STOLEN GEAR? SIMPLE FIX? WILL CANON MAKE A MOVE TO PREVENT IT?

Nov 1, 2012
1,549
269
I saw this earlier today. I would be game for an unlock pin like they mentioned (on timer to reset, of course).

Yup, like pin code once gives you 24h time, or maybe that you can configure from menu how long you want it each time. Problem is, people would forget the pin so there needs to be back-up method. Maybe register camera on canon website, and Canon EOS utility would connect to camera and Canon server, and it'd unlock camera if it's deemed clean. So if your camera is stolen, you can report to website and the the EOS utility would refuse to open it.
 
  • Like
Reactions: 1 users
Upvote 0

bergstrom

Photographer
Feb 23, 2015
534
398
Its so simple. But as Tony said, maybe companies depend on gear getting stolen so you have to buy a new one. Would be interesting to get estimates on how much insurance companies paid out on stolen gear over the years and how much of all camera gear companies sales is based on buying replacements.

If there was a global petition to bring this is, they would have to address it. Obviously it will only work for cameras that accept firmware and are touch screen, but if they start now, over time stolen camera gear would be useles because as Tptana said , a 24 hr deadline on a 6 pin code might be hard to break, or maybe even reduce it to 3-4 hours, like a phone, if its not in use, it goes off.

Another factor is to make it fool proof. Pay hackers to see if a software could be developed to figure out the code and if it WAS actually possible, then brainstorm again to figure out a way that it can't be hacked. Any time hackerts DID find a way, companies would release additional firmware security fixes.
 
Upvote 0
Nov 1, 2012
1,549
269
Another factor is to make it fool proof. Pay hackers to see if a software could be developed to figure out the code and if it WAS actually possible, then brainstorm again to figure out a way that it can't be hacked. Any time hackerts DID find a way, companies would release additional firmware security fixes.

I think Tesla gives nice bonus for people who find security flaws in their system, up to new Tesla vehicles. Would be easy for Canon to give cameras as incentive if you find security flaws.

Also, for non-touchscreen cameras (are there still those?), they could also use all the buttons as pin code. Xbox has that option instead of password, just press correct combination on the controller and it unlocks your profile.
 
  • Like
Reactions: 1 user
Upvote 0
Mar 26, 2014
1,443
536
This idea has problems people haven't thought out, e.g. Tesla's cars locked due an over the air software update, or malicious owners setting a PIN, disabling it for 24 hours just before sale, then reporting the camera stolen. Even fingerprints aren't fool proof. As an extreme example, a relative lost his hand in an accident. Now you have two options - tell customers that in such case their equipment (possibly worth thousands of dollars) is bricked, or make a workaround. You can bet your *** thieves will learn about the workaround real quick.
 
  • Like
Reactions: 1 users
Upvote 0

koenkooi

CR Pro
Feb 25, 2015
3,569
4,109
The Netherlands
This idea has problems people haven't thought out, e.g. Tesla's cars locked due an over the air software update, or malicious owners setting a PIN, disabling it for 24 hours just before sale, then reporting the camera stolen. Even fingerprints aren't fool proof. As an extreme example, a relative lost his hand in an accident. Now you have two options - tell customers that in such case their equipment (possibly worth thousands of dollars) is bricked, or make a workaround. You can bet your *** thieves will learn about the workaround real quick.

I once worked with network cameras where the password was stored in such a way that it couldn't be erased by a factory reset. So if you forgot your password you had to get a replacement mainboard or swap out the complete camera.

Making good security user friendly or practical is a hard problem, especially in a field where people get very upset on the interwebs if the EVF takes 1 millisecond to turn on.
 
Upvote 0
Mar 26, 2014
1,443
536
I once worked with network cameras where the password was stored in such a way that it couldn't be erased by a factory reset. So if you forgot your password you had to get a replacement mainboard or swap out the complete camera.

Which usually ends with owners writing down passwords someplace accessible & easy to guess.

Same with credit card PINs since it became mandatory to enter it to pay. People write the PINs down in their phonebook, or change the PINs on all the credit cards to be the same memorable number, etc, making thieves' lives easier.

Making good security user friendly or practical is a hard problem

Definitely harder than making up a conspiracy theory about companies making money by making their equipment easy to steal, followed by a suggestion to copy the imperfect schemes used by other companies, a.k.a clickbait.
 
Upvote 0

koenkooi

CR Pro
Feb 25, 2015
3,569
4,109
The Netherlands
[..]making up a conspiracy theory about companies making money by making their equipment easy to steal, followed by a suggestion to copy the imperfect schemes used by other companies, a.k.a clickbait.
We’re talking about Tony N. here, clickbait goes without saying.
 
