This has been around for a week and I rarely see a camera that actually works. Interesting idea but flawed execution.
posted by furtive at 2:30 PM on November 9, 2014

Please note that by going to their website, you are adding your IP address to their logs, which they will probably add to their to-be-scanned queue.
posted by lenny70 at 2:40 PM on November 9, 2014 [7 favorites]

Today I learned that there are people out there who flip their chairs over onto their tables at home, just like restaurants do at closing time.
posted by Runes at 2:50 PM on November 9, 2014 [9 favorites]

They seem to be running all the feeds through their own servers, acting as a proxy of sorts. It's kind of clever, because it acts as a cache to keep traffic down to individual cameras, and it prevents the thousands of hits on each camera that merely linking directly to the feeds would produce, which probably stops network admins at ISPs or within organizations from noticing there's a problem. Since the site started making the news, I suspect their servers are getting hammered. I'm barely seeing any images from cameras without refreshing multiple times. They're probably making a modest profit on the ads, but without the revenue stream from them this would be an expensive site to run.

Acting as a proxy also protects the owners of the individual cameras, to a certain extent. No-one can just scrape this site and get their own list of IPs with unsecured cameras because the site is hiding them from you. You can locate all these camera feeds with specially structured Google queries from what I understand, which is probably how they built the list in the first place. If the site didn't exist, the problem of poorly secured cams would still be there. It just wouldn't be getting wider public scrutiny. YMMV as to whether or not you think that's sufficient justification.

I have to admit, I would idly like to have a phone app that combined something like this with a highly accurate IP-to-lat/lon database and just randomly streamed me feeds from within a few hundred meters of my current location.
posted by figurant at 2:55 PM on November 9, 2014 [8 favorites]

> Today I learned that there are people out there who flip their chairs over onto their tables at home, just like restaurants do at closing time

I do that. But today I learned there are people out there who have security cameras pointed at beds.
posted by The corpse in the library at 2:57 PM on November 9, 2014 [3 favorites]

That last screenshot in the Vice article is clearly a child's bed. You have to be a certain level of paranoid to run a video camera on your kid's bed; I'm sure they'd be thrilled to see the footage broadcast worldwide.
posted by ThePinkSuperhero at 2:57 PM on November 9, 2014 [2 favorites]

Please note that by going to their website, you are adding your IP address to their logs, which they will probably add to their to-be-scanned queue.

There are much easier ways to find unsecured webcams- google, for example.
posted by dilaudid at 3:02 PM on November 9, 2014 [6 favorites]

If you look on the far right of the picture with the chairs flipped up on the table, you'll see a mop handle. They probably don't leave them like that all the time.
posted by Ian A.T. at 3:03 PM on November 9, 2014

Today I learned that there are people out there who flip their chairs over onto their tables at home, just like restaurants do at closing time.

Well someone never vacuums.

This would appear to have the same ethical issue as with the person whose laptop was stolen and sold in Iran who began posting remotely-retrieved camera snapshots from it... if they publicize evidence that someone is doing things in their home that are illegal in Iran or other repressive states, they could get someone killed or imprisoned. Not to mention, like, Tyler Clementi.
posted by XMLicious at 3:05 PM on November 9, 2014

Plus it's not exactly infeasible to scan the entire IPv4 address space.
posted by dilaudid at 3:06 PM on November 9, 2014 [1 favorite]

Oh good lord. Why did it never occur to me to flip the chairs over the table when I mopped rather than dragging them out of the kitchen?

See: sleazy Russian website gave me valuable information!
posted by ArbitraryAndCapricious at 3:06 PM on November 9, 2014 [29 favorites]

I don't think you necessarily have to be wildly paranoid to put a security camera on a child's bed. I'm not saying that some of the parents who've done so *aren't* just paranoid nutters, but some may also be people whose kids have seizures or other problems that warrant overnight monitoring.

I remember a site that did something like this years and years ago, back when the internet was still blanketed with X10 pop under ads. I wonder at the fact that hardward manufacturers for stuff like this haven't gone to pre-generated passwords, with the pre-set password included on a piece of paper in the box with your device. It seems like it's not all that much more expensive or confusing to say 'the password for your device is "Password", you can change it by doing XYZ' than it is to say 'the password for your device is printed on the slip of yellow paper in the box, you can change it by doing 'XYZ'" I realize there would be some increase in costs necessary to ensure that specific devices got shipped with the right passwords but given that this is always the result of default passwords, maybe that would be worth it.
posted by jacquilynne at 3:07 PM on November 9, 2014 [2 favorites]

And this is why one must always change default logins on anything connected to the Internet. After all, site or no site, their cameras are broadcasting this for anyone to stumble upon.
posted by enamon at 3:27 PM on November 9, 2014 [3 favorites]

Is this the place where I post the dropcam photo of mathowie's bare ass? (Via waxy).
posted by Nelson at 3:35 PM on November 9, 2014 [12 favorites]

But today I learned there are people out there who have security cameras pointed at beds.

