Placing internet-connected cameras around the home has been a handy way for vacationers and traveling professionals to stay connected with family and maintain peace of mind from afar. And as smart locks, lights, gates, doors, cameras and alarms have proliferated, the companies that create and control these IoT devices have taken on an enormous responsibility to safeguard customer privacy and security.
For Amazon-owned Ring, this means adding app features to help users control access to their cameras’ video streams. At this year’s CES in Las Vegas, the company unveiled a new app feature, dubbed the “Control Center.” According to the company, users can now control which devices are authorized to log into their Ring accounts and get notifications of suspicious activity when if occurs. Users also have opt-out options to prevent Ring from sharing video with law enforcement or personal data with ad companies like Facebook and Google.
While the capabilities of digital technology have accelerated, the typical user’s understanding of digital privacy and security has lagged. Many people do not understand the importance of two-factor authentication, for example, or how third-party companies might use consumer product-generated IoT data to serve personalized ads. As Ring President Leila Rouhi explained to us via email, the biggest challenges associated with Control Center centered around presenting users with a view of connected devices and opt-out options in a digestible format.
Rouhi gave us the full download below, and said the company will continue to roll out new privacy and security settings throughout the spring.
What were Ring’s goals when it set out to build the Control Center feature?
Providing digestible transparency to our customers is something we’ve been working on for some time, and the launch of Control Center brings important privacy and security settings and features into one, easy-to-use dashboard. We will continue to invest in and implement features that empower our customers with the ability to easily view, understand and manage privacy and security preferences.
What kind of technical challenges did the team face as part of this project? How did they overcome them?
The most challenging feature to develop was the Authorized Client Devices feature, where users can see and remove all the phones, tablets and computers that are authorized to log into their Ring account.
This challenge was rooted in the difficulties of identifying client devices in a way that makes sense for the user. This requires a technical solution that takes time to design and build. We’re continuing to work on this so that complex client device identifiers are translated into user-friendly names.
Describe the technical work required to bring Control Center privacy settings into the Ring app.
Users can now opt out of sharing their information for the purpose of receiving personalized ads on platforms like Facebook and Google. The technical work was relatively straightforward as it’s a simple control with two states: opt in or opt out.
The complexity is really on the back end, when a user’s preference must be shared with the various advertising platforms as each has a different process for opting out. This takes time. In the end, we ultimately decided to provide users with this opt-out toggle and clearly communicate to them that it could take up to 30 days for the settings to take effect.
Providing digestible transparency to our customers is something we’ve been working on for some time. The work that went into providing more visibility into how data is used and stored was mostly straightforward front-end work in which we added this information to Control Center, allowing users to access important information directly from the app through the Privacy Information and Control section.
Take us through some of your privacy features.
Here are some of the security practices we currently have in place, in addition to several new features we plan on rolling out in the near future:
Notifying customers whose accounts have been exposed and resetting their passwords, and monitoring for and blocking potentially unauthorized login attempts into Ring accounts.
Temporarily pausing the use of most third-party analytics services in the Ring apps and website while we work on providing users with more abilities to opt out within the Control Center. We will soon provide customers with additional options to limit sharing information with third-party service providers.
We will soon provide users with additional options to limit sharing information with third-party service providers. Users can now opt out of sharing their information for the purpose of receiving personalized ads.
Two-step verification is now mandatory for all users in order to authorize any new client device that logs in with correct credentials. Users receive an email letting them know that a new device has logged into their account, and will then have to manually confirm the new client device with a six-digit code before it can gain access to their account.
When a Ring account user resets their password, they are automatically logged out of the Ring app on all client devices, third-party devices and Ring.com that are using their previous login credentials.
Automatic firmware updates are pushed out to users’ Ring devices via over-the-air updates. No action is required by the user in order to receive OTAs.
In addition to OTA firmware updates, Ring regularly pushed out app updates to users through iOS, Android, Windows and Ring.com.
We rate limit login requests so that an unusual volume of login attempts from single IPs get throttled at the API level. If there are repeated throttling attempts, we ban and block the IP address.