Group News

Apple’s UDID Hypocrisy

by on Sep.17, 2012, under Group News, Security

On the third of September, a hacker claiming affiliation with AntiSec made a post on describing an intricate attack against an FBI agent’s laptop.  The hacker claims to have dumped a database containing over twelve million unique device identifiers (UDIDs) of Apple iOS devices, along with personal information which could tie a user’s real-world identity to his or her device’s electronic serial number.  The hackers made just over one million of these UDIDs public, and analysis elsewhere has suggested that the data is that of actual Apple devices.  I wrote extensively about the use and abuse of the UDID in a paper which was released just under two years ago.

During the finger pointing phase which followed the leak, the FBI and Apple both denied that they were the sources of the data.  It was later discovered that the leak came from an application developer called Blue Toad, who uses UDID data extensively in their development work.

Thrust into the spotlight, Apple took this opportunity to remind the user community that they have been actively working to address UDID privacy concerns on the iOS platform.  Not only has Apple deprecated the use of the UDID since the release of iOS5 early in 2011, they have  recently started to reject App store submissions for applications which query the iOS UDID.

As it turns out, Apple is taking a “Do as I say, not as I do” approach with UDID security.  Apple continues to collect device’s UDIDs every time an advertisement banner is displayed in any application which uses Apple’s very own iAd banner advertisement system.

It’s quite easy to find an application which uses the iAd network.  For this demonstration (data collected 9.17.12) we’ll take a look at Qrafter, a QR code scanning application.

Notice the iAd watermark in the lower right corner of the banner ad.

The iAd banners are retrieved using SSL, which makes traffic analysis somewhat more difficult.  By using an appropriate MITM tool, such as Ettercap, Charles or MITM Proxy, it is possible to examine the plain-text contents of the otherwise encrypted conversation.

The iAd banner retrieved by the Qrafter application comes from a server named  When the application requests the banner ad graphics, it also transmits the iOS device’s UDID to the remote host at

Zooming in on the highlighted section reveals the UDID of the iPhone used in this demonstration.

Using the UDID Tool app, we can confirm that this is the UDID of our iOS device:

Apple’s move to keep UDID-aware applications out of the App store was billed as a system put in place to enhance the privacy of its loyal user base .  Considering the behavior of iAd, however, this policy change smells much more like an attempt by Apple to squeeze the competing advertisement networks out of its exclusive online marketplace.

Seeing as how they burned the unique device ID into the phone’s firmware in the first place, Apple clearly already knows the UDIDs of every devices it manufactures.  By logging this data during a banner ad fetch, however, Apple is building a database of which applications you use and where and when you use them.    By restricting the use of UDIDs by third parties, they’re giving the iAd system a clear “trackability” boost over their rivals.

Leave a Comment more...

We got a takedown notice from LifeShield for our positive review

by on May.10, 2012, under Group News, Security, Whining

Yes, you read the headline correctly.

Our 95% glowing review of the LifeShield products and services earned me a DMCA takedown notice from a “Digital Content Protection” company on behalf of LifeShield. You’re saying “OK, that sure sounds dumb, but what are the grounds for a takedown notice in the first place?” I had the same question.
The content of the notice was:

It has come to our attention that your website or website hosted by your company contains links to LifeShield, Inc website ( which results in financial losses by the company we represent, because of search engine penalties.

I request you to remove from following website (
all links to website as soon as possible.
In order to find the links please do the following:
1) If this is an online website directory, use directory’s search system to find “LifeShield” links.
2) If there are hidden links in the source code of website, open website’s main page and view its source code. Search for “” in the source code and you will see hidden links.

I have a good faith belief that use of the material in the manner complained of is not authorized by LifeShield, Inc, its agents, or the law. Therefore, this letter is an official notification to effect removal of the detected infringement listed in this letter.

I further declare under penalty of perjury that I am authorized to act on behalf of copyright holder and that the information in this letter is accurate.

Please, inform me within 48 hours of the results of your actions. Otherwise we will be forced to contact your ISP.
LifeShield, Inc will be perusing legal action if the webmaster does not remove the referenced link within 48 hours.
LifeShield, Inc will be forced to include the hosting company in the suite for trademark infringement.

