Does Wyze share cam videos with police w/o a court warrant?

Cameras
1

Amazon/Ring has been exposed by Politico for sharing camera videos with police departments upon request, without a court warrant, and without notifying the customer. Ring has even furnished an app to over 2000 police departments to make it even easier for police to spy on their customers.

Where does Wyze stand on this? Does Wyze give up its customer cam videos without a court order? If not will Wyze publicly take a stand against this practice by condemning Ring/Amazon?

1 Like
2

Amazon\Ring has been made famous for a very long time for their “partnership” with local law enforcement. The Politico article was simply a rehash of already known practices going back years to illustrate the current “blurryness” of online video\data privacy in the iOT sector and the lack of definitive privacy protection legislation in that market segment.

The real problem the article highlighted was not the legal requirement of iOT companies to comply with legally binding Judicial orders, it was the ease of law enforcement in obtaining these orders from liberal Judges who have no respect for the expectation of personal privacy.

This question has been asked many times in the past. The response has always been that Wyze does not share user video content or account information with any organization outside of Wyze or their infrastructure service vendors without proper legal standing.

Screenshot_20230311-113708-838
Screenshot_20230311-113708-8381080×1225 121 KB

From:

Screenshot_20230311-114031-596
Screenshot_20230311-114031-5961080×873 66.3 KB

From:

5 Likes
3

Thanks for sharing this policy stuff. Unfortunately there are also no solid guarantees in this world that this policy will continue well into the future. Nor can I take a great deal of comfort based on Wyze’s own history of sharing customer video files with China. Hard to say which is worse: Amazon sharing customer video files with US law enforcement or Wyze sharing customer files with the CCP. Other tech industries also have a nasty habit of violating customer privacy. As an example, there are several examples of “non-logging” VPNs who forwarded DMCA notices to their clients for torrenting copyrighted files. They had a hard time explaining how they knew who to specifically forward them to if they weren’t logging their clients. So, yeah, as much as I’d like to believe Wyze guarantees our privacy, I’ll also approach this with a heavy dose of skepticism.

4

Just as long as they don’t share videos with animal control I don’t care. My :raccoon: :raccoon: :raccoon:, :skunk:, :cat2: and possum friends choose not to deal with showing their papers.

5 Likes
5

The article link you provided presents no evidence whatsoever that Wyze shared video files with companies in China. In fact, it is clear to state that it was, and still is, speculation. It also specifies that Wyze did have platform infrastructure partners in China that it did use for routing services. To imply that the article states anything more is simply wrong.

Again, pure undocumented speculation on your part.

Applying the behavior of other tech industries to Wyze or any other unrelated company to justify your position is misguidance and misdirection. It has no relevant bearing on the Privacy Policies under which Wyze, or any other iOT company, operates.

Perhaps Wyze products, or any other internet based IP Cam system isn’t in your best interest. I would suggest a local server closed circuit DVR system.

5 Likes
6

SlabSlayer addressed most of the post pretty well (even the article writer says there is no evidence any information was shared with 3rd Parties. Wyze has long been known in the past to contract with different 3rd parties for different things like using ThroughTek (a common company used for IoT authentication), but never to send them person info, just streaming authentication (my understanding is that Wyze has mostly switched to doing things through WebRTC now). Or using Braze or Segment for their analytics integration to figure what parts of their app are working or confusing to users, what they can improve, etc. They’ve been fairly open about a lot of that and they are not selling anyone’s private information or anything. Even in this article, the writer admits that Wyze did clarify that they were not giving out anyones’ personal information. Claims to the contrary would need to be presented with some kind of evidence, of which, there isn’t any.

I do want to mention something on this though:

Since it is only indirectly related to the topic at hand, I will collapse my response into a detail tag so it is easily skipped by most people who came to this thread looking for stuff about Wyze’s sharing policy.

VPN Leaks & Limitations Explained and collapsed for easy skipping:

Most of the time this has happened, it is likely not the VPN that cooperated with anything, and more the fact that too many people don’t understand the limitations of different VPNs. It is true that a VPN can hide your activity to a degree, but you can also end up revealing your identity in countless ways that VPN’s don’t protect you from and in a way that you are not 100% anonymous.

