Anker's Eufy Cameras Caught Uploading Content to the Cloud Without User Consent [Updated]

Anker's popular Eufy-branded security cameras appear to be sending some data to the cloud, even when cloud storage is disabled and local only storage settings are turned on. The information comes from security consultant Paul Moore, who last week published a video outlining the issue.

eufy camera
According to Moore, he purchased a Eufy Doorbell Dual, which was meant to be a device that stored video recording on device. He found that Eufy is uploading thumbnail images of faces and user information to its cloud service when cloud functionality is not enabled.


Moore demonstrates the unauthorized cloud uploading by allowing his camera to capture his image and turning off the Eufy HomeBase. The website is still able to access the content through cloud integration, though he had not signed up for cloud service, and it remains accessible even when the footage is removed from the Eufy app. It's important to note that Eufy does not appear to be automatically uploading full streaming video to the cloud, but rather taking captures of the video as thumbnails.

The thumbnails are used in the Eufy app to activate streaming video from the Eufy base station, allowing Eufy users to watch their videos when away from home, as well as for sending rich notifications. The problem is the thumbnails are uploaded to the cloud automatically even when the cloud functionality is not active, and Eufy also seems to be using facial recognition on the uploads. Some users have taken issue with the unauthorized cloud uploads because Eufy advertises local-only service and has been popular among those who want a more private camera solution. "No Clouds or Costs," reads the Eufy website.

Moore suggests that Eufy is also able to link facial recognition data collected from two separate cameras and two separate apps to users, all without camera owners being aware.

Other Eufy users responded to Moore's tweet and saw the same thing happening, and there is also a dedicated Reddit thread on the subject. Moore tested the Eufy doorbell camera, but this also appears to be how other Eufy cameras function. As Moore demonstrates, the images can be accessed with simple URLs after logging in, which is a potential security risk for those concerned. Eufy did remove the background call that reveals the stored images after Moore's tweet, but did not remove the footage.

Moore received a response from Eufy in which Eufy confirmed that it is uploading event lists and thumbnails to AWS, but said the data is not able to "leak to the public" because the URL is restricted, time limited, and requires account login.

There is also another issue that Moore has highlighted, suggesting Eufy camera streams can be watched live using an app like VLC, but little information on the exploit is available at this time. Moore said that unencrypted Eufy camera content can be accessed without authentication, which is alarming for Eufy users.


We've contacted Anker for additional comment on the Eufy issue and will update this article if we hear back. Moore said that he has been in touch with Eufy's legal department and will give them time to "investigate and take appropriate action" before he comments further.

Update: Anker provided a statement to MacRumors, explaining why the images are collected and how the issue will be addressed going forward.

eufy Security is designed as a local home security system. All video footage is stored locally and encrypted on the user's device. With regard to eufy Security’s facial recognition technology, this is all processed and stored locally on the user's device.

Our products, services and processes are in full compliance with General Data Protection Regulation (GDPR) standards, including ISO 27701/27001 and ETSI 303645 certifications.

To provide users with push notifications to their mobile devices, some of our security solutions create small preview images (thumbnails) of videos that are briefly and securely hosted on an AWS-based cloud server. These thumbnails utilize server-side encryption and are set to automatically delete and are in compliance with Apple Push Notification service and Firebase Cloud Messaging standards. Users can only access or share these thumbnails after securely logging into their eufy Security account.

Although our eufy Security app allows users to choose between text-based or thumbnail-based push notifications, it was not made clear that choosing thumbnail-based notifications would require preview images to be briefly hosted in the cloud.

That lack of communication was an oversight on our part and we sincerely apologize for our error. This is how we plan to improve our communication in this matter:

1) We are revising the push notifications option language in the eufy Security app to clearly detail that push notifications with thumbnails require preview images that will be temporarily stored in the cloud.

2) We will be more clear about the use of cloud for push notifications in our consumer-facing marketing materials.

eufy Security is committed to the privacy and protection of our users' data and appreciates the security research community reaching out to us to bring this to our attention.

Tag: Anker

Top Rated Comments

iObama Avatar
13 months ago

Except it doesn't upload video to the cloud...it uploads thumbnails, aka, "facial recognition data" which has to be processed by other hardware (not the camera) in order to provide a feature.