Makes perfect sense, right? Trademark infringement. Because of links. As part of a review.

As you would assume, I was furious. I forwarded the email to a sales manager at LifeShield and then called them and left a message. I got a call back later that night from the sales manager. She apologized and said I didn’t have to remove the links. I said I was pretty annoyed at being threatened with a BS takedown notice and a simple apology wasn’t going to cut it. I wanted to know that this isn’t how they do business.

I got an email from her later that night:

I didn’t want to call you because it is so late, but I wanted to go ahead and contact you about this. I did hear back from my manager via email and she said that they are contacting the gentleman who sent the email, and they will have this taken care of immediately. There will be no further action that you have to take and you will not receive any more emails like this. I apologize about this and if you have any questions please feel free to contact me.

I got another email from upper management:

I am the svp interactive for  Please ignore the dmca email you received.  We hired them to protect our trademark and your site was accidentally included in our list of sites.  I just sent them a note to take you off their list.  Please keep our links on your site.  We apologize for the inconvenience.

I was no longer really worried about the “inconvenience” so much as I was worried that I was supporting and endorsing a company with unethical business practices. I replied with this:

While I appreciate the apology, I have a bigger question: are you OK with how this guy is going about “protecting your trademark?”
Telling people you are going to sue them (and their ISP) if they don’t remove LINKS to your website is unethical at best and quite possibly fraudulent use of the DMCA. Did you read the email he sent me? Here are a few of my favorite parts:

It has come to our attention that your website or website hosted by your company contains links to LifeShield, Inc website ( which results in financial losses by the company we represent, because of search engine penalties.

I’m sure this isn’t news to you, but this is 100% BS. You can’t claim losses via poor SEO and leverage a law suit against somebody else to fix it.

I have a good faith belief that use of the material in the manner complained of is not authorized by LifeShield, Inc, its agents, or the law. Therefore, this letter is an official notification to effect removal of the detected infringement listed in this letter.

Once again, I’m sure you know that permission is not needed to provide links to a publicly-available website. This guy identified himself as the head of “anti-piracy.” He is basically equating a link to intellectual property. This is fallacious on so many levels, I don’t even know where to begin.

Please, inform me within 48 hours of the results of your actions. Otherwise we will be forced to contact your ISP.
LifeShield, Inc will be perusing legal action if the webmaster does not remove the referenced link within 48 hours.
LifeShield, Inc will be forced to include the hosting company in the suite for trademark infringement.

Finally, the threat. Remove the links or we’ll sue you and your hosting company. For trademark infringement. You’ve got to be kidding me.

This is not how you protect a trademark, Evan, this is how you ruin it. Am I to understand that the people intended to be on your “list” (bad reviews?) are also getting letters like this? Have you heard of the Streisand Effect?
Now, if there are people out there legitimately infringing on your trademark, by all means, pursue them and shut them down… but do it with legitimate DMCA takedowns, not this thug-style intimidation BS. We all know how these work: people will do as you ask because it isn’t worth the trouble (or possible legal fees) to put up a fight, even though they know you have ZERO legal ground to stand on.

Please tell me you are straightening this out with the IP protection company (or cutting off your business relationship with them). I’m willing to accept the explanation that you hired this company thinking they were above-board and you didn’t know they’d be up to these shenanigans, but now you DO know. This isn’t how you want to handle your business on the Internet. I can tell you I don’t want to be involved with or endorse a business that does so.

Sums up my feelings well, I think. They were not impressed with my righteous indignation, however, and replied thusly:

I appreciate your feedback.  However, we had a site cloak lifeshield and generate over 700K back links to our site without our knowledge.  Google stepped in and slapped us with a search ranking penalty to which our business has suffered major losses.  Understood that the links on your site to may be legitimate (and we rectified this) but we needed to be aggressive to rectify the situation and protect our business.  We are a legitimate home security brand with hundreds of employees and had to layoff great employees due to this and our business is still down significantly. Again, I apologize for the inconvenience; however, as a business owner yourself, you can imagine our loss.

