eufy Security is designed as a local home security system. eufy records and stores videos locally when motion is detected by your device. If you subscribe to our cloud storage service, your videos are securely stored in the cloud and can be deleted at any time. Your videos will be permanently deleted from our servers according to the storage period on your plan.
To provide users with push notifications to their mobile devices, some of our security solutions create small preview images (thumbnails) of videos that are briefly and securely hosted on an AWS-based cloud server. These thumbnails utilize server-side encryption and are set to automatically delete and are in compliance with Apple Push Notification service and Firebase Cloud Messaging standards. Users can only access or share these thumbnails after securely logging into their eufy Security account.
Although our eufy Security app allows users to choose between text-based or thumbnail-based push notifications, it was not made clear that choosing thumbnail-based notifications would require preview images to be briefly hosted in the cloud.
That lack of communication was an oversight on our part and we sincerely apologize for our error.
This is how we plan to improve our communication in this matter:
– We are revising the push notifications option language in the eufy Security app to clearly detail that push notifications with thumbnails require preview images that will be temporarily stored in the cloud.
– We will be more clear about the use of cloud for push notifications in our consumer-facing marketing materials.
And for the video can be shared by a URL link and opened by a 3rd party player, please have our reply as follows:
Today, around 1% of our total users access their account via our web portal. As per our design, prior to access any information, users have to log into their accounts. The URL links can only be obtained and shared by users themselves and will only be valid temporarily. It will be a personal activity if you obtain your own URL and share it with other people. Even so, we want to assure everyone that we have improved this point – even after users obtain the URL link by logging into their accounts, it cannot be played via a third party player or shared with others to play. Moreover, we’ve closed the port of browser developer mode, to avoid a similar process as Paul Moore demonstrated in his video.
Regarding our explanations above, we also recommend you to test these details from your side then you can find out the real truth.
eufy Security is committed to the privacy and protection of our users’ data and appreciates the security research community reaching out to us to bring this to our attention.