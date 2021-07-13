



Called “the largest private surveillance network the United States has ever seen,” the video doorbell maker Ring is rolling out new but long-deferred security and privacy features.

The reputation of Amazon-owned companies was hurt after a series of late 2019 account breaches in which hackers broke into Ring’s user accounts and harassed children at home. Next, taking advantage of Ring’s weak security practices, hackers have developed custom software to brute force Ring account passwords. At this point, it was only protected by the user’s password. All the while, there was some cache of ring user passwords floating around the dark web. Ring initially accused users of using weak passwords (such as “password” and “12345678” that Ring can set as passwords for users), but a few months later, it rolled out mandatory two-factor authentication with text. And admitted the failure. message. It was a good start, with the goal of making most of the automated account hijacking a little more difficult to control.

But now, Ring can deliver two-factor code much more securely using encrypted connections, so it’s an app-based two-factor that many companies already offer (and have for some time). We take it one step further by deploying verification. For text messages that are easily intercepted.

Ring also allows in-app CAPTCHAs to add another hurdle aimed at making automatic login attempts more difficult by encouraging users to prove that they are not robots.

It also announced the start of end-to-end encryption for video. This was first released by Ring as a technology preview earlier this year. One of Ring’s most flaunted (very controversial) features is to allow users to share video footage directly with over 1,800 local police stations affiliated with Ring. That said, police with a search warrant can always request footage from the ring instead. End-to-end encryption of video means that the video captured from the Ring device is accessible only to the account owner and not to Ring or its law enforcement partners.

Ring’s CTO, Josh Roth, said in a blog post that Ring believes that “our customers need to control who sees their videos.” If that were true, Ring would have turned on end-to-end encryption for all users, giving privacy to all account owners by default. However, it interferes with the company’s efforts to expand police partnerships, which in turn helps bring the ring device into the hands of locals.

Compared to past security updates that aren’t fully advanced, Ring’s new features make meaningful changes that allow users to choose to make their accounts more secure and keep their data private. However, the keyword has “selection” because users need to opt in to new features. It’s not uncommon in itself. Enterprises rarely force users to make security changes for fear of rubbing the user experience, but poor security controls definitely make it worse to recover from account hacking.

Switching to app-based two-factor authentication is easy. Simply go to your ring’s account settings and switch from the code sent by text message to the code delivered by the authentication app. We have a complete explanation of why it matters, why you should use an app, and which app you want to use.

However, the biggest change a Ring user can make is to turn on end-to-end encryption for their account using the advanced settings in Ring’s Control Center. Turning on end-to-end encryption doesn’t limit what you can do with your account or share video footage with friends, family, or the police, but you can rest assured that you can control it yourself. Data and what to do with it, not the ring.

