Hi Wyze Team,
I Love your Product, but have some concerns about Privacy of my video’s that are saved on the cloud. Who else has access to these videos and are they only on AWS? Also do you include GPS Location info attached to each video? Does your team have access to view Camera feeds and Videos? when accessing the SD content though the application, are we still going through the cloud?
They addressed this in another post, But I think I can help:
WYZECAM does not have access to your videos. They are uploaded on a double layer encryption.
The WYZECAM team is also trying to get the current set up to only Ping in the US.
The WYZECAM team does not have a way to access your cameras live or saved video feeds…
SD Card: When you chose to save it locally on the SD card, this is only viewed by you and whomever you chose to show the videos to…
Hope this helps
Verbatim :
we do take user security very seriously and all of the uploaded video clips have multi-layer encryption. We at WyzeCam do not have access to that footage, and neither does Amazon. Even if those videos happened to be intercepted, which is unlikely, the amount of work required to dismantle multi-layer encryption is usually unappealing to most hackers. We do understand the concerns however and are actively working on limiting server pings to only US based servers.
Can someone from the Wyze team confirm if traffic is only going to US based servers at this time, or any users that can trace where traffic is going to?
I don’t believe they have confirmed/commented on the regions they are using in AWS.
I know this has been covered, but this is what the FAQ says:
How do you make sure my personal data and video stream are secure?
We take our customers’ data safety very seriously. The communication between your mobile device, the Wyzecam, and the AWS Cloud Server are made via https (Transport Layer Security (TLS)). We used symmetric and asymmetric encryption, hashing and other ways to make sure users’ information cannot be stolen. Each camera has its own secret key and certificate so that we can validate its identity during handshake. The contents are encrypted via AES 128-bit encryption to protect the data. Even if a hacker intercepts the data package, the data cannot be decrypted
I want to see the cameras from outside of the USA because I have a Condo in Mexico where I live part of the year. So I disagree with limiting pings to only USA based servers. I think maybe at most, try to restrict pings from known hacker areas where the government may have little or no respect for these privacy issues.
Then the video data on the cloud server is stored not encrypted?
This means to me that it’s not an end-to-end encryption if you consider the cam as one end of the communication pipeline and the customer’s mobile device as the other end.
An end-to-end encryption would be if and only if the video/picture data were stored encrypted and could be decrypted by the customer’s device only
As the cloud servers are located in the United State some US agency could try and enforce the cloud provider to reveal the decrypted data to them.