So I said:

So you’re saying that somebody went out and bought 700K back links for you, knowing that it would get you penalized by Google? So does that mean you had (Company name) send out 700K DMCA notices? Talk about throwing good money after bad. Report the linkspam to the spam team at Google, then spend that money on an SEO expert rather than on trying to bully people with intimidation.

I understand that it sucks when people mess with your business, but it doesn’t excuse slimy tactics by you. If your house catches on fire, you don’t put it out with manure. How many other innocent people got your pit bull’s strong-arm, unethical (borderline fraudulent) DMCA takedown notice? Do you care? Or are you just scorching earth?

I want to be on your side, but you are making it difficult by standing behind a practice that represents all that is wrong with the internet. I really, really believe you should rethink this methodology.

No response. 2 days later, I got ANOTHER takedown notice, identical to the first one. I informed LifeShield:

I received another takedown notice this morning from the brilliant minds of (Name of company), identical to the last.

If you’d like to call him off, I’d like to be CC:’ed on the emails for my records, and I’d like to receive an email from him stating that he will not be taking legal action against me or my hosting service.

I got no response from LifeShield, but I got this from the genius at the IP protection company:

I have received a complaint from our customer about you not satisfying our business practice.

While I have some objections I must accept that you are right and would like to apologize for any inconveniences caused.

As a  justification of our good intentions I’d like you to realize that we’ve been put on a very tight deadline and had to remove over 5 thousands links within 10-14 days and we had no ability to check the quality and the nature of those links. Our client hired an SEO expert requiring to remove links in the list before they go ahead and submit a reconsideration request with Google.

As a result we’ve got it done in that way. Again I do apologize and would like you to reconsider your opinion about us and our client.

Please let me know if you have any questions, I’d be happy to explain.

P.S. We are like the police dealing mostly with online criminals and sometimes we forget that there are a lot of good people around, honestly doing their online business.

Yes, everybody, have some sympathy for these heroes, these “internet police.” Brilliant. I like that he admitted that I’m right, though. My response:

My problem with your business practice is very simple:

A party creating large quantities of backlinks to a site in order to generate SEO (or, in this case, destroy SEO) is unethical.

It is not illegal.

Threatening legal action against this party (and making the spurious claim of “trademark infringement”) for doing so is even more unethical (since you are supposed to be the good guys) and short-sighted, in my opinion.

Any “SEO Expert” who recommends this course of action is just as misguided and, in my opinion, not very good at their job.

His response to this was very telling, I think:

I got your idea. All this “link removal” thing is quite new to us. It is our second order of this kind, but we have already processed more them 30k links. And what we find is that people not react when we kindly ask them to remove the links. We tried to contact huge amount of website and ask them to get rid of those links, but didn’t get any response at all. And on the opposite email which you got from us first time worked really good. 🙂 I felt like this is not the right thing to do, but you know we had to finish our business. However, I apologize once again for any inconvenience we caused. And in case you will ever need any Intellectual Property protection service just shoot me an email. I’ll give you a discount for our services.

So they knew it was “not the right thing to do,” but it worked, so who cares! Those are some high-quality business practices.

While all this was going on, I had one other little issue with LifeShield. They weren’t paying me for referrals I had earned. When I originally wrote my reviews of the LifeShield products and services (March, 2010), they had a referral system in place. If I got 5 referrals, I’d get free security system monitoring for life. They provided a link to give to possible customers. I used it all over my reviews. I personally knew 3 parties that had purchased systems via my referral link, but I figured there were more that I didn’t know about (based on the amount of traffic my post was getting and the comments/questions I received). I called them up one day and asked what the status was of my referrals to see if I had earned my free monitoring yet.

They said I had zero referrals. Zero. I asked to speak to a manager immediately, and the manager basically told me that the referral system wasn’t working. Thanks so much for telling us, folks. I told them I was pretty upset about that and I felt confident that I had provided them with 5 customers and I’d like my free monitoring. She spoke with management and got back to me quickly to tell me that they agreed. They gave me the free monitoring for life. Great, right? At that point, the referral system became useless to me so I removed the links and just left the review stand. I updated it from time to time and answered any questions people posted as comments or emailed to me. I was grateful for a product I really like and for the free monitoring.

