Everyone: For a moment forget everything you know about computers and wonder if perhaps 99% of normies are just following the directions on the package of their $19 Chinese IP camera. They have no idea what a firewall is, or what the "public internet" even means.
There's also a difference between your neighbor not closing her blinds and you using a telescope to look inside her apartment, which is what sites like this are.
> and wonder if perhaps 99% of normies are just following the directions on the package of their $19 Chinese IP camera.
I doubt that the instructions for a cheap camera have enough information to walk a non-technical user through the process of setting up port forwarding on their specific router.
I could believe that it’s automatic port forwarding via UPnP for some of these cameras.
However a lot of them are from contractors who install the cameras for people as a service and this is the only way they know how to get them remote access. It’s the same reason different industrial controls and other machines keep getting exposed to the internet. Some installer with a git-er-done attitude knows their customer wants a solution to something (remote access) and they use the first technique they can find to accomplish that without any concern about what it means. They accomplish the thing the customer wants, collect payment, and disappear.
If the customer calls back with a complaint about it, the contractor will happily come visit the site and try to “fix” it for another fee.
If you’re thinking that this is a liability issue you’re not wrong, but in much of the world there is no realistic recourse. Most things like this are pure caveat emptor.
Most CCTV contractors are not network security experts.
Most network security experts would quit before ever entering a hot attic.
So Cletus the CCTV guy who just spent 8 hours crawling through drop ceilings with a mask on, does a super-clean install, and sets it up as well as he knows how. Which is "good enough" — it works and he's off to the next job. The customer's happy and he gets paid.
Now which one of you network security guys is going to give up his cushy WFH job to go make house calls for CCTV wages?
I still don’t understand how someone can end up accidentally exposing things to the public internet. With every ISP I have ever had in my country, it’s all NAT by default. Whatever I connect to my network, wired or wireless, would not be publicly accessible just like that unless I really really went out of my way to make it publicly accessible.
How do so many people end up exposing these cameras to the public internet? Are their ISPs not using NAT by default? Are the users jumping through hoops in order to open it up?
Is your ISP doing CGNAT? At least in the US that's not the norm. Most people have publicly routable IPv4 addresses (even if they rotate somewhat frequently) and most routers are configured to support UPnP out of the box.
This is an example of everything working as intended. The cameras are supposed to be accessable when you're not at home. Of course the cameras ought to ship with randomized default auth on a sticker attached to the unit the same way any half decent router does these days but they don't.
Many consumer routers allow any connected device to configure port forwarding using UPnP. If you want, you can play around with this using a client such as miniupnpc's example client.
I see it more like that there are things you can do to make sure nobody else gets into your home, like locking the door.
If your door is unlocked, either through ignorance or negligence, it's still not right for someone else to just walk into your home and look through stuff you thought was private.
Sure, they can do it, but just being able to easily do something doesn't make it right.
Telescope is a bad analogy. This is more like the neighbor is inadvertently projecting a feed from inside their house onto a display outside by the sidewalk for any passers-by to see.
This isn’t a passive “walked by the window” thing that you might have unwittingly viewed. To actively search for open cameras by crawling every IP then creating a tool to see them, then choosing to watch the footage is a very active, deliberate choice. No one is viewing this footage without making a multi-step choice to view it.
Don't confuse the creators and maintainers with people who click on a link out of curiosity. I also briefly "walked by the window" glancing at cats using automated feeders in china when someone posted that page to HN recently.
I'm surprised this is still a thing though. I remember being shocked when I came across an extensive feed of these inadvertently pubic CCTV feeds ~15 years ago. I had assumed it was no longer a problem.
Everything is a bad analogy, because the internet has something like 6 billion of us on it these days.
We evolved for small tribes, e.g. Dunbar's number is ~150. Roughly 1/129 of the people on the internet are software developers, so in the days of everyone living in villages your in-group would include roughly one person who thinks like we think.
"Inadvertently live-streaming to the 1/129 of the world who consider searches like this to be trivial, with zero feedback unless you found your home accidentally went viral" is not like anything we otherwise experience.
If anything, projecting onto a nearby sidewalk as you describe is more like "I was bathing after my day's work scribing for the king and wouldn't you know it, that 𒈗𒍠𒄀𒋛 living by the temple decided to walk right in and say hi! Doesn't even think to knock, just opened my front door and walked right in.", while the closest thing you can find to accidental live webcams in old writing is gods spying on mortals for fun, making us the Anansi, the Loki, the Eshu. And for the furries, the Coyote.
