Amazon Ring Video Doorbell

Warning: *privacy not included with this product

Holiday Guide 2023 Smart Home Video Doorbells

Amazon Ring Video Doorbell

Amazon
Wi-Fi

Review date: Nov. 1, 2023

|
Mozilla researched 8 hours
|

Mozilla says

|
People voted: Very creepy

These little HD video capturing, motion-detecting, two-way talking video doorbells let you be Big Brother in your own home. See who is at the door on your phone, tablet, or PC. Ask the UPS person to drop the package off behind the planter when you're still at the office. Or catch video of the neighborhood porch pirate to share with the cops. Just beware, even though Amazon Ring did address some of our privacy concerns with updates earlier in 2020 like adding mandatory two-factor authentication, these cameras still have some noted potential privacy issues that worry us.

What could happen if something goes wrong?

Amazon’s Ring security cameras and video doorbells are the most widely used home video cameras in many parts of the world today. As one expert from US privacy org the Electronic Frontier Foundation put it, "Ring has steadily been becoming one of the largest surveillance apparatuses in the nation.” And as wise comic book profit Stan Lee reminds us, “With great power comes great responsibility.” Has Amazon Ring lived up to that great responsibility? No, they haven’t. And if you’re checking in to see if, in 2023, Ring has improved their privacy practices after sooo very many complaints, the short answer is no, not enough.

On the bright side, Amazon is starting to be held accountable for some of their more “egregious violations of users’ privacy” described in a proposed order filed by the FTC in May of 2023. Like when they stored customer data--including video recordings--unencrypted on an Amazon cloud server and gave every employee and even some third party contractors access. The FTC’s complaint also says Ring had failed to keep customers’ sensitive data secure, which made it easy for bad actors to get access to sensitive data too. Since those colossal blunders, they have gotten more transparent in their privacy and data deletion practices, which we appreciate. And they added two-factor authentication to help protect users in 2020, which was a great step forward. One we here at Mozilla pushed hard for. But, we’re still pushing. In June, 2023 we published a security vulnerability impacting Ring’s security after Amazon failed to take action on it for over 90 days. As far as we can tell, they still haven't fixed this vulnerability. So when it comes to Amazon Ring's security scorecard, there’s still lots of room to do better.

Then there is the problematic relationship Ring has with law enforcement where questions of racism, warrantless surveillance, and police overreach still linger. While Amazon says they are distancing themselves from law enforcement access to users' video and requiring more transparency in the process, they are still facilitating law enforcement access with this product and the Neighbors app and that leaves us concerned. They also admitted in 2022 they still share video with law enforcement without users’ permission in some circumstances. And even when Ring does require a court order, that often doesn’t give Americans as much protection as you’d think. That’s because Ring doesn’t have a good track record of pushing back on far-reaching warrants for their users’ video recordings of and inside their homes. That really worries us since Ring reportedly receives thousands of search warrants each year -- a number that’s growing.

Amazon’s Ring and Neighbors app privacy policy says they can collect a whole lot of data (by the way, what’s up with the teeny tiny font on that privacy policy?). Everything from name, phone number, email, postal address, age, gender, the location of your mobile device, video and audio recordings, and potentially even every doorbell press and app interaction you have. And while it’s good Ring says they don’t sell your personal information, they do say they can share your information with a number of third parties for things like advertising, marketing, government and law enforcement requests, and with their business affiliates (which could potentially be a decent number of companies).

There is also the question of privacy violations of the neighbors of people who use home surveillance cameras -- not just Ring but all of home surveillance cameras. A recent court case in the UK highlighted this when a woman sued her neighbor for infringing on her privacy when his Ring security cameras were found pointed at her home. Not only could his cameras see her, they could also listen to her as well. She won her case and $137,000.

On that note, there's also this interesting line in Amazon Ring's privacy policy that puts the responsibility on you to make sure you don't break any surveillance laws where you live, "Privacy and video surveillance laws in your jurisdiction may apply to your use of our products and services. You are solely responsible for ensuring that you comply with applicable law when you use our products or services. For example, you may need to display a notice that alerts visitors to your home that you are using our products or services. Capturing, recording or sharing video or audio content that involves other people, or capturing other peoples’ facial feature information, may affect their privacy rights." So yeah, just know that you are solely responsible for all that weird privacy violating stuff Ring admits they can do right there. Uhg.

