Ring doorbell with video surveillance (courtesy Ring)
The Ring doorbell product and application is "packed with third-party trackers" and creates a "fingerprint" of customers of the company, which is owned by Amazon, warns a new report from a privacy organization.
Advertisement - story continues below
"Ring isn't just a product that allows users to surveil their neighbors. The company also uses it to surveil its customers," said the Electronic Frontier Foundation.
The organization discovered in its investigation that the product is filled with trackers "sending out a plethora of customers' personally identifiable information."
TRENDING: Mystery: Monolith found in Utah suddenly vanishes
The personal details, including "private IP addresses, mobile network carriers, persistent identifiers and sensor data," went primarily to four "analytics and marketing companies."
EFF said Ring "claims to prioritize the security and privacy of its customers, yet time and again we’ve seen these claims not only fall short, but harm the customers and community members who engage with Ring’s surveillance system."
Advertisement - story continues below
"In the past, we've illuminated the mismanagement of user information which has led to data breaches, and the attempt to place the blame for such blunders at the customers' feet," EFF said.
"This goes a step beyond that, by simply delivering sensitive data to third parties not accountable to Ring or bound by the trust placed in the customer-vendor relationship. As we've mentioned, this includes information about your device and carrier, unique identifiers that allow these companies to track you across apps, real-time interaction data with the app, and information about your home network. In the case of MixPanel, it even includes your name and email address. This data is given to parties either only mentioned briefly, buried on an internal page users are unlikely to ever see, or not listed at all."
EFF said the danger is that "analytics and tracking companies are able to combine these bits together to form a unique picture of the user's device. This cohesive whole represents a fingerprint that follows the user as they interact with other apps and use their device, in essence providing trackers the ability to spy on what a user is doing in their digital lives and when they are doing it."
While this all is transpiring, there is no "meaningful user notification or consent and, in most cases, no way to mitigate the damage done."
EFF undercuts the Ring reputation of helping provide "the secure home, while profiting from a surveillance network which facilitates police departments' unprecedented access into the private lives of citizens, as we have previously covered. For consumers, this image has cultivated a sense of trust in Ring that should be shaken by the reality of how the app functions: not only does Ring mismanage consumer data, but it also intentionally hands over that data to trackers and data miners."
Advertisement - story continues below
The foundation said its investigation revealed that Facebook, one of the companies receiving the personal details, is "alerted when the app is opened and upon device actions such as app deactivation after screen lock due to inactivity."
Other companies receiving the details are Branch, MixPanel and AppsFlyer
By the way, the report said, that information goes to Facebook "even if you don't have a Facebook account."
And AppsFlyer, during the investigation, was able to install on the foundation's test device a magnetometer, gyroscope and accelerometer.
Advertisement - story continues below
MixPanel obtains users' full names, email addresses, device information such as OS version and model, whether bluetooth is enabled, and app settings such as the number of locations a user has Ring devices installed in, are all collected and reported to MixPanel," EFF said.
