Amazon Ring Video Doorbell

Warning: *privacy not included with this product

Video Doorbells Smart Home

Amazon Ring Video Doorbell

Amazon
Wi-Fi

Review date: Nov. 9, 2022

|
Mozilla researched 10 hours
|

Mozilla says

|
People voted: Super creepy

These little HD video capturing, motion-detecting, two-way talking video doorbells let you be Big Brother in your own home. See who is at the door on your phone, tablet, or PC. Ask the UPS person to drop the package off behind the planter when you're still at the office. Or catch video of the neighborhood porch pirate to share with the cops. Just beware, even though Amazon Ring did address some of our privacy concerns with updates earlier in 2020 like adding mandatory two-factor authentication, these cameras still have some noted potential privacy issues that worry us.

What could happen if something goes wrong?

Amazon’s Ring security cameras and video doorbells are the most widely used home video cameras in many parts of the world today. As one expert from US privacy org the Electronic Frontier Foundation put it, "Ring has steadily been becoming one of the largest surveillance apparatuses in the nation.” And as wise comic book prophet Stan Lee reminds us, “With great power comes great responsibility.” Has Amazon Ring lived up to that great responsibility? No, they haven’t.

Ring has a history of not protecting users' privacy. At one point they reportedly stored customer data--including video recordings--unencrypted on an Amazon cloud server and employees could access any of this data. There have also been reported data leaks and concerns that the Ring Doorbell app is full of third-party trackers tracking a good amount of personal information that Amazon Ring doesn’t disclose. They have gotten more transparent in their privacy and data deletion practices, which we appreciate. And they added two-factor authentication to help protect users in 2020, which was a great step forward. One we here at Mozilla pushed hard for.

Then there is the problematic relationship Ring has with law enforcement where questions of racism, warrantless surveillance, and police overreach still linger. While Amazon says they are distancing themselves from law enforcement access to users' video and requiring more transparency in the process, they are still facilitating law enforcement access with this product and the Neighbors app and that leaves us concerned. They also admitted in 2022 they still share video with law enforcement without users’ permission in some circumstances.

Amazon’s Ring and Neighbors app privacy policy says they can collect a whole lot of data (by the way, what’s up with the teeny tiny font on that privacy policy?). Everything from name, phone number, email, postal address, age, gender, the location of your mobile device, video and audio recordings, and potentially even every doorbell press and app interaction you have. And while it’s good Ring says they don’t sell your personal information, they do say they can share your information with a number of third parties for things like advertising, marketing, government and law enforcement requests, and with their business affiliates (which could potentially be a decent number of companies).

There is also the question of privacy violations of the neighbors of people who use home surveillance cameras -- not just Ring but all of home surveillance cameras. A recent court case in the UK highlighted this when a woman sued her neighbor for infringing on her privacy when his Ring security cameras were found pointed at her home. Not only could his cameras see her, they could also listen to her as well. She won her case and $137,000.

And then there are the safety concerns these video cameras raise. Does all this constant surveillance make us safer? Well, the story about the Ring users who opened fire upon seeing a neighbor drop off a misdelivered package at their door raises questions about that. Domestic violence advocates also raise concerns. And privacy experts keep shouting their concerns in places like the NY Times, Consumer Reports, and NBC News.

What’s the worst that could happen? Well, beyond the snooping next door neighbor, the trigger happy, paranoid surveillance junky, and the questionable law enforcement partnerships, there’s the big concerns about all this constant surveillance. In the United States where abortion has become illegal in a number of states, it is possible anti-abortion activists could use these video doorbell cameras to spy on women who are pregnant to see if they carry their fetus to term. And if they don’t -- no matter the reason -- video from these cameras could potentially be used to harass, arrest, and potentially even prosecute women seeking reproductive healthcare, for whatever reason. This is bad. All in all, these security cameras raise too many questions about privacy, transparency, data protection, public safety and racism in our opinion. For this reason, we say they come with *Privacy Not Included.

