Warning: *Privacy Not Included with this product
Amazon Ring Video Doorbell
These little HD video capturing, motion-detecting, two-way talking video doorbells let you be Big Brother in your own home. See who is at the door on your phone, tablet, or PC. Ask the UPS person to drop the package off behind the planter when you're still at the office. Or catch video of the neighborhood porch pirate to share with the cops. Just beware, even though Amazon Ring did address some of our privacy concerns with updates earlier in 2020 like adding mandatory two-factor authentication, these cameras still have some noted potential privacy issues that worry us.
What could happen if something goes wrong?
Amazon’s Ring security cameras and video doorbells are the most widely used home video cameras in many parts of the world today. As one expert from US privacy org the Electronic Frontier Foundation put it, "Ring has steadily been becoming one of the largest surveillance apparatuses in the nation.” And as wise comic book profit Stan Lee reminds us, “With great power comes great responsibility.” Has Amazon Ring lived up to that great responsibility? No, they haven’t. And if you’re checking in to see if, in 2023, Ring has improved their privacy practices after sooo very many complaints, the short answer is no, not enough.
On the bright side, Amazon is starting to be held accountable for some of their more “egregious violations of users’ privacy” described in a proposed order filed by the FTC in May of 2023. Like when they stored customer data--including video recordings--unencrypted on an Amazon cloud server and gave every employee and even some third party contractors access. The FTC’s complaint also says Ring had failed to keep customers’ sensitive data secure, which made it easy for bad actors to get access to sensitive data too. Since those colossal blunders, they have gotten more transparent in their privacy and data deletion practices, which we appreciate. And they added two-factor authentication to help protect users in 2020, which was a great step forward. One we here at Mozilla pushed hard for. But, we’re still pushing. In June, 2023 we published a security vulnerability impacting Ring’s security after Amazon failed to take action on it for over 90 days. As far as we can tell, they still haven't fixed this vulnerability. So when it comes to Amazon Ring's security scorecard, there’s still lots of room to do better.
Then there is the problematic relationship Ring has with law enforcement where questions of racism, warrantless surveillance, and police overreach still linger. While Amazon says they are distancing themselves from law enforcement access to users' video and requiring more transparency in the process, they are still facilitating law enforcement access with this product and the Neighbors app and that leaves us concerned. They also admitted in 2022 they still share video with law enforcement without users’ permission in some circumstances. And even when Ring does require a court order, that often doesn’t give Americans as much protection as you’d think. That’s because Ring doesn’t have a good track record of pushing back on far-reaching warrants for their users’ video recordings of and inside their homes. That really worries us since Ring reportedly receives thousands of search warrants each year -- a number that’s growing.
Amazon’s Ring and Neighbors app privacy policy says they can collect a whole lot of data (by the way, what’s up with the teeny tiny font on that privacy policy?). Everything from name, phone number, email, postal address, age, gender, the location of your mobile device, video and audio recordings, and potentially even every doorbell press and app interaction you have. And while it’s good Ring says they don’t sell your personal information, they do say they can share your information with a number of third parties for things like advertising, marketing, government and law enforcement requests, and with their business affiliates (which could potentially be a decent number of companies).
There is also the question of privacy violations of the neighbors of people who use home surveillance cameras -- not just Ring but all of home surveillance cameras. A recent court case in the UK highlighted this when a woman sued her neighbor for infringing on her privacy when his Ring security cameras were found pointed at her home. Not only could his cameras see her, they could also listen to her as well. She won her case and $137,000.
On that note, there's also this interesting line in Amazon Ring's privacy policy that puts the responsibility on you to make sure you don't break any surveillance laws where you live, "Privacy and video surveillance laws in your jurisdiction may apply to your use of our products and services. You are solely responsible for ensuring that you comply with applicable law when you use our products or services. For example, you may need to display a notice that alerts visitors to your home that you are using our products or services. Capturing, recording or sharing video or audio content that involves other people, or capturing other peoples’ facial feature information, may affect their privacy rights." So yeah, just know that you are solely responsible for all that weird privacy violating stuff Ring admits they can do right there. Uhg.
And then there are the safety concerns these video cameras raise. Does all this constant surveillance make us safer? Well, the story about the Ring users who opened fire upon seeing a neighbor drop off a misdelivered package at their door raises questions about that. Domestic violence advocates also raise concerns. And privacy experts keep shouting their concerns in places like the NY Times, Consumer Reports, and NBC News.