This website---naturally, I think---weirds me out. Many of these cameras are in private spaces, with some places you most certainly don't want people to have live feeds of. It's quite disturbing how you can see personal snapshots of people's lives without them knowing. There's a perverse feeling of dread about being able to see into someone's life and being able to paradoxically watch someone eat dinner alone, seemingly so detatched from human connection even with someone watching like some kind of otherworldly spectator.
Every consumer tech company I’ve worked for had at least one guy who was a PM or a PM like role, who would say things like “InfoSec UX is confusing! Users don’t want to deal with IP addresses and firewalls and passwords and keys. We need to make the product easier to share by default!” This scenario seems to be what happens when anyone actually listens to That Guy.
Sharing on the internet should be one of the hardest things to do in your product. You need to make enough friction that the user can never do it by accident or by default. And the user should be warned at every step.
The answer is to make sharing secure, easy, and with informed consent. The answer is not to impose IP addresses, NAT routing, keys, etc. so that only technical people can give their consent.
One method (for many trans-NAT routing issues) is the manufacturer provides a proxy on the Internet, creates a secure connection between camera and proxy (controlling both ends, they should be able to navigate NAT issues, etc.), and then securely publishes the video. The manufacturer could encrypt the video E2E so they can't see it. This also hides the camera's location and IP.
All with informed consent of course.
Edit: Come to think of it, video chat apps (WhatsApp, Signal, etc.) seem to do this, at least sometimes.
But then you’re tethered to the device manufacturer and probably need other Terrible UX like an account/credentials, password resets, and so on. And that tether also opens the door for the company to remote control the product, spy through telemetry, and remotely “alter the deal” at their whim. Some people might be ok with this but a “tether to the company” is a deal breaker to me for most products.
For me too, but we can manage keys, firewalls, routing, IP addresses, etc. The issue is a solution for the vast public of end users who can't do those things. Anyway, the vendor could offer the proxy as an optional service, and let you and I do what we want in some advanced mode.
I wonder how plausible it would be to deduce where a given webcam is (some combination of IP data, context clues, visible landmarks, maybe face searching) and then contact the owner to let them know. There used to be this fun site called where-is-this.com where people could share images of public places for others to try to track down; it would be nice to harness something like that for good.
If the room has an IP camera in it, it is by definition not private. Since cheap cameras have begun to appear everywhere I treat them all as if they were publicly viewable. I'm not going to hide from them, but I save my more thorough ear cleanings and ass scratchings for home.
> If the room has an IP camera in it, it is by definition not private.
No. No. No. No. No. No. No. No. No.
So if I put an IP camera inside your bedroom without your notice or consent, and hook that up to the Internet, you'd be okay with that? Because it's public!
A lot of these are probably from default or misconfigurations. A lot of these people with IP cam feeds visible to the Internet probably do not know they are open.
So what? Either he meant to contradict the op (and then it's correct to push back), or this is an entirely superfluous comment given they both understand what the problem is.
I know what the comment said, thank you very much. They were conflating two senses of 'public' in two sentences. I was responding to the implication that because these are, in one sense of the word, public, that means that it is OK to treat them as if they are public in a different sense of the term.
This:
> If the room has an IP camera in it, it is by definition not private.
Does not necessarily mean this:
> Since cheap cameras have begun to appear everywhere I treat them all as if they were publicly viewable.
The implication is that if someone misconfigured or otherwise didn't know their camera was broadcasting to the world, anyone is morally and legally correct in doing whatever they want with it, and it is their fault because it is "public". That is wrong.
I think it's more so similar to that if you leave something shiny and expensive in a visible position in a car in a neighborhood known for high rate of thievery there are good odds of your stuff being stolen. They are not claiming that the thieves are morally or legally correct.
That said, there are many people for whom "blaming the victim" is forbidden at all costs, and thus don't seem to have the facility to understand not making oneself a target. I suspect that you are replying to somebody possibly like that.
> I know what the comment said, thank you very much.
I'm not sure you do. Or at least you're replying to a very uncharitable interpretation.
