Anker's Eufy deletes privacy pledges – time to disable cameras?

[German]The Anker subsidiary Eufy seems to have removed statements regarding data privacy and the use of surveillance camera data from its documentation and corporate website. This was reported by The Verge, which had asked the provider about the matter. The whole thing follows a case in which a British security researcher had uncovered "irregularities" in Eufy Door-Bell security cameras.

Anker Innovations was founded by Google employee Steven Yang. The company is based in Shenzen, China. I was familiar with Anker as a provider of charging technologies, but there are other sub-brands like eufy.

Eufy failed on surveillance cameras

At the end of November 2022, I had reported in the blog post Anchor Eufy Door Bell security cameras with vulnerabilities, data transferred to the cloud, Homebase 2 also has vulnerabilities about the fact that the manufacturer's productsis critical in terms of data protection. British security researcher Paul Moore had bought an Eufy Door Bell security camera and then discovered that, contrary to the manufacturer's claims, it was storing the recorded video images in the AWS cloud. The manufacturer responded with statements and a firmware update.

The statements explained the upload of video images to the AWS cloud with a setting: the cameras send thumbnails of the camera images to a backend server in the Amazon Cloud (AWS) so that users could see push notifications in the Eufy app. Those who did not use this option would not have data uploaded to the cloud. A firmware update should also ensure that this upload cannot be accessed by unauthorized third parties. In addition, the manufacturer promised to adapt its documentation accordingly. It all sounded very promising and I even added the statement to the article linked above.

Eufy and data privacy policy

It was a tweet and this article I saw the days that immediately caught my attention. In the article, The Verge writes that Anker subsidiary Eufy has removed ten privacy promises on its websites after the medium inquired with the company about inconsistencies. The Verge had also come across the security researcher Paul Moore and his findings, which I quoted above.

After an article to this effect was published by The Verge, the medium tried to get a statement from the manufacturer Eufy in response to a list of questions. But the company did not respond to these requests. Then, when The Verge writer checked the Eufy privacy page, he noticed that a number of statements that could still be found there on December 8, 2022, have been deleted. The Verge lists the changes in this article.

Now every user of eufy products must decide whether to continue using them or follow Android Central's recommendation and decommission the cameras for privacy reasons.