Given that perusing Sky Mall while flying shows that there is an (apparent) market for people for whom "security" means "keeping kind of creepy tabs on your children and/or partners," insecurity camera might be a better name.

Always leaving out the medical angle suggested above, of course.
posted by GenjiandProust at 3:38 PM on November 9, 2014 [3 favorites]

I know that legally and technically this isn't the same thing as the hacked and stolen celebrity photos but ethically, how is looking into people's homes, uninvited, any different than looking at the photos once they were stolen?

Just because someone isn't technically savvy enough to know they need to change the password, I don't think that gives me the right to peer into their lives via a camera feed they obviously think is private.
posted by Room 641-A at 3:47 PM on November 9, 2014 [17 favorites]

Obviously. I think that's kind of the whole point.
posted by ArbitraryAndCapricious at 4:01 PM on November 9, 2014

Room 641-A, you're exactly right. Everyone peering through these cameras, including the mefites on this thread, is being a peeping tom.

Seriously guys, stop peering into the bedrooms and kitches of strangers. It's morally wrong, even if they left the metaphorical blinds open. Stop. Don't. It's indefensible.
posted by justsomebodythatyouusedtoknow at 4:03 PM on November 9, 2014 [23 favorites]

Mmmmm, forbidden fruit.
posted by telstar at 4:06 PM on November 9, 2014

Hey, there's one in my hometown! ...that I can't see.
posted by infinitewindow at 4:08 PM on November 9, 2014

See: sleazy Russian website gave me valuable information!

I think flipping your chairs over when you vacuum might just be the one weird trick we've been hearing about all this time.
posted by glhaynes at 4:51 PM on November 9, 2014 [9 favorites]

Every day, this world seems more and more like a big William Gibson novel.
posted by davebush at 5:06 PM on November 9, 2014 [4 favorites]

"There's one in my hometown! ..that I can't see."

Hey, why not just look through your neighbors' windows with binoculars? There's no reason to let a technical glitch get in the way of your creepy voyeurism.
posted by justsomebodythatyouusedtoknow at 5:25 PM on November 9, 2014 [3 favorites]

Yes, it's creepy. So is visiting the houses of friends and family who have always-on video and audio cameras pointed into private areas.
posted by RobotVoodooPower at 5:36 PM on November 9, 2014

Hey, why not just look through your neighbors' windows with binoculars?

That's what Zoomies are for.
posted by man down under at 5:39 PM on November 9, 2014 [2 favorites]

Well, without peering into any home, other than mine, I perversely derive benefit, as I realize I am going to flip my dining chairs over to vacuum. It is a more conscious and committed act, altogether. Then, as an added bonus, I see where an obscure word I looked up last night, has been inserted into my current text, after clearing all my personal data at least a dozen times since. All my cams are covered with black tape, since 2007.
posted by Oyéah at 5:57 PM on November 9, 2014

Just don't look, folks. One crazy trick to learn that you live in filth.
posted by The White Hat at 6:08 PM on November 9, 2014 [2 favorites]

I love when these pop up. Other people are weird

2013

2008

2005
posted by Ik ben afgesneden at 8:04 PM on November 9, 2014 [3 favorites]

I worked on a project a few years ago that involved IP cameras. They're little webservers with cameras attached, basically... and if they're on the internet, they're reachable. Ditto for the web-viewable security boxes that combine and record the cameras. And just about all of these come out of the box with a known port and password, which should be changed ASAP.

To all the hand-wringers - it seems that some lessons about being secure with technology can only be learned the hard way. The companies who make and sell the stuff have been irresponsible, and the people who buy and install it are naive. If finding and linking to insecure cameras is what it will take for government to sit up and notice, and for people to get a clue... so be it.
posted by Artful Codger at 8:06 PM on November 9, 2014 [2 favorites]

Doesn't everyone monitor their private area?
posted by smidgen at 8:07 PM on November 9, 2014 [1 favorite]

I helped a friend pick out a home based security system for them. I wasn't going to be the one actually setting up the system, however (they lived far away).

I ended up advising them to just not put the cameras on the internet - to email pics that were triggered by motion. Pretty much all the systems I looked at seemed to have sketchy security (look at reviews at systems on Amazon and you'll see a variety of warnings).

There is a ton of justified concern about the security of 'internet of things', but cameras is by far the most creepy problem out there.

