Arlo|Smart Home Security|Wireless HD Security Cameras

Require login to view videos

Email notifications from ARLO contain a public URL to the video that was recorded.  When clicked, the video plays without requiring the user to login.  While this may be "convenient" for most users, this is a rather large security/privacy concern.  While it does use a generated string at the end of the URL to make it a little harder to find videos, it would still be trivial for someone to brute force the URL's to find videos that have been recorded.  From a privacy standpoint, I'd like a setting added to require that someone login before being able to view any video that has been recorded from my system.  

Comments
JPC Prodigy
Prodigy

I can see this as an option between Private/Public.. The Default should be Private (Requires Login) and it's up to the User he/she let's it Public.. 

Community Manager

dayzd,

 

Thank you for the suggestion!  I will pass this information on to the development team. Your contribution is greatly appreciated!

 

JamesC

Guide

Yeah, this would be a deal killer for a few people I know (hence I can't make the recommendation to). This is one of those caveats that I'd have to specifically call out if I were to recommend someone to buy this system. If Arlo can just close this issue, that's one less caveat I have to tell people abuot.

Initiate

Hi,

 

When I get the email alerting to motion, there's an included link that shows the video recording. This liknk does not require authorisation to view, i..e, anyone who has that link can view the recording. Please can you secure this link?

 

If the email gets compromised or if the link gets left in history of a browser, etc, someone could view videos they should not be able to see. Please can you fix this?!?

 

Thanks!

 

I just purchased the Arlo Q Plus and installed it yesterday. Overall, I quite like it. But today I just realized one thing is concerning me. I have the Motion Detection and email alert enabled. After I received an email alert after motion had detected, I recevied an email alert with nice format content. There is a snapshot and link included in the email with a link likes this: https://arlo.netgear.com/#/viewShared/XXXXXXXXXXXXXXX where many XX...X is a video identifier I guess. This is the concern I have, once you have this link, you don't need to login to view the video! Although the link with https and session is secured by the SSL. But anyone have this link can view the video. As Arlo Q Plus is marketing as "Security Camera", I would purpose you should login to the Arlo Account to view the video with the link to make sure only owner can view them! Of course, users can have an option to share the video publicly if they want to.

 

 

Aspirant

I just bought a Q and found this issue. It a major concern for me. Has it been resolved?  If not I will probably return the camera. All of my videos being publicly available is completely unacceptable. 

Community Manager

Rat128,

 

All of your videos are not publicly available. Shared links are only available via email alerts or manually sharing the link through the library. Both of which are controllable by the user. If you would like to disable email alerts so that this link is not created. Take a look at this article: How do I turn on/off email notifications?

 

JamesC

Fledgling

I have the same concern. Does anyone know how to configure the system that requires login to view these video?

Arlo Employee Retired
Status changed to: Suggestion Provided

Thank you for your idea! We take our customer's security and privacy very seriously! To help address your concern we have implemented a 24 hour timeout feature for the alert email and shared video links in an effort to provide a more secure experience. 

Fledgling

Execuse me, do you mean you will delete the video file after 24 hours? 

The reason I choose Arlo is that Arlo will store my video in the cloud for 7 days. 

Now, you told me that you will delete the video after 24 hours?

Can you clarify this? 

What I want is that every video file in the cloud must assoicate with a security check. Only the owner can access these video file. This should be the real way to solve this issue. 

Delete the videl file in 24 hours it not a real solution.

Please re-think your solution.

Thanks.