IPVM Coverage Of Hikvision "Obvious Scandal Based Reporting Meant To Garner More Subscriptions"

Well someone has to inform your readers the difference between what is critical coverage of a manufacturer versus your obvious scandal based reporting meant to garner more subscriptions.

NOTICE: This comment was moved from an existing discussion: Do Not Operate Under A Veil Of Secrecy, Nor Would It Ever Be Acceptable To Act In Any Forum Without Disclosing Who You Are


Ok, Sean, here you go. You have your platform. Now make your case.

I'll start by countering. We have plenty of tests on Hikvision such as Hikvision NVR 4.0 Tested, Hikvision IR Bullet Camera Shootout, Hikvision NVR Load Testing.

You can define what 'scandal based reporting' is. Let's just keep in mind:

I will take your bait this time John, but its the last time I will and I only do it to help you.

John, I am now concerned that you are running out of material. Its concerning how entrenched you are in reporting on Hikvision negatively. I think even the objective Hik haters can agree with me on this one. For example, just now, I said nothing about Hikvision, the post had nothing to do with Hikvision, but by gosh you just couldnt miss the oppurtunity to put Hikivision or the people that partner with them down. And you made it its own post, well done! Although I wont hold my breath, I hope the following helps you get back to the light.

Your "plenty of tests" argument is weak and hilarious considering your scandal based reporting on Hikvision coupled with your sarcastic Hik Hater comments far outweigh them (or any other reporting for that matter). This argument is far to easy to win and i refuse to fight it. You are welcome to feel like you are right on this one if it makes you feel better.

I stand by my original comment that I am able to make a comfortable living by offering people a great quality product. Overall, the best product on the market no doubt.

The real question is, who profits off of Hikvision more, you or me? Who knows but I'd say your margins are much higher. Sadly the difference is that you are making your money by bashing a company. TMZ plays off the downfalls of celebrities, its entertaining for some and obvioulsy profitable, and I think you have captured their business model.

You go so far as to exploit a known exploit and invade peoples privacy by hacking into their cameras and making a beautifully designed map showing so. Like a true businessman, you understand the need to offer tidbits of free samples every now and then to lure in subscribers, thus the "free to the public" nature of some of your most scandalous blogs. Oh yeah, as a free bonus, you also offer clear instructions on how to hack said exploit. You pass it off as all this being "in the name of research". Do you think someday someone is going to come up and shake your hand and say "Gee thanks for your nobility, im so glad you hacked into my living room and showed the whole world how to do so"

Looks like you are at it again! Another re-post of your hack map. I think you can probably take the "hacked the world over" slogan and use it as your own now.

John, this must be working for you. You are now advertising your Hik Scandals on Face Book. Cha Ching!!!

IPVM's Profit Center

Unfortunately I blame myself for getting brought back into your game. This will be the last comment on this subject as I think I have stated it well this time and many times before and unlike you I prefer not to beat a dead horse to a pulp. I've taken a hiatus before and Im going to do it again.

I think that my objections to your Hik Hatred have now become of source of excitement and entertainment for the type of readers you are advertising to and I refuse to be a part of your "New Years Sales Event". Honestly, you should be sending me a commission check. For now, I will leave your scandal reporting to you and your fellow hik haters. I'm sorry to tell you that its now just going to be a super boring Hikvision bashing snooze fest.

Sean, that was a very long and emotional post but light on actual specifics of where our reporting was wrong or unfair.

You did mention the map post and many people asked for Europe to be added, so we did. You are certainly not arguing that the data presented is false, you are simply unhappy that it exposes Hikvision's problems so visually and directly.

If you have specific criticisms of specific coverage that is factually false, please share.

p.s - you and Hikvision continue to misunderstand my goal here - it's not about the money (though you can't understand that type of person, by your own admission). I genuinely think Hikvision is a danger on multiple levels to the free world and the steps taken are to help publicize that.

I think even the objective Hik haters can agree with me on this one... Your "plenty of tests" argument is weak and hilarious considering your scandal based reporting on Hikvision coupled with your sarcastic Hik Hater comments far outweigh them...

As both an objective and sarcastic Hik Hater, let me say, “Yeah, ok” ;)

So angry.

