Warning: *privacy not included with this product
Amazon Ring Video Doorbell
Review date: Nov. 9, 2022
These little HD video capturing, motion-detecting, two-way talking video doorbells let you be Big Brother in your own home. See who is at the door on your phone, tablet, or PC. Ask the UPS person to drop the package off behind the planter when you're still at the office. Or catch video of the neighborhood porch pirate to share with the cops. Just beware, even though Amazon Ring did address some of our privacy concerns with updates earlier in 2020 like adding mandatory two-factor authentication, these cameras still have some noted potential privacy issues that worry us.
What could happen if something goes wrong?
Amazon’s Ring security cameras and video doorbells are the most widely used home video cameras in many parts of the world today. As one expert from US privacy org the Electronic Frontier Foundation put it, "Ring has steadily been becoming one of the largest surveillance apparatuses in the nation.” And as wise comic book prophet Stan Lee reminds us, “With great power comes great responsibility.” Has Amazon Ring lived up to that great responsibility? No, they haven’t.
Ring has a history of not protecting users' privacy. At one point they reportedly stored customer data--including video recordings--unencrypted on an Amazon cloud server and employees could access any of this data. There have also been reported data leaks and concerns that the Ring Doorbell app is full of third-party trackers tracking a good amount of personal information that Amazon Ring doesn’t disclose. They have gotten more transparent in their privacy and data deletion practices, which we appreciate. And they added two-factor authentication to help protect users in 2020, which was a great step forward. One we here at Mozilla pushed hard for.
Then there is the problematic relationship Ring has with law enforcement where questions of racism, warrantless surveillance, and police overreach still linger. While Amazon says they are distancing themselves from law enforcement access to users' video and requiring more transparency in the process, they are still facilitating law enforcement access with this product and the Neighbors app and that leaves us concerned. They also admitted in 2022 they still share video with law enforcement without users’ permission in some circumstances.
There is also the question of privacy violations of the neighbors of people who use home surveillance cameras -- not just Ring but all of home surveillance cameras. A recent court case in the UK highlighted this when a woman sued her neighbor for infringing on her privacy when his Ring security cameras were found pointed at her home. Not only could his cameras see her, they could also listen to her as well. She won her case and $137,000.
And then there are the safety concerns these video cameras raise. Does all this constant surveillance make us safer? Well, the story about the Ring users who opened fire upon seeing a neighbor drop off a misdelivered package at their door raises questions about that. Domestic violence advocates also raise concerns. And privacy experts keep shouting their concerns in places like the NY Times, Consumer Reports, and NBC News.
What’s the worst that could happen? Well, beyond the snooping next door neighbor, the trigger happy, paranoid surveillance junky, and the questionable law enforcement partnerships, there’s the big concerns about all this constant surveillance. In the United States where abortion has become illegal in a number of states, it is possible anti-abortion activists could use these video doorbell cameras to spy on women who are pregnant to see if they carry their fetus to term. And if they don’t -- no matter the reason -- video from these cameras could potentially be used to harass, arrest, and potentially even prosecute women seeking reproductive healthcare, for whatever reason. This is bad. All in all, these security cameras raise too many questions about privacy, transparency, data protection, public safety and racism in our opinion. For this reason, we say they come with *Privacy Not Included.
Tips to protect yourself
- Turn on Two-factor Authentication
- Check if your address is exposed through the Neighbor app
- Don't share your login-in information
- Review sharing options for your data if you have multiple people in the neighborhood
- Make sure you are comfortable with the fact that local police may require the footage. Think about all of the personal events cameras inside and outside of your home will capture.
- Use strong passwords & unique usernames
- Delete footage as often as you can
- Limit third-party trackers in the Ring app
- Do not sign up with third-party accounts. Better just log in with email and strong password.
- Chose a strong password! You may use a password control tool like 1Password, KeePass etc
- Use your device privacy controls to limit access to your personal information via app (do not give access to your camera, microphone, images, location unless neccessary)
- Keep your app regularly updated
- Limit ad tracking via your device (eg on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization)
- Request your data be deleted once you stop using the app. Simply deleting an app from your device usually does not erase your personal data.
- When starting a sign-up, do not agree to tracking of your data if possible.
Can it snoop on me?
What can be used to sign up?