From my perspective, this read as: the moment you put one of these IP cameras in a room, you should assume you're now in public, no matter what assurances you might have from the manufacturer or what safeguards you might have put in place. So if you intend for a particular space to remain private, don't put one of these cameras there.
> it is their fault because it is "public"
From my reading at least it didn't seem to imply that "it's the camera owner's fault", or that they should know better or that they deserve what they get, etc.
Or they don't even know the camera is there. I've heard of landlords doing that in tenant's private spaces, including bathrooms. When caught, they like to claim they are just keeping an eye on the property, but everyone knows they are just perverts.
Droitwich is famous for its 213m Long Wave radio transmission towers. Once the tallest structures in the country and now set to be decommissioned as the BBC shuts down its Long Wave service after 90+ years:
I think the author of the website should next work on some kind of alerting system for the owners of these webcams to let them know they're exposed and how to make them private.
Then everyone could get what they want: voyeurs can watch exhibitionists like God intended.
How do you manage that? I tried setting up a specialized directory of type-related websites and pages back around 1999–2001 and trying to find contact info for websites was difficult then when people still had public WHOIS info most of the time. I can’t imagine any scalable way to be able to connect to the owners of cams where you have little more than an IP address to work from.
(Not sure how much metadata there is on the site since it’s currently suffering the hug of death so I can’t see anything at the moment.)
All these “is this ethical” comments remind of similar discussions happening in the IMG_0416 articles, about YouTube video that were most likely not meant to be scene publicly: https://news.ycombinator.com/item?id=42102506
Definitely an invasion of privacy. I can’t visit this website in good faith. It should be taken down.
The point is valuable, and the mission is important, but the ends do not justify the means. If this must be shared, at least use static pictures and don’t stream the content for viewers.
Yes and no? The owners of these devices made them publicly available by design or through ignorance. While they should be notified of their (maybe) mistake, it's no different from a person who doesn't understand that their neighbours can see into an open window at night.
Should Shodan be taken down because it can search for these devices? What about Google because it can find admin consoles?
There is a difference between you taking a look through your neighbor's window, and compiling a list of houses known to have curtains open in your city and publishing the list to the public.
> What about Google because it can find admin consoles?
Intention and proportion matters. Google is overwhelmingly not used for discovering unsecured endpoints and that is what makes it OK. If you build a search engine that only serves admin consoles and markets itself as the search engine for admin consoles then you have a problem. There is a reason why DDOS for hire services market themselves as selling "stress testing for your own servers," because they are smart enough to know the consequences of knowingly breaking the law.
I know that my cameras are behind an auth layer but, as it is painfully obvious here, many people do not. A 'check my cameras' feature is a nice way to find out if you messed up.
These things are open server ports on the wild internet. Anyone with a "for" loop can find them easily. If they care about privacy they shouldn't have them public.
No, the world's job is not to make itself safe for you if you don't give a crap.
If you roll your eyes at the thought of having to manage credentials or refuse to learn how the internet works on a basic level, you're not fit to set up devices connected to the internet.
Secure your shit or don't play with technology you can't handle.
"Your honour I just scanned a list of all devices in the planet and filtered those that looked like cameras and made a website such that even more people can access it even more easily."
I get it if you think this is a legal gray area (it's not), but it's surprising to see how many people seem to think this is plain justified. Makes me think that there's some users that gravitate towards this site because the hacker in hackernews refers to hacking as in accessing systems without permission.
If you think hosting a website like this is ok, I encourage you to talk to a criminal lawyer and consider if you are a criminal. At least do it knowingly, do not pretend shit like this is fine.
I think the website is kind of awesome. If you put a window in your home and opened it to the world is it wrong to look through the window? If someone installed the camera and didn’t understand what they are doing that is on them.
If I set up a camera in my money laundering room and put it online, I would not fault a government from using it against me. If they bruteforced a password or used some undisclosed zeroday then I might take issue.
Hah, someone from UK seems to have a camera pointing to his cannabis plants... Hopefully the guy has a "loicense" for that, otherwise it would be a hilarious way to get busted
There a plenty of hosting providers who do not care about port scanning. And as long as you don't DOS or brute force credentials, why should anyone? It's the public internet. You're just sending traffic over a public network people chose to connect to.
