[aritmo]

The media transfers are encrypted. But he uses the Developer Tools of the browser, so he sees the content of the encrypted packets.

It is obvious that any cloud-based security camera has to send the media to the cloud! There is no other way.

The marketing people at Eufy made a long series of mistakes. It is a marketing problem.

[nathan_phoenix]

Eufy markets their cameras as privacy focused, using local storage and local processing without using cloud storage so I'm not sure how you concluded against their marketing that it's cloud based.

Also he opens the link in a new private session which doesn't have the auth cookies. Furthermore, he later explains that there is no auth happening. Lastly The Verge confirmed it by watching the camera stream using plain VLC.

[paranoidrobot]

> There is no other way.

That's not true, or at least not always.

Plex manages this just fine with my media content.

Plex Media Server reaches out to my router and punches an inbound port to itself. When I'm then watching from outside my home network, the traffic is going direct to my home IP.

[kodah]

Eufy isn't cloud-based.

[haswell]

The fact that they are indeed cloud-based is why this story has been blowing up and making quite a few people upset.

The reality is, even if the cameras are not configured to save video to Eufy's cloud service, thumbnails are still transmitted to Eufy for the purpose of facilitating push notifications (confirmed by Eufy), and the researcher who discovered this claims to have found a way to access camera feeds without authentication as well (this is not confirmed, and one of the most questionable claims).

I own several of these cameras but have them configured as HomeKit devices, and while I'm not terribly concerned about the transmission of thumbnails since this is the name of the game if you want a preview in a push notification, I've always felt a little weird about the fact that these cameras require a Eufy account to configure, and you can access the live streams by logging into that account, even after the cameras have been configured as HomeKit cameras.

[senectus1]

>The fact that they are indeed cloud-based is why this story has been blowing up and making quite a few people upset.

No, its "Cloud Enhanced" if you choose it.

If you dont turn on the thumbnail images, or pay for the cloud storage extra option then it just plain doesn't use the cloud.

The streaming a camera issue is something else. Possibly something that can be fixed with a patch

[haswell]

> If you dont turn on the thumbnail images, or pay for the cloud storage extra option then it just plain doesn't use the cloud.

I wish this were true, but that's not quite right. In order to configure your new Eufy cam, you must:

1. Create a Eufy account

2. Log into that account on your device

3. From that point forward, your Eufy cam is always accessible via the web portal even if you configure it to use HomeKit

Furthermore, the setting that allows screenshots to be sent is enabled by default.

You're correct that you must opt in to send actual video to Eufy's cloud, but right out of the gate, a new Eufy deployment is susceptible to all of the issues described.

Jury's out on the streaming thing.

[afavour]

> this is the name of the game if you want a preview in a push notification

I’m not sure that’s actually true. iOS has notification service extensions that I think could be used to decrypt an image for display in a notification.

[haswell]

It's possible that this is something that Apple rolled out since the last time I dug deeply into push notifications and my understanding of this part could be out of date.