Marketplace
It seems a good price. MSRP is $249.
It's NOT the slim version! I cannot find it anywhere else.
Eufy Wireless 1080P Video Doorbell with Mini Repeater and 16GB SD Card $179 @ Bunnings
1911
Related Stores
closed Comments
- 1
- 2
100% was going to share exactly the same YT video
Can you recommend an alternative?
opt-in buttons mean little with these going out the side
Worth also checking out The Hook Up's take on this:
https://youtu.be/a_rAXF_btvEI am not suggesting that privacy isn't something to worry about with this device, just The Hook Up's discussion helps offer a more well-rounded view of the situation.
Thanks for sharing this, well worth watching.
Thanks for this! It really puts things into perspective without jumping onto the pitchfork bandwagon
This guy is missing a big chunk of what's been discovered since, in particular the Verge's investigation.
Quite possibly.
I haven't been following this story closely since that video was posted; just thought it useful to add more info to what is still being understood.Anything specifically or tl;dr worthy from the info you've seen, that may be useful for anyone interested in this device?
@RandyRanderson: https://www.theverge.com/2022/11/30/23486753/anker-eufy-secu…
Why did you comment trying to dispel it if you hadn't followed it?
I'll bite:
8:25 - "EUFY is not and has never been a cloud free option."
8:37 - "I totally agree that advertising no cloud on their website was a big mistake."
So he agrees "no cloud" was wrong
4:28 - "Event list generation will no longer take place on the cloud which in my opinion should have always been the case. But I haven't done any testing to confirm those claims yet."
… and agrees that some parts of the implementation should have been done differently and assumes that they now actually are done differently despite not checking
4:38 - Here are the things I can only speculate about…… we know that those links expire after 24 to 48 hours. But cloud front normally works in conjunction with an Amazon S3 bucket which are cloud servers that actually stores files long term.
… and speculates that long term cloud servers are probably storing the data.
So to this point agree's with everything that everyone else has said???
6:03 - "I can't comment if GDPR allows for EUFY to use a CDN to deliver a requested feature which is what I would consider implied consent."
So here is the defence - it should have been know that these features used the cloud…
- despite it not being a technical requirement
- despite EUFY advertising "No Cloud"
- despite stating in his opinion that some parts should have been done differently
…therefore users have given their implied consent - without even knowing if it is actually allowed under GDPR - and therefore it is fine???That logic is straight up BS.
Linus just live streamed his response to The Hook Up's video at the start:
https://youtu.be/Luz82RG5PqANah. Their website states
"That's why we've taken every step to ensure your videos are kept in private. Stored locally"
That's not what they've actually provided - things are going through clouds. And Linus et all has shown they COULD have done it sans cloud but Eufy chose not to. And chose to run an exposed API. That's all very 'dog ate my homework' excuse with no apology.
Oh that off-internet cloud?
how would they send notifications otherwise… you don’t think your homebase does that, do you?
You doing some dodgy stuff you don't want the cops to see?
I honestly wouldn't care if it was the cops, this doorbell lets basically anyone look at your "offline" feeds, all they have to do is find the url.
all they have to do is find the url.
important to define how hard that is to do. If it takes 1 min, you have a big problem. If it takes 15,000 years to brute force then yean, not really an issue.
Cops fine. Missus no no
This is the latest problem and a big one but there is also a fundamental flaw with EUFY cameras and doorbells that make them useless as a security device.
You can reset any EUFY camera and that will delete all the footage stored on the homebase, anyone with physical access to your cameras can do that. It doesn't look like this has been patched yet and worse doesn't look like they intend to patch that.
I'm not sure but I think I read about a work around saving it to your local NAS. It doesn't delete the footage?
Not really useless but would be better if they fixed it.
It would require someone up to no good to know this was an issue, know how to reset the device and do this before you had a chance to download the footage. They could have just covered their face really.
Hopefully all the bad publicity will drive the costs down really low. I want a dual cam door bell.
Front and back?
Mine has been on a shelf for 6 months after it fell off the wall on day one (poor injection molded wall attachment). This makes me want to keep it there :(
I was deep in the Eufy ecosystem (6 cameras, 2 hubs and their scales) because of their privacy stance. Not any more. I'm currently cutting-over to 100% local setup (Tiandy and Hikvision hardware) that simply can't see the internet unless I feed the NVR an ethernet cable AND tell the router to let traffic in/out.
You might have missed the bit where I indicated that none of the new devices I'm deploying are given any WAN access.
They're also on a separate physical LAN rather than relying on VLAN to manage risk.
Edit: I've revoked my neg vote on this deal. I really hope people buy this and learn a lesson.
