TechCrunch has learned that Ring, the Amazon-owned friend to nosy police departments everywhere, has suffered another embarrassing security stumble. The company’s Neighbors app, which was launched in 2018, apparently left users exact geographical data and home addresses exposed to the internet for anyone to see.
A bug in the software, according to the TechCrunch report, let attackers access the home addresses and precise locations of people who posted on Neighbors. That info can help hackers know where to target people with a targeted attack, the report said.
While the company says it fixed the issue, the flaw demonstrates that Ring is still suffering from serious privacy shortcomings. It’s not the first time that Ring has exposed user data to the public, and it may not be the last.
In January, the company released a transparency report, but it did not break out the specific number of users that had their data turned over to police when Ring was served with legal demands through its app. It also did not break out the percentage of times Ring gave footage to authorities without a user’s consent.
The reports from Facebook, Apple, Google and Microsoft all include the total number of demands received by their services and specify the percentage of users or accounts whose information was given to law enforcement. While it’s not clear whether Ring releases that kind of information, it is worth asking because it can paint a picture of how the company has been using its technology in the past.
That’s because, while Ring makes smart doorbells, security cameras and other devices that homeowners can use to monitor their homes, it’s become increasingly a tool of the state. In addition to giving away footage from its own devices, the company has partnered with about 2,200 police departments across the country.
Many of these relationships are a bit unusual, because they allow the police departments to request video footage from people’s Ring cameras. That footage can then be used for training and marketing purposes.
However, some critics have raised concerns about the terms of those partnerships, including a supposed requirement that Ring partner departments “shill” their own cameras to get new customers. While those requirements are spelled out in a memorandum of understanding (MOU), they’re not legally binding, and the agreements aren’t subject to open-records laws.
What it means for you
When a police department partners with Ring, it usually announces its involvement in a press release or on the agency’s website. But the companies don’t always put those partnership agreements in writing, and they can be difficult to find, Wirecutter reports.
This is why it’s important to understand the terms of these deals. Those agreements can be difficult to read, and can sometimes lead to misinformation.
Among other things, the agreements often include non-disclosure agreements and require police departments to sign a memorandum of understanding. While those documents aren’t legally binding, they can be a useful way for police to make sure that the company’s products don’t violate their policy.