Obviously, I disagree. In any scenario I could think of, an error like this would ultimately stem from identifiers being confused or reused, whether because of a simple coding error, or a design error where some condition was not anticipated (either by mistake, or because it’s a truly unexpected condition that’s “never” supposed to happen).
For example, I refer you to these posts:
(1) gives an overview of how Wyze cams connect, where TUTK refers to ThroughTek, a third-party company that provides the service by which phones and Wyze cams communicate. (2) describes an issue where the Wyze cams can load the wrong MAC address.
Hypothetically, what happens if two cameras somehow report the same MAC address? Could TUTK connect to the wrong camera as a result of this? Or what happens if TUTK, through some coding error on their side, simply establishes a connection to the wrong camera? In step 2/3 in the Wyze connection sequence, it sounds like Wyze runs a key exchange between the phone and camera, but does it verify that it’s the right camera, or does it just trust that TUTK did its job properly? (This paragraph is meant to be rhetorical. It would not be productive to debate these questions without the implementation details, but I bring them up as specific examples of how things might go wrong.)
As described, it seems unlikely a Wyze employee is going to be bored enough to say “is anybody there?” to an empty room. And since you mentioned aliens, I imagine the same to be true of an alien civilization that has achieved interstellar travel.
This type of issue is actually more likely at a small company, where responsibility for the entire system is concentrated among a small group, and everyone generally wears more hats and has more access. Also, a small company may not find it the best use of resources to build a sophisticated auditing system to track what employees are doing.
In contrast, a large company tends to have multiple teams with more narrow responsibilities, which makes it less likely for any one person to have sufficient visibility or control of the system.
And usually, people don’t build functionality labeled “User Surveillance”. More likely, any “spying” would be via misuse of test/diagnostic functionality. That said, for the reason I mentioned above, I think misbehaving Wyze employees are among the least likely explanations in this case.