Fast forward to late 2011: they launched a new referral system that offered $150 per referral for new customers! Great deal, especially since the referred party also would get a free network camera. After verifying that I could take part (since I had used the previous referral program), I signed up immediately and added the new referral links and info to my reviews. I also updated the review to reflect some of the changes they had made to their service (such as requiring a contract). They would email me when people used my referral link so that I could send a personalized link to the new customer to help make sure the referral was recorded properly. I didn’t understand why this was necessary, but I did it anyway. Every time.

I noticed that the referral tracking system was (once again) showing that I had not earned any referrals. I had email and phone conversations with sales reps and sales managers over and over, checking to make sure that I was, in fact, getting credit for my referrals. They assured me that I was. “The system only updates once a month,” they told me. A month later, still nothing. “I’ll make sure they get put in immediately,” they’d tell me. Still nothing. Around this time is when the first DMCA takedown notice shows up. Nice timing, eh?

At this point, I had $1350 worth of referrals that I could document (and that LifeShield had confirmed…who knows if there were more, perhaps?). I was told at one point:

I just heard back and was told that all the credits should be processed by the end of the day today. If there is any change in that I will let you know.

And that was the very last email I ever received from LifeShield. As you would probably assume, I never received my referral payout. Combine this with the shady DMCA takedowns and you have a very unhappy blogger. The sad part is that I still love the products and service. That’s the only reason I left the reviews up. I emailed LifeShield to let them know I was removing all my referral links (and why) and that I’d be eventually writing a blog post (like this one) explaining the whole ordeal. I’d like to let customers read my review and also read this description of their business practices and then make up their own minds as to whether or not they’d like to do business with LifeShield. If you think I’m being a whiny turd about all this and the product sounds great: go ahead and buy it. If you think the product sounds great but you don’t like the way they work: move on to the competition. Regardless, let me know what you think in the comments below.

Oh, one last thing. The “SVP Interactive” of LifeShield inexplicably cc’ed me on a recent email to the IP protection company with a new list of sites to harrass over “trademark infringement.” That doggone “reply to all” button will get you every time, eh? Seriously, learn how to internet.

29 Comments :, , , , , more...

Review: LifeShield Wireless Homeview Camera

by on Oct.15, 2010, under Group News, Hardware, Presentations, Reviews

UPDATE (2012-05-10): I’ve been less-than-thrilled with the business practices of LifeShield lately. I still am a big fan of their products and services, so these reviews stand true, but if you’d like to know what they are up to, read this blog post.

Full disclosure: LifeShield sent me this camera for review, I did not purchase it.

Homeview Camera

As you all know from my InGrid/LifeShield security system review, I’m a big fan. I’ve been using the system for a few months now and I’m still very happy with my purchase. I’ve added on a few peripherals of sorts, such as a water detector, which will let me know if my second-floor laundry room is flooding. I had considered buying a network camera to attach to the system, but I just hadn’t gotten around to it yet.

Lucky for me, the folks from LifeShield contacted me and said that they liked my review. “Would you like to do a review of one of our new wireless cameras?” they asked. Not a difficult question to answer, so the camera showed up a few days later.

The Hardware:

The camera sells for $129.99 on

Package includes the camera, the base/mount, AC power adapter and an ethernet cable.

The camera itself has 640×480 resolution.

This appears to be some sort of stock hardware made by a 3rd party as it looks exactly like the wireless camera you can get with the Schlage LiNK system.


Adding the camera to the security system is very simple. Before you can use it wirelessly, you need to power on the camera and plug it into your wired network. The two lights on the front indicate power and network activity, so you can tell pretty quick if it is up and running. Once it is booted up, you simply navigate to Cameras >> Add Camera on the LifeShield handset or base unit. It will scan for a few seconds, find the camera, then allow you to “name” it.

