Ring Indoor Cam
Review date: 10/23/2019
This indoor camera has all the usual--HD video, night vision, motion activation, two-way microphone--to put the inside of your house under 24-hour surveillance. Monitor it through an app on your phone or a you Amazon Echo Show home hub. Just ask Alexa to show you what's happening. All sounds fine and dandy. Just beware, these Amazon Ring cameras do have some noted potential privacy vulnerabilities that could let someone go all Big Brother on you.
What could happen if something goes wrong
These indoor camera raise a number of red flags for us. Ring, owned by Amazon, has a history of not protecting users privacy. They stored customer data--including video recordings--unencrypted on an Amazon cloud server and employees could access any of this data. This means these employees could not only view, but potentially also download and share videos from your home. They also have a partnership with local law enforcement that has raised many privacy and civil rights questions (see article below). They aren't as transparent as we would like them to be about their privacy and data deletion practices. They say they don't do facial recognition while having hired a "head of facial recognition research." All in all, this is a security video camera that raises just too many questions about privacy and security, in our opinion.
Can it snoop on me?
What is required to sign up?
Third party account
What data does it collect?
How does it use this data?
How can you control your data?
What is the company’s known track record for protecting users’ data?
Can this product be used offline?
User friendly privacy information?
Links to privacy information
Does this product meet our Minimum Security Standards?
We were unable to determine if Ring currently uses secure encryption. In September 2019, security researchers discovered a vulnerability where customers' Wi-Fi passwords were sent unencrypted in cleartext, allowing anyone nearby to hack the network. Also, there was a past issue in which customer data was stored unencrypted in an open Amazon S3 cloud bucket. For years, any Ring employee could access unencrypted recordings of customer videos and there were no access logs. While Ring has likely patched any security problems, we do not feel confident in stating the company uses secure encryption.
Do you have to create a strong password?
Does it get regular software/firmware updates?
Ring doesn't have a great track record for securing customer data or hiring experienced security engineers.