It shouldn’t be so easy to peer into a stranger’s bedroom, much less hundreds of strangers’ bedrooms. But a website has collected the streaming footage from over 73,000 IP cameras whose owners haven’t changed their default passwords. Is this about highlighting an important security problem, or profiting off creepy voyeurism—or both?
Insecam claims to feature feeds from IP cameras all over the world, including 11,000 in the U.S. alone. A quick browse will pull up parking lots and stores but also living rooms and bedrooms. “This site has been designed in order to show the importance of the security settings,” the site’s about page says. But it’s also clearly running and profiting off ads.
To be sure, the streaming feeds aren’t anything a determined person couldn’t already find through Google or Shodan, the latter of which lets you look for connected devices like IP cameras. But the website puts all those streams into one easily and creepily accessible place. A lawyer tells Motherboard that the site “a stunningly clear violation of the Computer Fraud and Abuse Act” in the U.S since it involve hacking into someone’s password-protected account, even if it’s a default password-protected account. It’s unclear who exactly is behind the site, though the domain is registered with GoDaddy with a IP address linked to Moscow.