The notorious Ring doorbells are again in the news for giving out customer data to companies such as Google and Facebook.

The Electronic Frontier Foundation reveals that the Ring app was “packed” with third-party tracking, giving out customers’ personally identifiable information.

Five companies were getting a range of information, including names, mobile networks and IP addresses, it revealed.

Ring said it restricted the amount of data, it shared.

The company maintained:

“Similar to many companies, Ring uses third-party service providers to assess the use of our mobile app, which helps us develop features, OPTIMIZE the customer familiarity and assess the usefulness of our marketing.”

However, the EFF said Ring was failing to safeguard users’ privacy, remarking only one of the trackers it had found was stated in the company’s privacy policy.

“The risk in sending even tiny bits of information is that analytics and tracking companies are able to put these bits together to form a distinctive picture of the user’s device,” the EFF said.

“This unified whole represents a fingerprint that follows the user as they intermingle with other apps and use their device, in principle providing trackers the capability to watch on what a customer is doing in their digital lives and at what time they are doing it.”

The five companies recognized as receiving information were:

  • Branch, which defines itself as a deep-linking platform – a number of unique identifiers, together with each user’s IP address, screen resolution and device model
  • Facebook, via its Graph API – every user’s time zone, device model and screen resolution and a unique identifier
  • AppsFlyer, a big data company – a collection of information, comprising sensor data associated to the magnetometer, accelerometer and gyroscope on users’ phones
  • Google-owned Crashalytics – a quantity of customer data “yet to be determined”
  • MixPanel – the most information, containing users’ full names, device information, email addressed and app settings

From all of these, only MixPanel is stated in Ring’s privacy notice, together with Google Analytics, HotJar and Optimizely.

The inquiry by EFF tested Ring for Android, version 3.21.1.

‘Shut down’

Amazon, which purchased Ring in 2018 and sells a variety of home security cameras as well as doorbells, has been condemned for partnering with minimum 200 law-enforcement agencies to carry out surveillance through its devices.

Digital rights campaign group Fight for the Future said at the time Amazon was urging neighbours to scrutinise each other.

And last year, there was a range of stories about Ring cameras being hacked.

One Alabama-based man, who maintains a hacker spoke to his children through his Ring camera, is conducting a group legal action against the company over the security of its products.

This weekend, Max Eliaser, one of Amazon’s software development engineers, called for Ring to “be shut down straight away and not brought back”.

“The placement of connected home security cameras that permits footage to be inquired centrally are simply not harmonious with a free society,” he wrote in an article requesting the views of Amazon employees on a range of issues.

More:

Why Ring Doorbells Perfectly Represent the IoT Security Crisis

 

LEAVE A REPLY

Please enter your comment!
Please enter your name here