Play live video in third-party media players
Today, there are two main ways to view live feeds from eufy security cameras. One is to use the eufy security app and the other is to use our secure web portal at eufy.com.
Previously, after logging into our secure web portal at eufy.com, a registered user could enter debug mode, use the web browser’s DevTool to locate the live stream, and then play or share that link with someone new. other to play outside of our secure system. . However, it would have been the user’s choice to share that link, and they would have had to log into the eufy web portal first to get that link.
Today, based on industry feedback and out of an abundance of caution, the eufy Security Web Portal now prohibits users from entering debug mode, and the code has been hardened and obfuscated. Moreover, the content of the video stream is encrypted, which means that these video streams can no longer be played on third-party media players such as VLC.
However, I should note that only 0.1% of our current daily users use the secure web portal feature on eufy.com. Most of our users use the eufy Security app to view live streams. Anyway, the previous design of our web portal had some issues, which have since been fixed.
Regarding the PR representative who answered your question about using VLC, he confused the issue. This was a known issue, easily reproducible and reported by the media. However, they thought you were asking if anyone other than the registered user could discover links on their own and then view them through a third-party media player like VLC. The dynamic video link naming convention has also come up in media coverage, so I can see how that may have confused them. But that wasn’t the official response from our product teams. The real answer to this question was discussed above.
End-to-end video encryption
Today, all video (live and recorded) shared between the user’s device and the eufy Security web portal or the eufy Security app uses end-to-end encryption, which is implemented at the using AES and RSA algorithms.
Additionally, when a user uses the eufy security app to access videos from their devices, the connection between the eufy security app and the user’s device is end-to-end encrypted via a secure P2P service. .
Homebase3 and eufyCam3/3C devices launched in October 2022 use WebRTC for end-to-end encrypted communication when using the web portal to access live streams in a browser. And we are currently rolling out WebRTC to ALL eufy Security devices.
I should also note that if a user chooses to use eufy Security’s optional cloud storage add-on, that operation is end-to-end encrypted. In addition, the maintenance of our cloud server complies with the requirements of ISO27701 and ISO27001 standards. We are also audited annually by external third-party regulators.
When using local storage, eufy Security cannot access our users’ video recordings. All video data is encrypted and stored on the device itself and can only be viewed or shared by the user. Additionally, eufy Security does not have access to user biometric details such as fingerprints or facial recognition data created by users’ local devices. All these processes are also performed and stored locally.
User image added to cloud
Previously we had a device, the Video Doorbell Dual, that sent and stored an image of the user to our secure cloud. There’s a lot of speculation and misinformation out there, so let me explain how this seemingly incongruous process came about.
First, the purpose of sending a user image from the eufy app to our devices is to give local facial recognition software a baseline to run its algorithm. All facial recognition processes are and always have been done locally on the user’s device. In the case of our Video Doorbell Dual, a copy of this configuration image was stored using end-to-end encryption on our secure cloud. This was because if the user decided to replace the dual video doorbell or add an additional dual video doorbell to their eufy security system, the system would pull the existing image from the cloud during setup, rather than forcing the user to take a New Image.
Again, this process was inconsistent with our “local” mission and was removed. Today, like all other devices in the eufy Security range, our Video Doorbell Dual relies on local storage of only user images and video data. Not the cloud.
It is important to note that no user or facial recognition data has ever been included in the images sent to the cloud.