Great security

Great security cam :rofl: :rofl:

3 Likes

Oopsā€¦

1 Like

Boom! Getcha summa that, Eufy. :slight_smile:

And Wyzeā€™z iz ā€˜encrypted in transit, not at restā€™ (on the AWS servers?)

Which means it would be possible for an employee with access privileges (operating outside company policy) to view them on the server? Is that right? :thinking:

1 Like

To me, the biggest issue was the lying for so long.

They did encrypt the video streams to phones, but they didnā€™t encrypt their web-streaming, so if someone figured out the correct link to use, then they could view it through VLC. It was a lot more complicated to ā€œguessā€ this address than people make it out to be, but regardless, Eufyā€™s now fixing that, so itā€™s no longer an issue.

The pictures on the server were the thumbnails that came with the notifications if someone selected that option, so of course those couldnā€™t be stored locally if the thumbnail is coming as part of the notification. I honestly thought common sense shouldā€™ve told everyone that. :man_shrugging: So I am surprised anyone made a big deal about the notification thumbnails not being local. I donā€™t think thatā€™s really possible.

In the end, Eufy definitely needed to make changes, but their only serious shame here was the lying and denial IMO. But at least they finally came clean and answered the Vergeā€™s questions better.

3 Likes

Pfft. Bloated metaanalysis.

What about what I said??

Crisp. Concise. Incisive.

Thatā€™s what the user wants. :grin:

Also, for those who may care, should Wyze receive a request for stored footage from authorities, and they choose to comply, footage will be in a usable form: unencrypted.

ā€˜Secure in papers and effectsā€™ is quaint, I know, but still. :slight_smile:

1 Like

Critters donā€™t care, they all have fake I.D.'s and endless alibis.

Thatā€™s okay, in about five years Wyze will be offering gait analysis :walking_man: to cook their geese! :laughing:

Since you brought up the subject, I continually advocate to Wyze, that since they say one of their founding principles is to be friends with users, that they need to make a policy where, if they receive a court order (subpoena or warrant) that involves a userā€™s data in some way, they will message that user to inform them about it, unless the court order specifically forbids them to do so with some kind of gag order. We understand they have to obey the law, thatā€™s reasonable, but if they want to act like friends, this would be one way to do it. I would expect my friend to let me know if law enforcement took something of mine from them, even if it was just too try to find video footage off my cams of who broke into my neighborā€™s house across the street and had nothing to do with me. A friend would still let me know.

Iā€™ve brought it up multiple times (such as in an AMA), but so far, no official response. :wink: I am sure it is something nobody feels they can answer or promise without consulting with legal first. Plus, not committing to gives options of discretion. They might be willing to let some people know, but what happens if one user is seriously harming people? Alerting them about a court order could trigger the user to do something rash before the cops could act to save lives, etc. (On the extreme side, imagine the wrong guy is notified about the warrant, so hurries and detonates a bomb or something before police react). Then Wyze would get blamed. So, while it might be nice for some of us, it could be devastating in other situations and the company may not be given enough info to reasonably discern which situation is which, so it might be better to do as every other company and not get involved. It sucks, but I understand the hesitation.

I think Wyze is moving more and more toward local storage though. On the newer cams, without cam plus, law enforcement canā€™t court order Wyze to turn over any video, because they donā€™t have it. The order would have to go through you. No more surprises or passing information in secret. Honestly, thatā€™s a big plus. Iā€™m not opposed to sharing videos to help with something like catching who breaks into my neighborā€™s house or whatever. I just want to know about it as a minimum courtesy. If they just ask me, if even do the work to find it for them or whatever. At least as long as itā€™s not a witch hunt against me. :joy:

I can wish Wyze would commit to telling me about court orders, but I can understand how legally risky that could be for them. I do like the move to be more toward local storageā€¦ But I like the cam plus AI features too much to go all local right now :joy: Maybe some day Wyze will offer a local central AI processing hub of some kind. :slight_smile:

3 Likes

Thanks for the rundown, brother, and thanks for actively advocating that Wyze honor their founding principle.

Also, from what Iā€™ve read, requests by authorities for footage are often complied with informally in the industry (no court order required.)

Iā€™m curious, why not just store the footage encrypted (since itā€™s arriving that way anyhow)?

It makes it seem like an unexplained and curious CHOICE theyā€™re making (like not providing a microphone kill switch in the software.)

Incidentally, I think Wyze says they have no way of viewing your live stream. Is it more nuanced than that?

I do not have all the answers. However, full encryption can make it nearly impossible to have certain kinds of features, which also upsets people. For example, look at everything you lose if you just choose to do End to End Encryption for your videos with Ring:

I imagine Wyze would have to rewrite their app and lots of their services and take away major functionality just to satisfy a minority of users. It would be better to make it optional like Ring does, but man do you lose a lotā€¦

3 Likes

Lol, I suspected maybe a tradeoff like that, but not that long a list. Thanks. :slight_smile:

1 Like

Keep in mind that wyze is a Chinese owned company. The authorities may be a broad term. Without open source, consider all the data your cams collect to be insecure and shared freely with authorities you didnā€™t elect.

This is not accurate. Wyze is a purely US BASED company. This has been addressed many times by Wyze.

Like other companies, they have various suppliers (yes, more than one, and believe it or not, not all in China as I discovered when I audited the public shipping ledgers). And while many of Wyzeā€™s hardware suppliers or business partnerships are based in China, they are separate, and Wyze maintains full control over their server, Firmware, software, etc in the USA, not China.

There is no personal data being shared with the Chinese government. They have no access to Wyzeā€™s firmware, software, or servers. This has been pretty well debunked as patently untrue countless times. Any evidence to the contrary is welcome to be discussed in more detail in the related thread on the topic over here:

5 Likes

Then I may have read the same rhetoric however the balance of my post stands. Ring is an example where such a thing has gone bad with employees watching users video. I once got a message from Roku saying that my device wasnā€™t continuously plugged in to power and that my experience would be better. This due to the acr with the built in microphone. If you have one of these devices installed in your home, it is trivial to eves drop.