Wyze Scale

Attention : *confidentialité non incluse avec ce produit

Wyze Scale

Wyze
Bluetooth

Passé en revue le : 1 novembre 2023

|
Mozilla a effectué 8 heures de recherches
|

L’avis de Mozilla :

|
Vote du public : Moyennement flippant

Wyze makes an affordable smart scale that tracks all the same things more expensive smart scales track. It connects to the Wyze app through Bluetooth to sync your weight, BMI, heart rate, protein level, visceral fat, and more. As with the other scales we reviewed, the app works with Google Fit, Apple Health, and other popular fitness apps. And hey, it says it offers "unlimited sharing with friends and family" because, you know, it's super fun to share your weight and visceral fat with friends and family, right? Really people, there can be too much sharing!

Que pourrait-il se passer en cas de problème ?

Oof, Wyze! What happened? You went from being a fairly OK, affordable smart home company to quite a questionable one in just a couple of years. Not good. In fact, we must warn you that some Wyze products -- particularly their security cams -- likely come with *Privacy Not Included.

Let's start with Wyze's last couple of very checkered years when it comes to security and protecting the sensitive personal information their security cams can collect through video and audio. First, in 2022, security researchers at publication Bitdefender "found three vulnerabilities that would have given attackers direct access to the cameras, including recordings stored on the SD card." Consumer Reporters followed with a report calling out Wyze for not fixing the security flaws in some Wyze Cams for three years and did not communicate with users promptly about this vulnerability.

That was in 2022, and then again in 2023, Wyze admitted to a security vulnerability that exposed the private video recordings from some of their user's cameras were exposed to people on the internet. The Verge reported that some Wyze users were able to see video of cameras not their own through the Wyze web portal. This resulted in the NY Times' Wirecutter to pull their recommendation of Wyze cams to their readers. USA Today also pulled their recommendation of Wyze security cameras. All this, on top of Wyze's massive data leak in 2019 that exposed the personal information of 2.4 million customers when they left a database unprotected for 22 days.

So, Wyze's security cameras have a pretty bad track record at security and privacy. That's not good. What about Wyze's privacy policy for their other smart devices? Is it any better? Not really. Wyze says they can collect a ton of information on you -- lots of personal information, usage information when you use their devices, tracking information, and they even say they can gather more information about your from third party sources. They say they can use all this information to do things like build inferences on you to target you with advertising. And, they say that they can share and even "sell" (under the California privacy law CCPA definition of sell) some of your personal information -- including personally identifying information and inferences about you -- to third party advertisers for targeted advertising purposes. Not very private at all.

Wyze also says they can share de-identified or aggregated information with third parties, which is pretty common and not always a concern. Although it’s a good time to remind you that it’s been found to be pretty easy to re-identify some types of de-identified data and track down an individual’s patterns, especially with location data.

On top of Wyze's bad track record and not-so-great data collecting and sharing policies, Wyze has a few more privacy gripes we'd like to pick. First, Wyze doesn't guarantee everyone the right to have all this data they collect you deleted. They also don' make any mention of how they handle children's data in their privacy policy, which is really bad form. Also, they straight up seem to make claims that aren't factual on the Data Safety page for the Wyze app in the Google Play Store, when they state that they don't share data with third parties (according to their privacy policy, they do) and that the app doesn't collect any user data (pretty sure it does). (Sidenote: The Google Play Store Data Safety pages have a whole host of problems we talk more about here.) Oh, one more thing we found that raised our eyebrows as we were looking into Wyze -- they Wyze app you use to control Wyze's smart home devices asks for permission to read your text messages (and control your flashlight). That seems a bit weird to us. We're not sure we want Wyze to read out text messages...or control our flashlight. None of these privacy no-nos makes us feel great about Wyze's privacy practices.

So, what's the worst that could happen? Well, the worst probably already has happened for those poor Wyze users whose cameras were exposed and open to strangers on the internet to spy inside their home without their knowledge. That is very bad. Unfortunately Wyze seems to have gone from an affordable smart home company without too many privacy and security issues, to one of the worst offenders on the market with recurring issues. Our recommendation is to beware that your Wyze smart devices could come with *privacy not included.

