Ring slightly overhauls security and privacy, but it’s still not enough

Security camera maker Ring is updating its service to improve account security and give more control when it comes to privacy. Once again, this is yet another update that makes the overall experience slightly better but the Amazon-owned company is still not doing enough to protect its users.

First, Ring is reversing its stance when it comes to two-factor authentication. Two-factor authentication is now mandatory — you can’t even opt out. So the next time you login on your Ring account, you’ll receive a six-digit code via email or text message to confirm your login request.

This is very different from what Ring founder Jamie Siminoff told me at CES in early January:

“So now, we’re going one step further, which is for two-factor authentication. We really want to make it an opt-out, not an opt-in. You still want to let people opt out of it because there are people that just don’t want it. You don’t want to force it, but you want to make it as forceful as you can be without hurting the customer experience.”

Security experts all say that sending you a code by text message isn’t perfect. It’s better than no form of two-factor authentication, but text messages are not secure. They’re also tied to your phone number. That’s why SIM-swapping attacks are on the rise.

As for sending you a code via email, it really depends on your email account. If you haven’t enabled two-factor authentication on your email account, then Ring’s implementation of two-factor authentication is basically worthless. Ring should let you use app-based two-factor with the ability to turn off other methods in your account.

And that doesn’t solve Ring’s password issues. As Motherboard originally found out, Ring doesn’t prevent you from using a weak password and reusing passwords that have been compromised in security breaches from third-party services.

A couple of weeks ago, TechCrunch’s Zack Whittaker could create a Ring account with “12345678” and “password” as the password. He created another account with “password” a few minutes ago.

When it comes to privacy, the EFF called out Ring’s app as it shares a ton of information with third-party services, such as branch.io, mixpanel.com, appsflyer.com and facebook.com. Worse, Ring doesn’t require meaningful consent from the user.

You can now opt out of third-party services that help Ring serve personalized advertising. As for analytics, Ring is temporarily removing most third-party analytics services from its apps (but not all). The company plans on adding a menu to opt out of third-party analytics services in a future update.

Enabling third-party trackers and letting you opt out later isn’t GDPR compliant. So I hope the onboarding experience is going to change as well as the company shouldn’t enable these features without proper consent at all.

Ring could have used this opportunity to adopt a far stronger stance when it comes to privacy. The company sells devices that you set up in your garden, your living room and sometimes even your bedroom. Users certainly don’t want third-party companies to learn more about your interactions with Ring’s services. But it seems like Ring’s motto is still: “If we can do it, why shouldn’t we do it.”

Gadgets – TechCrunch

Google overhauls Nest Aware cloud recording plan

Google is updating the Nest Mini today, the device formerly known as Google Home Mini. And the company used this opportunity to announce an update to its home awareness product, Nest Aware.

If you have Nest security cameras, you can subscribe to a Nest Aware plan. It currently costs $ 5 a month for 5-day video history, $ 10 per month for 10-day history and $ 30 per month for 30-day history. All plans include continuous recording, intelligence alerts, clips and more.

But it can get complicated when you have multiple cameras. Additional cameras require their own subscription plan, but those additional plans are a bit cheaper.

Google is going to simplify all that with plans that cover your whole home. New plans will cost $ 6 per month for 30-day event history and $ 12 per month for 60-day event history as well as 10-day 24/7 video history.

As you can see, you now have to pay $ 12 per month for continuous recording as the basic plan doesn’t include continuous recording anymore. But if you have 8 cameras, you’ll only have to play for a single subscription.

New plans will roll out in early 2020 with the option to switch to the new plans.

And now, Nest Mini and Nest Hubs integrate with Nest Aware. For instance, when your non-connected smoke detector is triggered by a fire, your Nest Mini will notice the alarm and send you a push notification.

You can listen live to confirm that it is a smoke alarm. You can confirm the alarm and the Home app then calls 911 or your local emergency service directly.

Gadgets – TechCrunch

Tumblr Overhauls Its Android App With Path-Like Interface, Brings “Take A Photo” Back To The Desktop

5279013565_34120710a2_z

Today, Tumblr launched a new version of its Android app. Its interface is the design you’re seeing in many apps lately, mostly made popular by Path.

Yes, Tumblr has gone Holo with its UI. That aside, the app feels way more responsive, letting you scroll through all of the cat photos and emo shots of your pals. Its pull-down-to-refresh even got a snazzier animation.

The brief note from the Tumblr Staff blog came along with an animation of the new navigation…animations:

Tumblr for Android just got a total facelift! We’ve completely redesigned the interface, added fancy post animations, made images pop, and a whole lot more. Download the update today.

Tumblr has also made it so that photos pop out in your stream more, so as to increase interaction within the app. This is something that Facebook recently announced it’s doing with its own News Feed:

It’s interesting that Tumblr attacked the Android app first, as its iOS version still has this boring old interface:

Stay tuned for the iOS version, though, since its latest major overhaul was back in November. There’s only one problem with the new interface, though. You can’t post from any page you’re on. I’d like to see the animated “post” button follow me no matter where I am on the site. Right now, you have to go back to your stream to post something.

Since it’s not all about mobile, for those who like to take “selfies,” (who doesn’t?) the company has brought back the “take a photo” functionality to the desktop site. If you just want to show all of your followers exactly how you feel right now, you can just shoot a shot and post it to your stream like this:

Sadly, that feature only works on Chrome and the latest versions of Firefox. Sorry, Safari and IE users, no selfies for you.

Happy Tumblr-ing.

[Photo credit: Flickr]


TechCrunch » android