And then there are the safety concerns these video cameras raise. Does all this constant surveillance make us safer? Well, the story about the Ring users who opened fire upon seeing a neighbor drop off a misdelivered package at their door raises questions about that. Domestic violence advocates also raise concerns. And privacy experts keep shouting their concerns in places like the NY Times, Consumer Reports, and NBC News.

What’s the worst that could happen? Well, beyond the snooping next door neighbor, the trigger happy, paranoid surveillance junky, the questionable law enforcement partnerships -- and, oh yeah, Amazon Ring's questionable privacy and security practices -- there’s the big concerns about all this constant surveillance. In the United States where abortion has become illegal in a number of states, it is possible anti-abortion activists could use these surveillance cameras to spy on women who are pregnant to see if they carry their fetus to term. And if they don’t -- no matter the reason -- video from these cameras could potentially be used to harass, arrest, and potentially even prosecute women seeking reproductive healthcare, for whatever reason. This is bad. All in all, these security cameras raise too many questions about privacy, transparency, data protection, public safety and racism in our opinion. For this reason, we worry Amazon's Ring cameras come with *privacy not included.

Tips to protect yourself

  • Turn on Two-factor Authentication
  • Check if your address is exposed through the Neighbour app
  • Don't share your login-in information
  • Review sharing options for your data, if you have multiple people in the neighbourhood
  • Make sure you are comfortable with the fact that local police may require the footage. Think about all of the personal events cameras inside and outside of your home will capture.
  • Use strong passwords & unique usernames
  • Delete footage as often as you can
  • Limit third-party trackers in the Ring app
  • Do not sign up with third-party accounts. Better just log in with email and strong password.
  • Chose a strong password! You may use a password control tool like 1Password, KeePass etc
  • Use your device privacy controls to limit access to your personal information via app (do not give access to your camera, microphone, images, location unless necessary)
  • Keep your app regularly updated
  • Limit ad tracking via your device (eg on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization)
  • Request your data be deleted once you stop using the app. Simply deleting an app from your device usually does not erase your personal data.
  • When starting a sign-up, do not agree to tracking of your data if possible."
  • mobile

Can it snoop on me? information

Camera

Device: Yes

App: Yes

Microphone

Device: Yes

App: Yes

Tracks location

Device: Yes

App: Yes

What can be used to sign up?

What data does the company collect?

How does the company use this data?

Ring Privacy Notice

"We do not sell or otherwise share personal information about you except as described in this Privacy Notice. We may share your personal information with (1) our affiliates and subsidiaries and (2) our service providers who perform services on our behalf, such as marketing, customer service, order fulfillment and data analytics and storage. We do not authorize our service providers to use or disclose your personal information except as necessary to perform services on our behalf or comply with legal requirements. We also may share personal information with our business partners (1) with whom we jointly offer products and services; (2) to the extent you use Works With Ring to connect to third-party products or services; and (3) for payment processing and fraud prevention purposes.

We also may disclose personal information about you (1) if we are required to do so by law or legal process (such as a court order or subpoena); (2) to establish, exercise or defend our legal rights; (3) when we believe disclosure is necessary or appropriate to prevent physical or other harm or financial loss; (4) in connection with an investigation of suspected or actual illegal activity; or (5) otherwise with your consent. "

"When you use our websites and apps, information about your online activities may be collected to provide you with advertising about products and services tailored to your interests. This section of our Privacy Notice provides details and explains how to exercise your choices.

You may see our ads on other websites or mobile apps because we participate in advertising networks. Ad networks allow us to target our messaging to individuals considering demographic data, individuals’ inferred interests and browsing context. These networks track individuals’ online activities over time by collecting information through automated means, including through the use of cookies, web server logs, web beacons and other similar technologies. The networks use this information to show ads that may be tailored to individuals’ interests, to track individuals’ browsers or devices across multiple websites, and to build a profile of individuals’ online browsing activities. The information our ad networks may collect includes data about individuals’ visits to websites that participate in the relevant ad networks, such as the pages or ads viewed and the actions taken on the websites. This data collection takes place both on our websites and on third-party websites that participate in the ad networks. This process also helps us track the effectiveness of our marketing efforts.."

