The latest example involves Ring failing to adequately secure users information when they share to the Ring "Neighbors" portion of the Ring app. Journalists had already showcased how Ring's security standards were hot garbage. And while Amazon has taken some steps to address those concerns (like making two-factor authentication mandatory), this week it was revealed that Ring’s Neighbors app was exposing the precise locations and home addresses of users who had posted to the app:

"While users’ posts are public, the app doesn’t display names or precise locations — though most include video taken by Ring doorbells and security cameras. The bug made it possible to retrieve the location data on users who posted to the app, including those who are reporting crimes."

Whoops-a-daisy!

The disclosure comes on the heels of a similar report from Gizmodo last year that found it wasn't too difficult to ferret out hidden data allowing journalists (and anybody else) to map the location of Ring users nationwide:

"Examining the network traffic of the Neighbors app produced unexpected data, including hidden geographic coordinates that are connected to each post—latitude and longitude with up to six decimal points of precision, accurate enough to pinpoint roughly a square inch of ground."

Neat! Ring's already facing a class action lawsuit from users not particularly happy about receiving death threats and racist slurs after their Ring smart cameras were hacked.

Purportedly, Ring's Neighborhood functionality is generally supposed to help communities band together and discuss potential security threats. Kind of a neighborhood watch for the modern era. More often, however, the functionality results in people engaging in paranoid hyperventilation about minorities or homeless people getting a skosh too close to the azaleas.

If you're going to be earning additional billions from selling access to consumer residential cameras to intelligence and law enforcement every year, it seems like the very least you can do is invest a little bit more in taking consumer privacy and security seriously, even if "caring about consumers" and "selling their camera surveillance and location data to any nitwit with a nickel" operate somewhat discordantly.

Trying to have it all, Ring welcomed police departments into the fold, offering steep discounts on cameras to agencies that played along with its PR pitches and distribution tactics. Citizens could get cameras for almost nothing from local cops with the implicit suggestion they share their recordings with cops whenever law enforcement asked.

That was the initial wave of bad press: the co-opting of police departments to turn consumer security cameras into extensions of law enforcement surveillance networks. The second wave was almost worse. It involved the hijacking of Ring cameras by malicious jerks who used lists of credentials taken from security breaches to take control of the connected devices.

Ring shifted the blame for these hijackings to the end users. While Ring does encourage the use of "strong" passwords and two-factor authentication, it did not -- until recently -- make either of these the default. A recent update to its "privacy dashboard" finally allowed users to easily control access to their cameras by providing lists of all IP addresses/devices currently logged in. It also nudged users in the direction of 2FA a bit more firmly, making this opt-out, rather than opt-in.

The latest update goes further. And it must have been painful to implement, since it undercuts part of the company's sales pitches to law enforcement agencies. Ring has played up the advantages of cops handing cameras to citizens, creating portals that give officers maps of Ring camera locations and coaching cops on the finer points of obtaining footage without a warrant. This addition to Ring's privacy dashboard is going to make it a bit more difficult for cops to bypass the warrant process when seeking to obtain camera footage from Ring users.

In the new update, users will be able to see an "Active Law Enforcement Map" clarifying which local institutions are part of the Neighbor Portal network. They will also be able to disable requests for video from officials, whether or not they have received one in the past. (This feature was available previously, but an account had to have received one request for the opt-out option to appear.)

Ring's blog post on the dashboard update not-so-subtly hints that users shouldn't do this by telling readers about a couple of times the video request tool was used to solve crimes. Even if this PR nudge proves ineffective, cops aren't completely out of luck. Ring is happy to turn over footage stored in its cloud to law enforcement without notifying users, even as it claims this footage still belongs to the end users.

This is a move in the right direction for Ring. Unfortunately, it still seems focused on becoming an appendage of law enforcement, rather than a producer of consumer goods. As long as it spends more time trying to figure out how it can best assist government middlemen, it's going to keep disappointing the actual users of its cameras.

Since its introduction, Ring has been steadily increasing its market share -- both with homeowners and their public servants. At the beginning of August, this partnership included 200 law enforcement agencies. Three months later, that number has increased to 630.

