Amazon was busted recently for having complete access to ring cameras live feeds, and recorded data. They could literally watch any of your recordings, and know who the recording belonged to. They also are NOT storing their video recordings encrypted. Hackers paradise there. Does anyone know how Wyze stores our video data? Who within Wyze has access to view videos and is that video tied in any way to our information?
1 Like
(This was found with a quick search in the Support section at the top)
but there still isn’t 2FA yet…
2 Likes
The policy does not address the following questions
- Are the cloud recordings encrypted at rest
- Who at Wyze has access to those recordings?
- Can anyone at Wyze access the camera?
3 Likes
The beauty of Wyze is to use MicroSD card. Sooner than later, you’d be able to backup all footage to your NAS. Is there a reason users solely rely on the cloud solution when 64GB MicroSD is one time fee of $13 with 24/7 recording, rather than bits and pieces to the cloud?
2 Likes
For most users, being notified is important vs scanning days of SD card video footage. The most obvious and easiest way to get notifications is using the functionality built into the cameras and app. That puts the vast majority of users in the same camp with the same privacy concerns.
1 Like
Why would you want to scan 24/7 footage recorded on MicroSD? Isn’t there’s a notification to warn a user exactly when detection of motion/sound took place on timeline? There’s a delay and limitation when it comes to “records events only”. This is the sole reason why Nest records 24/7.
This is from Wyze
Thanks for reaching out to us.
Live streaming and video recordings are encrypted when being transferred from device to phone, and device to server. Wyze employees have no ability to view your camera’s live feed because we use a P2P live streaming solution, which establishes a direct connection between your phone and your camera.
Event videos are securely uploaded to the Wyze AWS server. From there, the video can only be accessed by authorized Wyze managers in extreme cases, such as if Wyze were to be presented with a court subpoena. The only other time that we could access the recorded video is when the account owner explicitly requests us to do so or gives us explicit permission to access the video. We treat user privacy with the utmost importance, and the recent Ring news has further reminded us how important is to protect users privacy. We are continuously looking at how to further improve our systems and enhance security, such as adding two factor authentication.
Martin | Wyze Super Wizard
1 Like
“video recordings are encrypted when being transferred from device to phone, and device to server”
“Event videos are securely uploaded to the Wyze AWS server.”
So the answer would appear to be no, they are not encrypted at rest on the AWS server, only during transfer. It sounds like AWS access control permissions are the only thing preventing access to unencrypted videos and Wyze employees have the permissions to access them. Though I’m sure they have policies against indiscriminate viewing of customer videos.
In the current model, yes, they would have the key even if it were encrypted at rest. I was primarily pointing out the fact that they are not encrypted at rest so any breach of AWS could potentially leak unencrypted user videos.
However, Wyze (and any other company) could build a system where only the user has the key. Most companies don’t because it’s a support/PR headache when half your customers forget their password and then wonder why they permanently lose access to any videos encrypted with that key.
No worries, it was a block of text equally divided between the two subjects. Made sense in my mind but was not as clear in the post 
I personally would not use the Person Detection feature that is controlled by a 3rd party that I do not know their full intentions and use of this feature. And besides the features that Wyze Cam already offers is good enough for me.
All I can see is possible trouble that this could cause with identity related litigation from the public in general.
1 Like
The person detection is done locally on the camera, and not in the cloud. The way it works is people who want to share an example of a person in their video is used to educate an AI algorithm, which in turn is given to Wyze to put in their firmware. So, all detection is done locally.
1 Like
Like with anything electronic, security is non existing. Some companies are smarter than others. I guess Wyze do what they can, but for a 20 dollar device I do not demand much security and use this incredible little cam wysely 
In an effort to remove my own concerns about privacy, I have connected my cameras to my NAS and am using its built in surveillance station. Once I configured them via the RTSP firmware and connected them to the NAS, I blocked their ability to access anything external of my network via my router rules. My NAS is capable of everything the Wyze camera can do and a little more. I now have TB’s of storage space and can access my cameras externally through the NAS surveillance application. I can see the traffic from the cameras still attempting to get out to wyze and “ping home” but they are unable to do so. I also linked the NAS to another off-site NAS which enables me to record all motion detection events to the remote NAS in addition to the local NAS. I basically just took Wyze services out of the equation.
1 Like
Now that “taking the bull by the horns”, and solving a problem.
A question, how many cameras and at what resolution are they streaming to your NAS.
Thank you
EH
I have a total of 7 running on to my NAS, 4 of which are the wyze cameras. All cameras are 1080 with the exception of one being 2180. the non-wyze cameras are POE, wish they wyze cameras were as well but I understand the market they are after.
To solve the off-site issue I have motion recordings going to an off-site NAS while 24/7 is going to local NAS. The motion videos are immediately recorded to the off-site NAS. Everything’s on battery backup with a 4g backup internet connection in the event of power outage and/or internet outage.