Anker’s Eufy has been under intense scrutiny over the past two months, with its cameras being revealed not only to boldly lie about “local-only” storage but also to have glaring security holes that the company refuses to acknowledge. Now, the company is removing those promises from its website.
To recap the situation thus far, Eufy has been advertising its security cameras and doorbells as “local-only” products, with footage stored outside the cloud to protect your data. It was a killer pitch, but one that turned out not to be true.
In November, a security researcher discovered that Eufy cameras were sending data to the cloud, including full-resolution images and facial recognition data, and it was later discovered that livestreams from the company’s cameras could be accessed, unencrypted, through third-party media players such as VLC.
Eufy has continually downplayed and even directly denied many of these claims, despite clear evidence showing otherwise, but it has started to change its marketing.
Not long ago, Eufy updated its apps to show a disclosure about some data being shared to the cloud, and as The Verge now notes, it has also removed much of the marketing material on its privacy commitment page that previously claimed that data was “local-only” and using “military-grade encryption.” It’s been found that Eufy has removed at least ten statements regarding its privacy commitment over the past several days including:
- “To start, we’re taking every step imaginable to ensure your data remains private, with you.”
- “[Y]our recorded footage will be kept private. Stored locally. With military-grade encryption. And transmitted to you, and only you.”
- “Here at eufy, we’re not just all talk and no action.”
- “With secure local storage, your private data never leaves the safety of your home, and is accessible by you alone.”
- “All recorded footage is encrypted on-device and sent straight to your phone—and only you have the key to decrypt and watch the footage. Data during transmission is encrypted.”
- “There is no online link available to any video.”
- “You need to use Eufy software and your account to decrypt the clips for viewing. No one else can access or read this data.”
- “For Your Eyes Only”
- “Peeking Prohibited”
- “Everything In-House”
The page also clarified the page to reflect that videos are stored in the cloud, adding that “your video recordings will not be viewed, shared, or used by eufy for any other purpose.” The company also removed a Q&A about not sharing footage with law enforcement agencies.
But Anker (Eufy’s parent company) is still refusing to answer questions regarding these glaring privacy holes and has yet to publicly acknowledge the situation, with Eufy’s official Twitter account being ominously quiet for the past two weeks.
As we’ve been saying, yikes.
More on Smart Home:
- Eufy caught lying about local-only security cameras with footage sent to cloud, accessible in unencrypted streams
- What is Matter, and why are so many smart home companies supporting it?
- Google Home Essentials: Yeedi Mop Station Pro makes a case for focusing on doing one job well
FTC: We use income earning auto affiliate links. More.
Comments