They must be really l334 hackers to connect to inside the house
The US government has recently banned all sales of Hikvision products due to "unacceptable risks to national security". The UK government has also banned Hikvision products from "sensitive sites" and the Australian government will likely follow.
https://ia.acs.org.au/article/2022/uk--us-bans-china-made-su…
How do they communicate without any IP access to the outside world?
Never said they did, maybe ask the US government?
Of course the US, then the UK, then the all “good” 5 eyes… lmfao
This is what i'm looking at too with Blue iris and a totally local setup, its own VLAN with no WAN access.
Blue Iris? Thanks - I will go and take a look.
Once greatly revered by OzBargain folks here, Eufy has now achieved HEYMIX-like pariah status.
i believe the sentiment has now spread to its parent company, Anker.
This has to be said.
If you value privacy as people suggest on this thread and on every "cheap Chinese camera" thread, invest 50 or more bucks in a router that does network segmentation.
Learn or ask someone to set up your cameras seperate VLAN to your PC and block external access to the cameras.
How do you connect then?
You either only access it when you are home or you use a VPN.
We have Wireguard protocol these days, connecting to a VPN takes milliseconds to establish a connection and can be configured to your needs, i.e. split tunneling so only traffic destined for home takes that extra bit of time.
These risks aren't going away and will become more pronounced.
People don't use WEP, WPS, HTTP (no 's'), or FTP in their networks because we all know how dangerous it can be.
This is the sensible next step.
You either only access it when you are home or you use a VPN.
Yep, how all connections to your home network should be.
Depends which VPN you use. Nothing is perfect and you need to spend time researching or you could make things even worse. https://youtu.be/8MHBMdTBlok
String Name & myself are referring to a VPN you setup at home (on your router or another device inside your network) which you setup/own/control. You connect to that VPN which allows you to connect to your network. Same way people VPN into their work network.
The Taytay wannabe video is talking about is commercial VPN providers like PIA, Nord, etc. Same technology, but different deployment.
Guessing my Xiaomi router is rubbish then?
不正确。这是我们监视你的最好方式
I appreciate your post and would like to take the next sensible step but this is pretty much in another language to me as I'm not tech savvy. Where do I start? Wireguard? Also, I've had my Eufy cameras for 3 years now, seems against ozbargain mantra to throw away $500 worth of gear. Which red button do I press?
Honestly I'm considering snapping up eufy if people start dumping them because without access to the outside world, there is no chance of my face being uploaded anywhere!
Start with "guest mode" on your router.
That will usually allow you to create a seperate WiFi "name" (SSID) that by default should block access from that device to any other device on your network (which is a good idea for IOT devices or cameras).
From there it depends on your router. If you can create "firewall rules" then it's a matter of clicking on one interface and selecting DENY to your WAN interface.
Meaning "my guess WiFi cannot communicate out to the outside world".
Unfortunately the networking part for consumer hardware/software is catching up with the demand, so this depends on which router you have!
For VPN this depends on what hardware you have at home. Do you have a NAS? Synology and QNAP both have pretty much one-click options.
If you don't, I can recommend Tailscale as a very very simple VPN. It's an app with a single toggle for computers and phones.
In your home, you install it on your PC or any laptop and you can tunnel home without opening up any ports at all.
Sorry for this being so general but for better or worse there are so many ways to do networking
That's a perfect start, thank you
From what I have read it's only uploading thumbnails to your cloud account not outside world. Streams aren't uploaded unless you select to play them via cloud.
Unless someone has any more details of videos being leaks outside like swamm hack?
Mate the problem is
Eufy-branded security cameras appear to be sending some data to the cloud, even when cloud storage is disabled and local only storage settings are turned on
And you can even view the camera feeds without authentication via VLC.
how do you find the URL?
@RangaWal: I believe it's
RTSP://<camera IP>/live0
If it's motion activated, you won't see anything until defects motion.
@M00Cow: can someone outside of your home view this camera feed?
don't they need the external ip which needs port forwarding in the router to be able to access from outside local network?
@M00Cow: just that the statement "And you can even view the camera feeds without authentication via VLC." seem like it is a concerning security issue
but these other factors (knowledge of external ip which needs port forwarding) need to be in place firstso is it still a concerning security issue?
@pinkybrain: The unauthenticated & unencrypted stream itself isn't a big issue. You need network access to the camera. But it should be on by default. It's pretty basic security. It's like not requiring a wifi password, saying, well no one can connect to it unless they're in my house.
What the bigger concern is if they can't get the simple/basic security right, what else have they left out/cut corners on?
Also with UPNP enabled by default on on many/most consumer routers, the camera could create a port forward without user intervention..
Many people just dismiss the concerns with I don't care if the Chinese Govt watches my driveway, which seems fair enough. But the problem is that many people have internal cameras, do you care if someone watches you inside your home? Some are ok with that.
But the issues here is are you ok with them uploading photos apparently "thumbnails" of faces to their servers without your permission? That's a bit creepy, but again some might be ok with that.