Tips to protect yourself

  • Turn on Two-factor Authentication
  • Check if your address is exposed through the Neighbor app
  • Don't share your login-in information
  • Review sharing options for your data if you have multiple people in the neighborhood
  • Make sure you are comfortable with the fact that local police may require the footage. Think about all of the personal events cameras inside and outside of your home will capture.
  • Use strong passwords & unique usernames
  • Delete footage as often as you can
  • Limit third-party trackers in the Ring app
  • Do not sign up with third-party accounts. Better just log in with email and strong password.
  • Chose a strong password! You may use a password control tool like 1Password, KeePass etc
  • Use your device privacy controls to limit access to your personal information via app (do not give access to your camera, microphone, images, location unless neccessary)
  • Keep your app regularly updated
  • Limit ad tracking via your device (eg on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization)
  • Request your data be deleted once you stop using the app. Simply deleting an app from your device usually does not erase your personal data.
  • When starting a sign-up, do not agree to tracking of your data if possible.
  • mobile

Can it snoop on me? information

Camera

Device: Yes

App: Yes

Microphone

Device: Yes

App: Yes

Tracks location

Device: Yes

App: Yes

What can be used to sign up?

What data does the company collect?

How does the company use this data?

"We do not sell or otherwise share personal information about you except as described in this Privacy Notice. We may share your personal information with (1) our affiliates and subsidiaries and (2) our service providers who perform services on our behalf, such as marketing, customer service, order fulfillment and data analytics and storage. We do not authorize our service providers to use or disclose your personal information except as necessary to perform services on our behalf or comply with legal requirements. We also may share personal information with our business partners (1) with whom we jointly offer products and services; (2) to the extent you use Works With Ring to connect to third-party products or services; and (3) for payment processing and fraud prevention purposes.
We also may disclose personal information about you (1) if we are required to do so by law or legal process (such as a court order or subpoena); (2) to establish, exercise or defend our legal rights; (3) when we believe disclosure is necessary or appropriate to prevent physical or other harm or financial loss; (4) in connection with an investigation of suspected or actual illegal activity; or (5) otherwise with your consent."

Amazon, Ring's parent company, combines data on its users with data from third parties, for advertisement purposes: "Some third-parties may provide Amazon pseudonymized information about you (such as demographic information or sites where you have been shown ads) from offline and online sources that we may use to provide you more relevant and useful advertising."

How can you control your data?

It is unclear if all users regardless of location can get their data deleted.

"You may delete your recordings from Ring Protect at any time by accessing
your account. Additionally, regardless of your use of Ring Protect , we retain Ring Neighborhoods Recordings (as defined in the Terms of Service) so you can participate in the Ring Neighborhoods feature if you choose to do so. In addition, to the extent required by applicable law, you may have the right to request access to or delete your personal data. If you wish to do any of these things, please visit here or contact Customer Support."

In addition, law enforcement can make a video request in the Neighbors app to ask the community to assist in an investigation. Police who download videos from customer cameras may be able to keep them indefinitely, depending on local laws.

What is the company’s known track record of protecting users’ data?

Bad

It was reported that in May, 2022 Amazon's patched Ring's app for Android due a "high-severity" security vulnerability that could have allowed hackers to access personal information, location, and camera recordings.

Amazon admitted to giving Ring video doorbell footage to police without the owners' permission at least 11 times in 2022.

In 2021, the Federal Trade Commision in the US recommended filing a lawsuit against Amazon because of privacy and security breaches in Ring home security unit

In December 2020, a class action lawsuit was filed alleging lax security measures at Ring, allowed hackers to take over their devices.

In November 2019, a security vulnerability in Amazon's Ring Video Doorbell Pro devices could have allowed attackers to exploit the internet-connected doorbell to intercept the owner's wi-fi credentials.

In 2019, Motherboard reported on how Ring's weak security and compromised email addresses and passwords left Ring cameras easy to hack

In 2022, Paige Thompson, a former Amazon employee accused of stealing the personal information of 100 million customers by breaching banking giant CapitalOne in 2019, was found guilty by a Seattle jury on charges of wire fraud and computer hacking.