  • Like
Reactions: 2 users
Upvote 0

SteveC

R5
CR Pro
Sep 3, 2019
2,678
2,592
Which usually ends with owners writing down passwords someplace accessible & easy to guess.

Same with credit card PINs since it became mandatory to enter it to pay. People write the PINs down in their phonebook, or change the PINs on all the credit cards to be the same memorable number, etc, making thieves' lives easier.



Definitely harder than making up a conspiracy theory about companies making money by making their equipment easy to steal, followed by a suggestion to copy the imperfect schemes used by other companies, a.k.a clickbait.

When every single damn site you go to insists you create an "account" to do anything, it's no wonder people re-use passwords. No one can remember 100 strong passwords, especially for places they go to less than once a year.

I deal with this by going to places that let me check out as guest, using a password manager, and using pass phrases where possible. Yeah those end up being 30 characters long but at least you can effing remember them.
 
  • Like
Reactions: 1 user
Upvote 0
Nov 1, 2012
1,549
269
I once worked with network cameras where the password was stored in such a way that it couldn't be erased by a factory reset. So if you forgot your password you had to get a replacement mainboard or swap out the complete camera.

Making good security user friendly or practical is a hard problem, especially in a field where people get very upset on the interwebs if the EVF takes 1 millisecond to turn on.

Yup, real security is much different than what typical user wants.
 
Upvote 0
Nov 1, 2012
1,549
269
When every single damn site you go to insists you create an "account" to do anything, it's no wonder people re-use passwords. No one can remember 100 strong passwords, especially for places they go to less than once a year.

I deal with this by going to places that let me check out as guest, using a password manager, and using pass phrases where possible. Yeah those end up being 30 characters long but at least you can effing remember them.

I basically have 3 variations on my passwords (plus some specials):

A: simple/easy/stupid for websites I don't care about (and don't hold any actual personal information)
B: longer more difficult one I used on other places until I figured out not to use same for all (most of these I've changed already)
C: fixed set of random characters, with addition from the website/company name to make it different for each one

Then some websites are moronic and don't accept certain special characters so I had to create C-variant with more commonly accepted special characters. And what made that worse, after using C for some 10 years, some websites started to restrict 3 continuous alphabet (e.g. abc), and I didn't even notice my random set actually did have such set in between, until one website said can't use such password. So for those websites I had another C-variant with slightly different random set.
 
Upvote 0

SteveC

R5
CR Pro
Sep 3, 2019
2,678
2,592
Then some websites are moronic and don't accept certain special characters so I had to create C-variant with more commonly accepted special characters. And what made that worse, after using C for some 10 years, some websites started to restrict 3 continuous alphabet (e.g. abc), and I didn't even notice my random set actually did have such set in between, until one website said can't use such password. So for those websites I had another C-variant with slightly different random set.

What irritates me are the ones that won't tell you what the rules are until you enter a non-compliant password, which will then tell you one rule (out of several) that you violated. If I *am* using a password manager and have it randomly generate something, I then have to do so over and over again until the dipshit who wrote the code is satisfied.
 
  • Like
Reactions: 1 user
Upvote 0
Nov 1, 2012
1,549
269
What irritates me are the ones that won't tell you what the rules are until you enter a non-compliant password, which will then tell you one rule (out of several) that you violated. If I *am* using a password manager and have it randomly generate something, I then have to do so over and over again until the dipshit who wrote the code is satisfied.

Yes, exactly. For 90% of the time when I can't remember the password, if they just told the rules at that point I would probably be able to guess what variation I used.
 
Upvote 0

SteveC

R5
CR Pro
Sep 3, 2019
2,678
2,592
Yes, exactly. For 90% of the time when I can't remember the password, if they just told the rules at that point I would probably be able to guess what variation I used.

I was thinking more of something that would tell you, oh, you can't use THAT character (e.g., a semicolon) or an embedded space or... but only AFTER you tried to use it. But then there's also you typing in a password then having it tell you, oh, you need at least one digit, then oh, you need at least one special character.
 
Upvote 0

Joules

doom
CR Pro
Jul 16, 2017
1,801
2,247
Hamburg, Germany
I was thinking more of something that would tell you, oh, you can't use THAT character (e.g., a semicolon) or an embedded space or... but only AFTER you tried to use it. But then there's also you typing in a password then having it tell you, oh, you need at least one digit, then oh, you need at least one special character.
Or actually going the reverse of good practice and limiting the size of a password to something not particularly long. I recently cam across a site that wanted my password to be 16 or less characters - of course telling me this only after trying one that was longer.
 
  • Like
Reactions: 1 user
Upvote 0