Eufy Security Cams

Warskôging: *Privacy net ynbegrepen by dit produkt

Tûke wenning Security Cams

Eufy Security Cams

Anker Innovations Technology
Wifi

Beoardielingsdatum: Nov. 9, 2022

|
Mozilla ûndersocht 8 oeren
|

Mozilla seit

|
Minsken stimden op: Wat aaklik

Eufy makes both indoor and outdoor security cameras to keep an eye on your home, your pets, and your neighborhood. They offer the standard features--HD video, live streaming, two-way audio, night vision. You store your data locally on a microSD card or on Eufy's HomeBase video storage and management box. Then live stream your video to your phone in the Eufy app where they use strong end-to-ed encryption to protect your video. For pet owners, the cameras use an AI that detects and sends a notification if you pet is present. These cameras even have a feature that lets you play a warning message to your pooch if he goes in the living room when he's not supposed to. Humans love it. Dogs, not so much. As for privacy and security, well, Eufy could do better there.

Wat kin der barre as der wat misgiet?

In 2021 your intrepid *Privacy Not Included researcher decided she needed some indoor security cams to help keep an eye on her beloved kitty while away on a trip for a couple of nights. Being a privacy researcher, the one feature I demanded in my security cams was that all video be stored locally where I had control over it, not out on the internet in the less secure cloud. So I bought Eufy’s security cams for their local storage and because at the time they seemed to do a pretty good job protecting my personal data. Unfortunately, taking a look back at Eufy’s (actually, their parent company Anker’s) privacy policy in 2022 leaves me a bit worried about my decision.

And this is a common problem with connected products. Companies reserved the right to update their privacy policy at any time. And so overnight a company’s privacy policy can go from good to bad, or from OK to not-so-OK at least. That seems to be what happened with Eufy. A company I felt pretty OK with in the past now earns our *Privacy Not Included warning label. Boo!

Eufy says they can collect a good deal of personal information on you -- things like name, email, gender, birth date, location, device information, and more. And while Eufy says they don’t sell your personal information -- which is good -- they say they can use that information to show you ads from them and third party advertisers, which isn’t so good (but also pretty standard on the internet these days). They also say they can collect personal information on you from third parties who provide it to them, such as law enforcement authorities. This worries us a bit because the way that line in their privacy policy is written is rather vague and seems like it could leave open the possibility they could collect information on users from a variety of third parties, for example, data brokers.

Eufy’s security cameras still do some really good privacy-related things. We really like that your security cam footage is stored locally where only you can access and control it, not in the much less secure cloud (there is a cloud option though). You can access your videos at any time through the Eufy app, and that footage is protected by strong end-to-end encryption. This is all very cool. Eufy's AI provides human, pet, and crying detection for what your security cams see. One key value of Eufy's local storage is that all AI analysis of humans and crying babies is done locally, which ensures privacy and is usually much quicker than cloud-based AI analysis. One other advantage of Eufy’s local storage of video is it makes it harder for law enforcement to get their hands on it without your consent, which is a good thing.

Unfortunately, Eufy has also had some significant security vulnerabilities. In June 2022, security experts found three security vulnerabilities in Eufy's Homebase 2 video storage and management device that could have allowed hackers to take control of the hub, control it remotely, or steal video footage. Eufy/Anker developed fixes for these security vulnerabilities and released them to users in a timely manner. And in May 2021, Eufy was forced to apologize for a bug that exposed the camera feeds of 712 users to strangers. Eufy said the glitch happened during a software update and “users were able to access video feeds from other users’ cameras.” Eufy said in a statement the glitch was fixed an hour after it was discovered. So, the bad news is, Eufy’s security cameras have had some serious security issues. The good news is, Eufy seems to have stepped up and immediately fixed these bugs and to get them out to their users quickly.

What’s the worst that could happen with Eufy’s security cameras? Well, strangers getting access to the video feeds of cameras in and around your home is pretty dang awful. That is always a concern with security cameras in your home. And while it is great that Eufy has local storage to help keep those videos of you and your cat kissing under your control, it’s not so great that Eufy has a history of security vulnerabilities that could leave those cat kissing video open to hackers.

Tips om josels te beskermjen

  • Keep your camera firmwave up to date
  • Protect your Wi-Fi router with a strong password
  • Do not sign up with third-party accounts. Better just log in with email and strong password.
  • Chose a strong password! You may use a password control tool like 1Password, KeePass etc
  • Use your device privacy controls to limit access to your personal information via app (do not give access to your camera, microphone, images, location unless neccessary)
  • Keep your app regularly updated
  • Limit ad tracking via your device (eg on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization)
  • Request your data be deleted once you stop using the app. Simply deleting an app from your device usually does not erase your personal data.
  • When starting a sign-up, do not agree to tracking of your data if possible.
  • Turn on the Two-step verification
  • mobile

Kin it my bespionearje? ynformaasje

Kamera

Apparaat: Ja

App: Ja

Mikrofoan

Apparaat: Ja

App: Ja

Folget lokaasje

Apparaat: Ja

App: Ja

Wat is der nedich om jo oan te melden?

Hokker gegevens sammelet it bedriuw?

Hoe brûkt it bedriuw dizze gegevens?

We ding this product for sharing personal data for advertisement and for combining users' data with data from third parties.

