Are there any guides to doing this? We're about to have a baby, and don't want to drop a few hundred bucks on a baby video monitor system - I'd rather just ziptie a phone to the shelf above the crib.
Search either app store for 'baby monitor' and take your pick. I can't remember the name of the one we settled on when my son was born earlier this year but all of the ones I tried worked reasonably well.
We got one as a gift, but hardly used it. Of course both my kids are little Darth Shnorkulas.
I just can't really think of a scenario where the monitor helps. I mean I've had those panicked moments where I'm like "Is my kid dead, and I've just been sitting here playing computer games?" But either get up and check, or just keep playing. They almost never die.
Some children sleep in rooms that have decent sound insulation, and the parents want to know if the child is awake and distressed. (You don't start sleep training a child who is under 6 months.)
Don't worry, you'll know when they're awake and distressed. I tend to let kids cry for at least a minute before intervening, well, unless they're old enough to be asking for help.
The alternative is madness and leads to divorce or murder-suicide.
EDIT> Actually, I just made that number up. It's all context. My main warning / peeve is that our unrealistic standards of care as modern, educated, intelligent, self-improvement-minded parents actually leads to a shitty child-rearing experience that produces somewhat shitty children, rather than a more laissez-faire approach. Crying is like the weather. We don't always have to fix it.
When the child is under 6 months you probably don't want to delay when the child is crying. Under 6 months they cry to communicate a need - they're hungry; they need changing; they're in pain; they're cold' they're lonely.
Most people think it's a good idea to address those needs.
Even the people who like sleep training think you probably shouldn't start when the child is under 6 months.
There are a couple of people who think you can start sleep training under 6 months (Ferber; Gina Ford), but even Ferber sets a minimum age of 4 months.
If you are going to go down the "cry it out" route you will want to carefully investigate the different systems. Some of them have been discredited as harmful and cruel. Ferberization (or Gina Ford, they're pretty similar) is about the harshest system that a modern parent could get away with, but you need to be aware that a lot of people hate this method.
My favorite part of asking any technical question is the mandatory "you don't actually want to do what you're asking us how to do" :)
Pretty much most of what people said in response; if the baby's asleep and I'm cooking in the kitchen while watching a YouTube video and boiling something, it'd be nice to have a window displaying the kid in the corner so I can tell when it wakes up. Plus, it might be nice to tune in from work and watch it sleep. Plus, the wife wants one.
Given that dedicated hardware ones are expensive, I'd like to try it with one of the old phones we have laying around - if I come to agree with you that it's unnecessary, I won't have wasted $200 on something that really has no other purpose.
A: In our case we have twins and when they were babies, if one was rousing, we could put her back to sleep without having the other one wake up (and create a wakeful feedback loop).
It will be accessible on the local network via web browser (it starts a web server on the phone) or client app on another phone (e.g. tinyCam Monitor).
I saw a great app that turned old iOS devices into baby monitors. It wasn't the one I link to below, but you get the idea. Another weird hack was to buy a pair of cheap phones with unlimited minutes or unlimited to one number on one of them. Dumb phones are best as the battery is better. Then just call the phone and leave the call running. Unlimited range as long as you have cell signal. Telcomes here in NZ got wise and limited the minutes of a call.
Cloud Baby Monitor
https://appsto.re/nz/N99Yz.i
One easier way to detect (without jamming afterwards), for iOS at least, is to install the "Fing" app, connect to the wifi and scan the network. Then you will know the connected devices and their names. Chances are that cameras will have easy to recognize names on them. EDIT: you'll get the MAC address too, so you can compare if they match camera companies.
For those who don't own an iOS device, or don't feel it is the best tool to do this kind of analysis: The standard tool on OS X or Linux appears to be Kismet[1], which, while I haven't actually used it and so can't vouch for it firsthand, appears to be quite capable. I don't know what, if any, equivalent tool exists for Windows, and since I don't own a Windows laptop, I also don't really care.
Edit: Having now installed Fing and looked at what it does, it seems to basically just look at its assigned IP and netmask to determine the address space of the local network, and then perform an nmap-style ping scan to see what doesn't time out. When it gets a packet back, it uses the MAC address to identify the type of device, and a PTR lookup with the DHCP-provided DNS server to obtain a hostname. These are pretty cool capabilities to have on a handheld device, of course, but if you can't or won't install Fing, you can do pretty much everything it does with a 15-line Perl script on any device that can connect to the wireless network.
