Eufy security cam ‘stored unique ID’ of everyone filmed • The Register

A lawsuit filed in opposition to eufy safety cam maker Anker Tech claims the biz assigns “distinctive identifiers” to the faces of any one who walks in entrance of its units – after which shops that information within the cloud, “basically logging the places of unsuspecting people” after they stroll previous.
The grievance, a would-be class motion filed in a Florida courtroom in January, was this week transferred to the Northern District of Illinois, docket information considered by The Register confirmed.
It is one among three lawsuits filed after infoseccer Paul Moore and a “hacker who goes by Wasabi” each publicly alleged that Anker was not storing and securing individuals’s data the best way it stated it could. All three fits allege Anker falsely represented that its safety cameras saved all information domestically and didn’t add that information to the cloud.

Moore went public together with his claims in November final yr, alleging video and audio captured by Anker’s eufy safety cams may very well be streamed and watched by any stranger utilizing VLC media participant, that famed open-source fave with the white-and-orange-striped traffic-cone brand. In a YouTube video, the grievance particulars, Moore allegedly confirmed how the “supposedly ‘non-public,’ ‘saved domestically’, ‘transmitted solely to you’ doorbell is streaming to the cloud – with out cloud storage enabled.”

He claimed the units have been importing video thumbnails and facial recognition information to Anker’s cloud server, regardless of his by no means opting into Anker’s cloud companies and stated he’d discovered a separate digital camera tied to a unique account may establish his face with the identical distinctive ID.
The safety researcher alleged on the time this confirmed that Anker was not solely storing facial-recog information within the cloud, but in addition “sharing that back-end data between accounts” attorneys for the 2 different, near-identical lawsuits declare.

The Florida plaintiff, Sagar Desai, alleges, amongst different issues, that the corporate violated America’s Federal Wiretap Act, and engaged in misleading commerce practices. Desai’s authorized group has requested that it’s consolidated with the 2 different claims, which have been already borged collectively in February.

In line with the grievance [PDF], eufy’s safety cameras are marketed as “non-public” and as “native storage solely” as a direct various to Anker’s opponents that require using cloud storage.
Desai’s grievance goes on to assert:

In an unrelated incident in 2021, a “software program bug” in a number of the model’s 1080p Wi-Fi-connected Eufycams cams despatched feeds from some customers’ properties to different Eufycam clients, a few of whom have been in different nations on the time. A spokesperson for Anker informed us on the time that solely a small variety of clients had been affected, including: “We’re sorry we fell brief right here and are engaged on new safety protocols and measures to ensure that this by no means occurs once more.”
We’ve requested Anker Expertise Company for remark. ®