Sean what is your Reddit name?

I agree Sean, and I applaud you for explaining the point.
The responses will be very predictable, both pro and con.

To give a recent example
Public article: Hikvision Removed From US Army Base, Congressional Hearing Called

Omitted very important fact:

'They removed 5 cameras that were looking at parking lots and a roadway'

And two comments down:

“We never believed [the cameras] were a security risk. They were always on a closed network,” Col. Beck said. The decision to replace the cameras was meant to “remove any negative perception” surrounding them following media reports, he added, without elaborating.

I know John won't agree but I agree when you call it scandal based reporting.

Jonathan, we emphasized one far more important fact: That Hikvision itself has claimed far more Hikvision devices deployed on that base running on a government network: Chinese Government Hikvision Surveillance System On US Government Network

When Hikvision publicly addresses that critical point, happy to update reporting accordingly. If you can help with your Hikivison contacts, please do.

So the point is we don't know how many cameras are on site, right?

Neither of us have the full intel it seems.

So why not call the artile: 5 Hikvision cameras removed as public opinion shifts.

But the title you choose gives a bigger feeling, so you choose to run with that and public. That's what Sean mentions and what I resonate with: scandal based reporting.

PS: the edit function in firefox works, thanks!

So why not call the artile: 5 Hikvision cameras removed as public opinion shifts.

One, because Congressional Hearings were called. That is the bigger risk for Hikvision.

Two, I could certainly see other publications reporting it that way. That's a matter of choice. You know what is scary? No other security industry publication reported on the US Army base removal and Congressional hearings at all.

The bigger risk to the industry is that Hikvision's wealth and power have pressured all the other publications to censor themselves.

The bigger risk to the industry is that Hikvision's wealth and power have pressured all the other publications to censor themselves.

Any proof or signs pointing this way?

I could simply argue that they (the others) don't deem this item as important as you do, regardless of how Hik feels about it.

Which brings me back to the point of this thread: The way IPVM chooses it's titles and selectively brings across the information is to me just as Sean says: scandal based reporting meant to garner more subscriptions.

No amount of camera tests changes that.

I could simply argue that they (the others) don't deem this item as important as you do, regardless of how Hik feels about it.

Jonathan, thank you for raising that objection. It's very easy to disprove.

Take Security Sales and Integration, they just ran an article titled "Hikvision, Eagle Eye Networks Solution Complies With Texas Schools Requirements." It's obvious that the US Army removing Hikvision cameras and a Congressional hearing being called is more important than that.

Take IFSEC Global, they just ran an article titled "Wavestore VMS upgrade simplifies camera setup and cuts joystick latency". Ditto above.

Go to any security trade publication and you will see the same pattern. Releasing 'articles' on various random minor announcements but completely avoiding anything negative about Dahua, Hikvision, etc. Then check who their top advertisers are and it's no coincidence.

[Update: to emphasize, I would have less objection if they covered it and provided a positive spin for Hikvision, their advertiser. But not covering it all shows that Hikvision wants and is getting their wish of silencing the issue entirely.]

So you feel they are somewhat sell-outs? I can see why you feel strong about when there is no coverage. The other explanation might be they choose to follow manufacturer supplied info and rebroadcast that. Not all channels focus on actual tests and research. I applaud IPVM for the research and tests they do, it's the reason I subscribed.

But to get back on topic: critical coverage of a manufacturer versus scandal based reporting.

You could make the same points with critical coverage. Sean is calling you out for choosing 'scandal based reporting meant to garner more subscriptions'.

Regardless of how others do or do not report, I agree with his assesment and the exampled I showed was to make that point clear.

Jonathan, the example you choose was a report titled Hikvision Removed From US Army Base, Congressional Hearing Called

If that's what you consider 'scandal based' so be it but I think most reasonable people will see it being a moderate title. We avoided emotional words and cited 2 points that are facts.

To be clear, I think reasonable people can disagree on titles. However, your choice ("5 Hikvision cameras removed as public opinion shifts.") is fairly significant in favor of your manufacturer partner in that it drops the reference to the US Army Base, a clearly relevant detail, it omits the Congressional Hearing completely and it judges that it is about 'opinion' and not that more people are learning about Hikvision's government control and their IP camera backdoor.