I thought it all had to be fake but, thinking it would be innocent, did watch what seems to have been the priests’s concluding procession for 430 Saturday vigil at St Martin of Tours in Louisville which I had to labor a bit to identify At first I thought ‘who goes to church Saturday afternoon’ - and not a bad crowd for Louisville on a Saturday afternoon. God knows how such a thing turns up.
I feel like a small group of Geo Guesser pros could organize a nice competition for them selves and at the same time make a big service to lots of people.
People always say that LLMs design websites/write text/produce code that is the same.
I don't really understand this b/c it's trivial to say "write me a letter in the style of <famous letter writer A> mixed with the style of "<famous letter writer B>"
Or
"Here are some examples websites, make a new website that is a remix of all of the example sites".
I don't think it needs research the person developing just has to care what the website looks like. A lot of people just want functionality. But there are also pre-made front-end skills that do a lot of that front-end "taste" legwork for you (still obviously pre-made, but not in the default Claude look)
Assuming a stack of H100's is required for the size of the model, about 66 kilojoules. It's okay, I'll offset it by eating a cold sandwich tonight instead of boiling water for spaghetti, and then I'll be good for a dozen such conversations.
People hating on this project should ask themselves, should Shodan be taken down too? Because you can easily find these camera feeds on there too.
Everyone: For a moment forget everything you know about computers and wonder if perhaps 99% of normies are just following the directions on the package of their $19 Chinese IP camera. They have no idea what a firewall is, or what the "public internet" even means.
There's also a difference between your neighbor not closing her blinds and you using a telescope to look inside her apartment, which is what sites like this are.
> and wonder if perhaps 99% of normies are just following the directions on the package of their $19 Chinese IP camera.
I doubt that the instructions for a cheap camera have enough information to walk a non-technical user through the process of setting up port forwarding on their specific router.
I could believe that it’s automatic port forwarding via UPnP for some of these cameras.
However a lot of them are from contractors who install the cameras for people as a service and this is the only way they know how to get them remote access. It’s the same reason different industrial controls and other machines keep getting exposed to the internet. Some installer with a git-er-done attitude knows their customer wants a solution to something (remote access) and they use the first technique they can find to accomplish that without any concern about what it means. They accomplish the thing the customer wants, collect payment, and disappear.
If the customer calls back with a complaint about it, the contractor will happily come visit the site and try to “fix” it for another fee.
If you’re thinking that this is a liability issue you’re not wrong, but in much of the world there is no realistic recourse. Most things like this are pure caveat emptor.
Most CCTV contractors are not network security experts.
Most network security experts would quit before ever entering a hot attic.
So Cletus the CCTV guy who just spent 8 hours crawling through drop ceilings with a mask on, does a super-clean install, and sets it up as well as he knows how. Which is "good enough" — it works and he's off to the next job. The customer's happy and he gets paid.
Now which one of you network security guys is going to give up his cushy WFH job to go make house calls for CCTV wages?
I still don’t understand how someone can end up accidentally exposing things to the public internet. With every ISP I have ever had in my country, it’s all NAT by default. Whatever I connect to my network, wired or wireless, would not be publicly accessible just like that unless I really really went out of my way to make it publicly accessible.
How do so many people end up exposing these cameras to the public internet? Are their ISPs not using NAT by default? Are the users jumping through hoops in order to open it up?
Is your ISP doing CGNAT? At least in the US that's not the norm. Most people have publicly routable IPv4 addresses (even if they rotate somewhat frequently) and most routers are configured to support UPnP out of the box.
This is an example of everything working as intended. The cameras are supposed to be accessable when you're not at home. Of course the cameras ought to ship with randomized default auth on a sticker attached to the unit the same way any half decent router does these days but they don't.
Many consumer routers allow any connected device to configure port forwarding using UPnP. If you want, you can play around with this using a client such as miniupnpc's example client.
UPnP is not disabled by default on all routers, especially older ones. So devices may just try to port-forward certain control or media ports.
I see it more like that there are things you can do to make sure nobody else gets into your home, like locking the door.
If your door is unlocked, either through ignorance or negligence, it's still not right for someone else to just walk into your home and look through stuff you thought was private.
Sure, they can do it, but just being able to easily do something doesn't make it right.
Telescope is a bad analogy. This is more like the neighbor is inadvertently projecting a feed from inside their house onto a display outside by the sidewalk for any passers-by to see.