Fing scares me. I know theoretically any app I install could be scanning my network but Fing actually says it is scanning my network.
On the Fing page it says: "Fing does not collect nor sends any detail about your environment, your accounts or your network to anybody. And that's guaranteed!"
Yet on the Fingbox page it says: "By installing Fing on a desktop workstation and logging into your account, you can perform operations on remote networks through the Fingbox cloud."
Talk about not easy to use. I am not ashamed to say I can't figure this software out and I'm a software developer. What am I supposed to do in the case that it demands I set a target? Localhost? It'll tell me all about what I'm connected to.
192.168.1.1? That tells me what my router is connected to but that isn't necessarily what I want. 90% of output is just what it is doing. Oh you initialised, completed, initialised, completed, Unable to split netmask from target expression, script post-scanning, Read data files from: /usr/local/bin/../share/nmap.
True, the syntax is cryptic and unintuitive. Target is a subnet in CIDR notation, i.e. 192.168.1.0/24. The other various options describe the scan to perform. You can do simple pings, a full portscan, a quick portscan of the few most popular ports, and enable various IDS-evasion behaviors.
Fing provides something of a value-add by wrapping its sort of functionality in a nice UI. It's just amusing to see people discover Fing as though it were the first or only tool of its kind.
nmap is a universal stalwart of network security since the late 90s. It is the classic "hacking tool" long predating Metasploit, and Hollywood VFX people have even figured this out - it features in hacking scenes in Matrix Reloaded, Battle Royale, Bourne Ultimatum, and Elysium. I suspect ease of use has never been a priority, since its target audience is fellow open-source-savvy l33t haxxors.
To disable all cameras that only save data to the "cloud", like dropcam and many others, you can also just temporarily disconnect the cable or phone wire on the outside of the house.
Wouldn't that stop you using their Wifi, presumably included as part of the listing? That's probably another surveillance risk to be fair, but I think most people expect it and tolerate that risk.
If you read the article at the end the author says it's legality is questionable due to FCC changes that include kicking somebody off the wireless as jamming them
And don't forget to report those cameras to the authorities, since in many countries it is completely illegal to film people without their consent (in private places).
The US is a fucked up place because they want to make sure a babysitter doesn't shake their baby to death or a housecleaner doesn't break or pocket something without admitting it? Hyperbole much?
I mean, if we extend your logic, we should monitor everyone at all times because someone might just accidentally do something to hurt your child right? You never know why an extremely rare event like you mentioned could happen.
Everyone is usually being monitored when around children of strangers; we just usually do so with human eyes instead of cameras. Babysitting is an exception, but why should it be?
That's... just not really true. Maybe in some parts of extreme helicopter parenting, but it's really not a global truth. If what you say is true in US then perhaps the upper poster wasn't so wrong about the state of the country :/.
The implication wasn't that parents are watching the kids at all times when they're with others, but that someone was. There are almost no situations in which kids are left alone with someone other than their parents, apart from babysitting.
Pretty what? All sentences are ambiguous if you try hard enough. If you could tell what the meaning was, why are you insulting a strawman while actively admitting it is a strawman?
A camera can find mistreatment before it turns critical, and then the sitter is replaced.
That is protecting the baby's health, which sometimes reaches the level of saving lives.
Your logic only works if camera footage goes unwatched until the day the babysitter exits the business.
Edit: And that 'thin line' remark is 100% a strawman. I don't know how you can admit it isn't the "intended meaning" and yet claim it's not a strawman.
The statement about the intended meaning is there in an attempt to avoid this conversation. I was not putting the argument in their mouth, I was being bombastic in my criticism of their phrasing. If I was raising it as a serious argument, you are right, I probably wouldn't try to undermine it 10 words later.
Stepping aside from legality, and speaking purely from ethics, there's a big difference between "hiring someone to provide a service for your own private home" and "renting out a temporary place of residence for someone".
