Cloud security is hard and everyone makes mistakes. To eliminate any possible data breaches in future or hacks I propose to shift whole Wyze cloud infrastructure to end-to-end encryption (E2EE).
All major cloud cameras like Nest, Arlo, Xiaomi, Yi, Ring, etc. use the same approach as Wyze - username and password hashes (tokens) stored in the cloud. So there are at least a couple admins in that companies who have full access to your recordings and can view live streams for any cameras.
In E2EE context no-one except for the user have access to video stream and cloud recordings. Even if whole cloud database is compromised, users data will remain safe.
The idea behind E2EE that besides username and password hash stored in the cloud there is an E2EE encryption key which is stored locally by user - on user phone, written on paper, etc.
There is only one (?) E2EE camera available on the market today called Haicam with a very poor hardware. They claim that “no encryption keys are stored in the cloud–this means, unlike other solutions, your privacy is not compromised if there is a security breach with your provider. Only devices you own and have installed onto the YouIPCams app can view your video.”
I think that feature will completely stand out Wyze from competitors in the long term and bring piece of mind for Wyze clients and it will be safe to put cloud camera into bedroom .
There are some cons of E2EE approach like it will be impossible to make any cloud based analytics (e.g. object detection) since all video will remain encrypted for server. But I’m sure Wyze will find a way to reimplement AI object detection on camera and not go cloud AI object detection way.
Final registration screen with master encryption key in Haicam’s YouIPCams app
P.S. Some discussions are on Reddit as well https://www.reddit.com/r/wyzecam/comments/einbjv/feature_request_endtoend_encryption/