ipctool collects complete firmware dumps without the user's knowledge or approval about ipctool HOT 8 CLOSED

I've sent out PR #79. Lemme know what you think.

from ipctool.

@gckzl you are far away from the truth, and you have no any idea where you live and what happens around you.

1. Your super-duper law GDPR is law only in EU and EU doesn't include all counties on earth. EU is just some little part of the earth controlled by stupid pensioners
2. GDPR is harmful because it leads to excessive data collection on top of all legally. Before GDPR if someone has collected redundant data it was not normal. Now after GDPR every one who can, collects as many data as possible, because it is personal data operator.
3. Every time people try to protect their personal data with help of GDPR, there some conditions that they don't meet
4. GDPR doesn't protect people it protect governments and their clerks.
5. GDPR is law for slaves like you, that on top of all are fighting for their legal right to be slaves
6. Your can't use any product or service including social services, if you don't agree to supply all of your personal data. You will die on street if you reject to supply all of your personal data to the hospital.
   But there is hope for you. It is called "don't track me" browser option. Activate it and have happy sleeps haha

from ipctool.

With PR #79 and PR #80 merged, I consider this issue closed. I'd like to thank the OpenIPC team for their professional and constructive interaction.

@easy-and-simple, calling people names ("slaves", "stupid pensioners") is called an ad hominem and is one of several fallacies you can make in arguments. Using it makes your argument weaker, not stronger, since you're basically admitting you ran out of valid arguments. In general, consider following the Hacker News comment guidelines, both in your online interactions, and offline: they will make you a more interesting interlocutor, and they will increase the chances of people taking you seriously.

from ipctool.

GDPR just lies people that their personal data is protected, while it isn't and is violated in everything. Data collected in compliance with GDPR is much harmful than if someone stolen it against GDPR rules. You are forced to supply your personal data voluntary for everything. If you connect your camera to Internet all of your data is transmitted in any case. All data on your computer that is much more sensitive is transmitted to internet on any reason and without reason encrypted or raw this doesn't matter

from ipctool.

I'm happy to provide a patch removing this unwanted behavior, but first I'm curious to hear your thoughts on this.

I have no objections to remove making autodumps in default build, but rather of removing such function completely, I'd add compilation flags to keep it when it's necessary because we use it internally in our research process. Feel free to make a PR

from ipctool.

My suggestions would be the following:

• stop making autodumps when run without arguments.
• add a separate upload command, to make it clear the data is leaving the local network
• move the backup / upload work to the main process: no more background processes, it makes it look like you're trying to hide something

So, I wouldn't remove the upload functionality, I would just make it explicit.

I'll get started on a pull request.

from ipctool.

Just to reply to @easy-and-simple, I believe you are misunderstanding what the GDPR is.

GDPR just lies people that their personal data is protected, while it isn't and is violated in everything.

GDPR does not make any promises. It is a law, and as such, it describes rules that should be followed, and punishments if the rules aren't followed. The fact that the GDPR isn't always followed does not mean that "GDPR lies to people". As an example, every country on this planet has a law that makes stealing illegal, but theft still exists.

Data collected in compliance with GDPR is much harmful than if someone stolen it against GDPR rules.

You would have to explain what you mean here. Data collected in compliance with GDPR is by definition better managed than stolen data, because, in order to comply with the GDPR, the collector would have to follow some common-sense, best practices. How is that harmful?

You are forced to supply your personal data voluntary for everything.

The GDPR does not force anyone to supply personal data: that's exactly the point, the GDPR was created to stop companies from recklessly collecting user data.

I believe you might be referring to all the disclaimers and acknowledgements that have appeared everywhere since the GDPR came into force. I agree, they are annoying and unfortunate, but they are actually just making it obvious to the average user that this reckless collection was already happening.

The fact that other companies are misbehaving, collecting too much data, and forcing users to accept ridiculous terms does not mean you should do that too. You can be GDPR compliant by simply not collecting any data, for instance.

If you connect your camera to Internet all of your data is transmitted in any case.

I certainly hope not. And if it is indeed transmitted, I hope that's because I agreed to it in advance, and because I can control who can access that footage. The main reason I started looking into OpenIPC was exactly because I don't trust the default firmware on random cameras to do the right thing, so it was quite disapointing that my first interaction with OpenIPC software was an unintentional data leak.

All data on your computer that is much more sensitive is transmitted to internet on any reason and without reason encrypted or raw this doesn't matter

I'm not sure I understand what you are trying to say. Are you saying that "all our computers are hacked and full of viruses, controlled by criminal gangs"? Or, "BigTech is watching our every move"? Do you think that "we're screwed anyway, we should just give up"? I agree that the situation is not ideal, but I have hope for the future, and I believe that trustworthy open-source software is part of the solution. Just throwing our hands in the air and saying "we're doomed anyway" just perpetuates the current broken situation.

from ipctool.

My suggestions would be the following:

• stop making autodumps when run without arguments.
• add a separate upload command, to make it clear the data is leaving the local network
• move the backup / upload work to the main process: no more background processes, it makes it look like you're trying to hide something

So, I wouldn't remove the upload functionality, I would just make it explicit.

I'll get started on a pull request.

Looks like a good plan

Actually, we have -w option that does the same as described above (waits until upload finished and then exits). I think it would be okay to change it to separate upload command https://github.com/OpenIPC/ipctool/blob/master/src/main.c#L269

from ipctool.