6/27/2026 at 9:55:56 PM
Everyone: For a moment forget everything you know about computers and wonder if perhaps 99% of normies are just following the directions on the package of their $19 Chinese IP camera. They have no idea what a firewall is, or what the "public internet" even means.There's also a difference between your neighbor not closing her blinds and you using a telescope to look inside her apartment, which is what sites like this are.
by naturalmovement
6/27/2026 at 10:38:04 PM
> and wonder if perhaps 99% of normies are just following the directions on the package of their $19 Chinese IP camera.I doubt that the instructions for a cheap camera have enough information to walk a non-technical user through the process of setting up port forwarding on their specific router.
I could believe that it’s automatic port forwarding via UPnP for some of these cameras.
However a lot of them are from contractors who install the cameras for people as a service and this is the only way they know how to get them remote access. It’s the same reason different industrial controls and other machines keep getting exposed to the internet. Some installer with a git-er-done attitude knows their customer wants a solution to something (remote access) and they use the first technique they can find to accomplish that without any concern about what it means. They accomplish the thing the customer wants, collect payment, and disappear.
If the customer calls back with a complaint about it, the contractor will happily come visit the site and try to “fix” it for another fee.
If you’re thinking that this is a liability issue you’re not wrong, but in much of the world there is no realistic recourse. Most things like this are pure caveat emptor.
by Aurornis
6/27/2026 at 11:07:08 PM
Most CCTV contractors are not network security experts.Most network security experts would quit before ever entering a hot attic.
So Cletus the CCTV guy who just spent 8 hours crawling through drop ceilings with a mask on, does a super-clean install, and sets it up as well as he knows how. Which is "good enough" — it works and he's off to the next job. The customer's happy and he gets paid.
Now which one of you network security guys is going to give up his cushy WFH job to go make house calls for CCTV wages?
by naturalmovement
6/27/2026 at 11:46:17 PM
Sir. This is capitalism. What you do is start a company selling secure webcams and hire Cletus to install camera you buy in bulk with your firmware on it, sell the customer a cloud service, and also hire black hat Kevin with cash to expose Cletus's sloppy business practices to bring in customers who are scared into using your service. Also, get money from the government to provide footage to them for "public safety". Just be sure to underpay your techs who actually do the work, err I mean crawl around customer houses.Cletus is free to get a bank loan and mortgage his house to give it a try as well, though he doesn't have a decade of FAANG employment money to lean on, what he does have is experience with customers and crawling around houses.
by fragmede
6/28/2026 at 5:51:55 AM
Setting port forwarding is the wrong ux for this.It should be something simple like:
-everything is encrypted
- at install I tap my phone on the camera, now my Google account(or something similar) is linked to it as admin.
- on that some simple key management architecture should be built
by petra
6/28/2026 at 8:14:50 AM
Cool.The Chinese DVR the CCTV installer used doesn't work that way.
In fact it probably has a telnet server with a known, hardcoded root password.
by naturalmovement
6/28/2026 at 9:22:12 AM
It ought to be that reputable retailers in western countries refuse to sell this junk, instead only selling ones they consider secure. Just like they won't sell dangerous toys.But probably most of these cameras are bought through Amazon, AliExpress or Temu.
by Symbiote
6/28/2026 at 3:42:29 PM
This junk controls like 90% of the market though. A lot of it gets rebranded via the OEM/ODM route so good luck finding out who designed the original software.by naturalmovement
6/27/2026 at 11:38:18 PM
I'd also ask us tech savvy people to practice some humility.Yes, the people setting up these cameras are not following security best practices. But are you sure that you will not make the same mistakes? Are you sure you have never exposed anything you should not have on the Internet, and never will, even as you age?