Even if there aren't obvious security holes (default passwords, sometimes 'backdoor' passwords, etc), it's safe to say that very few vendors are looking for operating system security holes and patching for known vulnerabilities in the systems they advise people to open up to the internet.

If I 'had' to have a camera at home with a live feed, I'd keep it internal to my network and connect to my home network via VPN, but this isn't a solution that's easily accessible to most people.

Easy to blame the victims for leaving default passwords (although if the cameras even tried at security they would have the installation wizard *require* a password change to operate), but the reality is this is kind of difficult stuff to get right if vendors are trying hard - and it doesn't look like vendors are even making an effort at securing this stuff.
posted by el io at 8:20 PM on November 9, 2014 [4 favorites]

Oh yeah, and to view these cameras is on the same ethical grounds as hacking people's email accounts (or perhaps worse grounds). For anyone trying to view these pictures, please don't try to take the moral high ground and be outraged next time a slew of naked photos illiterately obtained are leaked to the internet - you're doing the same thing (in a more haphazard way). Most people would rather a single photo of them naked be available to the internet than have a live streaming video of them *right now* be accessible without their knowledge or permission.

[/high horse]
posted by el io at 8:22 PM on November 9, 2014 [2 favorites]

el io: If I 'had' to have a camera at home with a live feed, I'd keep it internal to my network and connect to my home network via VPN, but this isn't a solution that's easily accessible to most people.

My solution was to set up Apache to reverse proxy from my web host through an openvpn connection to the webcams on my home network, and then use my own authentication to protect that. The connection doesn't even get made to the webcams until the web server auth succeeds.
posted by tonycpsu at 8:53 PM on November 9, 2014

I literally am having trouble believing I've been swiffering bonk bonk bonk around my chair legs for over two decades and never once thought to flip the chairs onto the table despite having seen it in hundreds of restaurants, movies and books, including one I was reading last night only hours before swiffering today. WTF.
posted by chortly at 12:08 AM on November 10, 2014 [4 favorites]

I don't know: won't repeatedly whacking your table top with chairs damage the table?
posted by alasdair at 2:47 AM on November 10, 2014

Even if there aren't obvious security holes (default passwords, sometimes 'backdoor' passwords, etc), it's safe to say that very few vendors are looking for operating system security holes and patching for known vulnerabilities in the systems they advise people to open up to the internet.

As someone who's helped deploy the cheapo "in a box" type systems where you get 4/6/8/etc cameras, the server/DVR unit, and associated junk all at once in small businesses... these things are goddamn nightmares. 99.99999999% of these will never, ever receive a single software update. And even if they do, it would likely never be a major update if something like the the last few major terminal/SSL/etc bugs came out that poked a huge hole in linux. These things are like cheapo routers, if they ever get a new kernel or new major software and not just some minor patches and maybe an added on software module or two i'd be amazed.

A lot of them reset to the defaults if they crash, and they break continuously since they're built even crappier than cable boxes. So if the thing ever hangs in a hard reset sort of way, or just melts down and needs to be RMA'd, then they're starting over from the defaults. Plenty of the companies will walk you through setting it up over the phone, but then all the nice settings i plugged in to not have it on obvious crappy defaults are gone, and you're back to doing nothing but swapping out the default password from 12345 to "alfsdick75" or something. And turn off all that stupid security stuff at even the basic level its on by default, i gotta see it on my iphone!

Many small/local businesses have horrendous network security in some way. like the cheapest home DSL modem+wifi router combo unit set entirely to the defaults, connected to one of those DVR servers set entirely to the defaults, and possibly even DMZed. And then they connect a crappy laptop with an expired norton or mcafee license it came with out of the box, that they play games on constantly and download random shit on to said default password WPS-enabled wifi network and run POS software on it and- (head explodes)


The problem isn't just that there's obvious security holes, it's that everything ships with some "quick setup" mode now in which you can get going in 30 seconds by just clicking "yes" over and over and end up in an insecure mode. I like it when i see routers/combo boxes force you to create a password, default to strong(er) encryption, and even give you shit if it's a pathetic password and make you do better. But basically everything has fallen on the sword of "easy to use". No, i don't think everything should have to be set up from a terminal with arcane commands like a cisco switch. But "easy 3 step home setup kit!" and its ilk have destroyed security more than any backdoor ever could. Apple seems to be essentially the only company with a setup process that pushes you hard to have actually secure settings, and defaults to them almost entirely.

There's no advocacy or like, triumphant justice going on with this list of cameras that can be exploited. Close enough to all to just call it all of these systems are going to run until they break, especially the DVR/server crappy security system ones. This is just neckbeards trying to feel like they're doing some subversive badass act while actually just being asshats.