Finally, and most importantly, again the biggest problem is no coverage at all. To be clear, from Sean's viewpoint of 'making money' (which is how his brain is wired), it's good for us, since we are the only ones covering it. But it's terrible for the industry as a whole that no one else will cover topics that clearly industry people are concerned about and are important to the industry.

Yes, as you say, I agree that the trade mags "choose to follow manufacturer supplied info and rebroadcast that". But is that the type of industry that we want to be in? That the media is so toothless and timid that they only publish what the manufacturers want?

You lost this readers respect when you said the following:

"I stand by my original comment that I am able to make a comfortable living by offering people a great quality product. Overall, the best product on the market no doubt"

The best product. "Really" but you left out the part out about being married to Snow White!

A person that says the above about HICKVISION, do they care about their customers, or their pocket book? Let others decide, I know my vote. CHA-CHING! That is your sound from the cash register.

do they care about their customers, or their pocket book?

Isn't this the same thing in the end? I don't see the argument about money in this debate. Neither side is operating a non-profit organization.

If this thread is going to gain any life someone is going to have to find an example of IPVM making a scandalous and factually questionable statement. Showing the exploit once it was in the public realm is actually not much of a big deal (once an exploit is out on the web anyone with bad intent can find it) and the maps of the exploited cameras is just a graphic representation showing the scale of the problem.

From what I've seen there are more examples of HIK making scandalous statements -

Staying mute on product vulnerabilities and then stating that "Security vulnerabilities are a PR problem"

Denying state ownership

Denying that there was a back door until it was exposed

My opinion is that if they are proclaiming themselves to be a market leader and then failing every test of transparency on their products that makes them fair game for the odd scandalous headline. Can anyone suggest another manufacturer who has acted this way?

ISC should have a Tug of War this year.

First round: Hikvision vs. IPVM!!

Do you mean only our employees? Because I think we're outnumbered by a few... orders of magnitude.

Come on Mr. Ace... You need to watch some Braveheart and re-comment.

Sean:

In my opinion, I do not believe that IPVM is trying to garner more subscriptions in their reporting. However, I do believe that some of their reporting is not accurate and needs better vetting. That said, IPVM has the amount of members that they have for a reason.

Respectfully submitted,

Jeffrey Zwirn, President, Zwirn Cooperation

Regardless of which company is involved, shouldn't serious security flaws in any security equipment be touted from the highest mountain top?? Broadcast loud and clear to all who need to know??

Shouldn't WE as security professionals WANT 'scandals' bought to light and made public for all to see?

Speaking only for myself, if it takes a good roasting in the media (ie; emotive headlines and lots of publicity) to force the manufacturer of any product to step up, admit the vulnerability and FIX it, then I say, Roast ON!

Far better that, than having vulnerabilities left un-patched and potential breaches left exposed in important facilities.

If the manufacturer acknowledges things and fixes vulnerabilities without the media storm, all well and good. You can report a "we found this and Company X immediately acknowledged the issue and has released a new firmware which can be downloaded from their website" - but if they won't acknowledge the issue, then.... *shrug*

As far as HikVision is concerned, full disclosure - I use their products. And not just at work, but also for my own house.

I also make sure I'm patched and firewalled and VLAN'd and secured as much as my IT prowess will allow. Not BECAUSE I'm running HikVision, but because it's bloody good sense to do so, regardless of the product!

It should also be mentioned that IPVM had most of their recent "scandal" articles as "no subscription required" to view them, so - you know - hardly forcing membership down peoples throats!

Nicely put - the question is about security and full disclosure. HIK has failed on those two counts. Whether IPVM has sensationalized this or not is (to me) a secondary issue.

Also - I'm curious what the rationalization is from the two members who disagreed with your statement - hopefully they'll comment.

This isn't difficult. IPVM is partial reporting, partial mkting pundit and partial knowledgebase. That is a good thing and as a paying customer I'm ok with all of it (although there has been a little more self promotion from some subscribers recently but that's probably ok also).