Let anyone among you who is without fumbling security be the first to throw a stone.
by pibaker
6/28/2026 at 12:30:17 AM
I worked for a small, local ISP in the mid 2000s. I don't think I made any stupid mistakes on my part, but I had plenty of coworkers who did. To be fair, people were often actively hostile to security concerns back then. It's not much better now, but at least not everything gets a public IP by default.by mordechai9000
6/28/2026 at 12:38:27 AM
Personally, I'm not a security expert. I've worked in web for near 20 years, on some reasonably large network projects so I've picked up things here and there, but I still defer to our actual security experts when we roll things outThat said, I'm not 100% convinced I could set up a webcam streaming online without accidentally exposing it to the wider internet. Maybe 95% sure? But if even I couldn't guarantee it, what chance does your average joe who mostly only uses his computer for netflix have?
by bluefirebrand
6/28/2026 at 12:23:29 AM
pfffa haha, i don't drink instant coffee and am not religious, therefore am intellectually god like compared to <insert group i'm objectifying today>by NamlchakKhandro
6/28/2026 at 1:28:14 AM
[dead]by cindyllm
6/27/2026 at 10:18:11 PM
I still don’t understand how someone can end up accidentally exposing things to the public internet. With every ISP I have ever had in my country, it’s all NAT by default. Whatever I connect to my network, wired or wireless, would not be publicly accessible just like that unless I really really went out of my way to make it publicly accessible.How do so many people end up exposing these cameras to the public internet? Are their ISPs not using NAT by default? Are the users jumping through hoops in order to open it up?
by QuantumNomad_
6/27/2026 at 10:29:20 PM
Many consumer routers allow any connected device to configure port forwarding using UPnP. If you want, you can play around with this using a client such as miniupnpc's example client.by 1e1a
6/27/2026 at 11:20:43 PM
Is your ISP doing CGNAT? At least in the US that's not the norm. Most people have publicly routable IPv4 addresses (even if they rotate somewhat frequently) and most routers are configured to support UPnP out of the box.This is an example of everything working as intended. The cameras are supposed to be accessable when you're not at home. Of course the cameras ought to ship with randomized default auth on a sticker attached to the unit the same way any half decent router does these days but they don't.
by fc417fc802
6/27/2026 at 10:24:24 PM
UPnP is not disabled by default on all routers, especially older ones. So devices may just try to port-forward certain control or media ports.by Phil_Latio
6/28/2026 at 9:55:18 AM
The professional installers know how to get real public IPs from their ISPs (for a price). They're using a different instruction book than the consumer with the cheap Chinese home camera.by microgpt
6/27/2026 at 11:42:37 PM
These are cameras sold specifically to be available over the open internet, I guess.by bbor
6/27/2026 at 11:25:15 PM
I see it more like that there are things you can do to make sure nobody else gets into your home, like locking the door.If your door is unlocked, either through ignorance or negligence, it's still not right for someone else to just walk into your home and look through stuff you thought was private.
Sure, they can do it, but just being able to easily do something doesn't make it right.
by My_Name
6/27/2026 at 11:33:04 PM
You'll be surprised by the number of people who thinks if you leave your internet door unlocked then your internet belongings are free to take. There is someone in this very thread arguing that having an internet enable camera in your home turns your home into a public place.It is also funny, and depressing that many of the same people who think might makes right on the internet ends up lamenting how fucked up life is in their low trust societies, when their mindset is exactly what makes a high trust society — you know, the ones where people don't lock doors — impossible.
by pibaker
6/27/2026 at 10:01:04 PM
Telescope is a bad analogy. This is more like the neighbor is inadvertently projecting a feed from inside their house onto a display outside by the sidewalk for any passers-by to see.by ryandrake
6/27/2026 at 10:07:27 PM
No.This isn’t a passive “walked by the window” thing that you might have unwittingly viewed. To actively search for open cameras by crawling every IP then creating a tool to see them, then choosing to watch the footage is a very active, deliberate choice. No one is viewing this footage without making a multi-step choice to view it.
