If you buy a security camera for your home these days, your probably in one of two camps. One, you want the full cloud solution with access to your vision at all times. Or, two, you don’t want a bar of the cloud, and you want all your images and cameras private and using local storage at your home. Eufy has been the brand getting the most traction in the second category – but that privacy claim has been blown out of the water in the last two weeks.
Security Consultant Paul Moore purchased some Eufy cameras and while testing them discovered something very wrong. His “locally stored” images were in fact saved to the cloud.
His videos detailing this are quite comprehensive, first when discovering it, and then when proving that it wasn’t even just a simple failure.
In simple terms, Mr Moore purchased the Eufy products on the basis that they were all about local storage, and privacy, without any use of the cloud.
Eufy’s website is clear on this:
But Paul Moore sees it otherwise:
What Mr Moore’s research reveals is that a thumbnail of your camera’s view just before someone comes into frame is stored on the cloud, as well as a headshot of the person who walked into frame of the camera.
More troubling still is that the image appears to give a “user ID” number to each face, suggesting some form of facial recognition too.
Eufy responded to Mr Moore, saying the data was stored for notification purposes, and was deleted after 24 hours.
What this means, as I read it – is that the images are sent to the cloud, to allow for a “rich notification” to be sent to your smartphone. You know those notifications with images in them? That kinda thing. Great feature, but if it needs the cloud, and the user didn’t want the cloud, you’ve got some issues.
Perhaps more worrying than all of that, it’s also revealed by Mr Moore that his camera’s stream can be viewed unauthenticated with just a URL using VLC player.
Now, it should be clear, how someone obtains your stream URL is a tough call – likely near impossible, but the fact that it is a URL that is without authentication leaves it open to a severe breach of privacy.
Unfortunately for Eufy, this isn’t their first privacy drama. In early 2021 Aussie families discovered they were viewing the wrong cameras on their app, with a bug in the Eufy system switching users cameras to other accounts causing a solid privacy worry for a lot of owners.
Eufy has a great reputation among owners of it’s products, they are priced well, and offer this local solution without subscription.
However, the fact their engineers needed to use the cloud when their marketing claimed the product used local storage is cause for concern among existing and potential users.
For me, if privacy is a concern, I’d be sticking with Uniden for a local storage based solution, and Arlo for the best local or cloud based solution.
We’ve got some Eufy products in for testing, we’ll check them out for camera quality and features for sure, but any recommendation is going to have to be couched in these privacy concerns.
Trev is a Technology Commentator, Dad, Speaker and Rev Head.
He produces and hosts two popular podcasts, EFTM and Two Blokes Talking Tech. He also appears on over 50 radio stations across Australia weekly, and is the resident Tech Expert on Channel 9’s Today Show each day and appears regularly on A Current Affair.
Father of three, he is often found down in his Man Cave.
Peloton is the latest company to introduce AI to its portfolio with AI-powered coaching, known…
Ahead of the launch of their XBox ROG ALLY handhelds later this month, Microsoft have…
Basketball is incredibly popular among kids of all ages, but for many, the more advanced…
Google has announced an updated range of Nest devices overnight, including new cameras, doorbell and…
Beats has today introduced the Powerbeats Fit, the next generation of the Beats Fit Pro…
Basketball, the NBA and the NBL are rocking Melbourne this weekend with Zion Williamson's New…