Ethically speaking I'd say it's completely okay to monitor the former, whether that service is a plumber or a babysitter, and whether the monitoring is done with a camera or your own human eyes. Those service personnel shouldn't be expecting privacy while they provide services, anyway.
Ethically speaking I'd say it's wrong and a violation of privacy to monitor the latter, regardless of whether it is done with camera or eyes, without prior warning. This is because providing a place of residence implies providing some level of privacy. Forget cameras, you shouldn't generally enter a tenant's place of residence even with your human eyes, without letting them know in advance (e.g. at the very least by knocking).
I'd say that if you're renting to someone else, it's still your property so you should be free to monitor it, but not disclosing the presence of cameras or other monitoring devices should be illegal.
Ownership is a bundle of rights. In the U.S., if you have rented out a property you "own" to another person, you do not have the right to enter that property without prior notice or consent of that person.
Yes. And I am in the position to demand it, or take another position. So we get a privacy divide within society: cleaners, waiters etc don't have an expectation of privacy, those higher up do.
> Do you expect privacy when you're in a shopping mall?
No, everybody can walk in and out at any time.
> You're in a building controlled by someone else, no renting going on. What is your rule for when privacy is expected?
Well, you have touched upon that yourself in your previous question: if a place is open to public you can not expect privacy obviously. When you are in a private place, the default should be to expect privacy unless explicity noticed otherwise.
I feel like you are actually advocating some 1984 here on freakin' HN!
The CEO has it's own office. He can close the door. If he wants, there will be no surveillance.
He even has an employee hired to protect his privacy: his secretary, which sits in front of this door. 'No sorry, mister Buffet is not in right now'.
The cleaner, the factory worker etc has to work in public places an thus can ben surveilled 100% of the time?
> I'm not advocating anything
You are at least condoning surveillance of everything that is under YOUR control. 'My property', 'I am paying for this'. Expressing your opinion like this in this context can only be explained as advocacy.
>You are at least condoning surveillance of everything that is under YOUR control. 'My property', 'I am paying for this'.
Those are not words I said.
I just wanted to know how you drew the line.
Which has helped me understand you better. I think you define the word 'privacy' differently than I do. I am against surveillance in many areas where I do not expect 'privacy'. You also draw a similar distinction, where you're okay with someone physically watching a plumber but not setting up a camera.
> Even a CEO is commonly able to be monitored by HR.
What do you consider "being monitored" in this context? The CEO answers to the board. Would I be naive in assuming the CEO is so far above HR and IT that monitoring him wouldn't be within their jurisdiction without the board requesting something specifically behind the CEO's back?
You're a plumber in my house. I feel like I fully have the right to watch you as you repair my plumbing. You're a babysitter in my house. Babysitting my hypothetical baby. I feel like I would have the right to watch over that baby's treatment in someone else's hands. If you aren't going to let me watch over the quality of your services, I would just find someone else to provide those services.
At some point, once we have established a degree of trust, I would probably watch over you less and less. This is quality control, not a privacy violation.
I do agree that within a single organization, such as a software company, employees need to have some level of privacy from each other in order to work efficiently and happily. That is also facilitated by an environment of mutual trust established by the company itself. That's a very different situation from an individual contracting the services of another individual, who are not a priori related to each other.
It's awfully easy to forget how one's circles aren't representative of most people. I think the general public are a lot more worried about terrorism and whatnot than they are about surveillance. Bashing the surveillance services is not a vote-winner.
I feel like this is a completely different area though. Would you ever rent services from someone saying: "I'll do the work in your house, but you can't look" ? I get the general idea of "I don't waive my right for privacy when I enter someone's house", but for work I just don't see any use case.
If I can't see what you're doing in my house, you're not working in my house. What's the reason I'd ever want/need the opposite?
Interestingly enough, it's also completely illegal in the US to de-auth a WiFi client which is exactly what this is doing and the disclaimer is hardly accurate:
Two wrongs really don't make a right. Without physically locating the camera you have no idea what is being deauthed. It could be a camera monitoring a locked (unavailable to the guest) room or even a neighbors camera. Not everyone out there is a perv and there are entirely legitimate and expected uses for WiFi cameras which are not creepy.
It would be better to locate the camera and if in a location where privacy is expected, simply call the police because who knows how many other victims there may have been and who knows how creepy the person who put it there is.
