacy and trust are the keystones of remaining in place. Ring, the Amazon-owned video/security service, has been stumbling over its own feet for months as the company addresses issues of its own making.
The Electronic Freedom Foundation has called Ring out for its relationship with third-party vendors designed to share user information via embedded third-party trackers. The trackers, active on the Android version of the app (but apparently not the iOS version), share personally identifiable information (PII) of users, according to the EFF research. The information includes users’ IP addresses, carrier data, sensor data on all user-owned devices and the placement of persistent identifiers.
Ring on its third-party services page provides a listing of four services and includes links to the services’ own privacy pages and the “opt-out” of each service individually. Unfortunately, this “opt-out” seems to work only if one uses Ring via a web browser and not via the app. Ring states, “We use the third-party data analytics platforms listed below to evaluate use of our website and mobile apps.”
Users of Ring appear to have little recourse with respect to their information being used by Ring for data analytics purposes (and perhaps augmenting profit), beyond voting with their feet.
They do, however, have the ability to avail themselves to augmenting the physical and virtual security of their devices and the areas these devices are protecting.
For the longest time, Ring lacked advice/guidance designed to ensure users understood how important cyber hygiene is in keeping their Ring accounts safe and secure.
It should come as no surprise to those focused on cybersecurity that families shared passwords and login information with other family members. After seeing media outlets share the plight of an 8-year-old being engaged by an unidentified individual, the Ring product security team no doubt felt the burn and embarrassment. It mattered not whether or not the family had their own passwords compromised or if a trusted individual lost the keys to the user’s Ring archive—what mattered was that a stranger was engaging an 8-year-old in her bedroom via the Ring device.
In an effort to address the cyber hygiene issued, Ring has introduced two-factor authentication via a code sent to a cell (it’s a start) into the mix and created a new “Control Center” replete with visual aids for the user. The user controls act as a reminder of who and which devices have been given access to the control panel. It also provides a means to disable the sharing of device access. Furthermore, users control whether they share their video (without being compelled to do so) with law enforcement, with an opt-in toggle.
While Ring controls the sharing of user data, users can help themselves by taking advantage of the Control Center functions and have a firm handle on who they are allowing to access their systems. In doing so, they are effectively increasing the level of difficulty for a third-party to garner access. And please, don’t forget: One app, one password is an excellent rule of thumb.