What data does the company collect?
Name, email, phone number, address
Video and voice recordings
Neighbors app network
How does the company use this data?
How can you control your data?
What is the company’s known track record of protecting users’ data?
It was reported that in May, 2022 Amazon's patched Ring's app for Android due a "high-severity" security vulnerability that could have allowed hackers to access personal information, location, and camera recordings.
Amazon admitted to giving Ring video doorbell footage to police without the owners' permission at least 11 times in 2022.
In 2021, the Federal Trade Commision in the US recommended filing a lawsuit against Amazon because of privacy and security breaches in Ring home security unit
In December 2020, a class action lawsuit was filed alleging lax security measures at Ring, allowed hackers to take over their devices.
In November 2019, a security vulnerability in Amazon's Ring Video Doorbell Pro devices could have allowed attackers to exploit the internet-connected doorbell to intercept the owner's wi-fi credentials.
In 2019, Motherboard reported on how Ring's weak security and compromised email addresses and passwords left Ring cameras easy to hack
In 2022, Paige Thompson, a former Amazon employee accused of stealing the personal information of 100 million customers by breaching banking giant CapitalOne in 2019, was found guilty by a Seattle jury on charges of wire fraud and computer hacking.
In July 2021, the Luxembourg National Commission for Data Protection issued a 746 million euro fine to Amazon for allegedly violating the European Union’s General Data Protection Regulation (GDPR).
In August 2020, security researchers from Check Point pointed out a flaw in Amazon's Alexa smart home devices that could have allowed hackers access to personal information and conversation history. Amazon promptly fixed the bug.
In October 2020, Amazon fired an employee for leaking customer email addresses to an unnamed third party.
In October 2019, Forbes reported that Amazon employees were listening to Amazon Cloud Cam recording, to train its AI algorythm.
In April 2019, it was revealed that thousands of employees, many of whom are contract workers and some not even directly employed by Amazon, had access to both voice and text transcripts of Alexa interactions.
Child Privacy Information
Can this product be used offline?
User-friendly privacy information?
Ring has a webpage dedicated to explaining its privacy pillars and answering frequently asked questions
Links to privacy information
Does this product meet our Minimum Security Standards?
Videos are encrypted in storage and during transmission. Ring is offering end-to-end encryption. https://blog.ring.com/2020/09/24/ring-announces-end-to-end-encryption-privacy-security-and-user-control-updates/
Two-factor authentication is now mandatory after major pressure from Mozilla and other groups.
Amazon has a bug bounty program, which means that anyone who finds a security issue and discloses it responsibly may get paid.
Ring has a webpage dedicated to explaining it's privacy pillars and answering frequently asked questions
Not home alone: FTC says Ring’s lax practices led to disturbing violations of users’ privacy and securityFTC
All the Data Amazon’s Ring Cameras Collect About YouWired
Ring Cameras Are Going to Get More People KilledMotherboard: Tech by Vice
America's Ring doorbell camera obsession highlights the scourge of mass surveillanceNBC News
Amazon gave Ring videos to police without owners’ permissionPolitico
Amazon's Ring logs every doorbell press and app actionBBC News
Security Cameras Make Us Feel Safe, but Are They Worth the Invasion?The New York Times
Amazon sneakily fixed a vulnerability in the Ring cameraMashable
How Amazon Ring uses domestic violence to market doorbell camerasMIT Technology Review
Ring's police problem never went away. Here's what you still need to knowCNET
Ring doorbell 'gives Facebook and Google user data'BBC
Ring Neighbors Is the Best and Worst Neighborhood Watch AppNew York Times
Ring doorbells to send live video to Mississippi policeBBC
Ring's new privacy and security features prove that hardware isn't the only important thingCNET
Amazon’s Ring is the largest civilian surveillance network the US has ever seenThe Guardian
Poll: How Americans Feel About Nextdoor, Neighbors, and Police PartnershipsMozilla
Amazon's helping police build a surveillance network with Ring doorbellsCNET
Amazon hit with major data breach days before Black FridayThe Guardian
Amazon Fired Employee for Leaking Customer EmailsVice
Ring, 2FA, and a Win for ConsumersMozilla
Ring Doorbell App Packed with Third-Party TrackersEFF
Got a comment? Let us hear it.