No, i lay 100% of the blame with the manufacturers for creating setup interfaces in which people can just click "next", or log in with the default password and just use the damn thing. I wish we could pass a damn law making that illegal on anything that connects to a network.
posted by emptythought at 3:43 AM on November 10, 2014 [3 favorites]

> A lot of [the inexpensive camera & DVR systems] reset to the defaults if they crash, and they break continuously since they're built even crappier than cable boxes.

Most of these units have some way to save and restore custom settings from a file, so recovery from a serious crash, hard reset, or when adding/replacing a camera can be relatively painless.... but the average user would find it confusing and daunting. Of course, the hardware shouldn't be so flaky as to require reloading the settings often, and there's really no excuse other than cost for not having truly nonvolatile storing of settings. There are also a number of ways settings could be managed through the PVR thingy, or through a computer app. etc etc etc.
posted by Artful Codger at 5:27 AM on November 10, 2014

figurant: "They seem to be running all the feeds through their own servers, acting as a proxy of sorts."

I finally got a chance to check this site out and got a pop-up password prompt from one of the cameras in, uh, Denmark, I think it was. So I don't think that they're proxying the video streams through themselves or, at the very least, not all of them.
posted by I-baLL at 5:51 AM on November 10, 2014

Please note that by going to their website, you are adding your IP address to their logs, which they will probably add to their to-be-scanned queue.

considering you can scan the entire ipv4 space in 5 minutes i doubt that's necessary
posted by p3on at 6:25 AM on November 10, 2014

See: sleazy Russian website gave me valuable information!

In Soviet Russia, sleazy website gives you valuable information!
posted by ricochet biscuit at 6:48 AM on November 10, 2014 [2 favorites]

My boyfriend points a netcam at his aquarium when we go on vacation.

It's got a password on it, but apparently that's not worth anything, so.....

Best case: We can check up on the fish while we're out of town.
Worst case: Some strangers can check up on our fish while we're out of town.

I should tack a note onto the tank that says "Hi internet strangers! If the fish look dead, please email us at ____@___.com"
posted by schmod at 7:14 AM on November 10, 2014 [5 favorites]

That sounds similar to us when there are puppies -- we point a webcam at Baby Jail unless we need the laptop for something else. But we go ahead and just dump it to ustream because that's easy and so people in line for a pup can easily look at them.
posted by ROU_Xenophobe at 7:34 AM on November 10, 2014

schmod: I should tack a note onto the tank that says "Hi internet strangers! If the fish look dead, please email us at ____@___.com"

Hey, guys, it looks like PleaseRobMe.com is going to get a new pet-friendly upgrade!
posted by wenestvedt at 7:44 AM on November 10, 2014

> I don't know: won't repeatedly whacking your table top with chairs damage the table

It might, or the chairs might get a little scratched. But my table isn't fancy and I don't mind if it gets a bit scuffed.

I've had this table for about five years and haven't noticed any damage that's clearly from putting the chairs on it.
posted by The corpse in the library at 8:07 AM on November 10, 2014

Dang the huge elephant in the room goes unmentioned, three elephants, actually.
One, is shadow ownership of commercial security systems and rights they broker to other parties, the foxes you don't know who rent keys to your chicken coops. The second of course, is big bro who is the 800# gorilla when it comes to privacy, and dang, and the third is the criminal elephant, who operates under no constraint at all, swimming in the same hole with said bro, close enough to share the soap.
You go oooh, unknown private citizen voyeurs are peeking, they are hapless amateurs. All the time the electric meters are spinning like the never ending wheel of someone else's fortune, while we do not benefit, since we are not home.
Turn it all off, all the surge protectors, machines, battery chargers, lights, all of it. Save your privacy and money, your modest world, and the world at large.
posted by Oyéah at 9:46 AM on November 10, 2014

I'm confused. Either these cameras have their own global IP addresses, or someone has intentionally configured a NAT to route a port through a firewall. The former is rare nowadays, if only because IPv4 addresses are in short supply. The latter demonstrates some technical aptitude, and you'd think that someone who knows how to configure a NAT would also know to change their camera's default password. What a strange world.
posted by qxntpqbbbqxl at 11:16 PM on November 10, 2014

Many cameras offer plug-and-play, sometimes by default, so they will open up a port automatically on the average Internet router firewall.
posted by kerplunk at 8:40 AM on November 11, 2014

Also these cameras are generally sold as devices you access over the Internet, when you're away from home. They're designed to be publicly visible. How they are also not designed to have some sort of access security is baffling. I suspect a lot of people believe in security through obscurity. (See also: FireSheep).
posted by Nelson at 8:48 AM on November 11, 2014