No.
This isn’t a passive “walked by the window” thing that you might have unwittingly viewed. To actively search for open cameras by crawling every IP then creating a tool to see them, then choosing to watch the footage is a very active, deliberate choice. No one is viewing this footage without making a multi-step choice to view it.
Don't confuse the creators and maintainers with people who click on a link out of curiosity. I also briefly "walked by the window" glancing at cats using automated feeders in china when someone posted that page to HN recently.
I'm surprised this is still a thing though. I remember being shocked when I came across an extensive feed of these inadvertently pubic CCTV feeds ~15 years ago. I had assumed it was no longer a problem.
Everything is a bad analogy, because the internet has something like 6 billion of us on it these days.
We evolved for small tribes, e.g. Dunbar's number is ~150. Roughly 1/129 of the people on the internet are software developers, so in the days of everyone living in villages your in-group would include roughly one person who thinks like we think.
"Inadvertently live-streaming to the 1/129 of the world who consider searches like this to be trivial, with zero feedback unless you found your home accidentally went viral" is not like anything we otherwise experience.
If anything, projecting onto a nearby sidewalk as you describe is more like "I was bathing after my day's work scribing for the king and wouldn't you know it, that 𒈗𒍠𒄀𒋛 living by the temple decided to walk right in and say hi! Doesn't even think to knock, just opened my front door and walked right in.", while the closest thing you can find to accidental live webcams in old writing is gods spying on mortals for fun, making us the Anansi, the Loki, the Eshu. And for the furries, the Coyote.
No, it really isn't...
Not really? It’s just like not closing your blinds and being shocked that people on the street can see you.
99.9% of normies have a router NATing all their traffic
It takes active effort to expose a camera publicly
Nothing changed compared to 2012 https://web.archive.org/web/20151013010243/http://internetce...
> As a rule of thumb, if you believe that "nobody would connect that to the Internet, really nobody", there are at least 1000 people who did.
So many SCADA terminals and HMIs just hangin out on the internet.
Connect it but make sure authorization is actually secure
This website---naturally, I think---weirds me out. Many of these cameras are in private spaces, with some places you most certainly don't want people to have live feeds of. It's quite disturbing how you can see personal snapshots of people's lives without them knowing. There's a perverse feeling of dread about being able to see into someone's life and being able to paradoxically watch someone eat dinner alone, seemingly so detatched from human connection even with someone watching like some kind of otherworldly spectator.
Every consumer tech company I’ve worked for had at least one guy who was a PM or a PM like role, who would say things like “InfoSec UX is confusing! Users don’t want to deal with IP addresses and firewalls and passwords and keys. We need to make the product easier to share by default!” This scenario seems to be what happens when anyone actually listens to That Guy.
Sharing on the internet should be one of the hardest things to do in your product. You need to make enough friction that the user can never do it by accident or by default. And the user should be warned at every step.
The answer is to make sharing secure, easy, and with informed consent. The answer is not to impose IP addresses, NAT routing, keys, etc. so that only technical people can give their consent.
How _does_ it work then, without imposing IP addresses, NAT routing, keys, etc?
One method (for many trans-NAT routing issues) is the manufacturer provides a proxy on the Internet, creates a secure connection between camera and proxy (controlling both ends, they should be able to navigate NAT issues, etc.), and then securely publishes the video. The manufacturer could encrypt the video E2E so they can't see it. This also hides the camera's location and IP.
All with informed consent of course.
Edit: Come to think of it, video chat apps (WhatsApp, Signal, etc.) seem to do this, at least sometimes.
But then you’re tethered to the device manufacturer and probably need other Terrible UX like an account/credentials, password resets, and so on. And that tether also opens the door for the company to remote control the product, spy through telemetry, and remotely “alter the deal” at their whim. Some people might be ok with this but a “tether to the company” is a deal breaker to me for most products.
For me too, but we can manage keys, firewalls, routing, IP addresses, etc. The issue is a solution for the vast public of end users who can't do those things. Anyway, the vendor could offer the proxy as an optional service, and let you and I do what we want in some advanced mode.
I wonder how plausible it would be to deduce where a given webcam is (some combination of IP data, context clues, visible landmarks, maybe face searching) and then contact the owner to let them know. There used to be this fun site called where-is-this.com where people could share images of public places for others to try to track down; it would be nice to harness something like that for good.