The relevant text of the FCC enforcement advisory you just linked to is:
"No hotel, convention center, or other commercial establishment or the network operator providing services at such establishments may intentionally block or disrupt
personal Wi-Fi hot spots on such premises, including as part of an effort to force consumers to purchase access to the property owner's Wi-Fi network. Such action is illegal and violations could lead to the assessment of substantial monetary penalties."
Clarification: Sending deauth packets on networks you control is fine. The issue the FCC is taking is with systems that send deauth packets to other networks.
Call be dumb but I have no idea what my wireless NIC is called and that's the first arg to the script.
How do I find out the handle for my wireless network card (I didn't even know it had a name), but also does anyone know why the script can't self detect that? Don't most people only have one?
Ditto for the SSID, couldn't the script just figure out what SSID I'm connected to?
Asking as much for self education as anything else...
On Linux, run ifconfig as root. The problem is that there's no naming convention for NIC names. Some systems use ethX for both wired and wireless systems, some ethX/wlanX, and some use wlx-(macaddress) unique name.
That disclaimer bugs me. Just admit you don't know what the fuck you're talking about and to consult a lawyer before using on equipment the user doesn't own and control. Instead it misleads the uninformed, and shows the slightly-informed you skimmed half a news article once.
Can you clarify the problem you have with the disclaimer? The important parts of the disclaimer seem to be the lines "this might be illegal, make sure to check, use with caution" as well as mention of de-authing being the potential problem. Those seem to me to be enough for an informed user to be able to do their research and enough for an uninformed user (or those unconfident in their ability to research it) to be sufficiently scared away.
It wasn't a change in regulation. There was an enforcement advisory that the FCC considered interfering with WiFi connections to be interference under 47 USC 333. That's not a new law or regulation, it's just the FCC publicizing that they have already and will take further action over new way to violate a law.
> it appears intentionally de-authing WiFi clients, even in your own home,
The radio spectrum is a public resource, even when it radiates through your home. I can't use a stingray just because the phones are being used in my house either. I can understand why some people might disagree with the public resource nature of RF. But it's neither clear if the author is trying to pick that bone for real, nor am I here to defend that classification. Just pointing it out.
> is now classed as ‘jamming’. Up until recently, jamming was defined as the indiscriminate addition of noise to signal - still the global technical definition.
Jamming is used colloquially to refer to all interference under 47 USC 333. But with a little googling I don't see the FCC using the term "jamming" for this style of WiFi interference. The law is written the way it is because spoofing deauth messages is just one of the many ways to cause interference without "jamming."
> It’s worth noting here that all wireless routers necessarily ship with the ability to de-auth, as part of the 802.11 specification.
I don't think I understand that it's "worth noting." There is a large difference between an access point managing it's clients, and a rogue actor spoofing messages to mislead those clients that the message came from the AP. The fact it's part of the spec is the only reason this tool works at all, and the concept of layer 2 interference isn't particularly hard to grasp, especially when that's the explicit purpose of the tool.
Also:
>The very fact this code exists should challenge you to reconsider the non-sane choice to rely on anything wireless for home security. More so, WiFi jammers - while illegal - are cheap. If you care, use cable.
There are a great many things in my life that someone could fuck up if they wanted to break the law that are much more important than my wifi based home security. Even with this tool, the greatest threats to wifi devices are still lousy wifi performance before interference, and lousy residential internet connections.
I don't need someone with a baseball bat loitering around the parking lots I use to pester me about my car. That doesn't "challenge me to reconsider the non-sane choice" of using a mode of transportation that is just so darn easy to damage with a baseball bat.
Agreed, this is a pretty narrow slice. Though if you're seriously worried about all forms of surveillance, you can end up heading down a deep rabbit hole pretty fast.
Because clients connected to a "hidden" SSID broadcast -in cleartext- that AP's SSID in many frames that they and the AP transmit as a normal part of operation, [0] deactivating SSID broadcasts gains you no security, a fair bit of inconvenience, and -potentially- reduced battery life when you move out of range of the AP as the client spams "are you here?" messages, rather than taking the absence of SSID broadcasts as a sign that it's out of range of the AP.