Conseils pour vous protéger

  • Review Wyze's recommendations to keep your account secure
  • Check Wyze security & trust tips
  • Be very careful who you chose to share your Wyze wellness data with.
  • Don't connect your Wyze app to any social networks like Facebook.
  • Enable two-factor identification
  • Do not sign up with third-party accounts. Better just log in with email and strong password.
  • Chose a strong password! You may use a password control tool like 1Password, KeePass etc
  • Use your device privacy controls to limit access to your personal information via app (do not give access to your camera, microphone, images, location unless neccessary)
  • Keep your app regularly updated
  • Limit ad tracking via your device (eg on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization)
  • Request your data be deleted once you stop using the app. Simply deleting an app from your device usually does not erase your personal data.
  • When starting a sign-up, do not agree to tracking of your data if possible.
  • mobile

Ce produit peut-il m’espionner ? informations

Caméra

Appareil : Oui

Application : Oui

Microphone

Appareil : Oui

Application : Oui

Piste la géolocalisation

Appareil : Oui

Application : Oui

Que peut-on utiliser pour s’inscrire ?

Quelles données l’entreprise collecte-t-elle ?

Comment l’entreprise utilise-t-elle les données ?

We ding this product for collecting information about you from third party sources to use for targeted advertising purposes and for the sharing and potentially "selling" personal information to third parties for targeted advertising purposes.

Wyze Privacy Policy

"....we process personal information to understand and improve your experience with our Services and to serve you advertisements on non-Wyze properties. Some of these activities may be considered “sales” or “sharing” of your personal information or “targeted advertising” under the law that applies to you. Depending on where you reside, you may have the right to opt out of targeted advertising, sharing, and sales of your personal information."

"California requires certain disclosures about Personal Information we “sell.” Under California law “sale” means certain scenarios in which Wyze has disclosed Personal Information with third parties in exchange for valuable consideration. In addition, California and other state privacy laws define “sale” to include disclosure of Personal Information with third parties for monetary consideration. Under California law, the “sharing” described below constitutes a “sale.” Accordingly, Wyze “sells” Personal Information as described in the Sharing section below."

"We may also use the information we collect to: ...
Personalize your experience with us; ...
Target advertisements to you on third-party platforms and websites ...
Target advertising to you when you use our Services based on information provided by our advertising partners ...
Create de-identified, anonymized, or aggregated information; and
Carry out any other purpose described to you at the time the information was collected."

"We obtain information about you from other sources. For example, we may collect information from publicly available sources, from third-party platforms through which you interact with us, and other third parties in connection with your purchase of or feedback regarding any of our products or services via those third parties. This information includes information about your purchase of a Device, information from reviews you post, your username and profile picture for those third-party services, and demographic information."

"We may derive information or draw inferences about you based on the information we collect. For example, we may make inferences about your approximate location based on your IP address or infer that you are looking to purchase certain products based on your browsing behavior and past purchases."

"We may disclose aggregated or de-identified information that cannot reasonably be used to identify you. Wyze processes, maintains, and uses this information only in a de-identified fashion and will not attempt to re-identify such information, except as permitted by law."

"Location Information
When you first launch our mobile app, you will be asked to consent to the app’s collection of precise location information. If you initially consent to our collection of such location information, you can subsequently stop the collection of this information at any time by changing the preferences on your mobile device. If you do so, our mobile apps, or certain features, may no longer function properly. You may also stop our collection of this information by deleting our app from your mobile device."

Comment pouvez-vous contrôler vos données ?

It is unclear if all users regardless of location can get their data deleted.

Wyze Privacy Policy

"Depending on where you reside, you may have the right to (1) request to know more about and access your personal information, (2) request deletion of your personal information, and (3) request correction of inaccurate personal information."

"We store personal data associated with your account for as long as your account remains active. If you close your account, we will delete your account data within 30 days; otherwise, we will delete your account data after three years of inactivity. We store other personal data for as long as necessary to carry out the purposes for which we originally collected it and for other business purposes explained in this Privacy Policy."

"You may update certain account profile information you provide to us by logging into your account. If you wish to delete your account, please email us at [email protected], but note that we may retain certain information as required by law or for legitimate business purposes. We may also retain cached or archived copies of information about you for a certain period of time."

