While all those points are valid, it is introducing a lot of complexities to introduce those features. Those features would be understood only by a fraction of the customers and could be implemented properly by even less.
But let me try to address the different points mentioned.
First: the Reddit article is from November 2017. We have already addressed most of those points.
Are we using 3rd party called ThroughTek: Yes we are.
to transfer video: False. Used to do live streaming only, I’m pretty sure, Live streaming is initiated only by our cloud and ThoughTek cannot start a live streaming session by themselves but I need to verify that particular point.
video transferred securely: We are encrypting the channels for the communication between the camera and the AWS server. I did not verified the implementation but I’m pretty sure that the actual transfer of the content goes straight from the camera to AWS.
Using NTP servers in Russia: does it really matter which server is used to get the time?
Why are we not using an S3 bucket that you are providing? Several reasons.
- very few people would really take advantage of this feature and would not want to pay the cost of the S3 storage.
- the setup of such a features would be everything but trivial.
- you would gain an understanding of how the storage of the videos are taking place, which for the moment is not documented anywhere and provide therefore some level of obfuscation. One thing is that we are not storing the videos by users so we would have to create also alternate ways
- If we decide to change the storage implementation or decide to move from AWS (out of S3) to Azure, then we are stuck. And we are looking at some drastic changes in the back end in the near future.
- We have no way to assure the integrity of the videos because now, someone else than us has access to the files and directories.
Providing your own encryption:
Extremely complicated and beyond what most people are comfortable setting up. More over, if we are using a 128 bits key and you are using a 128 bits key. What would it make your key more secure than ours?
It would reduce the impact in case of an attack but would not make it more secure if you are targeted.
Access to AWS logs: for the moment, all the cameras are processed together. Giving you access to those logs would defeat any privacy attempt. We would have to use a separate account for each user to be able to do so. This is not scalable.
There are ways to provide transparency without having to open up the system the way you are requesting. For example, we could have a log that would allow to see every connection attempt. We can flag new IP and MAC addresses that would try to operate on a given account. We could even imagine features like blacklisting of IPs based on geo location or other criteria. This would be more constructive approach more the overall customer base.
The thing is, we are being asked to open the system up and down, left and right but I have not seen a single product on the market that offers that level of flexibility or that went to the level of effort to provide information and made changes to reassure users that we are taking privacy extremely seriously. We even bet the company by not accepting a round of investment that would have not favorably served our customers.
If beyond that you still feel that Wyze is too “unsecure” for you, then this your own decision and there is not much we can do or say that would change your mind and Wyze might not be the camera for you.
In this case, I wish you good luck in finding a commercial residential product that would offer you that level of security related feature. If you know one, please let me know as I would be very interested to learn about it.