This article was published on November 20, 2019

Mozilla’s report shows just how awful Ring’s privacy practices are

If you've got a Ring camera, *burn it*


Mozilla’s report shows just how awful Ring’s privacy practices are

When the first internet-connected devices hit the market, they were rare enough that you could seriously consider whether you wanted that item in your house.

But now? It’s a bit tougher, because every-fucking-thing seems to be connected.

How many gadgets or products do you connect to your router without really thinking about it? Well — if you’re anything like me — it’s a lot.

So, god bless Mozilla for having our lazy backs. The company compiles a yearly report called Privacy Not Included (read it here) where it analyzes a range of popular products to see if they’re secure or not.

And, well, if you’re a user of any Ring cameras… we’re sorry.

The methodology

Before we dive into the findings of the report, it’s important to note how Mozilla came to its findings.

The items in question were chosen from six categories:  Toys & Games, Smart Home, Entertainment, Wearables, Health & Exercise, and Pets. The specific devices chosen were some of the most popular across the US.

The company’s researchers then analyzed this tech to see if it met their “Minimum Security Standards.”

Cool, so what are the “Minimum Security Standards?”

Basically, there are five things that every product must do:

  1. Have automatic security updates, so they’re protected against the newest threats
  2. Use encryption, meaning bad actors can’t just snoop on your data
  3. Include a vulnerability management pathway, which makes reporting bugs easy and, well, possible
  4. Require users to change the default password (if applicable), because that makes devices far harder to access
  5. Privacy policies — ones that relate to the product specifically, and aren’t just generic

Doesn’t seem too much to ask right?

What devices passed this test?

Well, of the 76 devices Mozilla selected, 60 of them passed this test. Some of the successful products include:

If you head over here, you can see the full list of products that met the “Minimum Security Standards” by using the filter option at the top right of the page.

And what devices didn’t meet the criteria?

There were nine of them overall (including the Artie 3000 Coding Robot and the Wemo Wifi Smart Dimmer), but the real loser in this test is the Amazon-owned Ring.

Three of the company’s products (which is effectively all of their major devices) didn’t meet Mozilla’s criteria. Yes, that’s right, the Ring Video Doorbell, Ring Indoor Cam, and Ring Security Cam all didn’t meet minimum standards for security.

Which, and let’s be honest here, is totally ridiculous.

The main reasons for not meeting this criteria is due Ring’s history with poor encryption policies, and vulnerability management.

Final thoughts

If you were eagle-eyed, you might have noticed that 60 devices passing the test and nine failing doesn’t quite add up 76. Well, Mozilla didn’t give the remaining seven products ratings, as they couldn’t reliably get all the information needed to judge them. So there, smarty pants.

It’s also important to reiterate the language of minimum security standards. Mozilla is just pointing out these pass a baseline test. That doesn’t mean the products are paragons of privacy, so be careful and do your own research, yeah?

Anyway, if you’ve been thinking about getting a Ring camera for your house, maybe… don’t? Unless you have zero desire for privacy and security. Then you’ll probably be fine.

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with


Published
Back to top