You are using a free service, and think the provider cannot ask for a simple login.

Anonymity is fine to ask for, but you are not paying for something and you are getting value...

Good thing some tapos do have alternative firmware like thingino.

You should still treat it as radioactive waste. Protect it and protect yourself from it - segregated VLAN, no internet access, just like you would do with official firmware.

Untrusted network is not sufficient, you need to cut them off internet, in general.

The internet should very much be considered an untrusted network.

Don’t put it on a network, but also don’t allow it to reach an untrusted network.

Thingino supports C200 https://thingino.com/#:~:text=SC3336%2C%20WQ9001%2C%208MB-,T...

it does not, there are 5 versions of C200 as of now and thingino only supports one or two, it is very important to get the right chip, you can check https://openipc.org/

I came here to post this, too :) What the thingino community managed to do with their firmware for these cameras is nothing short of amazing - if you happen to have a compatible camera, you really, really should give it a whirl!

I'd love to but... how? One alternative seems to be a programmer chip that must be puchased and then modified to not fry the camera with 5V. Another is maybe stripping a USB cable and soldering it to the wifi pads on the camera chip?

Neither of these seem like good ideas for someone like me, who is relatively hardware naïve and has small children running around making it hard to concetrate for more than 30 minutes at a time.

The question is genuine. I want to do this but don't actually know by which method.

Yeah, I can see why that is a show-stopper for people. However, the thingino project has people among them who care deeply about ease of installation - so with these security issues discovered in the TP-Link device, chances are an installation method that relies on a vulnerable stock firmware will be provided in time :)

I got a couple of Wyze cameras and loaded Thignino via SD card. No fuss no muss.

In this case I'm asking specifically about the C200 this article is about. Sorry for not being more clear. From what I understand the C200 does not boot from SD card.

correct, it's in beta testing right now, you can check for alternatives https://github.com/wltechblog/thingino-installers

Ah that's fair. One of the reasons I went with the Wyze units is that they were well supported and installation was pretty easy.

Oh, this is great! I do have this exact camera and another one that’s on the list!

I’m more than happy to ditch the scrappy RTSP setup that I have to support these cheap cameras!

I think Thingino is great. But there are definitely still dragons lurking. I reported a bug last year and mostly forgot about it. Got a response a few months ago to check out a fix related to unexpected memory access.

I generally try not to be a huge Rust cheerleader but seriously. Yikes.

Some cameras that "charge" with USB also can use a USB network adapter (provided they can supply power).

For the tech savvy, there is thingino as a firmware alternative - works local only, no cloud, and supports mqtt etc.

Is there a table of supported hardware, that contains info about the USB-connection (or ethernet) on these devices. Like, which have data-lines connected, can the device electrically do host and device mode? Can I use a POE2USBC adapter, that presents itself as a USB-network device to the camera? Ability to filter on those columns would be great. Is thingino using the Ingenic linux kernel 3.ancient SDK version, or do they have/use something newer?

They lend themselves to local connections, however, so they are workable for the tech savvy.

Definitely a problem for regular users.

Eventually these will use mesh networks to figure this out.

there are ways to see out which indexes get used and which are not. It's surprising to find out table scans or incorrect indexes getting used.

Just earlier this year I pad 35$ for 64gb lrdimm stick (420$ total for 12).

Now each stick is over 180$.

You can selectively bypass many roll out procedures in a properly designed system.

If there is a proper rollout procedure that would've caught this, and they bypass it for routine WAF configuration changes, they might as well not have one.