I get where the researcher is coming from but his Twitter posts are more misleading than Eufy's product.
"No clouds or costs" is not "some clouds or costs." I'm tired of seeing people come to Anker's defense on this today. They EXPLICITLY promote no cloud connectivity, and they definitely DON'T promote individual, traceable facial recognition data across the entire Eufy ecosystem.

Period, end of story.
Score: 41 Votes (Like | Disagree)
zorinlynx Avatar
13 months ago
I'm getting freaking tired of local hardware depending on "the cloud" for parts of its functionality; hell it wasn't until recently that Siri could recognize your voice without needing to talk to Apple's servers.

We live in an age where CPU power and memory is cheaper than ever. Just do stuff locally damnit. Storing security video in the cloud makes sense but do it securely and don't do sneaky things like facial recognition offsite without telling the user.
Score: 39 Votes (Like | Disagree)
joeblough Avatar
13 months ago
here’s what i do with all my chinese cameras. i enable homekit support and then i block the camera’s ip from talking to the internet in my router. the camera then only communicates with the homekit hub, so it all still works under homekit.
Score: 35 Votes (Like | Disagree)
vegetassj4 Avatar
13 months ago
I was wondering why my Eufy vac kept trying to go into the bathroom, I thought it was a glitch.
Score: 23 Votes (Like | Disagree)
Return Zero Avatar
13 months ago
Honestly when I got a couple of their cameras to try out and it wouldn’t let me set up straight through HomeKit (had to use their app first) I had my doubts about this.
Score: 10 Votes (Like | Disagree)
JM Avatar
13 months ago
More bad news ?

Do I have to stop using my Anker chargers?
Score: 10 Votes (Like | Disagree)

Popular Stories

Apple Logo

Apple Discontinued These 5 Products This Year

Monday November 27, 2023 7:03 am PST by
As the end of 2023 nears, now is a good opportunity to look back at some of the devices and accessories that Apple discontinued throughout the year. Apple products discontinued in 2023 include the iPhone 13 mini, 13-inch MacBook Pro, MagSafe Battery Pack, MagSafe Duo Charger, and leather accessories. Also check out our lists of Apple products discontinued in 2022 and 2021. iPhone Mini ...
ios 17 namedrop

Police Departments and News Sites Spreading Misinformation About How iOS 17 NameDrop Feature Works

Monday November 27, 2023 5:11 pm PST by
Apple with iOS 17.1 and watchOS 10.1 introduced a new NameDrop feature that is designed to allow users to place Apple devices near one another to quickly exchange contact information. Sharing contact information is done with explicit user permission, but some news organizations and police departments have been spreading misinformation about how functions. As noted by The Washington Post,...
iOS 17

iOS 17.1.2 Update for iPhone Likely to Be Released This Week

Monday November 27, 2023 8:24 am PST by
Apple will likely release iOS 17.1.2 this week, based on mounting evidence of the software in our website's analytics logs in recent days. As a minor update, iOS 17.1.2 should be focused on bug fixes, but it's unclear exactly which issues might be addressed. Some users have continued to experience Wi-Fi issues on iOS 17.1.1, so perhaps iOS 17.1.2 will include the same fix for Wi-Fi...
Cyber Monday Deals Feature 2022

40+ Apple Cyber Week Deals for AirPods, iPad, Apple Watch, and More

Sunday November 26, 2023 9:47 am PST by
Cyber Week has taken the place of Black Friday, and you'll find some of the same deals still around for the next few days, although many from Black Friday have now expired. This includes dozens of record low prices on Apple products like AirPods, iPad, Apple Watch, MacBook, iPhone, and more. Note: MacRumors is an affiliate partner with some of these vendors. When you click a link and make a...
General Black Friday Deals 2022 Green

40+ Apple Black Friday Deals Still Available for AirPods, iPhone, iPad and More

Friday November 24, 2023 5:01 am PST by
Black Friday 2023 has officially ended, but we're still tracking some of the best deals of the year on Apple products like AirPods, iPad, iPhone, MacBook, and many more. Note: MacRumors is an affiliate partner with some of these vendors. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running. Specifically, in this article we're...