Now, you could "hide" your SSID to reduce the number of SSIDs that appear in a WiFi network browser in a congested area... but that's a thing that -IMO- doesn't get you much for the hassle.
For security, either use WPA2-Personal in AES/CCMP-only mode with a long, randomly-generated password, or WPA2-Enterprise [1] in the same mode.
Beside the legal issues I fear that this is a risk in a way that it could create a false sense of security. I.e. non-technical people thinking "this will make sure I'm not filmed" while this isn't the case.
There can be cameras not affected by the script, cameras with cables, cameras with their own storage etc. pp. Of course everyone here will say "that's obvious", but I'm not sure this is obvious for everyone.
They're called scriptkiddies: they have just enough technical know-how to hang themselves, more or less. Enough to copy and paste lines into a terminal window.
Ironic that you're going to worry about legal issues while renting an illegal hotel room. Considering AirBnB is all about pushing boundaries and outright disregard for the law, the use of this script seems completely apropos.
Indeed, but it's the illegal rentals which have made AirBnB successful and led to its giant valuation. There were legal rental sites before AirBnB, but none rose to such heights. AirBnB got rich by flaunting the laws on most of their listings.
The second meaning is an error, really, and gets flagged with usage notes.
"4. The use of flaunt to mean “to ignore or treat with disdain” ( He flaunts community standards with his behavior) is strongly objected to by many usage guides, which insist that only flout can properly express this meaning. From its earliest appearance in English in the 16th century, flaunt has had the meanings “to display oneself conspicuously, defiantly, or boldly” in public and “to parade or display ostentatiously.” These senses approach those of flout, which dates from about the same period: “to treat with disdain, scorn, or contempt; scoff at; mock.” A sentence like Once secure in his new social position, he was able to flaunt his lower-class origins can thus be ambiguous in current English. Considering the similarity in pronunciation of the two words, it is not surprising that flaunt has assumed the meanings of flout and that this use has appeared in the speech and edited writing of even well-educated, literate persons. Nevertheless, many regard the senses of flaunt and flout as entirely unrelated and concerned speakers and writers still continue to keep them separate."
But you weren't talking about AirBnB, you were talking about the guest. Even if AirBnB became more successful due to also having illegal rentals, it's faulty to assume the guest is in one.
Different levels of legal violation. Using your logic it would be okay to say, "ironic that your going to worry about legal issues with raping someone when you sped to work."
Say someone is renting out a room on AirBNB, and they also have some dropcams monitoring the perimeter of their house.
Someone rents the room, and runs this script, disabling the cameras.
During the stay, the property is burglarized, and there is no surveillance footage of the crime because the renter disabled the cameras.
That seems like an incredibly messy legal situation. Would the renter even be able to exonerate themselves? They disabled the cameras, it almost feels like they inadvertently framed themselves for a crime they didn't commit.
> Would the renter even be able to exonerate themselves?
If you can convince the cops to do their job, then yes?
If my apartment was burgled when I was at work and my new roommate had the day off, the cops would -hopefully- do some investigation to determine if anyone else might have possibly entered the space, as well as checking and enquiring with pawn shops and grey-market street vendors for my stolen goods.
Even more clearcut, all the cameras in all the neighbouring flats get disabled (this is actually the reason why jamming is illegal -- EM radiation doesn't know to respect property boundaries).
This particular script is not really a jammer in the traditional sense. It's simply a de-auth command to a specific device on a specific network. So with a little care you could ensure you were only dropping the indoor cameras.
De-authing the camera from the wireless network isn't necessarily going to stop it from recording. Manything for instance will pile up footage offline and sync it when it gets an internet connection again... should probably be clarified in the article that it's not stopping the recording but merely disrupting the internet connection of the camera
It looks like the script uses arp-scan to detect cameras. That is an ethernet-level tool so it will detect only devices on the wifi network your computer is connected to, not all networks within range.
Yep, you're right. An 802.11 client broadcasts the MAC address in every frame in plaintext, so a more straightforward approach would be to use `airodump-ng` to list the cams. The innocent bystander practical & legal concerns were probably the reason author did it this way.
