Anker's Eufy Cameras Caught Uploading Content to the Cloud Without User Consent [Updated]

Anker's popular Eufy-branded security cameras appear to be sending some data to the cloud, even when cloud storage is disabled and local only storage settings are turned on. The information comes from security consultant Paul Moore, who last week published a video outlining the issue.

eufy camera
According to Moore, he purchased a Eufy Doorbell Dual, which was meant to be a device that stored video recording on device. He found that Eufy is uploading thumbnail images of faces and user information to its cloud service when cloud functionality is not enabled.


Moore demonstrates the unauthorized cloud uploading by allowing his camera to capture his image and turning off the Eufy HomeBase. The website is still able to access the content through cloud integration, though he had not signed up for cloud service, and it remains accessible even when the footage is removed from the Eufy app. It's important to note that Eufy does not appear to be automatically uploading full streaming video to the cloud, but rather taking captures of the video as thumbnails.

The thumbnails are used in the Eufy app to activate streaming video from the Eufy base station, allowing Eufy users to watch their videos when away from home, as well as for sending rich notifications. The problem is the thumbnails are uploaded to the cloud automatically even when the cloud functionality is not active, and Eufy also seems to be using facial recognition on the uploads. Some users have taken issue with the unauthorized cloud uploads because Eufy advertises local-only service and has been popular among those who want a more private camera solution. "No Clouds or Costs," reads the Eufy website.

Moore suggests that Eufy is also able to link facial recognition data collected from two separate cameras and two separate apps to users, all without camera owners being aware.

Other Eufy users responded to Moore's tweet and saw the same thing happening, and there is also a dedicated Reddit thread on the subject. Moore tested the Eufy doorbell camera, but this also appears to be how other Eufy cameras function. As Moore demonstrates, the images can be accessed with simple URLs after logging in, which is a potential security risk for those concerned. Eufy did remove the background call that reveals the stored images after Moore's tweet, but did not remove the footage.

Moore received a response from Eufy in which Eufy confirmed that it is uploading event lists and thumbnails to AWS, but said the data is not able to "leak to the public" because the URL is restricted, time limited, and requires account login.

There is also another issue that Moore has highlighted, suggesting Eufy camera streams can be watched live using an app like VLC, but little information on the exploit is available at this time. Moore said that unencrypted Eufy camera content can be accessed without authentication, which is alarming for Eufy users.


We've contacted Anker for additional comment on the Eufy issue and will update this article if we hear back. Moore said that he has been in touch with Eufy's legal department and will give them time to "investigate and take appropriate action" before he comments further.

Update: Anker provided a statement to MacRumors, explaining why the images are collected and how the issue will be addressed going forward.

eufy Security is designed as a local home security system. All video footage is stored locally and encrypted on the user's device. With regard to eufy Security’s facial recognition technology, this is all processed and stored locally on the user's device.

Our products, services and processes are in full compliance with General Data Protection Regulation (GDPR) standards, including ISO 27701/27001 and ETSI 303645 certifications.

To provide users with push notifications to their mobile devices, some of our security solutions create small preview images (thumbnails) of videos that are briefly and securely hosted on an AWS-based cloud server. These thumbnails utilize server-side encryption and are set to automatically delete and are in compliance with Apple Push Notification service and Firebase Cloud Messaging standards. Users can only access or share these thumbnails after securely logging into their eufy Security account.

Although our eufy Security app allows users to choose between text-based or thumbnail-based push notifications, it was not made clear that choosing thumbnail-based notifications would require preview images to be briefly hosted in the cloud.

That lack of communication was an oversight on our part and we sincerely apologize for our error. This is how we plan to improve our communication in this matter:

1) We are revising the push notifications option language in the eufy Security app to clearly detail that push notifications with thumbnails require preview images that will be temporarily stored in the cloud.

2) We will be more clear about the use of cloud for push notifications in our consumer-facing marketing materials.

eufy Security is committed to the privacy and protection of our users' data and appreciates the security research community reaching out to us to bring this to our attention.

Tag: Anker

Top Rated Comments

iObama Avatar
13 months ago

Except it doesn't upload video to the cloud...it uploads thumbnails, aka, "facial recognition data" which has to be processed by other hardware (not the camera) in order to provide a feature.

I get where the researcher is coming from but his Twitter posts are more misleading than Eufy's product.
"No clouds or costs" is not "some clouds or costs." I'm tired of seeing people come to Anker's defense on this today. They EXPLICITLY promote no cloud connectivity, and they definitely DON'T promote individual, traceable facial recognition data across the entire Eufy ecosystem.

Period, end of story.
Score: 41 Votes (Like | Disagree)
zorinlynx Avatar
13 months ago
I'm getting freaking tired of local hardware depending on "the cloud" for parts of its functionality; hell it wasn't until recently that Siri could recognize your voice without needing to talk to Apple's servers.

