Warning: *privacy not included with this product
Amazon Ring Video Doorbell
These little HD video capturing, motion-detecting, two-way talking video doorbells let you be Big Brother in your own home. See who is at the door on your phone, tablet, or PC. Ask the UPS person to drop the package off behind the planter when you're still at the office. Or catch video of the neighborhood porch pirate to share with the cops. Just beware, even though Amazon Ring did address some of our privacy concerns with updates earlier in 2020 like adding mandatory two-factor authentication, these cameras still have some noted potential privacy issues that worry us.
What could happen if something goes wrong?
Amazon’s Ring security cameras and video doorbells are the most widely used home video cameras in many parts of the world today. As one expert from US privacy org the Electronic Frontier Foundation put it, "Ring has steadily been becoming one of the largest surveillance apparatuses in the nation.” And as wise comic book profit Stan Lee reminds us, “With great power comes great responsibility.” Has Amazon Ring lived up to that great responsibility? Not exactly.
Ring has a history of not protecting users' privacy. At one point they reportedly stored customer data--including video recordings--unencrypted on an Amazon cloud server and employees could access any of this data. There have also been reported data leaks and concerns that the Ring Doorbell app is full of third-party trackers tracking a good amount of personal information that Amazon Ring doesn’t disclose. They have gotten more transparent in their privacy and data deletion practices, which we appreciate. And they added two-factor authentication to help protect users in 2020, which was a great step forward. One we here at Mozilla pushed hard for.
Then there is the problematic relationship Ring has with law enforcement where questions of racism, warrantless surveillance, and police overreach still linger. While Amazon says they are distancing themselves from law enforcement access to users' video and requiring more transparency in the process, they are still facilitating law enforcement access with this product and the Neighbors app and that leaves us concerned.
Finally, there are the questions of privacy violations of the neighbors of people who use home surveillance cameras — not just Ring but all of home surveillance cameras. A recent court case in the UK highlighted this when a woman sued her neighbor for infringing on her privacy when his Ring security cameras were found pointed at her home. Not only could his cameras see her, they could also listen to her as well. She won her case and $137,000.
All in all, these security cameras still raise too many questions about transparency, data protection, public safety and racism in our opinion and we feel could come with *privacy not included.
Tips to protect yourself
- Turn on Two-factor Authentication
- Check if your address is exposed through the Neighbor app
- Don't share your login-in information
- Review sharing options for your data, if you have multiple people in the neighborhood
- Make sure you are comfortable with the fact that local police may require the footage. Think about all of the personal events cameras inside and outside of your home will capture.
- Use strong passwords & unique usernames
- Delete footage as often as you can
- Limit third-party trackers in the Ring app
What can be used to sign up?
What data does the company collect?
Name, email, phone number, address
Video and voice recordings
Neighbors app network
How does the company use this data?
How can you control your data?
What is the company’s known track record of protecting users’ data?
In November 2019, a security vulnerability in Amazon's Ring Video Doorbell Pro devices could have allowed attackers to exploit the internet-connected doorbell to intercept the owner's Wi-Fi credentials.
In 2019, Motherboard reported on how Ring's weak security and compromised email addresses and passwords left Ring cameras easy to hack.
In December 2020, a class action lawsuit was filed alleging lax security measures at Ring, allowed hackers to take over their devices.
In August 2020, security researchers from Check Point pointed out a flaw in Amazon's Alexa smart home devices that could have allowed hackers access to personal information and conversation history. Amazon promptly fixed the bug.
In October 2020, Amazon fired an employee for leaking customer email addresses to an unnamed third party.
In October 2019, Forbes reported that Amazon employees were listening to Amazon Cloud Cam recording, to train its AI algorithm.
In April 2019, it was revealed that thousands of employees, many of whom are contract workers and some not even directly employed by Amazon, had access to both voice and text transcripts of Alexa interactions.
Can this product be used offline?
User-friendly privacy information?
Ring has a webpage dedicated to explaining its privacy pillars and answering frequently asked questions
Links to privacy information
Does this product meet our Minimum Security Standards?
Videos are encrypted in storage and during transmission. Ring is offering end-to-end encryption. https://blog.ring.com/2020/09/24/ring-announces-end-to-end-encryption-privacy-security-and-user-control-updates/
Two-factor authentication is now mandatory after major pressure from Mozilla and other groups.
Amazon has a bug bounty program, which means that anyone who finds a security issue and discloses it responsibly may get paid.
Ring has a webpage dedicated to explaining it's privacy pillars and answering frequently asked questions
Got a comment? Let us hear it.