Thanks for the reply. While I’m sure that the video feed wasn’t the easiest to access from an outside attackers end, the fact that it was even being sent to the cloud, unencrypted, without consent, in the first place is a little more than a “minor” controversy. A company advertising a camera that works local only, and then proceeding to quietly upload everything from the camera to their servers, servers that, mind you, cost money to operate, likely have malicious intent.
While it may have been sensationalized, given this is a privacy comm, it should at least be worth mentioning.
They keep data local by default
https://gizmodo.com/eufy-local-security-camera-cloud-unencrypted-scandal-1850059207
The original security issue was first noticed by security researcher Paul Moore, who noticed Eufy cameras were streaming recorded video to a cloud server on the site’s web portal, even though cloud storage wasn’t enabled. That data sent to the cloud remained unencrypted.
https://www.theverge.com/23573362/anker-eufy-security-camera-answers-encryption
Anker has finally admitted its Eufy security cameras are not natively end-to-end encrypted — they can and did produce unencrypted video streams for Eufy’s web portal.
The article also includes a response from Anker.
By hosting it through tor, they’re effectively removing it from the worlds DNS providers, and limiting their users to a minority of advanced users.