The top guy is a camera slammer...cheaper and higher margin the better. They've been around forever and I'm ok with it! If the customers pay for it then oh well. Customer service is less important than high volume, alarms are often the same way.

Cameras are a get-what-you-pay-for-it product. All the cheap cameras have issues, but some that will never be noticeable to a home user or small business user. The higher priced ones usually have much more features but may not be of value. Just because they come from China doesn't mean they're cheap, they often lack in other items.

We cloud-host Dahua, Hikvision, Panasonic, Sony but 90% are Axis. Axis is a much better bandwidth-controlled camera (and plug-and-play option) and it servers our type of customers much better. Yes there are differences and we know them all.

Both the camera-slammer and IPVM are for-profit and that's great as well. They'll both keep ticking just fine.

As a new subscriber to IPVM I can tell you that what my experience has been. I enjoy most of the content produced by John and team, but I've found there to be a very obvious bias against Hik in everything I read here.

When I read some of the articles about Hik's flaws, I think "Well that was dumb of Hik. Sounds like they need better QA."

I'm reminded of that old saying "Don't attribute to malice, what can easily be attributed to stupidity."

Based on comments in articles I've read, it seems that many members do believe that Hik is working hand-in-hand with the Chinese government; and IPVM moderators don't do much to temper those feelings. It's easy to see why people would so easily believe that. Just look at what's happening in US politics and their own government surveillance!

In the end, it's pretty easy to put a packet sniffer on a Hik camera and see what it's trying to send out. I haven't seen an article about that, and I'd love to. We've done some testing ourselves, but not comprehensively.

In closing, I appreciate the info I get from IPVM, but I don't expect article authors to behave like journalists. Credentialed reporters at official news agencies report on the facts and leave the opinions for the editorial column. I think of IPVM is the editorial section of the newspaper.

Awesome Ben!

Ben, thanks for joining IPVM!

I think many members believe that Hik is working hand-in-hand with the Chinese government

Well, that's because Hikvision is. Hikvision was created as a Chinese government research institute, it is still controlled by the Chinese government today, their R&D VP works for the Chinese government, their Chairman is a Communist Party Secretary, etc.

That said, I do agree with you that at least some of these things are 'stupidity.' For example, I don't think Xi Jinping told Hikvision to email admin passwords in plain text. On the other hand, there have been a lot of, as you call 'stupidity' there, which should give people pause for concern about what other 'stupidity' is also out there yet to be uncovered.

John, now you're asking me to split hairs. I'll clarify because I think clarity is important:

By saying working hand-in-hand, I was referring to the negative. I generally do assume that Hik is sharing R&D related to video technology/innovation with the Chinese government. Just like I assume that Axis has probably been working with the US government. The articles and link you provide would support that argument (although I've seen no facts related to that.. it's an assumption because why else would a government employee be head of R&D)

I cannot buy the argument you're implying: that since people at Hik are tied to government, they must be up to something evil.

I'd need facts to believe that and I haven't seen any.

I generally do assume that Hik is sharing R&D related to video technology/innovation with the Chinese government. Just like I assume that Axis has probably been working with the US government

Ben, Axis is a Swedish company now owned by a Japanese company. Your implicit analogy does not work, i.e., Axis / US government vs Hikvision / Chinese government. If you think clarity is important, that you should clarify or retract your statement here.

Also, there is a difference between being a company started in a country vs a company that was created by a government. Let me know your feedback on that and I can continue on your other points, thanks Ben.

Ben, Axis is a Swedish company now owned by a Japanese company. Your implicit analogy does not work, i.e., Axis / US government vs Hikvision / Chinese government. If you think clarity is important, that you should clarify or retract your statement here.

You're absolutely correct. Funny thing: I was going to say Avigilon working with the Canadian government, but it seemed preposterous! :)

Also, there is a difference between being a company started in a country vs a company that was created by a government.

I think this might be where we disagree.

You refuse to trust Hik because of its ties to the Chinese government and although there's no proof today of government interference, we can expect IPVM to continue to warn members against using Hik.

Maybe one day Wikileaks, some other government or an IT researcher releases actual proof of Chinese government meddling and you're hunch is validated. Man, wouldn't that be awesome for you! :)

Or... nothing happens and it turns out they're just a company making a decent product, making dumb mistakes, with R&D that benefits the Chinese government.

although there's no proof today of government interference

No proof? Hikvision is literally run by the government.