In July 2021, the Luxembourg National Commission for Data Protection issued a 746 million euro fine to Amazon for allegedly violating the European Union’s General Data Protection Regulation (GDPR).

In August 2020, security researchers from Check Point pointed out a flaw in Amazon's Alexa smart home devices that could have allowed hackers access to personal information and conversation history. Amazon promptly fixed the bug.

In October 2020, Amazon fired an employee for leaking customer email addresses to an unnamed third party.

In October 2019, Forbes reported that Amazon employees were listening to Amazon Cloud Cam recording, to train its AI algorythm.

In April 2019, it was revealed that thousands of employees, many of whom are contract workers and some not even directly employed by Amazon, had access to both voice and text transcripts of Alexa interactions.

Child Privacy Information

"Ring's products and services are intended for a general audience and are not directed to children. We do not knowingly collect personal information online from children under the age of 13."

Can this product be used offline?

No

User-friendly privacy information?

Yes

Ring has a webpage dedicated to explaining its privacy pillars and answering frequently asked questions

Links to privacy information

Does this product meet our Minimum Security Standards? information

Yes

Encryption

Yes

Videos are encrypted in storage and during transmission. Ring is offering end-to-end encryption. https://blog.ring.com/2020/09/24/ring-announces-end-to-end-encryption-privacy-security-and-user-control-updates/

Strong password

Yes

Two-factor authentication is now mandatory after major pressure from Mozilla and other groups.

Security updates

Yes

Manages vulnerabilities

Yes

Amazon has a bug bounty program, which means that anyone who finds a security issue and discloses it responsibly may get paid.

Privacy policy

Yes

Ring has a webpage dedicated to explaining it's privacy pillars and answering frequently asked questions

Does the product use AI? information

Yes

Is this AI untrustworthy?

Can’t Determine

What kind of decisions does the AI make about you or for you?

Ring cameras use camera-based motion detection to start recording.

Is the company transparent about how the AI works?

Can’t Determine

Does the user have control over the AI features?

No

*privacy not included

Dive Deeper

  • Not home alone: FTC says Ring’s lax practices led to disturbing violations of users’ privacy and security
    FTC
  • All the Data Amazon’s Ring Cameras Collect About You
    Wired
  • Ring Cameras Are Going to Get More People Killed
    Motherboard: Tech by Vice
  • America's Ring doorbell camera obsession highlights the scourge of mass surveillance
    NBC News
  • Amazon gave Ring videos to police without owners’ permission
    Politico
  • Amazon's Ring logs every doorbell press and app action
    BBC News
  • Security Cameras Make Us Feel Safe, but Are They Worth the Invasion?
    The New York Times
  • Amazon sneakily fixed a vulnerability in the Ring camera
    Mashable
  • How Amazon Ring uses domestic violence to market doorbell cameras
    MIT Technology Review
  • Ring's police problem never went away. Here's what you still need to know
    CNET
  • Ring doorbell 'gives Facebook and Google user data'
    BBC
  • Ring Neighbors Is the Best and Worst Neighborhood Watch App
    New York Times
  • Ring doorbells to send live video to Mississippi police
    BBC
  • Ring's new privacy and security features prove that hardware isn't the only important thing
    CNET
  • Amazon’s Ring is the largest civilian surveillance network the US has ever seen
    The Guardian
  • Poll: How Americans Feel About Nextdoor, Neighbors, and Police Partnerships
    Mozilla
  • Amazon's helping police build a surveillance network with Ring doorbells
    CNET
  • Amazon hit with major data breach days before Black Friday
    The Guardian
  • Amazon Fired Employee for Leaking Customer Emails
    Vice
  • Ring, 2FA, and a Win for Consumers
    Mozilla
  • Ring Doorbell App Packed with Third-Party Trackers
    EFF

Comments

Got a comment? Let us hear it.