Now that the camera is attached, you need to log on to My LifeShield and you’ll notice that now there is 1 camera listed under the Cameras tab. Click on Camera Settings and you’ll see the options that are available to you. The first thing you’ll probably want to do is adjust the wireless settings so that the camera can connect to your wireless network. It had no problem connecting to my home WPA2-encrypted wireless network.

On the settings page, you can also tell it to flip the image horizontally, vertically, or both, which will open up your camera mounting options. You can also tell it to turn the front LEDs off if you want a stealthier mount. Image quality settings are also available, such as brightness and contrast.


Now that you have the wireless settings nailed down, you can move the camera away from the wired connection and test it out. Make sure that the camera successfully connects to your wireless network by going back to the web UI and telling it to take a test shot. If it all works out honky-dory, feel free to move the camera to where you intend to permanently mount it. Once you plug it in, it should connect to your wifi and you can take another test shot to confirm that it is working.

General Use:

Now that the camera is set up to view your front door or your kid’s room or the garage, what can you do with it?

There are 2 levels of service for the camera with LifeShield. The basic service is free with the monitoring package you are already paying for, and this is the service I have. I’ll explain what you can do with this service in a moment. The 2nd level of service is $6/month, and it allows you to add special triggers and to view live video and images from the camera remotely. I have not tested this service, but I’ll report here if I decide to activate it.

I have reviewed the basic service, however, and here’s what it can do for you:

  • When your alarm is triggered, have the camera take a pic or record video
  • Using the new mobile app or the mobile My LifeShield page, you can tell it to take a pic at any time and then view it.

This obviously makes the camera a lot less useful, but if this is all you really want it to do, it is great that it won’t cost you any extra money per month.

I kind of glossed over it quickly, but you may have noticed my mention of the new mobile app from LifeShield. This was just released recently and if you have an Android phone, an iPhone, or a fairly new BlackBerry, you’ll want to install this app. It is a MUCH better experience than the mobile My LifeShield web page. I’ll be writing a review of the app as soon as I can.


As I mentioned before, the camera only produces a 640×480 image, so you won’t be getting a lot of detail here. It is enough to get some idea of what is going on, though. I’d rate the quality as similar to a low-end USB webcam (like an old Logitech QuickCam). Actually, I’m sure the sensor in the camera is the same as is used in webcams. As is the case with webcams, performance is good as long as there is decent light. If you don’t have the camera pointing towards a well-lit area, the image quality will degrade and get extremely noisy very quickly.

…which brings me to my problem with the unit: it doesn’t have IR illuminating LEDs. If you don’t know what I’m talking about, check out this TRENDnet IP Camera. It has a bunch of IR LEDs around the lens that will (invisibly to the naked eye) light up the area in front of the camera. “Night vision,” for lack of a better phrase. Our eyes can’t see IR light but digital camera sensors pick it up just fine. A camera that turns on these LEDs once the lights go out allow you to see what is going on in a pitch-black room. It would look something like this (sample shot from a camera that does have IR illum):


So I ask: what is the point of the camera taking a picture at the time an alarm goes off if there is no IR illumination? Do you expect your thieves to come in during the day, or to turn on all the lights? Chances are good that you’d get a picture of blackness.

That’s a bit disappointing, but probably not a deal breaker. Chances are good that you’re more interested in using this camera for much more casual photos than for catching a crook. If you had this camera mounted in your front hall so you could see people coming in the front door (probably not in pitch-black), you’ll be just fine.


If you are looking for an easy-to-implement home surveillance camera and you don’t want to spend a ton of money, this camera will work just fine. Some people would say “why not just buy an IP camera that is higher resolution and has more options?” Well, if you are asking that question, this camera might not be for you. IP cameras are fine for those of us who know how to set them up and allow access to them from outside our router/firewall, etc, but I don’t think that’s the target audience for this camera. This camera’s biggest selling point, I think, is the ease of setup and use. Unlike a lot of IP cams I’ve used in the past, I haven’t yet had to reboot this camera. It just works, and that’s the most important part.

UPDATE 12-08-2011: I’ve been using this camera a lot more since I realized that it has a web UI. What does this mean? It means I can view live video from the camera from my phone or tablet via a VPN connection and this app IP Cam Viewer. This requires some networking know-how on your part, but it sure beats paying an extra monthly fee to be able to view live video from the camera.