What’s the worst that could happen? Well, beyond the snooping next door neighbor, the trigger happy, paranoid surveillance junky, the questionable law enforcement partnerships -- and, oh yeah, Amazon Ring's questionable privacy and security practices -- there’s the big concerns about all this constant surveillance. In the United States where abortion has become illegal in a number of states, it is possible anti-abortion activists could use these surveillance cameras to spy on women who are pregnant to see if they carry their fetus to term. And if they don’t -- no matter the reason -- video from these cameras could potentially be used to harass, arrest, and potentially even prosecute women seeking reproductive healthcare, for whatever reason. This is bad. All in all, these security cameras raise too many questions about privacy, transparency, data protection, public safety and racism in our opinion. For this reason, we worry Amazon's Ring cameras come with *privacy not included.
Tips to protect yourself
- Turn on Two-factor Authentication
- Check if your address is exposed through the Neighbour app
- Don't share your login-in information
- Review sharing options for your data, if you have multiple people in the neighbourhood
- Make sure you are comfortable with the fact that local police may require the footage. Think about all of the personal events cameras inside and outside of your home will capture.
- Use strong passwords & unique usernames
- Delete footage as often as you can
- Limit third-party trackers in the Ring app
- Do not sign up with third-party accounts. Better just log in with email and strong password.
- Chose a strong password! You may use a password control tool like 1Password, KeePass etc
- Use your device privacy controls to limit access to your personal information via app (do not give access to your camera, microphone, images, location unless necessary)
- Keep your app regularly updated
- Limit ad tracking via your device (eg on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization)
- Request your data be deleted once you stop using the app. Simply deleting an app from your device usually does not erase your personal data.
- When starting a sign-up, do not agree to tracking of your data if possible."
Can it snoop on me?
Camera
Device: Yes
App: Yes
Microphone
Device: Yes
App: Yes
Tracks location
Device: Yes
App: Yes
What can be used to sign up?
Yes
Phone
No
Third-party account
No
What data does the company collect?
Personal
Contact information, such as name, phone number, and email and postal address; Account information, such as online password and other log-in details used to access Ring products and services; Payment information, such as name, billing address and payment card details, including card number, expiration date and security code (Ring stores only the last four digits of your payment card and the expiration date); The geolocation of your mobile device or certain Ring devices if you consent to the collection of this data. Certain features, such as Geofence, collect geolocation in the background (that is, when the app is running but is minimized or not visible on your screen), but only with your permission when you enable these features; Product setup information, such as the name and description of your Ring product and the location where you install your Ring product, and adjustments you make to the product setup; Technical information about your Ring product, such as your Wi-Fi network information and signal strength, and your Ring product’s model, serial number and software version; Data about your interactions with Ring's websites and mobile apps, including your mobile network.
Body related
Content (and related information) that is captured and recorded when using Ring products and services, such as video or audio recordings, live video or audio streams, images, comments, and data Ring products collect from their surrounding environment to perform their functions (such as motion, events, temperature and ambient light).
Social
Social media handles, content and other data posted on our official social media pages; Information Ring obtain from third-party social media services (e.g., Facebook) or payment services (e.g., PayPal) if you choose to link to, create or log into your Ring account through these services (including when you share Ring videos or content via your social media account)
How does the company use this data?
How can you control your data?
What is the company’s known track record of protecting users’ data?
In September 2023, FTC filed a lawsuit against Amazon for illegally maintaining monopoly power.
In July 2023, Apple and Amazon were fined by Spain antitrust watchdog.
In June 2023, Mozilla published a major vulnerability in Ring Doorbell.
In March 2023, FTC and DOJ charged Amazon with violating Children’s Privacy Law by keeping kids’ Alexa voice recordings forever and undermining parents’ deletion requests.
In 2023, the company also agreed to pay $5.8 million in customer refunds for alleged privacy violations involving its doorbell camera Ring.
It was reported that in May, 2022 Amazon's patched Ring's app for Android due a "high-severity" security vulnerability that could have allowed hackers to access personal information, location, and camera recordings.
Amazon admitted to giving Ring video doorbell footage to police without the owners' permission at least 11 times in 2022.
In 2021, the Federal Trade Commission in the US recommended filing a lawsuit against Amazon because of privacy and security breaches in Ring home security unit
In December 2020, a class action lawsuit was filed alleging lax security measures at Ring, allowed hackers to take over their devices.
In November 2019, a security vulnerability in Amazon's Ring Video Doorbell Pro devices could have allowed attackers to exploit the internet-connected doorbell to intercept the owner's wi-fi credentials.
In 2019, Motherboard reported on how Ring's weak security and compromised email addresses and passwords left Ring cameras easy to hack
In 2022, Paige Thompson, a former Amazon employee accused of stealing the personal information of 100 million customers by breaching banking giant CapitalOne in 2019, was found guilty by a Seattle jury on charges of wire fraud and computer hacking.