We live in an age where CPU power and memory is cheaper than ever. Just do stuff locally damnit. Storing security video in the cloud makes sense but do it securely and don't do sneaky things like facial recognition offsite without telling the user.
Score: 39 Votes (Like | Disagree)
joeblough Avatar
13 months ago
here’s what i do with all my chinese cameras. i enable homekit support and then i block the camera’s ip from talking to the internet in my router. the camera then only communicates with the homekit hub, so it all still works under homekit.
Score: 35 Votes (Like | Disagree)
vegetassj4 Avatar
13 months ago
I was wondering why my Eufy vac kept trying to go into the bathroom, I thought it was a glitch.
Score: 23 Votes (Like | Disagree)
Return Zero Avatar
13 months ago
Honestly when I got a couple of their cameras to try out and it wouldn’t let me set up straight through HomeKit (had to use their app first) I had my doubts about this.
Score: 10 Votes (Like | Disagree)
JM Avatar
13 months ago
More bad news ?

Do I have to stop using my Anker chargers?
Score: 10 Votes (Like | Disagree)

Popular Stories

iOS 17

iOS 17.2 Will Add These 12 New Features to Your iPhone

Friday December 1, 2023 12:19 pm PST by
iOS 17.2 has been in beta testing for over a month, and it should be released to all users in a few more weeks. The software update includes many new features and changes for iPhones, including the dozen that we have highlighted below. iOS 17.2 is expected to be released to the public in mid-December. To learn about even more features coming in the update, check out our full list. Journal ...
iOS 16 4 Web Push

Apple Confirms Governments Using Push Notifications to Surveil Users

Wednesday December 6, 2023 5:06 am PST by
Unidentified governments are surveilling smartphone users by tracking push notifications that move through Google's and Apple's servers, a US senator warned on Wednesday (via Reuters). In a letter to the Department of Justice, Senator Ron Wyden said foreign officials were demanding the data from the tech giants to track smartphones. The traffic flowing from apps that send push notifications...
airpods pro 2 pink

Apple Releases New AirPods Pro 2 Firmware

Tuesday December 5, 2023 11:28 am PST by
Apple today released new firmware update for both the Lightning and USB-C versions of the AirPods Pro 2. The new firmware is version 6B34, up from the 6B32 firmware introduced in November. Apple does not provide details on what features might be included in the refreshed firmware beyond "bug fixes and other improvements," so it is unclear what's new in the update, but prior software releases ...
Beyond iPhone 13 Better Blue

'All-Screen' iPhone Under-Display Camera Enters Development

Wednesday December 6, 2023 2:03 am PST by
Apple's Korean suppliers have begun developing smartphone under-display cameras (UDC), paving the way for the first iPhone with a true "all-screen" appearance. According to The Elec, LG Innotek has entered the preliminary development of the UDC, which sits under the display and does not result in a visible hole in the panel when the camera is not in use. A UDC differs from a typical front ...
magsafe blue 2

iOS 17.2 Brings Qi2 Support to iPhone 13 and iPhone 14 Models

Tuesday December 5, 2023 11:04 am PST by
The iOS 17.2 update that Apple is set to release to the public in the near future will bring support for the next-generation Qi2 wireless charging standard to the iPhone 13 and iPhone 14 models. Qi2 was mentioned in the release notes for the RC version of the update that came out today. With the addition of support for the new standard, iPhone 13 and iPhone 14 models will work with Qi2...
iphone se 4 modified flag edges

iPhone SE 4 May Reuse Existing iPhone 14 Battery

Wednesday December 6, 2023 1:17 pm PST by
Recently, MacRumors has received details on the battery currently being tested on the upcoming fourth-generation iPhone SE, and the information corroborates previous findings in relation to the device. The iPhone SE 4, known by its device identifier D59, is expected to use the exact same battery found in the base model iPhone 14. Partially assembled prototypes of the next iPhone SE have been ...
airpods pro bulbs

Black Friday Prices Return for AirPods Pro 2 With USB-C, iPad, and More

Tuesday December 5, 2023 7:30 am PST by
Today we're tracking a collection of deals that are matching - or nearly matching - the same all-time low discounts we saw during Black Friday. This includes the AirPods Pro 2 with USB-C, 9th generation iPad, and M1 MacBook Air. Note: MacRumors is an affiliate partner with some of these vendors. When you click a link and make a purchase, we may receive a small payment, which helps us keep the ...
instagram messenger

Instagram and Facebook Messenger Chats to Disconnect This Month

Tuesday December 5, 2023 1:57 am PST by
Meta has revealed plans to end Instagram users' ability to chat with Facebook accounts later this month, rolling back a feature that it introduced over three years ago. In September 2020, Meta (then Facebook) announced it was merging its Facebook Messenger service with Instagram direct messaging, allowing Instagram users to chat with Facebook users and vice versa using the same platform....