Playing Live Videos in Third-Party Media Players
Today, there are two primary ways to view live streams of eufy Security cameras. One is to use the eufy Security App, and the other is to use our secure Web portal at eufy.com.
Previously, after logging into our secure Web portal at eufy.com, a registered user could enter debug mode, use the Web browser’s DevTool to locate the live stream, and then play or share that link with someone else to play outside of our secure system. However, that would have been the user’s choice to share that link, and they would have needed to first log into the eufy Web portal to get this link.
Today, based on industry feedback and out of an abundance of caution, the eufy Security Web portal now prohibits users from entering debug mode, and the code has been hardened and obfuscated. In addition, the video stream content is encrypted, which means that these video streams can no longer be played on third-party media players such as VLC.
I should note, however, that only 0.1 percent of our current daily users use the secure Web portal feature at eufy.com. Most of our users use the eufy Security app to view live streams. Either way, the previous design of our Web portal had some issues, which have since been resolved.
Concerning the PR representative who answered your question about using VLC, they conflated the question. This was a known issue, easily replicated and had been reported by the media. However, they thought you were asking if people other than the registered user could discover links on their own and then view them through a third-party media player like VLC. The dynamic naming convention of the video links was also addressed in the media coverage, so I can see how this may have confused them. But it was not the official answer from our product teams. The real answer to this question has been addressed above.
Video End-to-End Encryption
Today, all videos (live and recorded) shared between the user’s device to the eufy Security Web portal or the eufy Security App utilize end-to-end encryption, which is implemented using AES and RSA algorithms.
Additionally, when a user uses the eufy Security App to access videos from their devices, the connection between the eufy Security App and the user’s device is end-to-end encrypted through a secure P2P service.
Homebase3 and eufyCam3/3C devices released in October 2022 use WebRTC for end-to-end encrypted communication when using the Web portal to access live streams in a browser. And we are rolling out WebRTC to ALL eufy Security devices right now.
I should also note if a user selects to use eufy Security’s optional cloud storage add-on, this operation is end-to-end encrypted. In addition, maintenance of our cloud server complies with the requirements of ISO27701 and ISO27001 standards. We are also audited by external third-party regulators every year.
When using local storage, eufy Security cannot access our users’ video recordings. All video data is encrypted and stored on the device itself and can only be accessed or shared by the user. Furthermore, eufy Security has no access to the user’s biometric details such as fingerprints or facial recognition data created by the users’ local devices. All these processes are also done and stored locally.
User Image Added To The Cloud
Previously, we had one device, the Video Doorbell Dual, that sent and stored an image of the user to our secure cloud. There is a lot of speculation and misinformation on this, so let me explain how this seemingly incongruent process came about.
First, the purpose of sending a user image from the eufy App to our devices is to give the local facial recognition software a baseline to run its algorithm. All facial recognition processes are and have always been done locally on the user’s device. In the case of our Video Doorbell Dual, a copy of that set-up image was stored using end-to-end encryption on our secure cloud. The reason for this, was in case the user decided to replace the Video Doorbell Dual or add an additional Video Doorbell Dual to their eufy Security system, the system would pull the existing image from the cloud during setup, rather than making the user take a new image.
Again, this process was not in line with our “local” mission and has been removed. Today, like all other devices in the eufy Security lineup, our Video Doorbell Dual relies on local-only storage of user images and video data. Not the cloud.
It’s important to note, that no user or facial recognition data has ever been included with the images that were sent to the cloud.
Source: The Verge