What concerns me is that their lack of simple security and their lack of transparency, makes me wonder how susceptible are they to being compromised and somebody using the camera to get inside your network or using it as an bot for other attacks?
TLDR: their security track record leaves a lot to be desired, but that's the same for most cheap camera or IoT devices. If you understand the risks, great make up your mind. Most people don't, so should be wary. Ideally you'd set them up on their own separate router/wifi network.
@M00Cow: can we trust any cameras nowadays though.
most security cams are owned by chinese companies or are made in china.
if you own at of these cams, then expect it to be accessible by the chinese government.The unauthenticated & unencrypted stream itself isn't a big issue. You need network access to the camera. But it should be on by default. It's pretty basic security. It's like not requiring a wifi password, saying, well no one can connect to it unless they're in my house.
yeah their security is shit if they aren't require a authentication to view their stream..
What the bigger concern is if they can't get the simple/basic security right, what else have they left out/cut corners on?
problem is nowadays you can't trust any companies/government to be on top of their security
ie optus, medibank, NDIS etc.
I think those bigger companies and government has more personal info (including things that you can't change e.g. medical history)
which is a bigger concern if/when they get hacked.Many people just dismiss the concerns with I don't care if the Chinese Govt watches my driveway, which seems fair enough. But the problem is that many people have internal cameras, do you care if someone watches you inside your home? Some are ok with that.
yeah don't put cameras where you don't want someone else can possibly see.
But the issues here is are you ok with them uploading photos apparently "thumbnails" of faces to their servers without your permission? That's a bit creepy, but again some might be ok with that.
uploading people's thumbnail faces is not good and people are outrage about this
yet people are uploading everything about themselves on facebook, Instagram, tiktokIdeally you'd set them up on their own separate router/wifi network.
yes that is a good idea..
Just curious, but how would they know your external camera ip + the camera port etc..
and how would they be able to hack into your PC by knowing that camera ip+port?You PC, would have that same external ip same as the camera, but a different internal local IP
Just curious, but how would they know your external camera ip + the camera port etc..
Shodan.io the website used by people who want to know what ports are open and what's listening in those ports across the internet. IP cameras are a favourite.
You PC, would have that same external ip same as the camera, but a different internal local IP
Yes, how port forwarding works, is you tell your router when it gets a request on s specific port, it forwards that request internally to a specific device/internal IP address. So say your router gets a request from the internet on a port 21, then it forwards that to say your NAS, it gets another request on port 32100 and it forwards that to your IP camera. If it gets a request on port 80, it might just ignore it because you haven't setup port forwarding (or listening) on port 80.
I have port 5190 open as an incoming VPN so I can connect to my network externally. But that's it. So in shodan my public IP address shows port 5190 open and is a VPN. But no camera's, router, plex, nas, etc are showing as I've blocked incoming initiated connects in all ther ports. But if say my NAS connects externally on port 5005, then in can receive incoming traffic to that port, from the IP address it connected to, because the firewall/router knows the NAS initiated it. Same if I had an ip camera setup with the cloud option, if it initiates outgoing connection, it can send & receive on that port with the IP address it's been communicating with.
Does that make sense?
Does that make sense?
@asa79: Now now, that's a bit harsh, many/most people don't understand and just follow what's simplest & easiest.
The smartest IT guy I've ever worked with once told me "there's only one smartest and one dumbest person in the world. It's highly unlikely you're either. Smart people realise there's always someone smarter then them and even the smartest person has something to learn."
Don't forget Facial recognition linked to your account
Facial recognition of you, family, friends, visitors, Amazon delivery driver, etc it's real-world Facebook.
from the original finding,
didn't that person uploaded their face into the software (though he thought it was stored locally)so if he didn't uploaded the pic and enabled facial recognition, then it would not be stored in the cloud…
is there any other security cam that has facial recognition that does not do this?
@pinkybrain: The researcher hasn't released all his findings yet.
But His claims are
https://www.androidcentral.com/accessories/smart-home/securi…In the video, Moore shows how Eufy is uploading both the image captured from the camera and the facial recognition image. Further, he shows that the facial recognition image is stored alongside several bits of metadata, two of which include his username (owner_ID), another user ID, and the saved and stored ID for his face (AI_Face_ID).
What makes matters worse is that Moore uses another camera to trigger a motion event, then examines the data transferred to Eufy's servers in the AWS cloud. Moore says that he used a different camera, different username, and even a different HomeBase to "store" the footage locally, yet Eufy was able to tag and link the facial ID to his picture.
That proves that Eufy is storing this facial recognition data in its cloud and, on top of that, is allowing cameras to readily identify stored faces even though they aren't owned by the people in those images. To back that claim up, Moore recorded another video of him deleting the clips and proving that the images are still located on Eufy's AWS servers
End of Android Central quoteis there any other security cam that has facial recognition that does not do this?
