Amazon was busted recently for having complete access to ring cameras live feeds, and recorded data. They could literally watch any of your recordings, and know who the recording belonged to. They also are NOT storing their video recordings encrypted. Hackers paradise there. Does anyone know how Wyze stores our video data? Who within Wyze has access to view videos and is that video tied in any way to our information?
(This was found with a quick search in the Support section at the top)
but there still isn’t 2FA yet…
The policy does not address the following questions
- Are the cloud recordings encrypted at rest
- Who at Wyze has access to those recordings?
- Can anyone at Wyze access the camera?
The beauty of Wyze is to use MicroSD card. Sooner than later, you’d be able to backup all footage to your NAS. Is there a reason users solely rely on the cloud solution when 64GB MicroSD is one time fee of $13 with 24/7 recording, rather than bits and pieces to the cloud?
For most users, being notified is important vs scanning days of SD card video footage. The most obvious and easiest way to get notifications is using the functionality built into the cameras and app. That puts the vast majority of users in the same camp with the same privacy concerns.
Why would you want to scan 24/7 footage recorded on MicroSD? Isn’t there’s a notification to warn a user exactly when detection of motion/sound took place on timeline? There’s a delay and limitation when it comes to “records events only”. This is the sole reason why Nest records 24/7.
This is from Wyze
Thanks for reaching out to us.
Live streaming and video recordings are encrypted when being transferred from device to phone, and device to server. Wyze employees have no ability to view your camera’s live feed because we use a P2P live streaming solution, which establishes a direct connection between your phone and your camera.
Event videos are securely uploaded to the Wyze AWS server. From there, the video can only be accessed by authorized Wyze managers in extreme cases, such as if Wyze were to be presented with a court subpoena. The only other time that we could access the recorded video is when the account owner explicitly requests us to do so or gives us explicit permission to access the video. We treat user privacy with the utmost importance, and the recent Ring news has further reminded us how important is to protect users privacy. We are continuously looking at how to further improve our systems and enhance security, such as adding two factor authentication.
Martin | Wyze Super Wizard
“video recordings are encrypted when being transferred from device to phone, and device to server”
“Event videos are securely uploaded to the Wyze AWS server.”
So the answer would appear to be no, they are not encrypted at rest on the AWS server, only during transfer. It sounds like AWS access control permissions are the only thing preventing access to unencrypted videos and Wyze employees have the permissions to access them. Though I’m sure they have policies against indiscriminate viewing of customer videos.
In the current model, yes, they would have the key even if it were encrypted at rest. I was primarily pointing out the fact that they are not encrypted at rest so any breach of AWS could potentially leak unencrypted user videos.
However, Wyze (and any other company) could build a system where only the user has the key. Most companies don’t because it’s a support/PR headache when half your customers forget their password and then wonder why they permanently lose access to any videos encrypted with that key.
No worries, it was a block of text equally divided between the two subjects. Made sense in my mind but was not as clear in the post