Warning: *Privacy Not Included with this product
Wyze Bulb
Wyze makes a line of smart, programmable, dimmable smart bulbs. And (something we can relate to) it seems the copywriters of Wyze's product descriptions ran short of clever things to say about smart bulbs when writing content for their product pages. What gave us that idea? Well, this "clever" line, "Wyze Bulb White is probably brighter than you, but has handy dimmable controls, in case you find that intimidating." Dang, Wyze! Let's hope your smart bulbs aren't as harsh as the writing on the product pages! Aside from Wyze calling us all kinda dim, how are they and their smart bulbs that are smarter than us at privacy? Not great. Wyze has had some significant security incidents lately that they haven't responded to well. We think it might be smart to stay away from Wyze's smart bulbs.
What could happen if something goes wrong?
Oof, Wyze! What happened? You went from being a fairly OK, affordable smart home company to quite a questionable one in just a couple of years. Not good. In fact, we must warn you that some Wyze products -- particularly their security cams -- likely come with *Privacy Not Included.
Let's start with Wyze's last couple of very checkered years when it comes to security and protecting the sensitive personal information their security cams can collect through video and audio. First, in 2022, security researchers at publication Bitdefender "found three vulnerabilities that would have given attackers direct access to the cameras, including recordings stored on the SD card." Consumer Reporters followed with a report calling out Wyze for not fixing the security flaws in some Wyze Cams for three years and did not communicate with users promptly about this vulnerability.
That was in 2022, and then again in 2023, Wyze admitted to a security vulnerability that exposed the private video recordings from some of their user's cameras were exposed to people on the internet. The Verge reported that some Wyze users were able to see video of cameras not their own through the Wyze web portal. This resulted in the NY Times' Wirecutter to pull their recommendation of Wyze cams to their readers. USA Today also pulled their recommendation of Wyze security cameras. All this, on top of Wyze's massive data leak in 2019 that exposed the personal information of 2.4 million customers when they left a database unprotected for 22 days.
So, Wyze's security cameras have a pretty bad track record at security and privacy. That's not good. What about Wyze's privacy policy for their other smart home devices? Is it any better? Not really. Wyze says they can collect a ton of information on you -- lots of personal information, usage information when you use their devices, tracking information, and they even say they can gather more information about your from third party sources. They say they can use all this information to do things like build inferences on you to target you with advertising. And, they say that they can share and even "sell" (under the California privacy law CCPA definition of sell) some of your personal information -- including personally identifying information and inferences about you -- to third party advertisers for targeted advertising purposes. Not very private at all.
Wyze also says they can share de-identified or aggregated information with third parties, which is pretty common and not always a concern. Although it’s a good time to remind you that it’s been found to be pretty easy to re-identify some types of de-identified data and track down an individual’s patterns, especially with location data.
On top of Wyze's bad track record and not-so-great data collecting and sharing policies, Wyze has a few more privacy gripes we'd like to pick. First, Wyze doesn't guarantee everyone the right to have all this data they collect you deleted. They also don' make any mention of how they handle children's data in their privacy policy, which is really bad form. Also, they straight up seem to make claims that aren't factual on the Data Safety page for the Wyze app in the Google Play Store, when they state that they don't share data with third parties (according to their privacy policy, they do) and that the app doesn't collect any user data (pretty sure it does). (Sidenote: The Google Play Store Data Safety pages have a whole host of problems we talk more about here.) Oh, one more thing we found that raised our eyebrows as we were looking into Wyze -- they Wyze app you use to control Wyze's smart home devices asks for permission to read your text messages (and control your flashlight). That seems a bit weird to us. We're not sure we want Wyze to read out text messages...or control our flashlight. None of these privacy no-nos makes us feel great about Wyze's privacy practices.
So, what's the worst that could happen? Well, the worst probably already has happened for those poor Wyze users whose cameras were exposed and open to strangers on the internet to spy inside their home without their knowledge. That is very bad. Unfortunately Wyze seems to have gone from an affordable smart home company without too many privacy and security issues, to one of the worst offenders on the market with recurring issues. Our recommendation is to beware that your Wyze smart home devices could come with *privacy not included.
Tips to protect yourself
- Review Wyze's recommendations to keep your account secure
- Check Wyze security & trust tips
- Be very careful who you chose to share your Wyze wellness data with.
- Don't connect your Wyze app to any social networks like Facebook.
- Enable two-factor identification
- Do not sign up with third-party accounts. Better just log in with email and strong password.
- Chose a strong password! You may use a password control tool like 1Password, KeePass etc
- Use your device privacy controls to limit access to your personal information via app (do not give access to your camera, microphone, images, location unless neccessary)
- Keep your app regularly updated
- Limit ad tracking via your device (eg on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization)
- Request your data be deleted once you stop using the app. Simply deleting an app from your device usually does not erase your personal data.
- When starting a sign-up, do not agree to tracking of your data if possible.
Can it snoop on me?
Camera
Device: No
App: Yes
Microphone
Device: No
App: Yes
Tracks location
Device: No
App: Yes
What can be used to sign up?
Yes
Phone
No
Third-party account
No
What data does the company collect?
Personal
"Name, email address, postal address, phone number, photographs (such as for your profile picture). social media profile information, demographic information, your birth year, height, weight, gender, and personal fitness goals (for Wyze fitness devices). Approximate and in some cases precise location Data about the device and network you use, such as your hardware model, operating system version, mobile network, IP address, unique device identifiers, browser type, and app version. Information about your activity on Wyze Services, such as access times, pages viewed, links clicked, and the page you visited before navigating to our websites."
Body related
Social
How does the company use this data?
How can you control your data?
What is the company’s known track record of protecting users’ data?
In 2023, Wyze admitted to a security vulnerability that exposed the private video recordings from some of their user's cameras were exposed to people on the internet. The Verge reported that some Wyze users were able to see video of cameras not their own through the Wyze web portal. This resulted in the NY Times' Wirecutter to pull their recommendation of Wyze cams to their readers. USA Today also pulled their recommendation of Wyze security cameras.
In 2022, cybersecurity publication Bitdefender reported that their security researchers " found three vulnerabilities that would have given attackers direct access to the cameras, including recordings stored on the SD card." Consumer Reporters followed with a report calling out Wyze for not fixing the security flaws in some Wyze Cams for three years and did not communicate with users promptly about this vulnerability.
In 2019, a massive data leak happened at Wyze, exposing information from 2.4M customers.
Child Privacy Information
Can this product be used offline?
User-friendly privacy information?
Wyze's Privacy Policy lacks a lot of information and can be confusing at times. There was also no mention of any child specific data privacy policies, which is not good.
Links to privacy information
Does this product meet our Minimum Security Standards?
Encryption
Strong password
Security updates
Manages vulnerabilities
You can submit security vulnerabilities to Wyze.
Privacy policy
Dive Deeper
-
Your Wyze webcam might have let other owners peek into your houseThe Verge
-
Why We’re Pulling Our Recommendation of Wyze Security CamerasWirecutter
-
Should you buy a Wyze camera? Our experts don’t recommend itReviewed
-
Wyze security camera owners report seeing strangers' camera feedsMashable
-
Wyze Cameras Just Had Another Big Security ProblemHow To Geek
-
Wyze Cam Vulnerabilities Could Let Attackers Access the Live Feed, Research FindsBitdefender
-
Wyze Didn't Completely Fix Flaws in Security Cameras for 3 YearsConsumer Reports
Comments
Got a comment? Let us hear it.