I'm not sure, possibly NAS based ones from Synology or QNAP can. It's always a trade off between price & security.
@M00Cow: Just as devils advocate here, there wasn't any evidence that the facial id was stored and linked together. A decent facial recognition algorithm presented with the same face (in decent lighting etc) should come up with the same identifier in either case. There is also no evidence that it is unique to the individual (if it's just your classic feature based map, e.g. distance between eyes, length of nose etc, you would expect lots of overlap on a wide dataset).
@Abaddon: Yeah until the whole research/results are released it's just speculation. But the second paragraph i quoted seems to indicate that his face was id was saved as it recognised him through a different camera & different login.
As I've mentioned in one waffling post here, it's the apparently lack of basic security that makes you wonder what else aren't they doing properly?
If you already own one here’s how to fix it:
https://youtu.be/CKcPJFUt7Xs (not my video)Otherwise; Do not buy! See @OzDJ_ comment above. Do not trust YouTubers trying to ’put into perspective’ because they most likely get paid to review/support product or commission from sales.
Eufy, ring, Wyze so many now not to be trusted starting to wonder if any of these camera brands are safe.
https://www.androidcentral.com/accessories/smart-home/never-…
Cool CCP can watch a live feed of my driveway.
It’s riveting. Good luck to them.
Nah it's been demonstrated that anyone can.
I'm not worried about the CCP but the derros down the street being able to scope out your home without leaving the couch is something everyone should worry about.
What? Did you mount one in your Safe?
would the derros be smart enough to do this though?
I'll be more worried abt your next door neighbours watching u butt naked when you're drunk
And to get access to this and other live feeds, visit my twitch channel NerdsAndPervs only$2.99/wk for the first month, then$9.99/wk
Like & Subscribe, comment below and please share
Get Reolink instead, especially if you have Synology NAS.
Too bad their new POE and wifi doorbells aren't available yet, I want one so bad!!
they are available now, at least yesterday they were.
Hmm nothing here still: https://reolink.com/au/product/reolink-video-doorbell/
Where did you buy it?@frankyman: Ah, my bad I think… I got the email from Reolink about doorbell and saw that I could add to cart but you’re right it still says notify me on next screen.
If you concerned that much maybe cameras that can connect to the internet are not for you. I'm sure there is old school based cameras that record to vhs that you can manually review in your free afternoon time while wearing a tin foil hat
What am I missing here? I'm in for 13 Eufy products. Should I be worried. I also say that with a mobile in my pocket tracking all my movements and cookies just like everyone else. What's with the privacy? And for China products, where are things built elsewhere. I'd like to know too?
Difference is, your phone tracks movements your cameras give a live feed to your home. Video and audio.
If you’re cool for almost no barriers for a random person to be watching inside/outside your home, don’t worry about it.
Not sure if anyone wants to watch my front door looking out to the road, but hey, enjoy.
You have 13 eufy products just watching out your front door?
@OZKap: probably that person setup is
4 or 6 are outdoors
1 in shedrest in each rooms and bathroom/s..
This company should be banned.
Privacy in this day in age? Privacy is a thing of the past and is now extinct in the same way of the dinosaurs. Governments and Business companies made sure of that. Lol
Exactly. Randomly pulling out data privacy breaches and ethics on companies, well everyone is tracking everyone and the is no privacy security. Best go off grid.
Best go off grid.
Great advice. Anyone worried about their Privacy should go cold turkey and avoid and shun: mobile phones, the Internet, speaker assistants, various video doorbells, robo vacs, home automations and humongous lots more. Good luck and it's admirable to anybody who would actually do it, in which I doubt, specially here at OZB.
Haha, absolutely true. I always find this odd when we all post via mobiles.
Let's not talk about Australia's "Anti-encryption Bill" then ;)
Literally need to provide decryption keys for any encrypted data you have to handover.
If not, they need to provide a mechanism to intercept traffic for collection.
Footnote: Hello random person on the internet. If you think this is a good deal and it sits within your conscious and considered risk appetite (or bounds of blissful ignorance) just buy it. Seriously. I really don't care about the decisions which impact you unless they materially impact me. Oh, and don't forget to sign up to Shopback, too.
what risk are you worried about?
I assume zero privacy with any online company USA, EU or China so dont care about this latest EUFY news. I get why the internet has their pitchforks out but the alternatives are no better or worse. Ring hands over video to police without warrants, Google monetizes everything, etc.
There are companies that have been independently verified to be truly non-cloud solutions. Better alternatives exist.
- 1
- 2
Do not buy any Eufy camera products if you value privacy:
https://www.cnet.com/home/security/eufy-cameras-caught-sendi…
https://youtu.be/2ssMQtKAMyA