is Sentry legit?

glennst43

n3wb
Joined
May 2, 2014
Messages
18
Reaction score
0
I have tried to sign up for Sentry alerts, but
1. The link to Sentryhomesecurity.com from Blue Iris gives a bad certificate error. Also, emails from them have the same cert error.
2. Even if I bypass the certificate error, I get a 404 error, so no way to sign up from the Blue Iris software.
3. I went directly to the website to sign up for service (not through Blue Iris because of issues above), and they are billing me, but I am unable to log in to the dashboard with an "user not found" error. I emailed support, but haven't got any help. Basically, they are taking my money but not providing any service.

Everything about this is feeling shady. Is this really legit? Has anyone else tried to sign up recently?

The certificate errors alone makes me not want to trust this company. Thinking I will contact my credit card fraud department soon to stop the charges.
 

fenderman

Staff member
Joined
Mar 9, 2014
Messages
36,897
Reaction score
21,250
I have tried to sign up for Sentry alerts, but
1. The link to Sentryhomesecurity.com from Blue Iris gives a bad certificate error. Also, emails from them have the same cert error.
2. Even if I bypass the certificate error, I get a 404 error, so no way to sign up from the Blue Iris software.
3. I went directly to the website to sign up for service (not through Blue Iris because of issues above), and they are billing me, but I am unable to log in to the dashboard with an "user not found" error. I emailed support, but haven't got any help. Basically, they are taking my money but not providing any service.

Everything about this is feeling shady. Is this really legit? Has anyone else tried to sign up recently?

The certificate errors alone makes me not want to trust this company. Thinking I will contact my credit card fraud department soon to stop the charges.
Its a fraud. They teamed up with blue iris to rip you off. All the threads on sentry in the forum are fake. Better make sure you stop the charges asap.
This is their website. It is secure. Smart Sentry AI - Open AI-Based Security Monitoring Platform
 

bp2008

Staff member
Joined
Mar 10, 2014
Messages
12,666
Reaction score
14,005
Location
USA
The certificate isn't bad, they just loaded one image using an unsecure connection which can cause a browser to give a warning. I don't know why you get 404. Maybe your BI version is too old.
 

glennst43

n3wb
Joined
May 2, 2014
Messages
18
Reaction score
0
The certificate isn't bad, they just loaded one image using an unsecure connection which can cause a browser to give a warning. I don't know why you get 404. Maybe your BI version is too old.
I am wondering if a scammer bought this domain, which I assume is the old domain since it was linked in BI:

Below is the error that I am seeing. Do you not get the same error?
Websites prove their identity via certificates. Firefox does not trust this site because it uses a certificate that is not valid for www.smarthomesentry.com. The certificate is only valid for the following names: smartsentry.ai, www.smartsentry.ai

Error code: SSL_ERROR_BAD_CERT_DOMAIN
 

fenderman

Staff member
Joined
Mar 9, 2014
Messages
36,897
Reaction score
21,250
They own both domains. On the ai domain they list the smarthomesentry domain.
 

glennst43

n3wb
Joined
May 2, 2014
Messages
18
Reaction score
0
My email provider also marks all their mails as "possible phishing attempts" probably because of the same cert issue. Does anyone else see this?
 

fenderman

Staff member
Joined
Mar 9, 2014
Messages
36,897
Reaction score
21,250
My email provider also marks all their mails as "possible phishing attempts" probably because of the same cert issue. Does anyone else see this?
the certificate is expired on the security domain. its not a fishing attemp.
 

glennst43

n3wb
Joined
May 2, 2014
Messages
18
Reaction score
0
the certificate is expired on the security domain. its not a fishing attemp.
That would be really surprising. I work for a large software company and have managed web site certificates. The idea that a legit company, especially a security focused company, would leave a cert in an expired state for a public endpoint (or even allow it to happen in the first place) is pretty hard to believe. Without a valid cert, there is nothing preventing a man in the middle attack, which is what I was originally concerned about. I will reach out to their support again.
 

fenderman

Staff member
Joined
Mar 9, 2014
Messages
36,897
Reaction score
21,250
That would be really surprising. I work for a large software company and have managed web site certificates. The idea that a legit company, especially a security focused company, would leave a cert in an expired state for a public endpoint (or even allow it to happen in the first place) is pretty hard to believe. Without a valid cert, there is nothing preventing a man in the middle attack, which is what I was originally concerned about. I will reach out to their support again.
and they would have what information at that point? a few snapshots?
 

glennst43

n3wb
Joined
May 2, 2014
Messages
18
Reaction score
0
and they would have what information at that point? a few snapshots?
I am just talking about the portal where I enter credit card information. But to your point, the security of the snapshots could be a much larger concern to many. Do you agree being able to trust Sentry with handling the camera images securely would be pretty important to many customers?