I feel like I’ve read about three letter agencies using the humming of power lines to geo-locate where a video/audio was recorded.
“Electrical Network Frequency (ENF) analysis”.
I’m going to dig more and will leave some links when I get back to a computer.
I think this kind of websites show you the humanity true colours, we don't usually think about that.
If the room has an IP camera in it, it is by definition not private. Since cheap cameras have begun to appear everywhere I treat them all as if they were publicly viewable. I'm not going to hide from them, but I save my more thorough ear cleanings and ass scratchings for home.
> If the room has an IP camera in it, it is by definition not private.
While right, there are multiple definitions of "private" and for others OP's point still stands.
> If the room has an IP camera in it, it is by definition not private.
No. No. No. No. No. No. No. No. No.
So if I put an IP camera inside your bedroom without your notice or consent, and hook that up to the Internet, you'd be okay with that? Because it's public!
A lot of these are probably from default or misconfigurations. A lot of these people with IP cam feeds visible to the Internet probably do not know they are open.
You've read the comment the wrong way.
The intent was to say "You cannot call a space private if it has a networked camera in it." Not "only a public space can host a camera".
Ok. The original commenter said:
> "Many of these cameras are in private spaces"
To which the gp answered
> It's not private if it has a ip cam in it
So what? Either he meant to contradict the op (and then it's correct to push back), or this is an entirely superfluous comment given they both understand what the problem is.
A space can be considered private by the occupant, but the addition of an IP camera makes it not private.
They are not contradictory statements.
It’s not superfluous. It’s saying “it’s unsafe to assume any space is private.”
I know what the comment said, thank you very much. They were conflating two senses of 'public' in two sentences. I was responding to the implication that because these are, in one sense of the word, public, that means that it is OK to treat them as if they are public in a different sense of the term.
This:
> If the room has an IP camera in it, it is by definition not private.
Does not necessarily mean this:
> Since cheap cameras have begun to appear everywhere I treat them all as if they were publicly viewable.
The implication is that if someone misconfigured or otherwise didn't know their camera was broadcasting to the world, anyone is morally and legally correct in doing whatever they want with it, and it is their fault because it is "public". That is wrong.
> anyone is morally and legally correct
I think it's more so similar to that if you leave something shiny and expensive in a visible position in a car in a neighborhood known for high rate of thievery there are good odds of your stuff being stolen. They are not claiming that the thieves are morally or legally correct.
I agree with you.
That said, there are many people for whom "blaming the victim" is forbidden at all costs, and thus don't seem to have the facility to understand not making oneself a target. I suspect that you are replying to somebody possibly like that.
> I know what the comment said, thank you very much.
I'm not sure you do. Or at least you're replying to a very uncharitable interpretation.
From my perspective, this read as: the moment you put one of these IP cameras in a room, you should assume you're now in public, no matter what assurances you might have from the manufacturer or what safeguards you might have put in place. So if you intend for a particular space to remain private, don't put one of these cameras there.
> it is their fault because it is "public"
From my reading at least it didn't seem to imply that "it's the camera owner's fault", or that they should know better or that they deserve what they get, etc.
possibilities exist.
a] they may be exhibitionists
b] they dont realise they are misconfigured
c] someone hacked them to whatever end
d] they are doing nothing wrong thus believe they have nothing to hide.
Or they don't even know the camera is there. I've heard of landlords doing that in tenant's private spaces, including bathrooms. When caught, they like to claim they are just keeping an eye on the property, but everyone knows they are just perverts.
Someone keeping an eye on their (illegal?) cannabis pants in the UK? https://ipcrawl.com/?cam=3892f36f150ff9db
I know Droitwich, this made me laugh
Droitwich is famous for its 213m Long Wave radio transmission towers. Once the tallest structures in the country and now set to be decommissioned as the BBC shuts down its Long Wave service after 90+ years:
https://hackaday.com/2026/06/27/requiem-for-long-wave-as-the...
https://www.bbc.com/news/articles/c74yn7v7k4qo
I think the author of the website should next work on some kind of alerting system for the owners of these webcams to let them know they're exposed and how to make them private.
Then everyone could get what they want: voyeurs can watch exhibitionists like God intended.
