It’s pretty shocking but most IP cameras can be accessed with nothing more than their serial number. Here’s a somewhat recent DefCon talk about it: https://m.youtube.com/watch?v=Z_gKEF76oMM

I use Reolink cameras, in the admin interface there’s an option called UID. Turning that off (theoretically) disables the backdoor. I have my cameras and NVR (which is actually just a python script on an old laptop that uses ffmpeg to capture streams) on their own airgapped lan so I don’t have to worry about blackhats or the ccp using backdoors to watch my kids.

Well, most IP cameras cannot be accessed this way when you look at the global pool of IP cameras. However many on them on Amazon, particularly from OEM companies like Reolink that are more of a custom relabeller vs. a real camera manufacturer have all kinds of backdoor access methods.

Best practice is to put your IP cameras on a separate isolated network, connected to a dual-NIC recorder/PC running trusted software (eg: not some random DVR/NVR on Amazon) for recording and viewing. This is not a perfect solution, but it at least takes you far away from the path-of-least-resistance pool of devices with weak cybersecurity that are prone to various exploits.

Can't you just use VLAN tagging and firewall rules?

You sure can. And as a result you will get...

> a separate isolated network

They specifically called for dual-NIC.

As an extension of their suggestion. There’s no mystery here.

Yes, of course. Though most people who understand that are already doing things to mitigate exposing these devices to open internet access. My comment was targeted more towards anyone who might not have considered the risks, or might not be comfortable with virtual segmentation vs. physical segmentation.

And this is why my reolink cameras are on a subnet without access to the internet. The only thing it can reach is my home assistant and open source NVR.

This internet of things future is frightening. I don't feel comfortable buying any new product.

Best practice is to remember that intelligence means optimizing for some state of the world. If you have a "smart" product, it may not be optimizing for your preferred state of the world. Most commonly, it's not even optimizing for its manufacturer or vendor's preferred state of the world, because we don't truly know how to design a specific intelligence yet.

Our best efforts are just kind of putting in some objectives and hoping they don't get goodharted too badly.

> Amazon is complicit in shady behavior on their platform

Bought some wireless earbuds a while back, they sent me a horrible knock off. Contacted the store, he said the delivery guy made the switch, took forever but sent me new ones. Left a review stating all of this and warning users not to buy from this sketchy store, my review never saw the light of day.

None of my negative reviews about scammers have ever been approved by Amazon. I have just started taking my business elsewhere.

Amazon filter out those sort of reviews "because theyre not about the product but the supplier". Of course, they don't make it easy to report the supplier.

I've bought ssr relays rated at 40A, with the actual picture of the real product shown. What I got was a fake that was literally an electrical fire waiting to happen. Maybe my complaint to support actually made it to the supplier, because they Photoshop blurred the product picture listing so the real brand name was obscured. Still had phony specs though.

At this point I only really buy things from Amazon that are essentially fungible. Cables, adapters, toiletries, tools, none of these matter enough to me to care about exactly what I get, as long as it’s roughly what’s in the picture, and to be honest they’re not even worth counterfeiting.

For everything else there’s rarely a reason to not buy directly from brands or niche specialist retailers. Customer support is typically better, warranties are often better, repair processes are better, and that’s not to mention the issue of counterfeiting.

Toiletries? You trust Amazon to not swap out your lotion with a cut-rate adulterated copycat?

These are things that don't really matter to me, the point is that I don't really care if they get switched for "cut rate", I'm practically buying the cut-rate version already. That's what Amazon is good for.

Man that annoys me so much, in my case it was a silent removal. You're not aware that your review was removed.

The things I don't buy from Amazon Prime really anywhere are replacement batteries.

I got bitten by this bundle of reviews thing. Amazon was made available in my country some time ago. I went on there to buy video capture device to help convert my parents old tapes to video. I found the device listing I was looking for, with good reviews. Placed my order.

Then a counterfeit showed up, completely different from the spec sheet and the image on the listing.

I filed a complaint, but they wouldn't give me my money back unless I paid to ship it back to half way across the continent, where they sent it from. Despite them just sending me a piece of electronic waste rather than the real product. Nor would they do anything about the listing.

Never looked back at their scam website again.

Disputing the transaction with your card issuer is the only answer companies will understand. The company wins as long as more users eat the losses (essentially giving Amazon free money) than those actively fighting for their money back.

I’ve done this before and it worked for me. Can’t say it will always go so smoothly though

Yep. Amazon gets a cut and they act like it.

Well. Not directly. But same outcome. No actual conspiracy or collusion necessary.

Amazon profits so much that they're content to eat the rampant fraud and waste, than to run a proper legit market place.

This is quite a jump to conclusions. The alternative theory of the customer service rep googling a phone number and getting the wrong one is far more likely. Or, it's possible that the company's own seller login was compromised and a scammer changed their contact number.

The idea that a wildly successful multi-billion dollar company would actually set up such an easily-noticed system where they "get a cut" of phishing scams is outlandish.

I don't think the "cut" implies they are in on some phishing scam. It's saying they take a cut of all volume, so even volume that's harmful to consumers is hardly worth Amazon's attention (as is evidenced by the obviously massive economy of systematic scamming that happens via Amazon, all of which, again, they get a cut of).

> The alternative theory of the customer service rep googling a phone number and getting the wrong one is far more likely.

Their support staff is that reckless and Amazon has no training and other systems in place to prevent that? Your theory doesn’t paint them in any better light.

it's far more believable than amazon being in cahoots with scammers. whether you think this is "better" or "worse" wasn't really part of the discussion

that number 2 is some next generation criminality there!

If you watch Jim Browning or some of the other people that investigate such scams you'll realize that it's not just a couple of idiots in a boiler room; those operations have all the hallmarks of a legitimate company including layers of management, offices, them having meetings to discuss new scam strategies/etc and the scammers being actual "employees" on a standard (low) wage + commission, so I definitely wouldn't be surprised if something like this would happen especially if they've already got a network of local accomplices to launder the stolen money that can easily be repurposed to sell products at cost (in fact that could also be used to launder money, win-win situation right there!).