Things to consider:

  • While packets to and from your device are indeed “encrypted,” your ISP (or gov, etc) can STILL execute a network correlation attack to deanonymize you. This is done a lot more than people realize/think all over the world. In order to maintain half their reason for existing, some of the best VPN’s have been forced to try to combat this with new features where you can enable different levels of “Decoy Traffic” between your device and VPN server, but it has it’s own share of drawbacks when you are generating Gigabytes of fake traffic (especially on an ISP like Xfinity or Starlink that has a Data Cap). The more decoy traffic, the more difficult to execute a network correlation attack to deanonymize you, but the worse your side-effects will be too. It’s also hard to gauge how effective this mitigation is. Nobody really knows for sure at this point. We only know that Network correlation has been proven repeatedly as a successful method of deanonymization irrespective of VPN’s or TOR. This is one way they have demonstrably figured out who is doing what when a no-logs VPN is involved. AI will be able to do this even more effectively–hence why people are cautioned not to rely on Decoy Traffic to make them feel safe.
  • Browser/Device/machine/user Fingerprinting is another HUGE thing going on lately to identify people who think they are anonymous, but aren’t. It doesn’t matter anymore if you use a private tab blocking ads and cookies, and scripts etc with a VPN’d IP address…they can still figure out who most people are since the majority of people don’t understand what info is gathered for all this. There are ways to combat it, but 99.99% of people don’t even know how, let alone do it. There are dozens of variables like Software versions, screen resolution, make/model, MAC address, countless things that are still leaked through and not changed by [most] VPN’s and when a only a few of them are combined it basically flawlessly identifies a user all across the internet.
  • A lot of VPN’s actually LEAK data (IP addresses, DNS requests, Geolocation, WebRTC, etc) a lot more than people realize
    • Using WebRTC while using a VPN can actually compromise VPN connections
    • DNS hijacking
    • Most people don’t realize that their devices still broadcast their GPS/location with their traffic and don’t bother to spoof their GPS
    • IPv6 and dual-stack networks are vulnerable to VPN data leaks. “almost all VPN service providers at that time (and still today) are ignoring the IPv6 routing table. So all IPv6 traffic bypasses the VPN gateway interface — that means no VPN tunnel for IPv6 traffic. Additionally, VPN services that only consider IPv4 will also ignore the IPv6 DNS lookups and ultimately expose DNS information.”
    • Some older protocols (PPTP with MS-CHAPv@) can be broken with simple Brute Force, and others have other vulnerabilities.
  • VPN’s not “logging” is a minimal practice that is not good enough. In some cases Keys can still be recovered from confiscated servers, some may not have short lived certificates and keys with a short expiry or get rotated regularly, Often server certificates don’t have uniquely identifying Common Name + SANs, or client configurations are flawed, particularly in their metadata.
    • Note: Some time ago, NordVPN’s server certificate + key was publicly leaked after a breach. They downplayed it but others have demonstrated how easy it would be to use that to impersonate one of their servers for a whole year and gather any info they wanted. Similar issues of how possible it is to gather allegedly “anonymous” traffic from “non-logging” VPN’s have been demonstrated for TorGuard, PIA, Surfshark, ExpressVPN, and others.
  • Free VPNs nearly all log even when they say they don’t, so they can sell it for marketing (you are the product and paying for it in a diff way).
  • In some cases, VPN’s are REQUIRED to save logs, whatever they say. In some cases it can depend on what server in which country you are connecting to. China, Russia, and Sweden definitely require logs for 6-10mo, and I wouldn’t trust using a server in any Five-eyes country if you’re really concerned about logs.

Bottom line: VPN’s shouldn’t be relied on for anonymity. They do give extra privacy and particularly security, and they are worth having and using, especially in public places, but if you want true privacy, it takes a lot more work than just running a VPN to change your IP address to something else. That is a huge false sense of security.

The above are reasons why “torrenters” and others are occasionally surprised to find out that they weren’t actually as anonymous and “Safe” as they assumed.

I don’t think most VPN’s purposely violate customer privacy, it’s just that the majority of them are not actually doing the things people THINK they are doing. Contrary to popular belief, they aren’t preventing traffic from being deanonymized. Most aren’t using decoy traffic. Most don’t spoof the Location/GPS, most aren’t cycling a spoofed MAC address with every single connection, most can’t do anything about the amazingly accurate fingerprinting techniques, etc. They aren’t being malicious, and in some cases they aren’t being incompetent (in some cases they are)…they just aren’t actually a good “anonymizer” if that is one’s goal…so…don’t use them with the intent to do anything “illegal” since they don’t actually really protect you that way…I mostly recommend them for use against hackers and snoops on public networks.

3 Likes
7

Any and everybody in business and government misrepresents the full privacy reality these days.

It’s ‘legal.’

Or maybe more precisely, it isn’t illegal.

1 Like