How do you manage that? I tried setting up a specialized directory of type-related websites and pages back around 1999–2001 and trying to find contact info for websites was difficult then when people still had public WHOIS info most of the time. I can’t imagine any scalable way to be able to connect to the owners of cams where you have little more than an IP address to work from.
(Not sure how much metadata there is on the site since it’s currently suffering the hug of death so I can’t see anything at the moment.)
Hehe, this one has a feeding tray with a novelty sign on it:
> Baiting deer is illegal!
> This corn pile is intended for squirrels, chipmunks, and other such critters.
> Any deer found eating this corn will be shot!
https://ipcrawl.com/fun/c/373ef0178c5281a5
That is clever! If the guy does get caught hunting deer in that immediate area, I wonder if this could be used against him.
All these “is this ethical” comments remind of similar discussions happening in the IMG_0416 articles, about YouTube video that were most likely not meant to be scene publicly: https://news.ycombinator.com/item?id=42102506
Totally left field request I know but does anyone know of a webcam that can do RTSP/sane protocol and long focus (think looking outside at landscape)?
Definitely an invasion of privacy. I can’t visit this website in good faith. It should be taken down.
The point is valuable, and the mission is important, but the ends do not justify the means. If this must be shared, at least use static pictures and don’t stream the content for viewers.
Yes and no? The owners of these devices made them publicly available by design or through ignorance. While they should be notified of their (maybe) mistake, it's no different from a person who doesn't understand that their neighbours can see into an open window at night.
Should Shodan be taken down because it can search for these devices? What about Google because it can find admin consoles?
There is a difference between you taking a look through your neighbor's window, and compiling a list of houses known to have curtains open in your city and publishing the list to the public.
> What about Google because it can find admin consoles?
Intention and proportion matters. Google is overwhelmingly not used for discovering unsecured endpoints and that is what makes it OK. If you build a search engine that only serves admin consoles and markets itself as the search engine for admin consoles then you have a problem. There is a reason why DDOS for hire services market themselves as selling "stress testing for your own servers," because they are smart enough to know the consequences of knowingly breaking the law.
> it's no different from a person who doesn't understand that their neighbours can see into an open window at night.
And standing out in the street staring through with binoculars is still wrong and creepy.
> Should Shodan be taken down because it can search for these devices? What about Google because it can find admin consoles?
It’s not a new idea, nor that controversial, that we restrict things specifically aimed at doing something rather than ones just capable of it.
The site even lets you see if any of your cameras are exposed, where it switches to a map view and shows any near you.
I know that my cameras are behind an auth layer but, as it is painfully obvious here, many people do not. A 'check my cameras' feature is a nice way to find out if you messed up.
It's not the site's fault.
These things are open server ports on the wild internet. Anyone with a "for" loop can find them easily. If they care about privacy they shouldn't have them public.
No, the world's job is not to make itself safe for you if you don't give a crap.
If you roll your eyes at the thought of having to manage credentials or refuse to learn how the internet works on a basic level, you're not fit to set up devices connected to the internet.
Secure your shit or don't play with technology you can't handle.
"Your honour I just scanned a list of all devices in the planet and filtered those that looked like cameras and made a website such that even more people can access it even more easily."
I get it if you think this is a legal gray area (it's not), but it's surprising to see how many people seem to think this is plain justified. Makes me think that there's some users that gravitate towards this site because the hacker in hackernews refers to hacking as in accessing systems without permission.
If you think hosting a website like this is ok, I encourage you to talk to a criminal lawyer and consider if you are a criminal. At least do it knowingly, do not pretend shit like this is fine.
I think the website is kind of awesome. If you put a window in your home and opened it to the world is it wrong to look through the window? If someone installed the camera and didn’t understand what they are doing that is on them.
If you’re aware the person wouldn’t want you to do that, yes it’s wrong. Being able to do something is not the same as it being right to do something.
https://www.quora.com/Is-it-legal-to-look-through-someone-el...
Maybe I missed it but this only seemed to be about the legality (which is always also specific countries)
Being able to do something, even if you can do it without the police showing up, is not the same as it being right to do something.
I think it’s wrong to cheat in a relationship but it’s probably legal.
Do you feel this is true for government agencies too?
If I set up a camera in my money laundering room and put it online, I would not fault a government from using it against me. If they bruteforced a password or used some undisclosed zeroday then I might take issue.
