[immnn]

Ring is absolutely a shame, when it comes to privacy. Following, it comes with a monthly fee if you need video recordings.

We had critical situation at home, so we also decided to set up a recording camera. Brand name is “Eufy”. Yes, you need to register an account to watch the streams, however recordings are stored on a sd card. They also offer door bells, which require a gateway, which then stores all the recordings. Eufy adversites it’s products for being secure and private, however… I just think everything comes with a price and Eufy offers a fair trade between privacy and comfortabity/usability.

So for me: Ring is a no-go and I’m not willing to set up and maintain a homebrew-solution.

[Nextgrid]

I'm not sure whether the doorbell uses the same Tuya platform as their vacuum cleaners do, but if they do then there's a major vulnerability there - essentially all their Tuya-based devices can be accessed by knowing just a (sequential) ID.

[immnn]

Thanks for the advice. Do you have some sources?

[Nextgrid]

This GitHub issue describes how the official Eufy app talks to Tuya: https://github.com/mitchellrj/eufy_robovac/issues/1 - you see that once you get your Tuya User ID from the Eufy API, the actual password to talk to Tuya is actually hardcoded and the same for every user.

I've got some code that implements the "request signature" mechanism (the missing piece of the puzzle in the above issue) that might make this more obvious - you'll notice that the TuyaAPISession class only takes a username (the aforementioned sequential ID) and country code, no password (as it's hardcoded and the same for everyone): https://gitlab.com/Rjevski/eufy-device-id-and-local-key-grab...

[celeritascelery]

Eufy is my choice as well. They seem to be the only privacy focused video doorbell out there