Two tech YouTubers accused the company eufy of using images of users without their consent. The images are said to land unencrypted on a server where theoretically anyone could retrieve them. These allegations caused a significant uproar. Now eufy has spoken out and addressed the accusations. In communicating with customers, eufy admits to having made mistakes, but firmly denies all accusations regarding security.
What is it actually about?
- eufy belongs to the company Anker and manufactures security cameras, digital door locks, and other devices.
- A YouTuber examined a product and found that eufy stores camera images on unencrypted servers.
- The well-known tech channel “Linus Tech Tips” subsequently stated that they would never collaborate with Anker again.
Now eufy Security has commented on the allegations. There are both a statement regarding the “eufy Security app” and the security of the devices.
Thumbnails are briefly stored on the cloud, eufy apologizes for communication
How did eufy respond? The company behind the security products has published two statements. The first statement was already released on Wednesday, November 30. The second statement followed on Friday, December 2, 2022.
What does the first statement say? In the first statement, dated November 30, 2022, they address the concerns about the images found on the servers:
eufy Security is designed as a local home security system. All video footage is stored locally and encrypted on the user’s device. The facial recognition technology of eufy Security is also processed and stored locally on the device. Our products, services, and processes fully comply with the applicable standards of the General Data Protection Regulation (GDPR), including certifications ISO 27701/27001 and ETSI 303645.
To provide users with push notifications for their mobile devices, some of our security solutions may display small thumbnails of videos that are securely hosted for a short time on an Amazon Web Services (AWS) based cloud server. These thumbnails utilize server-side encryption and are set to automatically delete. They comply with all standards of Apple’s Push Notification Services (iOS app) and Firebase Cloud Messaging (Android app). Only after users have securely logged into their eufy Security account can they access or share these thumbnails.
Although our eufy Security app offers users the option from the start to choose between text and thumbnail-based push notifications, it was not clearly communicated by us that selecting thumbnail notifications means that the thumbnails are temporarily hosted in the cloud.
This lack of communication was an oversight on our part and we sincerely apologize for this mistake.
Official statement from eufy security, dated November 30, 2022.
What does the second statement say? In a second statement, they address the accusations that eufy products are not secure. However, eufy firmly rejects the allegations against the products. Here eufy explained about the allegations:
eufy Security categorically denies the allegations against the company regarding the security of our products. However, we understand that the recent events may have caused concern among some users. We regularly review and test our security features and seek feedback from the security industry to ensure that we close any credible security gaps.
If a credible security gap is identified, we take the necessary measures to address it. Furthermore, we adhere to all relevant regulatory authorities in the markets where our products are sold. Users can contact our dedicated customer support team at any time with questions.
What happens next? Eufy also stated that they want to improve communication. Additionally, they intend to better inform users in the future that the small thumbnails must be stored in the cloud so that they can also be displayed to users. They want to work on this.
A user can only play with a new gaming PC after finding a nasty hidden error