In July 2021, the Luxembourg National Commission for Data Protection issued a 746 million euro fine to Amazon for allegedly violating the European Union’s General Data Protection Regulation (GDPR).
In August 2020, security researchers from Check Point pointed out a flaw in Amazon's Alexa smart home devices that could have allowed hackers access to personal information and conversation history. Amazon promptly fixed the bug.
In October 2020, Amazon fired an employee for leaking customer email addresses to an unnamed third party.
In October 2019, Forbes reported that Amazon employees were listening to Amazon Cloud Cam recording, to train its AI algorithm.
In April 2019, it was revealed that thousands of employees, many of whom are contract workers and some not even directly employed by Amazon, had access to both voice and text transcripts of Alexa interactions.
Child Privacy Information
Can this product be used offline?
User-friendly privacy information?
Amazon Ring makes it rather difficult to even find their privacy notice, buried at the bottom of a more marketing focused page full of privacy promises that sound good but aren't as binding. Also, what's up with the teeny tiny text on your privacy policy Ring? Geesh.
Links to privacy information
Does this product meet our Minimum Security Standards?
Encryption
Videos are encrypted in storage and during transmission. Ring is offering end-to-end encryption. https://blog.ring.com/2020/09/24/ring-announces-end-to-end-encryption-privacy-security-and-user-control-updates/
Strong password
Two-factor authentication is now mandatory after major pressure from Mozilla and other groups.
Security updates
Manages vulnerabilities
Amazon Ring has a bug bounty program, which means that anyone who finds a security issue and discloses it responsibly may get paid. https://hackerone.com/ring
Privacy policy
Ring has a webpage dedicated to explaining it's privacy pillars and answering frequently asked questions
Dive Deeper
-
Amazon’s Ring to pay $5.8M after staff and contractors caught snooping on customer videos, FTC saysTechCrunch
-
Mozilla Publishes Ring Doorbell Vulnerability Following Amazon’s ApathyMozilla Foundation
-
What to Do If the Police Ask for Your Security Camera or Video Doorbell RecordingsConsumer Reports
-
A Ransomware Gang Claims It Hacked Amazon's RingGizmodo
-
14 reasons not to get a Ring cameraMashable
-
Accidental Spies: Amazon Ring Owners May Be Unknowingly Emailing PoliceThe Markup
-
How to Protect Your Packages—And Your EthicsThe Markup
-
FTC and DOJ Charge Amazon with Violating Children’s Privacy Law by Keeping Kids’ Alexa Voice Recordings Forever and Undermining Parents’ Deletion RequestsFederal Trade Commission
-
Amazon to pay $31 million in privacy violation penalties for Alexa voice assistant and Ring cameraAP News
-
FTC Sues Amazon for Illegally Maintaining Monopoly PowerFederal Trade Commission
-
Not home alone: FTC says Ring’s lax practices led to disturbing violations of users’ privacy and securityFTC
-
All the Data Amazon’s Ring Cameras Collect About YouWired
-
Ring Cameras Are Going to Get More People KilledMotherboard: Tech by Vice
-
America's Ring doorbell camera obsession highlights the scourge of mass surveillanceNBC News
-
Amazon gave Ring videos to police without owners’ permissionPolitico
-
Amazon's Ring logs every doorbell press and app actionBBC News
-
Security Cameras Make Us Feel Safe, but Are They Worth the Invasion?The New York Times
-
Amazon sneakily fixed a vulnerability in the Ring cameraMashable
-
How Amazon Ring uses domestic violence to market doorbell camerasMIT Technology Review
-
Ring's police problem never went away. Here's what you still need to knowCNET
-
Ring doorbell 'gives Facebook and Google user data'BBC
-
Ring Neighbors Is the Best and Worst Neighborhood Watch AppNew York Times
-
Ring doorbells to send live video to Mississippi policeBBC
-
Ring's new privacy and security features prove that hardware isn't the only important thingCNET
-
Amazon’s Ring is the largest civilian surveillance network the US has ever seenThe Guardian
-
Amazon's helping police build a surveillance network with Ring doorbellsCNET
-
Poll: How Americans Feel About Nextdoor, Neighbors, and Police PartnershipsMozilla
-
Amazon hit with major data breach days before Black FridayThe Guardian
-
Amazon Fired Employee for Leaking Customer EmailsVice
-
Ring, 2FA, and a Win for ConsumersMozilla
-
Ring Doorbell App Packed with Third-Party TrackersEFF
Comments
Got a comment? Let us hear it.