What do police departments get in exchange for agreeing to be Ring lapdogs? Well, they get a portal that allows them to seek footage from Ring owners, hopefully without a warrant. They also get a built-in PR network that promotes law enforcement wins aided by Ring footage, provided the agencies are willing to let Ring write their press releases for them.

They also get instructions on how to bypass warrant requirements to obtain camera footage from private citizens. Some of this is just a nudge -- an unstated quid pro quo attached to the free cameras cops hand out to homeowners. Some of this is actual instructions on how to word requests so recipients are less likely to wonder about their Fourth Amendment rights. And some of this is Ring itself, which stores footage uploaded by users for law enforcement perusal.

If it seems like a warrant might slow things down -- or law enforcement lacks probable cause to demand footage -- Ring is more than happy to help out. Footage remains a subpoena away at Ring HQ. And, more disturbingly, anything turned over to police departments comes with no strings attached.

Statements given to Sen. Edward Markey by Amazon indicate footage turned over to cops is a gift that keeps on giving.

Police officers who download videos captured by homeowners’ Ring doorbell cameras can keep them forever and share them with whomever they’d like without providing evidence of a crime, the Amazon-owned firm told a lawmaker this month.

Brian Huseman, Amazon's VP of Public Policy, indicates the public is kind of an afterthought when it comes to Ring and its super-lax policies.

Police in those communities can use Ring software to request up to 12 hours of video from anyone within half a square mile of a suspected crime scene, covering a 45-day time span, Huseman wrote. Police are required to include a case number for the crime they are investigating, but not any other details or evidence related to the crime or their request.

Ring itself maintains that it's still very much into protecting users and their safety. Maybe not so much their privacy, though. The company says it takes the "responsibility" of "protecting homes and communities" very seriously. But when it comes to footage, well… that footage apparently belongs to whoever it ends up with.

Ring… "does not own or otherwise control users’ videos, and we intentionally designed the Neighbors Portal to ensure that users get to decide whether to voluntarily provide their videos to the police.”

It's obvious Ring does not "control" recordings. Otherwise, it would place a few more restrictions on the zero-guardrail "partnerships" with law enforcement agencies. But pretending Ring owners are OK with cops sharing their recordings with whoever just because they agreed to share the recording with one agency is disingenuous.

Ring's answers to Markey's pointed questions are simply inadequate. As the Washington Post article notes, Ring claims it makes users agree to install cameras so they won't record public areas like roads or sidewalks, but does nothing to police uploaded footage to ensure this rule is followed. It also claims its does not collect "personal information online from children under the age of 13," but still proudly let everyone know how many trick-or-treaters came to Ring users' doors on Halloween. And, again, it does not vet users' footage to ensure they're not harvesting recordings of children under the age of 13.

The company also hinted it's still looking at adding facial recognition capabilities to its cameras. Amazon's response pointed to competitors' products utilizing this tech and said it would "innovate" based on "customer demand."

While Ring's speedy expansion would have caused some concern, most of that would have been limited to its competitors. That it chose to use law enforcement agencies to boost its signal is vastly more concerning. It's no longer just a home security product. It's a surveillance tool law enforcement agencies can tap into seemingly at will.

Many users would be more than happy to welcome the services of law enforcement if their doorbell cameras captured footage of criminal act that affected them, but Ring's network of law enforcement partners makes camera owners almost extraneous. If cops want footage, Ring will give it to them. And then the cops can do whatever they want with it, even if it doesn't contribute to ongoing investigations.

These answers didn't make Sen. Markey happy. Hopefully, other legislators will find these responses unsatisfactory and start demanding more -- both from law enforcement agencies and Ring itself.

Ring is putting the "creep" back in the phrase "surveillance creep." While there's some value to keeping an eye on your front doorstep when you're expecting an expensive delivery, the downside is Ring might be letting cops know you've got a camera on your house. What it won't be letting you know is that it will part with your footage at the drop of a subpoena.

