Surveil yourself at home!

I just found out that my condo building is about to replace our (terrible) vintage-1990 front door voice-only intercom system with this app-based video chat thing, ButterflyMX. Anyone have any hilarious security stories about this, or about how their "partners" will be monetizing surveillance of my comings and goings?

Previously, previously.

Tags: , , , , , ,

12 Responses:

  1. Richard says:

    Also, ... I am curious how this company expects their fancy full-size touchscreen not getting tagged like, ... all the time ?

  2. Chris says:

    Well that sucks. I wasn't aware of this, but found you're not alone:
    I had hoped California would have a law about this, but I can only see this for NYC:
    I don't think even the NYC rule would help you with this. They've given you a lame way to decline it.
    Maybe you could use the California Consumer Privacy Act as leverage to get your information removed?

  3. Doctor Memory says:

    Our co-op here in NYC uses them. The inevitable data privacy disaster is well documented in Chris' link above, so I don't have anything to add there.

    The good news, such as it is, is that they are at least no worse in terms of basic reliability than our century-old electromechanical door buzzer and intercom system that they replaced, but our doors still have manual Medeco keys so if the system is down it's at least not particularly bothersome to me personally. And I will allow that it's actually handy to be able to buzz in the UPS/Fedex delivery people remotely from my office or wherever.

    The bad news is that the idea of an apartment having a guest who might need to let other people in does not seem to have occurred to them. Got a babysitter who's going to order dinner? Hope you don't mind taking the doorbell call in the middle of your date. I eventually broke down an mounted an old iPad on the wall near my door to be a dedicated doorbell, which was why I found myself commenting on the subject of your old work ipads. To their credit I guess they have not pulled support for ios 12 from their app, so you can use off-support hardware for it.

    • Doctor Memory says:

      oh, small postscript: their touchscreen devices are actually running some embedded version of Windows. So I'm sure there are some hilarious security bugs to be found there.

      • phuzz says:

        I wonder if they're ARM or x86 based? Could be a cheap source of hardware when they go belly up.

    • Brian B says:

      The guest thing is annoying to be sure. I'm going to be pet-sitting this weekend in a building that recently got one of these, and the resident has to email the company to set up a guest account for me.

      My previous building installed something similar from a different company, and IIRC it was easy to set up a guest account. Seeing who was at the front door had its advantages too.

  4. Violet says:

    Pentester party at your house! I'll bring snacks :D

  5. Julian Calaby says:

    Off topic: your CDN seems to be offline: doesn't seem to be a valid domain here in Australia.

    • jwz says:

      Beats me. I think Amazon shit the bed.

      • Julian Calaby says:

        Are you sure it's Amazon? The whois info for points to, not any of the usual awsdns domains I'd expect from something AWS hosted, so maybe it's something DNS related?

        Either way, thanks Amazon. Thamazon.

  6. Thomas Lord says:

    Looked into other kinds of public / private surveillance stuff to figure out how badly the City of Berkeley was violating its own ordinance that limits [sic] "ACQUISITION AND USE OF SURVEILLANCE TECHNOLOGY". The ordinance stops nothing at all.

    Your remote door entry service provider(!), like every other surveillance product, has a blanket clause in its privacy policy that allows nearly unfettered and secret sharing with "law enforcement" (very broadly defined).

    As a good rule of thumb, police rarely develop their own software or run their own servers for accessing, searching, or otherwise crunching their big data. It's nearly always outsourced to closely held, not-much-advertised firms. Your pretty face and associated meta-data can be quietly monetized there, as well. Heck, if they satisfy the legal requirements [sic] of anonymization, maybe Amazon will buy data to see if they can't identify you and where you live as "proof of capability".

    So one more irony: you're not only paying your condo board for this fun, because taxes also subsidize this business model, as do your purchases from any company that uses this data.

    A company selling to a local jurisdiction (or condo association) can even make pretty promises of not retaining data beyond X days and this is meaningless. It not only will never be audited, but also because such retention policies are not transitive. Generally private surveillance buyers and public jurisdictions accept the pretty promises as gospel (which, after all, satisfies the letter of the law).

  • Previously