"We may use the personal information we obtain about you to ...
Personalize your experience with our products and services; ...
Allow you to interact with certain third-party products or services (for example, to enable you to link to, or view content from, third-party sites within our services, or connect to third-party products and services through Works With Ring);
Perform analytics (including market and consumer research, trend analysis, financial analysis, and anonymization of personal information); ...
Operate, evaluate, develop, manage and improve our business (including operating, administering, analyzing and improving our products and services; developing new products and services; managing and evaluating the effectiveness of our communications; performing accounting, auditing, billing reconciliation and collection activities and other internal functions);
Protect against, identify and prevent fraud and other criminal activity, claims and other liabilities;
Comply with and enforce applicable legal requirements, relevant industry standards and policies, including this Privacy Notice and our Terms of Service."

"We also may use the personal information we collect about you in other ways for which we provide specific notice at the time of collection and obtain your consent if required by applicable law."

How Public Safety Agencies Use Neighbors

"Neighbors does not share the addresses at which any devices are located unless you post it to the Neighbors App or share a video recording in response to a Request for Assistance post. Should you choose to share your recordings, the recordings you chose to share, your street address (the address associated with your Ring device), and the email address associated with your account will be shared with the public safety user who created the Request for Assistance post. For more information on Request for Assistance posts please read our FAQ."

How can you control your data?

We ding this product because it is unclear if all users regardless of location can get their data deleted.

"When you purchase our products, you may choose to use our Ring Protect Plan (“Ring Protect”) on a trial or subscription basis. If you have enabled the recording features of Ring Protect, we retain the recordings (and any related information) from your product during your recording subscription period so you can access your content during that time period. You may delete your recordings from Ring Protect at any time by accessing your account. Additionally, regardless of your use of Ring Protect, we retain Ring Neighborhoods Recordings (as defined in the Terms of Service) so you can participate in the Ring Neighborhoods feature if you choose to do so.

In addition, to the extent required by applicable law, you may have the right to request access to or delete your personal data. If you wish to do any of these things, please visit here or contact Customer Support."

What is the company’s known track record of protecting users’ data?

Bad

In September 2023, FTC filed a lawsuit against Amazon for illegally maintaining monopoly power.

In July 2023, Apple and Amazon were fined by Spain antitrust watchdog.

In June 2023, Mozilla published a major vulnerability in Ring Doorbell.

In March 2023, FTC and DOJ charged Amazon with violating Children’s Privacy Law by keeping kids’ Alexa voice recordings forever and undermining parents’ deletion requests.

In 2023, the company also agreed to pay $5.8 million in customer refunds for alleged privacy violations involving its doorbell camera Ring.

It was reported that in May, 2022 Amazon's patched Ring's app for Android due a "high-severity" security vulnerability that could have allowed hackers to access personal information, location, and camera recordings.

Amazon admitted to giving Ring video doorbell footage to police without the owners' permission at least 11 times in 2022.

In 2021, the Federal Trade Commission in the US recommended filing a lawsuit against Amazon because of privacy and security breaches in Ring home security unit

In December 2020, a class action lawsuit was filed alleging lax security measures at Ring, allowed hackers to take over their devices.

In November 2019, a security vulnerability in Amazon's Ring Video Doorbell Pro devices could have allowed attackers to exploit the internet-connected doorbell to intercept the owner's wi-fi credentials.

In 2019, Motherboard reported on how Ring's weak security and compromised email addresses and passwords left Ring cameras easy to hack

In 2022, Paige Thompson, a former Amazon employee accused of stealing the personal information of 100 million customers by breaching banking giant CapitalOne in 2019, was found guilty by a Seattle jury on charges of wire fraud and computer hacking.

In July 2021, the Luxembourg National Commission for Data Protection issued a 746 million euro fine to Amazon for allegedly violating the European Union’s General Data Protection Regulation (GDPR).

In August 2020, security researchers from Check Point pointed out a flaw in Amazon's Alexa smart home devices that could have allowed hackers access to personal information and conversation history. Amazon promptly fixed the bug.

In October 2020, Amazon fired an employee for leaking customer email addresses to an unnamed third party.

In October 2019, Forbes reported that Amazon employees were listening to Amazon Cloud Cam recording, to train its AI algorithm.

In April 2019, it was revealed that thousands of employees, many of whom are contract workers and some not even directly employed by Amazon, had access to both voice and text transcripts of Alexa interactions.

