A new wrinkle in Eufy’s latest privacy scandal
In recent weeks, Anker-owned smart home brand Eufy has been embroiled in scandal after security consultant Paul Moore discovered a number of potentially serious vulnerabilities that could compromise user privacy, including one particularly gnarly issue that apparently made video feeds from Eufy cameras accessible over the internet with no authentication. Eufy’s been slow to respond publicly, and now, it’s removed a number of privacy-focused statements from its website.
As The Verge reports, since December 8, a total of 11 phrases and statements have been removed from Eufy’s website, including assurances like “There is no online link available to any video” and “No one else can access or read this data.” A longer statement about Eufy’s policies surrounding providing footage to law enforcement agencies upon request has also been removed.
It’s worth noting that the removal of these statements isn’t an explicit admission that all of the removed language was false, or even necessarily misleading; it’s likely more a matter of Eufy covering its bases in case of future vulnerabilities (or indeed, the same ones Moore pointed out in November). Outside of denying Moore’s initial allegations, though, Eufy’s been quiet about the situation publicly. The Verge notes the company has not replied to its questions in more than two weeks. Silently removing a bunch of privacy assurances from its website amid an ongoing privacy scandal isn’t a great look for Eufy.
The company has addressed one of Moore’s points, though. After being called out on uploading video thumbnails to the cloud without notifying users about it, Eufy added a disclaimer to its Security app making it clear that opting to include video thumbnails in camera event notifications will cause those thumbnails to be stored online temporarily. It’s a small change that shouldn’t have been necessary in the first place — it should always have been clear how Eufy handles user data — but it’s better than nothing.