If you’re still using old Wi-Fi security cameras around your home, they might be broadcasting directly to the internet where anybody can watch you.

Old Security Cameras Are a Privacy Nightmare

You may have noticed security cameras in the news recently because of various privacy debacles like eufy’s cameras allowing for wide-open no-verification streaming. Then of course, there was the other debacle with Wyze cameras, too. Even robot vacuums with their roving camera eyes are getting bad press lately.

While issues with current hardware are worth talking about, to be sure, what we’re focused on today are old security cameras. There are thousands upon thousands of old 2000s and 2010s-era Wi-Fi security cameras in use around the world.

Not only are these old IP Wi-Fi security cameras long outside their lifecycle—and thus not receiving any security updates—but many of them were never configured properly in the first place.

That might seem like an abstract problem you could easily brush off, like running an old laptop with Windows 7 or using an old iPad that can’t get the most current iOS updates. But in reality, it’s a concrete problem with direct privacy implications.

If your Wi-Fi security cameras are improperly configured, anybody can tune in and watch them. Not highly skilled hackers, not bored high school kids running scripts they found on questionable websites or forums, anybody. In fact, some websites, like Insecam, comb the internet for open security cameras and catalog them. Anybody can visit the website and look at the cameras—zero security expertise required.

While many of the cameras found on such sites are supremely boring, like municipal cameras pointed at snow plow parking lots or dock cameras set up so fishermen can see what the weather is at their favorite public access ramp, a surprising number of them are clearly cameras intended for private use.

Although such sites, thanks to bad press over the years, have gotten better about filtering out things like unsecured baby monitors, cameras in living rooms, and such, it’s still a problem. And just because the site filters out the privacy-violating camera doesn’t mean the privacy issue doesn’t continue—they don’t secure the camera for the person. They just stop displaying it on the page.

For example, while browsing through the Insecam archives, we came across hundreds of examples of a specific old Linksys Wi-Fi camera, the popular WVC80N. Not only is it problematic that you can watch the feed of somebody’s yard or even inside their home, but you can also jump right to the unsecured dashboard of the camera itself. Here’s the dashboard for a Linksys WVC80N camera located in central Ohio.

Despite knowing the feed was a live camera feed, I’ll admit to being surprised when I watched the mailman walk right past the camera to deliver the mail.

It was equally surprising to see people walking around in their kitchens, living rooms, and backyards too. All because their old IP-based Wi-Fi security cameras weren’t properly secured.

In many cases, you can even access unsecured cameras and directly control them, using the pan and tilt controls as if you were the camera owner.

Worse yet, you’ll often find distinct information in the video feeds (or the attached metadata) that make it possible to zero in on the location of the camera. For example, while looking at cameras for this article, I came security camera named after the location of the road the home was on.

Given that I had the rough geographic location based on the IP address and that the road had a distinct name that occurs only once in the state the IP address was in, it took under a minute to go from looking at the camera to looking at the home on Google Street View. I was also able to locate several cameras in cities I was more familiar with just by using the map function on the Insecam website while looking for familiar streets and landmarks.

That highlights one of the worst things about this little experiment and writing this article. There’s no way to tell the camera owner their camera isn’t secure, save for rare moments like the one I just highlighted. And even then, my only option to alert them would be to mail a very spooky letter to their physical address. “Dear Sir or Madam, I found a camera on the internet pointed into your living room, and I tracked you down to anonymously alert you of the situation…”

Here’s What to Do With Your Old IP Wi-Fi Cameras

So what should you do if you have old outdated security cameras? You should do one or more of the following things to ensure you’re not accidentally broadcasting your life to the entire internet by an unsecured IP camera connection.

Get Rid of Your Old Wi-Fi Cameras

Retire your old cameras. There’s no reason to keep using a 10+ year-old Wi-Fi security camera that no longer receives updates.

It’s not worth putting up with garbage video quality (nearly all of the security cameras we could access had a sparse 640×480 pixel feed). And it’s not worth putting up with security risks and vulnerabilities.

Camera technology has advanced so much over the years that there are zero reasons to use a security camera with a worse picture than your old laptop’s built-in camera. So reset your old IP Wi-Fi cameras and send them off to get recycled.

Isolate Your New IP Wi-Fi Cameras

If you replace your old IP Wi-Fi cameras with new updated ones, you should go out of your way to isolate them on your home network.

This means looking for settings in the camera firmware itself to restrict access to only local connections (if such a setting is available) and then further isolating the camera by setting up router-level rules to stop traffic from that IP camera from leaving your local network.

If you’re lucky, your router firmware has a user interface that allows you to easily assign a static IP address to your IP Wi-Fi cameras and then restrict outgoing traffic for that IP address. If you’re not, you’ll likely need to get your hands dirty (and potentially upgrade your router to access the more advanced features you need).

Skip IP Wi-Fi Cameras Altogether

If the idea of setting up custom routing tables sounds daunting and above your DIY pay grade, you might consider skipping IP Wi-Fi cameras altogether and going with an option that requires less self-management. Options like Nest or Ring cameras come with automatic updates and a secure link between your home cameras and the outside world (for those times you want to check the cameras away from home).

Although there’s a compelling argument for sticking with outdoor-only cameras to monitor your property and skipping indoor cameras for privacy reasons. Every system has a point of failure: If it fails, it’s better that the world can see your garbage cans and unmowed lawn, not your bedroom or baby.