[German]The app for Amazon’s Ring Camera (Ring Doorbell) shares user data, which makes the owners identifiable, with third party companies such as Facebook & Co., as the Electronic Frontier Foundation has found out.
The Electronic Frontier Foundation is a non-governmental organisation in the United States working for fundamental rights in the information age. I have just come across the following tweet from them.
BREAKING: We’ve confirmed that the Ring doorbell app on Android covertly shares personally identifiable information on its users with third-party companies, including Facebook.https://t.co/GEqylDsS9T
— EFF (@EFF) January 28, 2020
Of course, all the alarm bells were ringing here, I have worked my way through several security articles in this blog on the subject of ring cameras for front door surveillance.
Ring Doorbell camera app as privay night mare
The Ring Doorbell app is used to control the Ring Doorbell door surveillance camera. I’ve warned my German reader about this app due to a WLAN password vulnerability (see Sicherheitslücke in Ring Video Doorbell Pro verrät WLAN-Daten).
Now EFF writes that the ring camera is not just a product that allows users to monitor their neighbors. The company also uses it to monitor its customers. An investigation of the Ring Doorbell app for Android by EFF found that it was packed with third-party trackers. These trackers transmit a wealth of personally identifiable customer information (PII). The analysis found that four major analytics and marketing companies were receiving information such as names, private IP addresses, mobile network operators, persistent identifiers and sensor data on the devices of paying Amazon customers.
There are no anonym data
The danger with sending even small bits of information is that analysis and tracking companies are able to combine this data to get an overall picture of the user’s device. This cohesive whole represents a digital fingerprint that follows the user when interacting with other applications and using his device.
Through the trackers, the companies are able to spy out what a user is doing in his digital life and when he is doing it. EFF writes that all this happens without meaningful notification or consent from the user. This is where the lawyers will oppose, as the owners of the devices agree to the collection of their data (either unread or with flying flags and voluntarily) when they are put into operation.
The semantics of EFF assessment is therefore based on the word ‘meaningful’, because users simply do not grasp what they are doing. And in most cases there is no way to mitigate the (privacy) damage caused, as EFF writes. Even if this information is not misused and used for the exact purpose stated (in most cases marketing), this can lead to a whole range of unpleasant consequences.
The EFF writes that Amazon subsidiary Ring has shown a pattern of behaviour that is already trying to mitigate possible criticism while at the same time benefiting from the wide range of customer data available. This has been achieved by bringing the image of the safe home to the attention of the public and buyers. At the same time, Ring was able to benefit from a surveillance network that gives police forces unprecedented access to citizens’ private lives. It was sold just like that: Share your surveillance camera data with the police to solve crimes – I had picked this up recently in the German article US-Polizei kann auf Amazon Ring-Videos zugreifen.
Among consumers, this image has created a sense of trust in the ring as a provider (these are the good guys who protect me). But this image is slowly being shaken by the numerous security holes that have been discovered and by the now notorious way the app works. EFF’s clear statement: Ring not only mismanages consumer data, but also deliberately passes this data on to trackers and data miners. Beware of the shiny new world of Internet of Things (IoT).