• realharo@lemm.ee
      link
      fedilink
      English
      arrow-up
      15
      ·
      edit-2
      1 year ago

      It would be fine if the footage was end-to-end encrypted, meaning you need to transfer the encryption/decryption keys from device (e.g. a phone) to camera, and then manually between all devices that should have access to the decrypted footage.

      Camera would only ever send out encrypted footage, and thus it would be insufficient to have access to the cloud account if you want to view the footage - you would need both access to the account (to obtain the encrypted data) and the decryption key (to actually decrypt it). The decryption key must never reach any 3rd party servers and can only be manually transferred between devices that should have access.

      There are still possible attack vectors, like malicious firmware updates, or the viewer client app updates, but those are very difficult to exploit, and pretty much exist in most “secure” software today (including from companies like Google, Apple, Meta, etc.). They could be mitigated by hardware design (do the encryption in hardware, camera’s software never has access to decrypted footage) and open source viewer clients that the user controls, but I would consider a camera sufficiently secure (for non-sensitive locations) without those.

      • PeterPoopshit@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        ·
        1 year ago

        How would I encrypt an rtsp stream so I can port forward it and then how to I unencrypt that stream for use on a local server?

        • grandkaiser@lemmy.world
          link
          fedilink
          English
          arrow-up
          3
          ·
          edit-2
          1 year ago

          Encrypted VPN between each side. IPSEC over GRE using 1024-bit AES encryption is more than enough.

          Honestly though, if someones cracking IPSEC with any encryption against a random person then that’s already leagues more than any script kiddie is capable of and professional hackers don’t have the motive.

        • realharo@lemm.ee
          link
          fedilink
          English
          arrow-up
          3
          ·
          1 year ago

          I guess you wouldn’t. Use a different protocol, one that supports the security you need.

    • cley_faye@lemmy.world
      link
      fedilink
      English
      arrow-up
      5
      ·
      1 year ago

      It is a bad idea. On one hand, we have the mean to make them quite secure. There is no such thing as an unbreakable encryption, but with proper key management and using decent enough algorithms we can totally do something that puts your camera out of reach of most thing that are not nation-scale organisations. On the other hand, it’s mildly more inconvenient than “installing an app and entering your email”, as it might require stuff like doing a tiny little bit of setting up.

      So, the unsecure/“trust the service” way it is.

        • cley_faye@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          It’s a bad idea because of the de-facto “requirement” that people want everything available everywhere with zero setup, causing cheap, completely insecure solution to become the norm. Just don’t use “cloud-based, app-enabled zero-config ultra easy trust me bro I know what I’m doing” camera and get proper stuff that allows you to control what goes where and use decent encryption.

    • TORFdot0@lemmy.world
      link
      fedilink
      English
      arrow-up
      4
      ·
      1 year ago

      I’d argue that it’s more convenient to have clouds connect for recording and storage purposes but so many cameras come with SD cards built in now that the cloud storage isn’t even really an advantage anymore either.