The Anker-owned Eufy lineup of smart cameras is one of the few options available for people who would just rather have locally-stored data instead of putting everything on the cloud. Unfortunately, that cloud-free life might not be all that cloud-free.
A reported security hole in Eufy’s security cameras and video doorbells was highlighted by security expert Paul Moore. Moore said his Eufy camera was uploading pictures of his face, and identifiable user information, to the cloud, despite him not having used a Cloud Storage subscription. This was followed up by someone else mentioning that the data uploaded isn’t even encrypted, making matters worse — one of the promises of Eufy’s cameras, alongside local storage, is that whatever it does record will be fully encrypted within your device.
The reason for this? If you turn on motion notifications with thumbnails, your Eufy camera will take those pictures and temporarily upload them to a server to relay them to you. Regardless, the company will be more careful with its handling of user data, and disclose things better, from now on. In a statement to Android Central, it said that it was “revising the push notifications option language in the eufy Security app to clearly detail that push notifications with thumbnails require preview images that will be temporarily stored in the cloud.”
If you have motion notifications with thumbnails enabled, you’ll still have these images uploaded to the cloud. You’ll have to turn that option off if you want fully local recordings.
Source: Gizmodo, Android Central