Running any public web site securely is difficult, but not maintaining your public cert is a pretty fundamental failure and the easiest to avoid. I can't think of a way that they could have failed harder.

Just think about the customer experience. Sentry: "Trust us with your private images, we are security professional". Go to the Sentry website: get an ominous security warning. Receive a Sentry email: flagged as phishing attempt.
 

fenderman

Staff member
Joined
Mar 9, 2014
Messages
36,897
Reaction score
21,250
I am just talking about the portal where I enter credit card information. But to your point, the security of the snapshots could be a much larger concern to many. Do you agree being able to trust Sentry with handling the camera images securely would be pretty important to many customers?

Running any public web site securely is difficult, but not maintaining your public cert is a pretty fundamental failure and the easiest to avoid. I can't think of a way that they could have failed harder.

Just think about the customer experience. Sentry: "Trust us with your private images, we are security professional". Go to the Sentry website: get an ominous security warning. Receive a Sentry email: flagged as phishing attempt.
Why would would enter your CC info when you know the connection is not secure? I would never upload private indoor images to sentry or any online service. Ever. You have to always assume that those images can be seen. If you are that concerned about your outdoor images then you should use a local solution like the deepstack ai tool.
 

glennst43

n3wb
Joined
May 2, 2014
Messages
18
Reaction score
0
Why would would enter your CC info when you know the connection is not secure? I would never upload private indoor images to sentry or any online service. Ever. You have to always assume that those images can be seen. If you are that concerned about your outdoor images then you should use a local solution like the deepstack ai tool.
All of these points are valid and seem to support the argument that Sentry is not trustworthy. I have also been investigating a local solution as you mentioned as an alternative because of these concerns.
 

fenderman

Staff member
Joined
Mar 9, 2014
Messages
36,897
Reaction score
21,250
All of these points are valid and seem to support the argument that Sentry is not trustworthy. I have also been investigating a local solution as you mentioned as an alternative because of these concerns.
Sentry is no less trustworthy than any cloud service. I use it without any concern or worry.
 

glennst43

n3wb
Joined
May 2, 2014
Messages
18
Reaction score
0
Fair enough. I understand there is a certain amount of risk with any cloud service; that is unavoidable. However, there are more and less secure cloud services, and from the information I have so far, Sentry belongs to the "less secure" category.

In any case, I will seek an explanation from Sentry. I suspect they are losing some number of new customers just because of the security warnings on their website.
 

fenderman

Staff member
Joined
Mar 9, 2014
Messages
36,897
Reaction score
21,250
Fair enough. I understand there is a certain amount of risk with any cloud service; that is unavoidable. However, there are more and less secure cloud services, and from the information I have so far, Sentry belongs to the "less secure" category.

In any case, I will seek an explanation from Sentry. I suspect they are losing some number of new customers just because of the security warnings on their website.
Do you even know that the images how the images are transmitted?
Less secure because you used an old deprecated url to sign up?
 

glennst43

n3wb
Joined
May 2, 2014
Messages
18
Reaction score
0
Do you even know that the images how the images are transmitted?
Less secure because you used an old deprecated url to sign up?
I don't know that and never claimed that I did. I just know that they failed at the basics of security. If this happened at my company, someone would probably get fired.

I used the URL that is in their CURRENT email signatures, not old and deprecated:

If you have any questions, visit our support site at https://www.smarthomesentry.com, contact us at support@smarthomesentry.com, or call at +1 415-683-6724.
 

fenderman

Staff member
Joined
Mar 9, 2014
Messages
36,897
Reaction score
21,250
I don't know that and never claimed that I did. I just know that they failed at the basics of security. If this happened at my company, someone would probably get fired.

I used the URL that is in their CURRENT email signatures, not old and deprecated:

If you have any questions, visit our support site at https://www.smarthomesentry.com, contact us at support@smarthomesentry.com, or call at +1 415-683-6724.
Its horrific. When you go to the site you are warned.
Now you have no clue as to how the images are sent so the fact that a certificate is expired on their front end is meaningless.
Someone didnt update their email signatures. Off with their heads.
 

glennst43

n3wb
Joined
May 2, 2014
Messages
18
Reaction score
0
Its horrific. When you go to the site you are warned.
Now you have no clue as to how the images are sent so the fact that a certificate is expired on their front end is meaningless.
Someone didnt update their email signatures. Off with their heads.
It is not meaningless if people can't sign up in the first place.

The signature was from the automated billing receipt, not an individual's email. But that is not the issue: if you have a public endpoint that is running, it should have a valid certificate, period. If they wanted to deprecate it (which we have no reason to believe they do), they could just shut it down.

I just sent a message to their support and will see what they say.
 
Top