Hell, yes. (Not GP.)
This seems to just be a map interface to Shodan Images. I've found the exact same camera with the exact same snapshot on both sites.
https://images.shodan.io/?query=port%3A554+country%3A%22GB%2...
https://ipcrawl.com/imce?cam=069b2971c357edbd
I dont think it is? https://alec.is/posts/ip-crawl-exposing-the-massive-open-web...
You think two independent scans of the internet captured the same image with the same timestamp entirely by coincidence?
Edit: they're literally the same image
2fc4ad21cfce564f7aa65942eae7d4529c8af3d7ffb6287aa1fd79ebb78eb648 ipcrawl.jpg
2fc4ad21cfce564f7aa65942eae7d4529c8af3d7ffb6287aa1fd79ebb78eb648 shodan.jpg
Hah, someone from UK seems to have a camera pointing to his cannabis plants... Hopefully the guy has a "loicense" for that, otherwise it would be a hilarious way to get busted
That’s the first one I saw too.
I’m not even convinced these are all real, or at least are staged:
https://ipcrawl.com/?page=6&cam=63f7feaf5042d223
That’s the invisible man hanging out at a tennis match…
I’m more interested in how they do large scans without their ISP or hosting provider going bananas about it.
There a plenty of hosting providers who do not care about port scanning. And as long as you don't DOS or brute force credentials, why should anyone? It's the public internet. You're just sending traffic over a public network people chose to connect to.
I thought it all had to be fake but, thinking it would be innocent, did watch what seems to have been the priests’s concluding procession for 430 Saturday vigil at St Martin of Tours in Louisville which I had to labor a bit to identify At first I thought ‘who goes to church Saturday afternoon’ - and not a bad crowd for Louisville on a Saturday afternoon. God knows how such a thing turns up.
Droitwich, UK, is a bit revealing.
One word: crazy
I feel like a small group of Geo Guesser pros could organize a nice competition for them selves and at the same time make a big service to lots of people.
Really freaky seeing how many of these are bedrooms.
So that's where all of that footage came from on **** leak. I mean I knew it was bad, but there's just so many and it is 2026.
Lazy manufactures and ignorant users are responsible for the majority of this nonsense.
Some people just want to use an app to see what their pets are doing when they are not home.
Without realizing that the entire world can see what the owners are doing when they are at home. Without using any special app at all.
Weird https://ipcrawl.com/?page=6&cam=63f7feaf5042d223
Must be staged?
What, no plotting on a map?
Is it legal to have such a website?
https://ipcrawl.com/about
Seems a bit shifty to be honest...
What is the goal?
And they've created a reddit page specifically for this!
There's a number of streams from resorts and swimming pools, may be a good idea in case kids get into trouble around the water.
Adults too, if you had a pool like this wouldn't everybody want to share their "sex pool party cam"?
https://ipcrawl.com/?page=7&cam=398d4f57a3155d42
Imagine if someone put plausible but strange/shocking fake videos on an open port for the voyeurs to think real and freak out about.
https://ipcrawl.com/?page=6&cam=63f7feaf5042d223
Off topic: Is there anyone doing any research on how to use Claude/Agents to design websites that don't look so, "Claude"?
People always say that LLMs design websites/write text/produce code that is the same.
I don't really understand this b/c it's trivial to say "write me a letter in the style of <famous letter writer A> mixed with the style of "<famous letter writer B>"
Or
"Here are some examples websites, make a new website that is a remix of all of the example sites".
You would be surprised at the results.
I don't think it needs research the person developing just has to care what the website looks like. A lot of people just want functionality. But there are also pre-made front-end skills that do a lot of that front-end "taste" legwork for you (still obviously pre-made, but not in the default Claude look)
No research needed, just use the tool differently.
Maybe ask Claude how to keep the site up before doing a redesign of the UI...
“Give 20 different designs all must be distinct unique and not look averaged like a typical LLM site”
"make no mistakes"
You should ask Claude and see how many kWh and gallons it can use up to hallucinate an answer.
Assuming a stack of H100's is required for the size of the model, about 66 kilojoules. It's okay, I'll offset it by eating a cold sandwich tonight instead of boiling water for spaghetti, and then I'll be good for a dozen such conversations.
This is precisely why I never heat my food and consume caffeine pills instead of coffee.