Do you own this camera, and has your experience been different from mine? Please let me know in the comments.

15 Comments :, , , more...

iPhone Applications & Privacy Issues: An Analysis of Application Transmission of iPhone Unique Device Identifiers (UDIDs)

by on Sep.30, 2010, under Group News, Presentations, Security

Executive Summary

In 1999, Intel released its newest CPU — the Pentium 3.  Each processor included a unique serial number, visible to any software installed on the system.  A product backlash quickly developed as privacy rights groups realized that this serial number could be used to track users’ online behavior.  The industry, along with trade groups and governments, blasted this new feature; many governments went as far as proposing legislation to ban the use of Pentium 3 CPUs.  Following the outcry, Intel quickly removed the serial number feature from their processor line, never to be re-introduced.

Fast forward a decade to the introduction of Apple’s iPhone platform.  Much like the Pentium 3, devices running the Apple iPhone operating system (IOS), including Apple iPhones, iPads, and iPod Touches, feature a software-readable serial number – a “Unique Device Identifier,” or UDID.  In order to determine if the privacy fears surrounding the Pentium 3 have manifested themselves on the iPhone platform, we studied a number of iPhone apps from the “Most Popular” and “Top Free” categories in Apple’s App Store.  For these applications, we collected and analyzed the data being transmitted between installed applications and remote servers using several open source tools.  We found that 68% of these applications were transmitting UDIDs to servers under the application vendor’s control each time the application is launched.  Furthermore, 18% of the applications tested encrypted their communications such that it was not clear what type of data was being shared.   A scant 14% of the tested applications appear to be clean.  We also confirmed that some applications are able to link the UDID to a real-world identity.

The iPhone’s UDID is eerily similar to the Pentium 3’s Processor Serial Number (PSN).  While the Pentium 3 PSN elicited a storm of outrage from privacy rights groups over the inherent risks associated with the sharing of such information with third parties, no such concerns have been raised up to this point regarding the iPhone UDID.  As UDIDs can be readily linked to personally-identifiable information, the “Big Brother” concerns from the Pentium 3 era should be a concern for today’s iPhone users as well.

The full report is available here:  iPhone-Applications-Privacy-Issues.pdf.

Update:  iPhone Privacy:  What about the SSL Apps? (10/5/2010)

49 Comments :, , , , , , , more...

The InGrid (or LifeShield) Home Security System – Is It Awesome? (Part 2 of 2 – The Install)

by on Mar.09, 2010, under Group News, Presentations, Reviews, Tutorials, Whining

NOTE: InGrid recently changed their name to LifeShield, but the equipment and service is still the same as is reviewed here

If you are interested in how I got to this point, check out the first post.

UPDATE 10-18-2010: LifeShield has added a few items/features you should know about:
They now sell the cellular backup unit. Add it to your system and your alarms will go through even if your phone lines and internet connection are cut.
They also now offer a smartphone app for the iPhone, Android, and BlackBerry. I’ve used the Android and BlackBerry versions and I’ll review them here ASAP.
One last thing, I’ve reviewed their Wireless Homeview Camera which integrates with the security system.

UPDATE (05-10-2012): I’ve been less-than-thrilled with the business practices of LifeShield lately. I still am a big fan of their products and services, so these reviews stand true, but if you’d like to know what they are up to, read this blog post.

UPDATE 10-18-2010: LifeShield has added a few items/features you should know about:

They now sell the cellular backup unit. Add it to your system and your alarms will go through even if your phone lines and internet connection are cut.

They also now offer a smartphone app for the iPhone, Android, and BlackBerry.

One last thing, I’ve reviewed their Wireless Homeview Camera which integrates with the security system.

UPDATE 11-11-2010: The battery in my Siren Detector died already, which is odd, but the good news is that it uses the same batteries as the door/window sensor: a CR2450 coin-cell battery. These can be purchased from for pretty cheap…I bought a 5-pack for under $7 shipped.

