Ding-dong Facebook calling: Amazon Ring blurts data

ring2The Amazon-owned Ring doorbell app, which its advertising claims helps to keep burglars, chancers and conmen at bay, is casually handing out sensitive customer data to a raft of companies – including Facebook and Google – without permission.

Amazon, which bought Ring in 2018 and sells a range of home security cameras as well as doorbells, has already been slammed for joining forces with with at least 200 law-enforcement agencies to carry out surveillance via its devices.

But now privacy group The Electronic Frontier Foundation claims that there is a much deeper issue with the app, with an investigation concluding that Ring is “packed” with third-party tracking, sending out customers’ personally identifiable information.

Five companies – Facebook, Google-owned Crashalytics, AppsFlyer, MixPanel and Branch – receive information on a number of unique identifiers, including full names, email addresses, device information, app settings and a user’s IP address.

The group maintains that Ring is failing to protect users’ privacy, noting only one of the trackers it had found was mentioned in the company’s privacy policy.

The EFF said: “The danger in sending even small bits of information is that analytics and tracking companies are able to combine these bits together to form a unique picture of the user’s device. This cohesive whole represents a fingerprint that follows the user as they interact with other apps and use their device, in essence providing trackers the ability to spy on what users are doing in their digital lives and when they’re doing it.”

In response, Ring said it only shares a “limited amount of information”. It told Gizmodo: “Like many companies, Ring uses third-party service providers to evaluate the use of our mobile app, which helps us improve features, optimise the customer experience and evaluate the effectiveness of our marketing.”

Last weekend, Amazon software development engineer Max Eliaser called for Ring to “be shut down immediately and not brought back”. He added: “The deployment of connected home security cameras that allows footage to be queried centrally are simply not compatible with a free society.”

Related stories
Where’s Wylie? H&M faces Nuremberg data leak trial
Storm clouds gather over Travelex for hack blackout
17,000 Tesco customers hit by Travelex data breach
Top tourist attractions hit by 110m data theft attacks
Half of UK firms would pay ransom to avoid GDPR fine
Over 40% of firms suffered cyber breach in past year
Firms warned over new wave of nefarious cyber attacks