Wyze App is Tracking you

Parenthetical question:

You pulling that expression from films of the 2000s or are you reaching all the way back to Janis Joplin’s backup band by the same name in 1974?

1 Like

A few years earlier… She was a little stiff in '74. :slight_smile:

2 Likes

Oop. Yeah.

image

4 Likes

A wildcard is app parts running in the background to serve notifications. I don’t have a lot of these outside of Wyze’s (which are reported as tracked by DDG.)


BTW, I have sympathy for the ‘don’t-screw-the-independent-developer’ and ‘we’re-tracking-to-improve-app-performance-which-you’re-always-complaining-about’ arguments.

I guess I just chafe at this:


Also, I was a little hostile to this gent (both now and in the past) for which I apologize…

I do mean this sincerely

  :slight_smile:

For what it’s worth, here is the privacy policy for segment.io, specifically as it pertains to their customers (Wyze) and their end users (you) and how their data is used. It explicitly states that your data will not be sold to 3rd parties.

Twilio Privacy Notice

As for Braze, their publicly posted privacy policy is specifically about their use of their customers’ data (Wyze’s data) and it explicitly says that there are separate end user privacy policies for each customer. So unless Wyze has made that privacy policy available, we don’t know what’s in it. That said, I’ve been a software engineer for 20 years and this type of API development and mobile integration is my bread and butter. Segment.io and Braze aren’t much to worry about. GDPR and CPPA have changed the game and transparency is now the road of least resistance.

I’m far more concerned about Wyze’s fumbled response to that camera vulnerability than any analytics SDKs they implement. That said, from an infosec standpoint, a company that has one large breach in their past is far more likely to be taking security seriously today than a company that claims to have a clean record (which is usually a company that simply hasn’t noticed their own vulnerabilities). I still have my wyze cams in the yard, even with my disproportionate paranoia.

If you don’t need location based rules, turn of the location permission. If you want to block analytics services with DuckDuckGo, by all means do. Want to throw your Wyze cams in the trash? Go for it. No one should do anything that makes them feel unsafe. I’m not too concerned about the analytics myself.

6 Likes

Hey RyFy

Are you suggesting that because of this:

their statement in response to the current event may be more credible?

Thanks for weighing in…

Cheers -peep


Nosey Trackers Everywhere :thinking:

But why do they need my gps coordinates?

Location permissions are set to not allowed.

Given the verbiage and that the list in every screen shot in this thread for braze/whatever is the same number of items, I’m guessing that it’s not saying “Braze attempted to collect this info”, but rather is saying “Braze attempted to collect info. It is known to collect info such as…”

It could have just pinged for your advert id 17 times.

Likewise, if you have (android) location permissions set, then (unless something is wrong with android rather than wyze/braze/whatever) your location isn’t being sent anywhere even if it did ask for it.

Honestly, though, I’m sticking with the idea that duckduckgo is telling you what that company/API/whatever is known to collect; not necessarily what it’s attempting to.

As to why Braze/Wyze/Segment/whatever needs to know your GPS coordinates and therefore may be running something that is known to ping for it- many, many people use the location-based triggers/rules available in the wyze app. Location-based triggers are awwwwwesome, though admittedly I try to limit my global/“always” location permissions to google since they’re gonna know anyway. But still. Having walkway/hall/kitchen/driveway lights come on whenever you arrive home after dark is something everyone should have.

1 Like

@peepeep I have no firsthand knowledge of Wyze’s actual efforts. Only that in general, companies who store PII and have a very public security issue will take steps. I would be willing to make the statement that users who purchase Wyze products a year from now will enjoy a more secure experience than those of us with data currently in the system, but that isn’t even worth saying as even the barest minimum effort from Wyze would make that technically true. “Safer than before” isn’t the same as “safe”.

LastPass had a large breach or two and they are still one of the most reputable and secure options for consumer password management. Whether to use a password manager is a decision on the same level as whether to trust a company after they’ve had a breach. There is more than just the obvious to consider. Storing all your passwords in one place seems like a bad idea, but if you are using it correctly (generating unique, secure passwords for each individual service) then you are removing a lot of the risk of having to keep track of 50 different passwords on your own (reusing passwords, maybe writing them down to remember, saving them to your browser, etc). The end result is that using a password manager generally yields a net positive effect despite what may seem on it’s face like a security risk. Likewise, trusting a company that has had their eyes open to security in a very real way and is taking steps to mitigate risk for their users and themselves can have a net positive effect over trusting a service that claims to have no security flaws (no such service exists).

But, as everything, it’s situational. I don’t advocate giving any organization the benefit of a doubt where your privacy is concerned.

2 Likes

But if you look at the explanation provided by the Forum maven, he explains that the Segment io is only collecting and sending how I use the app screens, NOT enabling location based functionality.

My whole reason for starting this thread was because I don’t believe the reasons given for using segment.io. And none of the response explains why they are using an app specifically designed to grab information from your device that Wyze doesn’t need and shouldn’t have.

I spent 40 years in IT, most of that time managing application development. When you have a backend server that’s already configured to interact with both the cameras and the application on your device, it’s literally just a few lines of code per screen to collect how users are using each screen, and a periodic upload of data.

Most of the fields segment io has access to, you CAN’T limit access to. Some data you might be able to limit like GPS. And why is Segment io attempting to access data 500+ times in a week, which is at least 15 times more than I access the app. Yes it could be retrying because it was blocked, but that’s still 70+ times a day.

So IMO either the explanation from Wyze is incomplete or it’s just bogus.

2 Likes

Thanks. That makes sense.

What could possibly go wrong (or right, depending on who is the product)

[Mod Note]: Warning: Video contains profanity.

8 Likes

Take a deep breath, bend over and kiss your lass goodbye. You’re gonna miss it.

Good to see my lass leave. I was tired of her.

Hasn’t been herself lately.

1 Like

Excellent reply and assessment. Thanks much for your time and for sharing of your insights.

1 Like

I’m a web developer and in my project we also integrate segment.io for analytics and out of the box it tracks all the device properties you see listed.

This could be useful for troubleshooting issues and to analyze the bulk traffic.

However, I can’t assure you that this data is not being shared with 3rd parties.

1 Like

Hey Zeca

Are you in substantial agreement with the OP here:

1 Like

So much time spent to defend the indefensible. You either work for them or Blaze etc or. Just a typical fanboy who has zero care about others.

1 Like