I personally have since blocked ALL outbound traffic from my eufy homebase and standalone cameras.
Now I’ll have to VPN in to view the cameras but doorbell notifications don’t work anymore within my network.
So it seems at least that notification goes to their servers with a screenshot etc… before notifying our mobiles.
Its a shame… I agree keeping our own data our own was the main reason why I’ve been using them since their first ever kickstarter campaign.
I’ve totally lost all trust in Anker (and Chinese) branded products now.
I will say they don’t post here much re: issues, but their email support to me has been good, and they’ve sorted out replacement kit when I had issues, and matched a discount I had via the app, on their Amazon store.
Ironically I had to create an account to post this but no, the EDPS is not your port of call for complaints about use of your personal data by a private entity if you live in the EU. They regulate the EU institutions themselves, in terms of compliance with data protection law.
If you are concerned you should approach the national or state supervisory authority where you live; for example, the Data Protection Commission in Ireland.
The main issue here seems to be one of information (Articles 12 to 14 of the GDPR, and UK GDPR), in that Anler/Eufy seem not to have made clear that for motion detection alerts to send a camera screenshot in the push notification, that screenshot must at least temporarily be uploaded to their servers (“the cloud”) in order to be available to the push notification service for both Apple and Android devices.
While the whistleblower claims these were “unencrypted,” that doesn’t seem to be the case, but anyone with the authentication token within the URL could theoretically access the image and associated information without further gatekeeping.
I think the risk that any of this has caused genuine harm to CCTV users is low, and of all the Chinese companies vying for your attention with sweatshop prices on the latest tech, Anker seems to be doing a better job of producing devices that are made to an acceptable quality, with features that take into consideration the concerns of western consumers.
Personally I’d like to see a proper native HKSV implementation without needing to phone home at all.
Are you going to still believe or trust Eufy even if they say they fix them all. I would suggest people stop using ALL Eufy products. They even label ‘SECURITY’ on their cameras, the ‘SYNC’ flaw then this. This company make toys and people who still believes in their products are child.
I can see where they do upload to the cloud because when they have a server issue the app cannot play the videos. Why would the product need the cloud when it’s marketed as local secure storage?
No cloud connection should be needed or wanted for local “secure” system.
I’m with you E112.
When the eufy servers are down I am unable to view my recorded videos that are stored locally on an SD card. The only thing that does work is Live View…
Stored locally and safe in my home was a big selling point to me, but was not informed that when thier servers are down access to videos recorded are not available to be viewed. Which makes no sense at all…
This piece of selling advertisement is a total farce.
Here’s some more in depth information from LTT with more things that are a security flaw that no official statement or apology has been given from Eufy:
I would rather Eufy get to work on fixing the flaws and cleaning the code. I like most of my cams, but I also value my privacy. Rushing in to make-them-pay, will most likely result in a lot of us without any product support and future improvements. So Eufy, get up off the ground, brush off the dirt and get to work fixing this before you lose all your loyal customers.
Doesn’t look like it. I figured it was like this when one day the app wouldn’t show videos and was told their servers were down. I didn’t have cloud storage so why would the app need to connect to their servers to work? Then we find out its amazon servers so they are just as bad as google.
What’s worse is previously people were able to view other peoples videos!!!