Comment by m348e912

12 days ago

> Cool, it’s encrypted on transit to me… now what about at rest with them? Is it encrypted and they absolutely can not view or hand that footage to police/gov? No.

Technically yes, e2e encryption means video hosted on their servers is only viewable by devices with decryption keys. So if the police/gov brought a subpoena to request the video, Ring could only offer them the encrypted video. They would have to take possession of your phone and gain access in order to decrypt and view the video.

In this case the "ends" in the e2e encryption is the camera and your phone.

4 comments

m348e912

Reply
Galanwe  12 days ago

I used to work for a well known communication app, the kind everyone here used. Couple things I learnt about "end to end encryption":

- You can call your service e2e encrypted even if every client has the same key bundled into the binary, and rotate it from time to time when it's reversed.

- You can call your service e2e encrypted even if you have a server that stores and pushes client keys. That is how you could access your message history on multiple devices.

- You can call your service e2e encrypted and just retrieve or push client keys at will whenever you get a government request.

  • m348e912  11 days ago

    I just set it up e2e on Ring last week. It generates the a key and a word list (for backup) on your phone. You have to physically be in vicinity of the Ring camera to activate encryption on the camera. My impression is that Ring is truly offering a version of video collection which they can't access.

    But I think your third point is valid, there is nothing stopping Ring from telling the app to share a user's keys and then give them to whoever is asking.

SV_BubbleTime  12 days ago

We already 100% know this is misleading though. Amazon has access to your ring footage.

They are acknowledging that the end to end TRANSIT is encrypted. They are not encrypting from themselves at rest.