Child Privacy Information

We recognize the importance of protecting children's online privacy. Ring's products and services are intended for a general audience and are not directed to children. We do not knowingly collect personal information online from children under the age of 13.

Can this product be used offline?

No

User-friendly privacy information?

No

Amazon Ring makes it rather difficult to even find their privacy notice, buried at the bottom of a more marketing focused page full of privacy promises that sound good but aren't as binding. Also, what's up with the teeny tiny text on your privacy policy Ring? Geesh.

Links to privacy information

Does this product meet our Minimum Security Standards? information

Yes

Encryption

Yes

Videos are encrypted in storage and during transmission. Ring is offering end-to-end encryption. https://blog.ring.com/2020/09/24/ring-announces-end-to-end-encryption-privacy-security-and-user-control-updates/

Strong password

Yes

Two-factor authentication is now mandatory after major pressure from Mozilla and other groups.

Security updates

Yes

Manages vulnerabilities

Yes

Amazon Ring has a bug bounty program, which means that anyone who finds a security issue and discloses it responsibly may get paid. https://hackerone.com/ring

Privacy policy

Yes

Ring has a webpage dedicated to explaining it's privacy pillars and answering frequently asked questions

Does the product use AI? information

Yes

Is this AI untrustworthy?

Can’t Determine

What kind of decisions does the AI make about you or for you?

Ring cameras use camera-based motion detection to start recording.

Is the company transparent about how the AI works?

No

Does the user have control over the AI features?

No

*privacy not included

Dive Deeper

  • Amazon’s Ring to pay $5.8M after staff and contractors caught snooping on customer videos, FTC says
    TechCrunch
  • Mozilla Publishes Ring Doorbell Vulnerability Following Amazon’s Apathy
    Mozilla Foundation
  • What to Do If the Police Ask for Your Security Camera or Video Doorbell Recordings
    Consumer Reports
  • A Ransomware Gang Claims It Hacked Amazon's Ring
    Gizmodo
  • 14 reasons not to get a Ring camera
    Mashable
  • Accidental Spies: Amazon Ring Owners May Be Unknowingly Emailing Police
    The Markup
  • How to Protect Your Packages—And Your Ethics
    The Markup
  • FTC and DOJ Charge Amazon with Violating Children’s Privacy Law by Keeping Kids’ Alexa Voice Recordings Forever and Undermining Parents’ Deletion Requests
    Federal Trade Commission
  • Amazon to pay $31 million in privacy violation penalties for Alexa voice assistant and Ring camera
    AP News
  • FTC Sues Amazon for Illegally Maintaining Monopoly Power
    Federal Trade Commission
  • Not home alone: FTC says Ring’s lax practices led to disturbing violations of users’ privacy and security
    FTC
  • All the Data Amazon’s Ring Cameras Collect About You
    Wired
  • Ring Cameras Are Going to Get More People Killed
    Motherboard: Tech by Vice
  • America's Ring doorbell camera obsession highlights the scourge of mass surveillance
    NBC News
  • Amazon gave Ring videos to police without owners’ permission
    Politico
  • Amazon's Ring logs every doorbell press and app action
    BBC News
  • Security Cameras Make Us Feel Safe, but Are They Worth the Invasion?
    The New York Times
  • Amazon sneakily fixed a vulnerability in the Ring camera
    Mashable
  • How Amazon Ring uses domestic violence to market doorbell cameras
    MIT Technology Review
  • Ring's police problem never went away. Here's what you still need to know
    CNET
  • Ring doorbell 'gives Facebook and Google user data'
    BBC
  • Ring Neighbors Is the Best and Worst Neighborhood Watch App
    New York Times
  • Ring doorbells to send live video to Mississippi police
    BBC
  • Ring's new privacy and security features prove that hardware isn't the only important thing
    CNET
  • Amazon’s Ring is the largest civilian surveillance network the US has ever seen
    The Guardian
  • Amazon's helping police build a surveillance network with Ring doorbells
    CNET
  • Poll: How Americans Feel About Nextdoor, Neighbors, and Police Partnerships
    Mozilla
  • Amazon hit with major data breach days before Black Friday
    The Guardian
  • Amazon Fired Employee for Leaking Customer Emails
    Vice
  • Ring, 2FA, and a Win for Consumers
    Mozilla
  • Ring Doorbell App Packed with Third-Party Trackers
    EFF

Comments

Got a comment? Let us hear it.