The story is disturbing on many levels, but for me this is the part that is both obvious, and a reason why IoT devices deserve a lot more careful consideration than we have been giving them.
“At the time the Ukrainian access was provided, the video files were left unencrypted, the source said, because of Ring leadership’s “sense that encryption would make the company less valuable,” owing to the expense of implementing encryption and lost revenue opportunities due to restricted access. The Ukraine team was also provided with a corresponding database that linked each specific video file to corresponding specific Ring customers.”
They didn’t bother to encrypt the videos because it was cheaper, sure, but also because of “lost revenue opportunities”.
That could mean that they plan to sell the technology they develop from these videos, and the work done in the Ukraine in object identification, but that’s not the only possibility for revenue here, is it? Couldn’t they also have plans to sell what they know about their customers based on the information gleaned from these videos?
This is Amazon we’re talking about here. They have a vested interest in learning as much as possible about their customers, in order to target them with advertising.
And don’t tell me people could just opt out of that sort of tracking. As the article notes, there is no mention of any of this work in the terms of service for Ring. No one agreed to let them watch all of this video. No one had to. They just did it.