Throw away all your Eufy cameras right now

The box of the Eufycam 3
(Image credit: Nicholas Sutrich / Android Central)

Update Dec 21, 2022: Eufy has issued a new statement regarding claims against the company.

What you need to know

  • Eufy has begun removing and changing the wording of its own privacy and security policies from its website.
  • The company has yet to fully address security issues found over two weeks ago.
  • Eufy previously had camera footage privacy breaches in May 2021, further compounding issues with the company's products.

Over the past month, Eufy has gone from a darling brand of many tech sites and mainstream outlets — including Android Central — to a brand whose trust evaporated nearly overnight. After the events of late November (opens in new tab) and the previous year's similar issues, Android Central moved to an official "no recommendation" stance (opens in new tab) on Eufy products.

We're now upgrading that to a warning that Eufy users should remove all Eufy cameras they have set up on their premises. We have a list of the best Eufy camera alternatives (opens in new tab) if you want to replace them with something more reputable, including recommendations for price, local storage, and object detection requirements.

Why did the recommendation change? It's come to light that Eufy has begun removing security and privacy promises from its own website instead of actually addressing the issues put forth against the company's products (per The Verge (opens in new tab)). If you view the company's website on archive.org (opens in new tab) and then compare it with the current Eufy Privacy Commitment (opens in new tab) page, you'll notice several parts of the site have been changed. Here's a collection of all the major changes we found:

Among the many changes on Eufy's Privacy Policy site, we found these three to be the most heinous. Some of the wording on many of the company's policies seems to have been changed to enhance clarity but these three examples are outright changes to policies, not just clarifications.

Additionally, Eufy completely removed the policy around sharing footage with law enforcement entirely.

The removed statement on sharing footage with law enforcement on Eufy's Privacy Policy page

(Image credit: Android Central)

As Eufy has begun to change its promises and backtrack on company policies, Android Central is officially recommending that Eufy users begin sunsetting their Eufy cameras as soon as possible. The company has not responded to Android Central's requests since after the initial November incidents which already sends up red flags about Eufy's behavior.

Additionally, changing key terms of service or privacy and security commitments completely erodes any remaining trust in the company's products. Even if these policy changes don't bother you right now, there's no telling what else Eufy will backtrack on or what it might change in the future.

Update

Eufy has issued a new statement (opens in new tab) outlining the claims made against the company's products and, in detail, attempted to explain everything that's been happening over the past month since the original allegations of security issues appeared.

Firstly, Eufy notes that it has fixed the language in its app to show when cloud services are being used and when data is being kept on local storage. This was done shortly after our initial post in late November (opens in new tab).

Second, Eufy says it patched the issue with its web portal that allowed anyone to view live camera feeds with the right URL. We have not independently verified this but will do our best to do so.

Third, Eufy overhauled the process in which facial recognition images are sent from the camera to a user's phone. Previously — as was noted in our initial report and Paul Moore's proof of concept — Eufy sent a facial recognition image to its AWS cloud system in order to send a notification with that image to a user's devices.

Now, Eufy says its system establishes a private P2P connection between your camera and your phone via the Eufy Security app. Again, we'll need to verify that this is the case but, if it proves to be correct, this is a substantial improvement in user privacy and data safety over the old method.


Nicholas Sutrich
Senior Content Producer — Smartphones & VR
Nick started with DOS and NES and uses those fond memories of floppy disks and cartridges to fuel his opinions on modern tech. Whether it's VR, smart home gadgets, or something else that beeps and boops, he's been writing about it since 2011. Reach him on Twitter or Instagram @Gwanatu