dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
194
HELLFIRE
MVM
join:2009-11-25

5 recommendations

HELLFIRE

MVM

Eufy sec cams "ignore cloud opt-out,store unique IDs" of anyone who walks by

»www.theregister.com/2023 ··· lawsuit/
quote:
A lawsuit filed against eufy security cam maker Anker Tech claims the biz assigns "unique identifiers" to the faces of any person who walks in front of its devices – and then stores that data in the cloud, "essentially logging the locations of unsuspecting individuals" when they stroll past. The complaint, a would-be class action filed in a Florida court in January, was this week transferred to the Northern District of Illinois, docket records viewed by The Register showed. It's one of three lawsuits filed after infoseccer Paul Moore and a "hacker who goes by Wasabi" both publicly alleged that Anker was not storing and securing people's information the way it said it would. All three suits allege Anker falsely represented that its security cameras stored all data locally and did not upload that data to the cloud. Moore went public with his claims in November last year, alleging video and audio captured by Anker's eufy security cams could be streamed and watched by any stranger using VLC media player, that famed open-source fave with the white-and-orange-striped traffic-cone logo. In a YouTube video, the complaint details, Moore allegedly showed how the "supposedly 'private,' 'stored locally', 'transmitted only to you' doorbell is streaming to the cloud - without cloud storage enabled." He claimed the devices were uploading video thumbnails and facial recognition data to Anker's cloud server, despite his never opting into Anker's cloud services and said he'd found a separate camera tied to a different account could identify his face with the same unique ID. The security researcher alleged at the time this showed that Anker was not only storing facial-recog data in the cloud, but also "sharing that back-end information between accounts" lawyers for the two other, near-identical lawsuits claim.
Regards
mudtoe
join:2005-10-09
Cincinnati, OH

1 edit

5 recommendations

mudtoe

Member

Re: Eufy sec cams "ignore cloud opt-out,store unique IDs" of anyone who walks by

I don't own one of these, but per my comments in another thread, I have my firewalls set to block all outgoing connections to the internet from any of my cameras, and they are only accessible from the internet via a VPN (i.e. no open ports on the routers).

If you buy a camera that says it doesn't upload to the cloud or at least can be setup not to, the first thing you should do when you get it is to configure your firewall such that the camera can't make outgoing connections to the internet. If it refuses to function under those firewall rules, then you should send it back.

The only thing a non-cloud enabled camera should ever need from the internet is time synchronization services if you want to timestamp your recordings, and you can provide that to a camera by using a local LAN NTP proxy server so that the camera doesn't need to directly access a time server on the internet.
MorpheusUK
join:2003-09-09

2 recommendations

MorpheusUK

Member

Unfortunately for the doorbell at least it needs an internet connection to view any footage, it wont work on the LAn alone. Plus if you want to viw thumbnails with notifications it again proceses these through its servers. I am pretty sure it stated pretty clearly that the thumnails for notifications at least went through there servers online for distribution but I don't think they were retained according to what i recall it claiming.

I also have a Tapo indoor camer and that wont allow any thumbnails without a subscription for notifications even though it also in theory only stores data locally.