If you're not eyeballing your neighbors by proxy, you're not living right. That's the message of the Neighbors app, which is pushed by Ring and cops alike. Breaking down "sharing" barriers is the first step toward bypassing the warrant process. Ring is the grease and the wheel.

The pushback against Ring's law enforcement adoption offensive has had minimal effect on the company. It continues undeterred, even as it attempts to explain both its lack of interest in adding facial recognition software to its doorbells and its retention of a facial recognition division head. It's things like this that make one believe the public's opinion ultimately doesn't matter, not if Ring can convince enough cop shops to start pushing its offerings on the public.

Ring is back in the news again. And, again, it's not because it did anything right. Or competently.

First, Buzzfeed reports the doorbell company is as tone deaf as it is dominant in its market sector. What Ring thinks is cute and fun is actually just very, very creepy.

In a company blog and series of Instagram stories, posted Monday and Tuesday, the company showed that it collects, stores, and analyzes sensitive data about how, when, and where people use its doorbell cameras. Ring said that nationwide, its doorbell cameras were activated 15.8 million times on Halloween. The company makes several other types of surveillance cameras in addition to its doorbell camera.

As it has on other occasions, like Super Bowl Sunday, Ring turned Halloween into a marketing opportunity. As reported by Mashable, Ring circulated videos of children on Halloween on Twitter. Ring also promoted Halloween-themed skins to decorate doorbell cameras on its company blogs and Instagram. However, in promoting itself as a family-friendly company, Ring showed that it collects user data on a granular level.

Friends, neighbors, visitors… children -- nothing but data and footage to be used to promote Ring's version of everyday life in the United States. The information a Ring doorbell collects belongs to Ring, not its customers. And if it belongs to Ring, it can be had without a warrant in most cases. Ring knows how often customers' doorbells ring. It says it anonymizes this data, but first you have to trust that it actually did what it said it did. And then you have to believe anonymizing data actually anonymizes it, which it kind of doesn't.

But trading trick-or-treating kids for social media impressions isn't the only headline Ring made this past week. It also showed it's not immune to the IoT curse: connected "smart' things tend to be attack vectors. And if they're not actually being attacked, they're just giving info away to whoever wants it.

A vulnerability in the Amazon Ring doorbells could have exposed homes’ WiFi username and password to hackers.

Discovered earlier this year by Romanian cybersecurity firm Bitdefender, the issue caused users’ WiFi credentials to be transmitted unencrypted while they were setting up the internet-connected device.

“When entering configuration mode, the device receives the user’s network credentials from the smartphone app,” Bitdefender notes. “Data exchange is performed through plain HTTP, which means that the credentials are exposed to any nearby eavesdroppers.”

While this method requires a hacker to be near the doorbell or on the targeted WiFi network in order to intercept the credentials, this doesn't mean exploitation is only a crime of opportunity. As Bitdefender noted, hackers could flood the device with de-authentication messages which would kick the doorbell off the network. When Ring users try to reconnect their doorbell to their network, hackers could jump in and grab the credentials as they sail by in plaintext.

The good news is this issue has been fixed. The bad news is this is the second time Ring's doorbells have been caught handing out WiFi credentials. At least last time, malicious hackers needed physical access to the doorbell. The last misstep allowed hackers to stay in their cars.

The further bad news is Ring is still Ring and mainly interested in turning doorbells in spy cams that can be easily accessed by its hundreds of law enforcement "partners." It has never expressed any sincere desire to protect the privacy of its users. As far as it's concerned, every camera is just another eye it owns, feeding it footage and data it can use at will.

"If the URL /gainspan/system/config/network is requested from the web server running on the Gainspan unit, the wireless configuration is returned including the configured SSID and PSK in cleartext. The doorbell is only secured to its back plate by two standard screws. This means that it is possible for an attacker to gain access to the homeowner’s wireless network by unscrewing the Ring, pressing the setup button and accessing the configuration URL. As it is just a simple URL this can be performed quite easily from a mobile device such as a phone and could be performed without any visible form of tampering to the unit."