wordpress blog stats
Connect with us

Hi, what are you looking for?

Amazon’s Ring sharing users’ personal data with Facebook, Google-owned company and others: EFF

Amazon-owned Ring, a maker of home security cameras, has a number of third-party trackers on its Android app, which allows it to share users’ personally identifiable information (PII) to companies such as Facebook, and Google-owned Crashlytics, an investigation done by advocacy group Electronic Frontier Foundation (EFF) found out. Three trackers that were found to be sharing information with third-parties are not even mentioned in Ring’s privacy policy EFF said, and added that the list of trackers was last updated a year and eight months ago. EFF did not clarify if Ring was selling users’ data to all these companies. 

“Ring claims to prioritize the security and privacy of its customers, yet time and again we’ve seen these claims not only fall short, but harm the customers and community members who engage with Ring’s surveillance system…This data is given to parties either only mentioned briefly, buried on an internal page users are unlikely to ever see, or not listed at all.” — EFF 

“The danger in sending even small bits of information is that analytics and tracking companies are able to combine these bits together to form a unique picture of the user’s device,” EFF noted. This tracks users’ interactions with other apps, and worryingly, happens without notifying them, or soliciting explicit consent from them. “Even when this information is not misused and employed for precisely its stated purpose (in most cases marketing), this can lead to a whole host of social ills,” the organisation said.

Information being shared included users’ names, email addresses: Ring tested version 3.21.1 of Ring’s Android app, and found out that personal identifiers of users was being transmitted to: branch.io, mixpanel.com, appsflyer.com and facebook.com.

  • In Facebook’s case, the app was found sharing information including users’ time zone, device model, language preferences, screen resolution  and unique identifier, with Facebook, even if users don’t have a Facebook account. This transmission was happening via Facebook’s Graph AI.
  • Branch, which offers a “mobile deep linking software kit” was receiving information such as a unique identifier, IP address, device model and screen resolution.
  • Big data company, AppsFlyer was given information such as users’ interaction with the “Neighbours” section of the app, mobile carrier, first installation and launch dates of the Ring app, a number of unique identifiers, and if AppsFlyer came preloaded on a device.
    • EFF pointed out that the last bit of information was presumably to gauge whether AppsFlyer tracking was included as bloatware on a low-end Android device, since low-end phone manufacturers often sell customers’ data to offset the cost of manufacturing. This “disproportionately” affects low-income earners, EFF highlighted.
    • AppsFlyer was also receiving information on the sensors fitted to a phone.
  • MixPanel, a business analytics service company was receiving users’ full names, email addresses, device information, status of bluetooth, and the locations at which a user has installed Ring’s cameras.
    • EFF pointed out that while Mixpanel is listed on Ring’s list of third party services, no information is provided about the kinds of data that Ring shares with the business.
  • Google-owned Crashlytics, a software development company, was also found to be receiving information, although EFF is yet to determine the exact extent of data sharing with Crashlytics.

EFF said that all the information was being shared using encrypted HTTPS, and was delivered in a way that “eludes analysis,” which makes it difficult for security researchers to learn and report these “serious privacy breaches”.

Privacy concerns have been raised against Ring several times: Amazon had purchased Ring in 2018 for a billion dollars, and had revealed, in November 2019, of its plans of adding a facial recognition system to Ring’s doorbell cameras. Last year, Senator Ed Markey had questioned Ring’s partnership with the police and said that it raised serious privacy and civil liberties concerns.

  • Following that, more than 30 digital rights and civil liberties organisations had demanded that local, state, and federal officials end partnerships between Ring and over 400 law enforcement agencies in the US, claiming that these partnerships a serious threat to civil rights and liberties, especially for black and brown communities already targeted and surveilled by law enforcement.

Avast was found selling users’ data: Yesterday, it was reported that anti-virus company Avast has been selling users’ data to companies such as Google, Microsoft, IBM, Home Depot, sometimes for millions of dollars. The information being sold included users’ Google searches, Google Maps location searches, activity on companies’ LinkedIn pages, YouTube video visits and data on people visiting porn websites.

Advertisement. Scroll to continue reading.
Written By

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.

Views

News

While the market reality of popular crypto-assets like Bitcoin may undergo little change, the same can't be said for stablecoins.

News

Bringing transactions related to crypto-assets within the tax net could make matters less fuzzy.

News

Loopholes in FEMA and the decentralised nature of crypto-assets point to a need for effective regulations.

News

The need of the hour is for lawmakers to understand the systems that are amplifying harmful content.

News

For drone delivery to become a reality, a permissive regulatory regime is a prerequisite.

You May Also Like

News

Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...

Advert

135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...

News

Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...

News

By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Name:*
Your email address:*
*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