by vineyardmike
6/27/2026 at 11:27:28 PM
Don't confuse the creators and maintainers with people who click on a link out of curiosity. I also briefly "walked by the window" glancing at cats using automated feeders in china when someone posted that page to HN recently.I'm surprised this is still a thing though. I remember being shocked when I came across an extensive feed of these inadvertently pubic CCTV feeds ~15 years ago. I had assumed it was no longer a problem.
by fc417fc802
6/28/2026 at 3:26:54 AM
I thought it was common knowledge you should physically cover any camera even if you believe they are secureby mlcrypto
6/28/2026 at 8:42:29 AM
Do you physically cover the multiple cameras of your smartphone all the times you're not using them?by throw310822
6/27/2026 at 10:33:43 PM
Everything is a bad analogy, because the internet has something like 6 billion of us on it these days.We evolved for small tribes, e.g. Dunbar's number is ~150. Roughly 1/129 of the people on the internet are software developers, so in the days of everyone living in villages your in-group would include roughly one person who thinks like we think.
"Inadvertently live-streaming to the 1/129 of the world who consider searches like this to be trivial, with zero feedback unless you found your home accidentally went viral" is not like anything we otherwise experience.
If anything, projecting onto a nearby sidewalk as you describe is more like "I was bathing after my day's work scribing for the king and wouldn't you know it, that 𒈗𒍠𒄀𒋛 living by the temple decided to walk right in and say hi! Doesn't even think to knock, just opened my front door and walked right in.", while the closest thing you can find to accidental live webcams in old writing is gods spying on mortals for fun, making us the Anansi, the Loki, the Eshu. And for the furries, the Coyote.
by ben_w
6/28/2026 at 1:05:34 AM
“Everything is a bad analogy” is a beautiful observation——like Plato’s Cave.by cwmoore
6/27/2026 at 10:21:00 PM
No, it really isn't...by functionmouse
6/27/2026 at 10:05:02 PM
Not really? It’s just like not closing your blinds and being shocked that people on the street can see you.by what
6/27/2026 at 11:34:33 PM
Not closing the blinds on the window you can't see that looks out onto an invisible street that only exists from your perspective as some sort of abstract concept. Also your "window" isn't readily visible from a distance someone has to go stumbling around in the dark and find it by physically running into it.In other news I'm considering developing a new app and was wondering about VC funding. It's for mapping out ladders adjacent to windows down back alleys. I think it would dovetail well with nipalert.
by fc417fc802
6/28/2026 at 1:01:12 AM
What could go possibly go wrong with “point and shoot”?by cwmoore
6/27/2026 at 10:23:18 PM
99.9% of normies have a router NATing all their trafficIt takes active effort to expose a camera publicly
by wyager
6/27/2026 at 11:36:20 PM
Unless that camera uses UPnP and has no auth configured by default.by fc417fc802
6/28/2026 at 3:37:23 AM
Or admin/1234 which is about 90% of themby wolvoleo
6/28/2026 at 8:40:18 AM
You’re saying f the camera will talk to the firewall using a username and password and open a hole/port forward?by hdgvhicv
6/28/2026 at 9:25:18 AM
I don't think the username as password is required.Open a Bittorrent client and it will try and port forward port 6881 using UPnP.
by Symbiote
6/28/2026 at 9:25:44 AM
No, I mean the cameras have these settings.Some cameras do also open ports with UPnP but it's rare in my experience. I think these cams are more users who are a bit technical but not too much to realise the implications.
by wolvoleo
6/28/2026 at 1:19:49 AM
which cameras do this?by notatoad
6/28/2026 at 12:55:43 AM
> There's also a difference between your neighbor not closing her blinds and you using a telescope to look inside her apartment, which is what sites like this are.How else are things supposed to change. Hopefully this will embarrass some oligarch enough to force companies to close their loopholes.
by barbazoo
6/28/2026 at 7:33:51 AM
$19 Chinese IP cameras? Try $800 dashcams. Blackview dashcams by default join the company’s public webcam feed which is viewable inside their app.by alfiedotwtf