"When you first launch our mobile app, you will be asked to consent to the app’s collection of precise location information. If you initially consent to our collection of such location information, you can subsequently stop the collection of this information at any time by changing the preferences on your mobile device. If you do so, our mobile apps, or certain features, may no longer function properly. You may also stop our collection of this information by deleting our app from your mobile device."

Quel est l’historique de l’entreprise en matière de protection des données des utilisateurs et utilisatrices ?

Mauvais

In 2023, Wyze admited to a security vulnerability that exposed the private video recordings from some of their user's cameras were exposed to people on the internet. The Verge reported that some Wyze users were able to see video of cameras not their own through the Wyze web portal. This resulted in the NY Times' Wirecutter to pull their recommendation of Wyze cams to their readers. USA Today also pulled their recommendation of Wyze security cameras.

In 2022, cybersecurity publication Bitdefender reported that their security researchers " found three vulnerabilities that would have given attackers direct access to the cameras, including recordings stored on the SD card." Consumer Reporters followed with a report calling out Wyze for not fixing the security flaws in some Wyze Cams for three years and did not communicate with users promptly about this vulnerability.

In 2019, a massive data leak happened at Wyze, exposing information from 2.4M customers.

Informations liées à la vie privée des enfants

We could find no mention of children specific data privacy policies in Wyze's privacy statement. This is not good.

Ce produit peut-il être utilisé hors connexion ?

Non

Informations relatives à la vie privée accessibles et compréhensibles ?

Non

Wyze's Privacy Policy lacks a lot of information and can be confusing at times. There was also no mention of any child specific data privacy policies, which is not good.

Liens vers les informations concernant la vie privée

Ce produit respecte-t-il nos critères élémentaires de sécurité ? informations

Oui

Chiffrement

Oui

Mot de passe robuste

Oui

Mises à jour de sécurité

Oui

Gestion des vulnérabilités

Oui

You can submit security vulnerabilities to Wyze: https://wyze.com/security-report

Politique de confidentialité

Oui

Le produit utilise-t-il une IA ? informations

Oui

Cette IA est-elle non digne de confiance ?

Impossible à déterminer

Quel genre de décisions l’IA prend-elle à votre sujet ou pour vous ?

Person detection through computer vision implementation.

L’entreprise est-elle transparente sur le fonctionnement de l’IA ?

Impossible à déterminer

Les fonctionnalités de l’IA peuvent-elles être contrôlées par l’utilisateur ou l’utilisatrice ?

Impossible à déterminer

*confidentialité non incluse

Pour aller plus loin

  • Your Wyze webcam might have let other owners peek into your house
    The Verge Le lien s’ouvre dans un nouvel onglet
  • Why We’re Pulling Our Recommendation of Wyze Security Cameras
    Wirecutter Le lien s’ouvre dans un nouvel onglet
  • Wyze Cam v4 on the way. But you shouldn’t patronize this company.
    Zatz Not Funny! Le lien s’ouvre dans un nouvel onglet
  • Wyze Cameras Just Had Another Big Security Problem
    How To Geek Le lien s’ouvre dans un nouvel onglet
  • Wyze security camera owners report seeing strangers' camera feeds
    Mashable Le lien s’ouvre dans un nouvel onglet
  • Should you buy a Wyze camera? Our experts don’t recommend it
    Reviewed Le lien s’ouvre dans un nouvel onglet
  • Wyze Didn't Completely Fix Flaws in Security Cameras for 3 Years
    Consumer Reports Le lien s’ouvre dans un nouvel onglet
  • Wyze Cam Vulnerabilities Could Let Attackers Access the Live Feed, Research Finds
    Bitdefender Le lien s’ouvre dans un nouvel onglet
  • Wyze data leak: Key takeaways from server mistake that exposed information from 2.4M customers
    Geek Wire Le lien s’ouvre dans un nouvel onglet
  • Wyze Cam subscriptions: What you need to know about October 9 service change
    Gear Brain Le lien s’ouvre dans un nouvel onglet
  • Wyze and Guardzilla Security Cameras Have Security Risks, Consumer Reports Finds
    Consumer Reports Le lien s’ouvre dans un nouvel onglet

Commentaires

Vous avez un commentaire ? Dites-nous tout.