Only thing I'd mention is that the old school "web server runs on camera" model is really dodgy when the average user just plugs it in, fires up a mobile app, and sees their camera - then assumes all is well.
So many security issues and exploits for those things. Hardcoded passwords, backdoors, and loads of exploits for gaining SSH or telnet access on very common models.
As much as I hate the current shift toward camera-remote server setups (and their inevitable subscription fees), I can't imagine expecting your average buyer at Amazon or Walmart to properly configure and lock those things down. At least if it only talks to Amazon or Google or whoever, you won't be able to find it in a port scan and pull an image using admin/admin or whatever.
So to avoid the risk of someone wardriving your neighborhood and hacking into your camera, it's better to...send all the data to China and trust them to protect it?
In all fairness (there are multiple precedents), a US-based provider won't protect your data (from internal employees) either. Any centralized video monitoring system is a ticking time bomb.
Sorry, why the downvotes? Is something here factually incorrect? Didn't AT&T just 'lose' private data from "almost all customers"? The only truly private option is keeping your data on-prem.
Agree completely, and the only times I've used IP cameras, they were separated from the main LAN, had no access from outside, and provided a stream to a NAS running NVR software.
That said, I can see the average user having a better outcome by "outsourcing their security" to Google, Amazon, and the like. Not ideal for exactly the reasons you stated, but seeing as very few people are going to set up or maintain an on-premises solution, I think the odds are still better than "random Chinese IP camera running a web server and viewable via a janky phone app outside the LAN".
The move to doing everything on phones has only made it worse. At least when you were expected to log in via a "proper" browser for initial setup, you could be prompted to set a new password, update firmware, or make changes to settings. The phone-centric ones I've seen are basically "plug in, scan QR/type serial/connect to temporary AP, (confusing techie stuff happens magically here), now you can watch your dog on your iphone from anywhere!"
Ignore the part about how this actually happens and how anyone can just scan port 8000 or whatever and connect with the hidden root login.
When I had my first child a decade ago, someone gifted me a PTZ camera that was viewable through a smartphone app.
I set it up, connected it to wifi, and it worked... for about 4 days. Resetting it didn't work. Called the company and they sent a replacement. Same thing happened.
I noticed that it had used UPnP to map a public port to itself. I never tried hitting it with anything, but I made the assumption that it was getting pwned. I threw it away.
That experience makes me agree with your assessment.
One piece of advice - when it comes to privacy and security, wired > wifi. I always recommend wiring (PoE). Jammers have recently become cheap and accessible, and burglars can now turn off whole neighborhoods.
I absolutely do. I don't find wireless cameras to be a compelling product in any personal or professional use case, but I see their appeal. I only used the thing because it was a gift.
When it comes to baby monitors, which the device I had was marketed as, I actually prefer analog (because static is better than non-functional) with a dedicated receiver, but I'll use just about anything without a TCP/IP stack :)
So many security issues and exploits for those things. Hardcoded passwords, backdoors, and loads of exploits for gaining SSH or telnet access on very common models.
As much as I hate the current shift toward camera-remote server setups (and their inevitable subscription fees), I can't imagine expecting your average buyer at Amazon or Walmart to properly configure and lock those things down. At least if it only talks to Amazon or Google or whoever, you won't be able to find it in a port scan and pull an image using admin/admin or whatever.