Eufy does not sell data. However, they share personal identifiers with third parties for advertisement purposes: "We do not Sell any personal information to third parties. In particular, we do not Sell the personal information of minors under 16 years of age. In the preceding 12 months, we have disclosed the following categories of personal information to the following categories of recipients: [...] Advertising networks, data analytics providers. - Personal Identifiers."

Eufy also combines users' data with data obtained from third parties: "We collect or obtain Personal Data from third parties who provide it to us (e.g., credit reference agencies; law enforcement authorities; etc.)."

Hoe kinne jo jo gegevens beheare?

We ding this product because it is not clear all users have the same rights to access and delete their data. Eufy specifically mentions the right to delete data only for users based in California.

"Subject to applicable law, you may have the following rights regarding the Processing of your Relevant Personal Data...."

Data retention policies for Eufy are rather confusing, however Eufy does promise to delete or anonymised data once they do not need it any more:
"Once the periods in paragraphs (1), (2) and (3) above, each to the extent applicable, have concluded, we will either:
- permanently delete or destroy the relevant Personal Data; or
- anonymize the relevant Personal Data."

Hoe stiet it bedriuw bekend as it giet om it beskermjen fan brûkersgegevens?

Ferbettering nedich

In June 2022, three security vulnerabilities were found in Eufy's Homebase 2 video storage and management device that could have allowed hackers to take control of the hub, control it remotely, or steal video footage. Eufy/Anker developed fixes for these secruity vulnerabilities and released them to users in a timely manner.

In May 2021, Eufy was forced to apologize for a bug that exposed the camera feeds of 712 users to strangers. Eufy said the glitch happened during a software update and “users were able to access video feeds from other users’ cameras.” Eufy said in a statement the glitch was fixed an hour after it was discovered.

Privacy-ynformaasje foar bern

Our Sites, products, or services are not directed to children under the age of 13. As a result, our Sites, products, or services do not request or knowingly collect personal information from individuals under the age of 13. If you are not 13 or older, you should not visit or use our Sites, products, or services .

Kin dit produkt offline brûkt wurde?

Ja

Brûkersfreonlike privacyynformaasje?

Ja

Structured and concise.

Keppelingen nei privacy-ynformaasje

Foldocht dit produkt oan ús minimale befeiligingsnoarmen? ynformaasje

Ja

Fersifering

Ja

Sterk wachtwurd

Ja

Befeiligingsfernijingen

Ja

Beheart kwetsberheden

Ja

Privacybelied

Ja

Brûkt it produkt AI? ynformaasje

Ja

Is dizze AI ûnbetrouber?

Kin net bepale

Hokker soarte fan besluten makket de AI oer jo of foar jo?

The built-in AI reduces the number of false alerts you receive by intelligently differentiating people from objects. It has features like pet detection, and even crying detection.

Is it bedriuw transparant oer hoe’t de AI wurket?

Kin net bepale

Hat de brûker kontrôle oer de AI-funksjes?

Ja

*Privacy net ynbegrepen

Djipper dûke

  • It’s Not Just Ring. Google, SimpliSafe, and Others Could Share Video Footage With Police Without Consent.
    Consumer Reports Keppeling iepenet yn in nij ljepblêd
  • Vulnerability Spotlight: Vulnerabilities in Anker Eufy Homebase could lead to code execution, authentication bypass
    Cisco Talos Intelligence Blog Keppeling iepenet yn in nij ljepblêd
  • If you have this smart home hub, update it now or hackers can take over and steal your security cam footage
    Komando.com Keppeling iepenet yn in nij ljepblêd
  • The Best Indoor Security Cameras
    Wired Keppeling iepenet yn in nij ljepblêd
  • Anker Eufy smart home hubs exposed to RCE attacks by critical flaw
    BleepingComputer Keppeling iepenet yn in nij ljepblêd
  • Why We Don’t Trust Apple’s HomeKit Secure Video—and You Shouldn’t Either
    Wirecutter Keppeling iepenet yn in nij ljepblêd
  • Here’s Anker’s apology after 712 Eufy customers had camera feeds exposed to strangers
    The Verge Keppeling iepenet yn in nij ljepblêd
  • Eufy Updated Official Statement
    Eufy Keppeling iepenet yn in nij ljepblêd
  • Eufy says software 'bug' that exposed users' video footage to strangers has been fixed
    CNET Keppeling iepenet yn in nij ljepblêd
  • Anker’s Eufy division pledges to bolster security following privacy snafu, apologizes again
    TechHive Keppeling iepenet yn in nij ljepblêd
  • Huge Eufy privacy breach shows live and recorded cam feeds to strangers
    9to5Mac Keppeling iepenet yn in nij ljepblêd
  • Eufy security cameras hit with bug giving access to users feeds
    Poc Network Keppeling iepenet yn in nij ljepblêd
  • Eufy responds to huge privacy breach, attributes unauthorized camera access to server ‘bug’
    9 to 5 Mac Keppeling iepenet yn in nij ljepblêd
  • Anker's Eufy Cameras Caught Uploading Content to the Cloud Without User Consent
    MacRumors Keppeling iepenet yn in nij ljepblêd

Opmerkingen

Hawwe jo in reaksje? Lit it ús hearre.