The US- based digital rights group the
Electronic Frontier Foundation (EFF) found that Ring doorbell app owned by
Amazon is sending out plethora of customer’s personal identity information to
third-party tracking. This is totally against business ethics. Company do not have
any right to share any type of customer details with another people.
An investigation of the Ring Doorbell
App for Android discovered that four main analytics and marketing companies-
including Facebook and Google were receiving information such as the names,
private IP addresses, mobile network carriers, persistent identifiers and
sensor data on the devices of paying customers. "Not only does Ring
mismanage consumer data, but it also intentionally hands over that data to
trackers and data miners".
Information being shared included users’ names,
email addresses: Ring tested version 3.21.1 of Ring’s
Android app, and found out that personal identifiers of users was being
transmitted to these 5 companies: branch.io, mixpanel.com, appsflyer.com,
Google and facebook.com.
- In Facebook’s case, the app was found sharing information including users’ time zone, device model, language preferences, screen resolution and unique identifier, with Facebook, even if users don’t have a Facebook account. This transmission was happening via Facebook’s Graph AI.
- Branch, which offers a “mobile deep linking software kit” was receiving information such as a unique identifier, IP address, device model and screen resolution.
- Big data company, AppsFlyer was given information such as users’ interaction with the “Neighbours” section of the app, mobile carrier, first installation and launch dates of the Ring app, a number of unique identifiers. AppsFlyer was also receiving information on the sensors fitted to a phone.
- MixPanel, a business analytics service company was receiving users full names, email addresses, device information, status of bluetooth, and the locations at which a user has installed Ring’s cameras.
- Google-owned Crashlytics, a software development company, was also found to be receiving information, although EFF is yet to determine the exact extent of data sharing with Crashlytics.
The danger in sending even small bits
of information is that analytics and tracking companies are able to combine
these bits together to form a unique picture of the user’s device. This
cohesive whole represents a fingerprint that follows the user as they interact
with other apps and use their device, in essence providing trackers the ability
to spy on what a user is doing in their digital lives and when they are doing
it. All this takes place without meaningful user notification or consent and,
in most cases, no way to mitigate the damage done.
Ring claims to prioritize the security
and privacy of its customers, yet time and again we've seen these claims not
only fall short, but harm the customers and community members who engage with
Ring's surveillance system.
Security researchers from Bitdefender
said the Amazon-owned doorbell was sending owners' Wi-Fi passwords in cleartext
as the doorbell joins the local network, thus, allowing nearby hackers to
intercept the Wi-Fi password and gain access to the network to launch larger
attacks or conduct surveillance.
The EEF said that Ring has exhibited a
pattern of behavior that attempts to mitigate exposure to criticism and
scrutiny while benefiting from the wide array of customer data available to
them.
This goes a step beyond that, by simply delivering sensitive data to third
parties not accountable to Ring or bound by the trust placed in the
customer-vendor relationship. Amazon, which bought Ring in 2018 and sells a
range of home security cameras as well as doorbells, has been criticized for
partnering with at least 200 law-enforcement agencies to carry out surveillance
via its devices.
Digital rights campaign group “Fight
for the Future” said at the time Amazon was encouraging neighbor’s to spy on
each other.
And last year, there was a series of
stories about Ring cameras being hacked:-
- One
Alabama-based man, who claims a hacker spoke to his children via his Ring
camera, is leading a group legal action against the company over the
security of its products.
This goes a step beyond that, by simply delivering sensitive data to third parties not accountable to Ring or bound by the trust placed in the customer-vendor relationship. Amazon, which bought Ring in 2018 and sells a range of home security cameras as well as doorbells, has been criticized for partnering with at least 200 law-enforcement agencies to carry out surveillance via its devices.
- Another case filed regarding ring camera hacked was In December last year, parents of an eight-year-old girl in the US were left stunned when a hacker accessed a Ring video camera installed in their daughter's room and taunted her. In the video, the hacker can be heard taunting the eight-year-old several times as she is seen clueless as where the voice is coming from.