UPDATE 12-08-2011 – THIS IS AN IMPORTANT ONE: In the past year LifeShield has changed their business plan a lot. As you read the review below, bear in mind that the following things are now the case for new customers:

  • They no longer sell the base systems outright, they are free-ish and subsidized by a…
  • Minimum 3 year contract. Sign up for a 5 year contract and your monthly rate will be cheaper (of course). Minimum $35/month for a 3 year contract, minimum $30/month for 5 year. One nice thing about being on contract is that the hardware is completely supported by LS, even including the batteries in your sensors.
  • There is a (minimum) $99 activation fee. It can be higher if you select certain options, such as the Cellular Backup unit

All this being said, it is still a decent deal. If I were security-system shopping today (instead of 2 years ago), I’d probably still go with LifeShield. I recommend you call the competition and get a quote, then check out LifeShield and see how it compares. If you are handy enough to install the system yourself (and you are… it isn’t hard), I think you’ll end up being happier with the LifeShield system.

Original Review:

As I discussed in the last post, I decided to go with the InGrid (LifeShield) security system. I ordered up all the parts I wanted and waited for them to arrive. Before you even receive your hardware, you can set up your account with the web portal ( You create a password for accessing the account as well as other security questions. All of this can be edited later but you might as well get it out of the way now. Once you finish, you can poke around the site and see what kind of settings are available to you. Interesting, but I just couldn’t wait for the hardware to arrive so that I could get started with…

The Install

InGrid hardware

The packaging and documentation were all very impressive. There’s a great attention to detail they show here and it does not go unappreciated. The photo above shows all the stuff I got to start with, although I might add more later. It includes some very nice signs which I think I’ll be leaving in the box. Letting people know you have an alarm system is one thing, letting them know exactly what kind you have is another. Maybe I’ll put up some Brinks signs or something. When you open up the big box, you get this:

InGrid big box 1

A paper telling you, among other things, that “specialty sensors” can’t be added until 24 hours after system activation. No problem, plenty of other sensors to install first. It ended up being less than 24 hours for me anyway. Also included is a CD with PDFs of all the manuals. Then you get to the meat of the system:

InGrid big box 2

The numbered boxes make it even easier than I thought it would be. These 4 units make up the backbone of your security system. They are already associated with each other so there is no “syncing” to be done with these items. Just follow the simple instructions for each box (basically, connect the internal backup battery and plug it in) and you are good to go. Here is a shot of the book showing how simple the instructions are:

InGrid Instructions

As I mentioned, all of the items have internal backup batteries. Supposedly, the batteries will last around 24 hours if your power goes out. They are all simple rechargeable-phone-type batteries that you can buy at WalMart. First up is the base unit:

Base unit still in the box

Base unit still in the box

Base unit front

Base unit front

Base unit back

Base unit back

This guy is the real brain of the operation. You plug it into your internets and into your phone system (VOIP, in my case). It has a cradle for charging the phone unit, but the phone also comes with a charging base, so you don’t NEED to use this to charge the phone. I prefer hiding this somewhere out of sight so that nobody knows where to look to disable your system. If you are using your phone system as a backup, two of the other parts have phone jacks (the Console and the Grid Extender)…which means that this unit could be destroyed but either of those units could still phone home to the monitoring service. That’s part of what is so cool about this system…it is so decentralized.

Next up is the Handset and charger. Here is a pic next to a soda can for size reference:

InGrid handset

This handset has all the functionality of the Console, which is up next:

InGrid console

Either the handset or the console can be used to arm the system, disarm the system, view the status of sensors, and act as a phone (the console acts as a speakerphone). You can set the console on a countertop or mount it on the wall. It needs to be connected to AC power at all times (the battery is really just for backup purposes) so you are somewhat limited in mounting options. These units are also used for adding sensors and other goodies to the system. We’ll get into that shortly. I should also mention that you can view your current weather on either of these units as well as any “weather alerts.” Neato.


