Great security

Great security cam :rofl: :rofl:

3 Likes

Oops…

1 Like

Boom! Getcha summa that, Eufy. :slight_smile:

And Wyze’z iz ‘encrypted in transit, not at rest’ (on the AWS servers?)

Which means it would be possible for an employee with access privileges (operating outside company policy) to view them on the server? Is that right? :thinking:

1 Like

To me, the biggest issue was the lying for so long.

They did encrypt the video streams to phones, but they didn’t encrypt their web-streaming, so if someone figured out the correct link to use, then they could view it through VLC. It was a lot more complicated to “guess” this address than people make it out to be, but regardless, Eufy’s now fixing that, so it’s no longer an issue.

The pictures on the server were the thumbnails that came with the notifications if someone selected that option, so of course those couldn’t be stored locally if the thumbnail is coming as part of the notification. I honestly thought common sense should’ve told everyone that. :man_shrugging: So I am surprised anyone made a big deal about the notification thumbnails not being local. I don’t think that’s really possible.

In the end, Eufy definitely needed to make changes, but their only serious shame here was the lying and denial IMO. But at least they finally came clean and answered the Verge’s questions better.

3 Likes

Pfft. Bloated metaanalysis.

What about what I said??

Crisp. Concise. Incisive.

That’s what the user wants. :grin:

Also, for those who may care, should Wyze receive a request for stored footage from authorities, and they choose to comply, footage will be in a usable form: unencrypted.

‘Secure in papers and effects’ is quaint, I know, but still. :slight_smile:

1 Like

Critters don’t care, they all have fake I.D.'s and endless alibis.

That’s okay, in about five years Wyze will be offering gait analysis :walking_man: to cook their geese! :laughing:

Since you brought up the subject, I continually advocate to Wyze, that since they say one of their founding principles is to be friends with users, that they need to make a policy where, if they receive a court order (subpoena or warrant) that involves a user’s data in some way, they will message that user to inform them about it, unless the court order specifically forbids them to do so with some kind of gag order. We understand they have to obey the law, that’s reasonable, but if they want to act like friends, this would be one way to do it. I would expect my friend to let me know if law enforcement took something of mine from them, even if it was just too try to find video footage off my cams of who broke into my neighbor’s house across the street and had nothing to do with me. A friend would still let me know.

I’ve brought it up multiple times (such as in an AMA), but so far, no official response. :wink: I am sure it is something nobody feels they can answer or promise without consulting with legal first. Plus, not committing to gives options of discretion. They might be willing to let some people know, but what happens if one user is seriously harming people? Alerting them about a court order could trigger the user to do something rash before the cops could act to save lives, etc. (On the extreme side, imagine the wrong guy is notified about the warrant, so hurries and detonates a bomb or something before police react). Then Wyze would get blamed. So, while it might be nice for some of us, it could be devastating in other situations and the company may not be given enough info to reasonably discern which situation is which, so it might be better to do as every other company and not get involved. It sucks, but I understand the hesitation.

I think Wyze is moving more and more toward local storage though. On the newer cams, without cam plus, law enforcement can’t court order Wyze to turn over any video, because they don’t have it. The order would have to go through you. No more surprises or passing information in secret. Honestly, that’s a big plus. I’m not opposed to sharing videos to help with something like catching who breaks into my neighbor’s house or whatever. I just want to know about it as a minimum courtesy. If they just ask me, if even do the work to find it for them or whatever. At least as long as it’s not a witch hunt against me. :joy:

I can wish Wyze would commit to telling me about court orders, but I can understand how legally risky that could be for them. I do like the move to be more toward local storage… But I like the cam plus AI features too much to go all local right now :joy: Maybe some day Wyze will offer a local central AI processing hub of some kind. :slight_smile:

3 Likes

Thanks for the rundown, brother, and thanks for actively advocating that Wyze honor their founding principle.

Also, from what I’ve read, requests by authorities for footage are often complied with informally in the industry (no court order required.)

I’m curious, why not just store the footage encrypted (since it’s arriving that way anyhow)?

It makes it seem like an unexplained and curious CHOICE they’re making (like not providing a microphone kill switch in the software.)

Incidentally, I think Wyze says they have no way of viewing your live stream. Is it more nuanced than that?

I do not have all the answers. However, full encryption can make it nearly impossible to have certain kinds of features, which also upsets people. For example, look at everything you lose if you just choose to do End to End Encryption for your videos with Ring:

I imagine Wyze would have to rewrite their app and lots of their services and take away major functionality just to satisfy a minority of users. It would be better to make it optional like Ring does, but man do you lose a lot…

3 Likes

Lol, I suspected maybe a tradeoff like that, but not that long a list. Thanks. :slight_smile:

1 Like

Keep in mind that wyze is a Chinese owned company. The authorities may be a broad term. Without open source, consider all the data your cams collect to be insecure and shared freely with authorities you didn’t elect.

This is not accurate. Wyze is a purely US BASED company. This has been addressed many times by Wyze.

Like other companies, they have various suppliers (yes, more than one, and believe it or not, not all in China as I discovered when I audited the public shipping ledgers). And while many of Wyze’s hardware suppliers or business partnerships are based in China, they are separate, and Wyze maintains full control over their server, Firmware, software, etc in the USA, not China.

There is no personal data being shared with the Chinese government. They have no access to Wyze’s firmware, software, or servers. This has been pretty well debunked as patently untrue countless times. Any evidence to the contrary is welcome to be discussed in more detail in the related thread on the topic over here:

5 Likes

Then I may have read the same rhetoric however the balance of my post stands. Ring is an example where such a thing has gone bad with employees watching users video. I once got a message from Roku saying that my device wasn’t continuously plugged in to power and that my experience would be better. This due to the acr with the built in microphone. If you have one of these devices installed in your home, it is trivial to eves drop.