To commit a criminal offence, one needs the criminal act (actus reus) and the guilty mind (mens rea). If someone deactivated the security system (actus reus) with the intent (mens rea) of helping someone else burglarize, that would definitely be a crime. However if someone deactivated the security system and without criminal intent helped a criminal, then it would be a much murkier issue. Most countries have various offences on the books for criminal negligence to deal with this situation.
On the other hand if the homeowner or the insurer wished to SUE someone for disabling the security system and thereby facilitating the loss of property, that someone would most likely be fucked. Civil liability doesn't require the accused to be the sole cause of the damage; one can be a contributory cause and still get roasted for huge damages.
IANAL and this comment is not legal advice
(1) According to the article, disabling the wireless camera itself may be a crime in the US. If so, there are a host of ways the participant could face criminal liability under the described facts.
(2) Civil liability does require, generally, causation--cause-in-fact and proximate cause. The cause-in-fact test is a simple "but-for" assessment: but-for our guy disabling the wireless, would the robbery have happened? In this case, yes, in the absence of our guy disabling the wireless, the bad guy would have still robbed the house. Disabling the wireless did not cause the robbery, the criminal was acting independent and without knowledge of the wireless camera's being disabled. Proximate cause is a more complicated legal standard, but since cause-in-fact is missing here, our guy isn't liable, and your second point is probably incorrect.
Disabling the cameras would make it much harder to identify and catch the thief and therefore recover the stolen property. And so, on a balance of probabilities, 'but for' disabling the cameras the damage (loss of property) would not have occurred.
I see what you're saying, but there's a strong argument to be made for finding the camera-disabling guest negligent. If I was advising a client I would never state things as matter-of-factly as you did, but maybe its okay in the court of HN.
And "but-for" the police's inability to catch the bad guy, the plaintiff would have recovered his stolen goods as well, right? And "but-for" the Chief hiring the detective in charge of the case, the plaintiff would have been more likely to recover his property. And on and on. He should sue them all as well.
A lawyer who doesn't quite yet understand factual causation or the limitations imposed by proximate cause would do well to hedge an answer like this with a client. A knowledgeable lawyer, however, would win this on SJ.
One could make a plausible case there's a bit of click bait in the original title because there is nothing specific to AirBnB in the script; the use of hidden cameras is not part of their business; nor are AirBnB rentals a unique market for hidden cameras.
Anyone who clicks on the link can read the title and decide its relevance to the hack. The primary people whose needs aren't accommodated by the change are those whose interest is triggered by "AirBnB."
Not really. The script was written as a result of the recent AirBnB stories about hosts spying on and recording their guests. The relevance is direct and immediate, and taking it out of the title is shameless editorializing.
Journalists often concoct an "ongoing" narrative to make it sound like there is a big trend when there are only one or two anecdotes. Write a weak article with one example, follow it up with a second article with a second example, then write a third article proclaiming that something is "sweeping the nation," linking to what "we previously reported."
The linked title could just as well have said "when you're staying in a stranger's home," but that doesn't carry as much currency as "AirBnB." I think that's clickbait, albeit subtle.
I doubt it's explitly up to Dang, I remember seeing this same sort of thing back when PG was running the show too. And even if it is up to Dang's discretion..
Why would YC want to propagate negative content corresponding to their ventures?
As far as I'm aware, HN never promised to let us (the users) rule the roost this way. And they've never promised freedom from censorship.
To be clear, I don't mean any of this in a critical way. It simply is what it is.
That's a good point! I also recall the announcement [0] and related HN discourse [1].
Reviewing it now, it looks to me like they declared editorial independence without going into much detail. I especially don't see anything about guaranteeing the preservation of things that may harm the YC or affiliated brands.
You're missing the point people! Don't record other people who are renting your house, or tell them you're going doing it. Detecting and disabling a camera on the network (and assuming it's on the same subnet as any wifi you are authorized to use) is ass backwards.
As someone with a bit of familiarity with the world of contemporary art, I think it's important to see this as a provocation, not something intended for real world use. One might find Oliver's other projects (e.g. the "transparency grenade", which is an actually transparent acrylic grenade that "blowns open" wifi insecurity) to be a bit irresponsible or less sensitive than you would expect from a "critical engineer".
So it only works if they are using one of those two off the shelf cameras.
reply