Ben, with all due respect, 20 minutes ago you thought Axis was a US company, I do urge you to learn more about the political and economic backgrounds of the companies in the industry.

Ben, with all due respect, 20 minutes ago you thought Axis was a US company

John, come on now... yes, you are correct, I don't have a strong understanding of the "political and economic backgrounds" of the companies in the industry. My Axis rep is in Canada and I haven't given any thought to where Axis is... because it hasn't been relevant to my business.

Does the mistake mean my points are not valid?

And again, I'm not disputing that Hik is involved with the Chinese government! The ties do not indicate any malice on Hik's part. There is no proof.

(it's probably time to shake hands and part as gentlemen.)

PS: I do appreciate that conversations on IPVM are more civil than other places I've visited. :)

Ben, thanks, and thanks for being civil!

I will say that 3 years ago I would have thought the idea that Hikvision would have been created and controlled by the Chinese government would have been laughable. At that point, I simply assumed they were just another Asian manufacturer aggressively trying to expand (e.g. the Taiwanese had a run a few years before that, etc.).

But...

There's a lot that I learned in the past few years plus Hikvision has been deceptive and the Chinese government more generally is quite deceptive. So when I emphasize that your lack of knowledge here is an issue, I do so from my own past experience and 2+ years of extensive study in this space.

Even on basic issues, Hikvision is extremely deceptive. On the question of their government ownership, their answer to me when I first asked and continuously in the West since is blatantly deceptive. (1) They know the Chinese government is their controlling shareholder yet it's always this spin about a "diverse set of private and public entities", never acknowledging their controlling shareholder. (2) They know that CETHIK is not just a 'state owned enterprise' who is just a 'shareholder' it is the Chinese Electronics Technology Group Hikvision division (i.e., CETHIK), created for the purpose of running Hikvision. And yet knowing this, they are so blatant to deceive people.

Overall, I think it is naive to assume the best of intentions for the Chinese Communist Party / Hikvision and I will continue to report on such facts and issues that they want not reported.

The easiest way would be ask subscribers, just create a poll on a main page:

- IPVM is biased when it's about Hikvision

- IPVM is impartial

Dennis, I am ok with running that but the natural objection of Hikvision supporters will be if the results are favorable to IPVM is that IPVM members are biased against Hikvision, etc.

I don't think it's a bad idea but a poll would be better done off IPVM to remove that objection. Maybe Hikwire :)

But seriously, in general, I would be interested in such polls about IPVM done off IPVM.

Does Gartner already do something like this aimed at the security industry? I thought I saw something not long ago (mid-2017?) about a research firm doing a survey about the industry. I can't recall the details or the audience. :/

100% agree that for the data to be accurate it has to be done outside of IPVM. I'd also argue it should be asked of end-user businesses/enterprises (at least in addition to integrators, etc) since they're often the ones that making the buying decision.

Ben, some of the trade magazines do surveys but Gartner, Forrester and those types do little in video surveillance. Actually, Gartner started to do some more in the last year but basic / limited coverage.

I don't think Gartner though is ever going to do a survey about whether IPVM or Hikvision is biased, that's somewhat outside of their typical procedure...

SurveyMonkey? Public results?

The easiest way would be ask subscribers, just create a poll on a main page:

Seriously? I could tell you the results already.

80-90% - No. IPVM is not biased about Hikvision.

That's been a consistent negative result in any non product related poll that involves Hikvision.

Und x NO

Sean - Yes

Marty - Yes

Jeff - Yes

Hard to say, I'd like to see the results myself. Hopefully, John Honovich will conduct such research and send a request to all the members.

Agreed. Even John agrees the poll would be ridiculous to take.

I mainly think it won't prove anything. People who don't like Hikvision will be happy, people who do (the far smaller minority) will cry foul.

That said, Dennis, if you really want to do it, start your own discussion, write the poll how you wanted it expressed and we'll add a poll exactly like that and let people answer. I certainly don't want to block you, I just don't want it to come from me / us.