Break free of Ring's servers, earn a five-figure bounty
- Reference: 1771859854
- News link: https://www.theregister.co.uk/2026/02/23/ring_bounty/
- Source link:
The bounty was launched by the Fulu Foundation, a nonprofit set up to raise awareness of consumers' lack of ownership over their tech. The organization will pay $10,000 up front and match community donations up to an additional $10,000 for eligible submissions.
Rewards won't be handed out for just any security vulnerability, though. In keeping with Fulu's ethos, [1]the winner will be the first to figure out a way to run a Ring camera system locally, and block any data from being transmitted to Amazon's servers.
[2]
"The problem lies in the software that runs on [Ring] devices and directs video to be sent back to Amazon's servers," [3]said Kevin O'Reilly, executive director of the Fulu Foundation.
[4]
[5]
"In an ideal world, device owners would be able to modify that software to instead push that footage to their own computer or server, should they so choose. Our bounty seeks to provide that option to Ring camera owners."
The nonprofit cited Ring's past [6]privacy lapses , including one that [7]resulted in a $5.6 million settlement with the FTC, to support its claim that users should not be beholden to its subscription model.
[8]
Ring's current plans range from $49.99 per year for the cheapest single-camera option to $99.99 per month for Virtual Security Guard with live video monitoring by dedicated agents.
You don't necessarily need a subscription to make use of the hardware, provided all you want is basic functionality. Users can still view live video, receive motion alerts, and use two-way talk, but recording footage or anything more advanced is reserved for paying subscribers.
[9]Amazon's Ring can now use AI to 'learn the routines of your residence'
[10]Ring embraces the end of the world, starts using home cameras to track wildfires
[11]Amazon's $200 billion capex plan: How I learned to stop worrying and love negative free cash flow
[12]Amazon's vibe-coding tool Kiro reportedly vibed too hard and brought down AWS
Fulu Foundation, founded in August 2025 by marketing professor Maria Palazzo, also pointed to social media users who claimed to be outraged following Ring's [13]controversial Super Bowl ad highlighting its AI Search Party feature.
One [14]wrote : "The Super Bowl commercial was the last straw. They want to sell me hardware, sell me a subscription to run the hardware, sell me a subscription to monitor my system, and then sell all of my information to nefarious actors. They're basically sacrificing my community's privacy and security, and charging me for the experience. It's not worth it. I'm going to DIY my own security camera network using Raspberry Pi devices."
The nonprofit is ultimately looking to raise awareness of the tech ownership issue with Ring and reshape Section 1201 of the Digital Millennium Copyright Act (DMCA), which prohibits the circumvention of tech controls.
[15]
Right-to-repair activists have long called for Section 1201 reform. Through the US Copyright Office, certain [16]exemptions have been established since the law was enacted in 1998, but the current law still prohibits the kind of subscription-busting changes for which Fulu Foundation is pushing.
The Register contacted Ring for its take, and we'll update the story if it responds. ®
Get our [17]Tech Resources
[1] https://bounties.fulu.org/bounties/ring-video-doorbells?ref=fulu-foundation.ghost.io
[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2aZyHu883fUqKMiMkGKMcVgAAA9g&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[3] https://fulu-foundation.ghost.io/our-search-party-finding-a-ring-bounty-winner/
[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aZyHu883fUqKMiMkGKMcVgAAA9g&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[5] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aZyHu883fUqKMiMkGKMcVgAAA9g&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[6] https://www.theregister.com/2021/10/13/amazon_ring_audio_recording_data_protection/
[7] https://www.theregister.com/2024/04/25/ring_ftc_settlement/
[8] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aZyHu883fUqKMiMkGKMcVgAAA9g&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[9] https://www.theregister.com/2025/06/25/amazons_ring_ai_video_description/
[10] https://www.theregister.com/2026/01/07/ring_cameras_wildfire/
[11] https://www.theregister.com/2026/02/17/amazons_200_billion_capex_plan/
[12] https://www.theregister.com/2026/02/20/amazon_denies_kiro_agentic_ai_behind_outage/
[13] https://www.theregister.com/2026/02/13/ring_flock_partnership/
[14] https://www.reddit.com/r/Ring/comments/1r3f7yc/comment/o59sckt/?utm_name=web3xcss&ref=fulu-foundation.ghost.io
[15] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aZyHu883fUqKMiMkGKMcVgAAA9g&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[16] https://www.theregister.com/2021/10/29/2021_dcma_rules/
[17] https://whitepapers.theregister.com/
Re: I assume that Ring has been asked ...
Looking at the Ring teardown pics, I wonder if it's possible to replace or reflash the storage chip. Guessing this hardware isn't locked down hard like phones. An open OS would make the hardware useful. The Ring OS might even be usable if the certificate chain or pinned certificate can be redefined, so the modded unit thinks it's talking to Amazon servers even when it isn't.
Why even bother?
I don't mean breaking them to work locally - that's a nice earner for the first to do it, but I mean as a consumer.
Just use one of the many alternatives that don't go to a cloud - Eufy or Ubiquiti, for example. I've had both and though the Eufy was good it became very unreliable as time went on, and their support was less than fantastic - they'd try everything in their power to blame everything but their own kit.
As I'd already got Ubiquiti AP's and a cloud gateway, it was a no-brainer when switching.
However, both are very similar in features, were for me at the time parity with price (notwithstanding the additional gateway device) and just work. And there are many other brands out there that work without a cloud connection.
I'm actually in the process of trying to remove anything that requires an ongoing subscription, let alone cloud connectivity. It's a slow process but one I am enjoying.
The likes of Home Assistant are very useful for such things, I have to say.
Re: Why even bother?
Seconding this, with one modification. Ubiquiti isn't an "alternative" it's a massive improvement.
If someone suggested replacing my Ubiquiti with cheap cloud consumer crap I'd probably die from laughing too hard.
Fresh off my third install in two months, given as Christmas gifts to friends and family. They buy the gear; I give them my Sunday.
I assume that Ring has been asked ...
if they can be configured to use an owner's own servers and that they have said 'no' ?
Well, they are leaving the door open for someone to develop a similar product that did allow this, maybe even allowed owners to install their own firmware. Few would actually do so but enough, like me, would be interested to make this a viable product.