End User License Agreements (or EULAs) are commonplace on software (think Windows).
I don't recall seeing any IP cameras, though, have EULAs. Of course, there are legal language sometimes somewhere, e.g., Hikvision's printed insert refusing responsibility for hacked cameras but no pop up / required confirmation when first connecting to an IP camera.
What do you think? Have you seen one? Should there be?
With the rise of hacks, could that make EULAs for IP cameras more commonplace?
I'm thinking the main reason you don't see EULA's pop-up when connecting to IP cameras is because the software is already bound to the hardware by the manufacturer.
You don't get a disk with Linux, Busybox and Apache on it, so there is nothing that allows you to install the software on multiple machines.
Preventing unauthorized duplication, dissemenation, use and resale are the major reasons for the EULA, but without media that can be easily copied, i.e. a disk, I think the concern is lessened.
On the other hand, I recall seeing something EULA like when downloading/installing firmware on some cameras, most likely because its in file form, though I would say this is not the norm.
Probably because camera firmware, although conceptually similar to Windows, in practice is highly hardware dependent and likely would not run on much besides the target hardware anyway. Unlike say, Photoshop...
Whilst not quite the same, but I believe most phones, including apple ask you to ok the EULA when first used. To allow manufacturers to take no responsibility for product faults, hacks, botnets etc. I believe this EULA would give this to them. Normally the bit which you just click and agree with. And nobody reads this anyhow.
So this would draw a point as to who in fact takes responsibility for products, installers would need to think about legal disclaimers, and also that you act on behalf of the customers. It's only going to matter when someone is hit with a legal problem!
So maybe your next product you should ask the manufacturer for a copy of the A&E specifications, which conform to Construction Specification Institute.
Judge their response with, if they even have a clue what this means.
AFAIK No Chinese manufacturer publishes such documents online, or in support documents.
A&E are a great to fully understand what your device is actually going to do in clear English. Nothing hard but it also serves as a kind of specification. I believe government and higher level customers would demand such details.
Maybe for now BotNet is yesterdays talk, but it's still there lurking in the dark. And could it be when you are installing now is a ticking time bomb!
My first answer is a little off, apparently I haven't read a EULA in ten years or so. Now they are used much more as a CYA tool for manufacturers than before, not just for copyright etc.
So, what I would say now is that they don't want to put anything in the way of having a recorder or VMS connect to the camera.
And when you install the client software, a EULA is often presented. Some DIY cameras can't be used without propreitery clients/clouds, so they have you there.
Now that default passwords are becoming a thing of the pass, and you may need client software to set a strong password, they can put it right there.
But historically, many cameras have been connected to VMSes and NVRs without anyone ever having to go to the camera webpage, by design.
So there was no place to "pop it up"...
Final answer.
Yes indeed, there is a issue on how can a device do this, whilst from a NVMS or NVR etc. It's not hard of same NVR / IPC company products is linked, as they can just have a setting of some kind, which is non reversible.
However maybe they would just do a simple QR-Code on a security seal on packing box, where opening the box you therefore agree to this. Kind of a simpler way perhaps.
The QR-Code would just open a simple text file somewhere online, and everyone I'm sure has a smart phone who's installing devices. and one can hope not via a logged system, which could be also introduced.
The QR-Code can be generated / device so the link can in effect be a has been authorised, as part of the URL of course.
i.e. registered.cameracompany.com/device=233489asASDWErk kind of thing. something that takes seconds.
Anyone manufacturer wishing to use, please feel free to send my royalty check in due course.
naturally nobody would bother in the same way as we don't read ECLA. Again it's all down to when someone get hit with a legal issue. We shall sit and wait for this to come about!
Ask questions and get answers to your physical security questions from IPVM team members and fellow subscribers.