I didn’t take a photo of the grid extender… it isn’t very exciting. Basically a brick that you plug into the wall. As I mentioned before, it has a phone jack which will be used to call the monitoring center if other systems fail. The grid extender also does what the name implies… it physically extends the network for sensors and other devices to be recognized by your system, so you should take that into account when deciding where to place all this stuff. You can even put a grid extender in your neighbor’s house (with permission, of course) and plug it into their phone line. That way, a thief would have to cut your internets, your phone, AND your neighbor’s phone to stop the system from calling in an alarm. If power, phone, and cable are knocked out for your entire neighborhood…well… I guess you are SOL… but InGrid says they have a GSM backup module coming soon, so you’ll be able to breathe easy (UPDATE: the GSM backup module is now available from

Once you have these 4 items powered up, you can activate your system online with Very simple process that involves getting a code from the website and then entering it into your handset. Done. Now you can start adding open/closed sensors to your windows and doors. Here’s a little video introduction to the open/closed sensors, followed by a video I made explaining the very simple process of adding a sensor to your security system:

Easy, right?

You can add a bunch of these sensors and then sit down at your computer and name them appropriately from there (if you don’t want to do it from the handset or console).

Once the 24 hours have passed, you’ll get an email to tell you that your system has been activated and you are now in “Practice Mode” for 7 days… which means that any alarm you set off won’t call the monitoring system. So you have 7 days fool around and see how things work without being afraid that the cops will show up and yell at you. This activation email also means you can install your other sensors and dealies. In my case, that meant keyfobs, a siren detector, and a motion detector.

Here are a few videos showing my experience with those 3 addons:

All of that was pretty painless, right? I was a bit annoyed at how the motion sensor integrates with the system, so it gave me an excuse to call their tech support. The problem is that it logs motion events whether the system is armed or not. I understand that concept with door/window sensors, but not with motion sensors… The idea is to keep them in living spaces, so that means you’ll be tripping it all day long. Every time it senses motion, the console and the handset both display “Open: Motion Sensor” as if it is a window you keep opening and closing. My event log on very quickly just gets spammed with these “events.” Sure, I can filter the event log, but I shouldn’t have to. I asked tech support about it and they basically told me that it “isn’t a big deal” and that’s just how it works. They are right, it isn’t a “big deal,” but it IS annoying. There should at least be an OPTION to set it so that motion detector events only get logged (or noticed at all) when the system is armed. Working the way it does, I’m going to put a cover over my motion detector and only take it off when I leave the house or go to bed at night.

Now that the system is up and running, the only thing left to do is give you a quick tour of the myInGrid web UI. The following slideshow takes you through a bunch of the important screens. Many of the features shown here are also available via their mobile-friendly version of the myInGrid site, including being able to look at content grabbed by the cameras attached to your system (I really need to get one of their cameras). If you move your mouse over the slideshow, the controls pop up at the bottom which will allow you to pause it or move forward or backwards in the slideshow. The caption on each screenshot explains what you are looking at.

View the screenshots here if you want to look more closely.

I already mentioned the cameras they offer to integrate with the system. They have a few other items that I don’t (yet) own, but you should know about:

  • Glass break sensors – these recognize the sound of glass breaking and trigger the alarm
  • Water/temperature sensors – these are convenience sensors that alert you to a change in temperature and/or water where it shouldn’t be. I need one of these for our upstairs laundry room.
  • Smoke/heat detectors – you can use these rather than the siren detector I’m using.

I’m hoping that they’ll release some new products soon, such as:

  • A thermostat – would be killer to be able to see the current temperature and change the desired settings remotely
  • Light/appliance controls – or just add a module that supports X10 stuff
  • An outdoor camera – preferably wireless. If it is wired, make it support PoE and include a power injector. Seriously. I will pay for this.
  • A doorbell. This would be interesting to log events on, and it could just ring through all the same units that chirp when a door opens.
  • How about a module with a dry contact interface so we can start to have some REAL fun with this thing…

The Conclusion

So that’s pretty much it… If you have any questions that I have not answered, feel free to ask in the comments and I’ll do my best. Aside from the motion detector silliness, I think this is the perfect home security system…well, it is perfect when used in conjunction with the .44 Desert Eagle I keep in my bedroom. Maybe I should put a picture of THAT in my yard rather than the InGrid signs…

108 Comments :, , , , , , more...

Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!