Anker’s Eufy Admits ‘Lie’ After TWO Months — Still no Apology

Anker said its Eufy cameras never send unencrypted video. But a couple of months ago, researchers discovered they did. Despite the clear evidence, Anker denied, delayed and deflected.

It’s taken from November 25 to this week for Anker to admit it. The PR spin is a triumph of gaslighting and “we take privacy seriously” doublethink. Any hint of an apology is conspicuous by its absence.

We waited 65 days for this? In today’s SB Blogwatch, we’re done with the Anker brand.

Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: Donks.

Euf***ed Up — Again

What’s the craic? Sean Hollister is causing trouble again—“Anker finally comes clean”:

Hard to take the company at its word
First, Anker told us it was impossible. Then, it covered its tracks. It repeatedly deflected while utterly ignoring our emails.

[But] Anker has finally admitted its Eufy security cameras are not natively end-to-end encrypted — they can and did produce unencrypted video streams for Eufy’s web portal. … But Anker says that’s now largely fixed. … The company [is] bringing in outside security and penetration testing companies.

Reading between the lines, though, it seems that these cameras could still produce unencrypted footage upon request. … Independent audits and reports may be critical for Eufy to regain trust because of how the company has handled the findings of security researchers and journalists. It’s a little hard to take the company at its word!

[At the link above, you can also read Anker’s rambling, unapologetic PR blather—if you can stomach it.]

We do not forgive. We do not forget. Expect Ben Lovejoy—“Anker admits to lying about Eufy”:

Inexcusable … unforgivable
The security flaw was first discovered in December of last year, when a customer was able to access unencrypted video streams. … A security researcher confirmed this, and additionally proved that video data was being uploaded to the cloud even when the user denied permission for this. … Live video streams sent to the web [portal] were not encrypted, nor even authenticated, meaning that the streaming footage could be viewed by anyone.

As the old saying has it, never ascribe to malice that which can be adequately explained by incompetence. … However, that is no excuse. Inadvertent or not, it did lie. When a security camera company promises that all video footage never leaves the camera without E2E encryption, it must be 100% certain that this statement is correct.

Even more inexcusable is continuing to make inaccurate claims after the company’s statements had been demonstrated to be false. When that happens, you don’t blithely continue to repeat the same reassurances: You immediately verify the claim (which was trivial to do), admit to it, and then fix it. The fact that Anker didn’t do this is … unforgivable.

Whoop, whoop! That’s the sound of Manuel Vonau—“Anker sub-brand was caught in a privacy scandal”:

After two months of stonewalling, the company has finally provided more satisfactory answers, though we’d still be cautious about taking its word for it.. … After all, it’s taken the security-focused company far too long to properly communicate the problems that have been discovered, and we need to see the promised actions come to fruition before we can consider reevaluating our stance on Eufy products.

ELI5? u/rogerflog explains like we’re five:

The story about Eufy cameras not being encrypted broke … 2 months ago. Anker went dark and didn’t admit anything until now. Really burned some of that customer-first goodwill by not being upfront and honest.

Their PR sucks worse than Sam Bankman-Fried, and his apology started with “I ****ed up.” We couldn’t even get a “Whoops, we ****ed up” out of Anker? Really?

Would you give Anker a second chance? Guspaz won’t:

Too late. … The problem was not with all the security problems, or even the false advertising about the products … but how they handled the public disclosure.

They handled it by lying, concealing, denigrating, and covering up. … They tried their damnedest to pretend that there was no problem and that everybody reporting on it was making things up. … How a company handles a crisis is more important than the cause of the crisis.

They could not have handled this more poorly. … And that’s why I don’t buy their products anymore.

Neither would Marie.D:

The damage is already done. … The Anker brand is irreversibly tainted by this whole fiasco.

If they did better immediately after the initial report I would have given them a chance. But the fact that they downplayed the whole thing, let it rot … then only barely communicated about it … showed that they have absolutely no care about their consumers.

Why should I give money to a company who … sells me a “secure and private” device, and when caught with the hand in the cookie jar, proceeds to gaslight me? Bye.

Hi guys! Where are the YouTokagram influencers? Don’t bother searching, says Steve Conlon—@StevenConlon:

A topic you will not get smart home ‘influencers’ covering: The Eufy home CCTV system bald-faced lies about their encryption. Be very careful what you are buying in your own smart home ecosystem. EU needs to hurry up with these IoT device stanards.

However, JohnFen takes a more pragmatic attitude:

I stopped bothering years ago. Now, I simply assume that they’re all lying scum.

Enough of them are that it’s not a terrible bet. So, I don’t buy or use products that require the use of any third party servers, and be sure to firewall off any that have network access.

Meanwhile, try not to form a mental image of AgentOSX:

I am just waiting for my Eufy footage of me making coffee naked to become a thing.

And Finally:

An exploration of ocean plastic, avatars and adaptive bottom feeders

Hat tip: simbosan

Previously in And Finally

You have been reading SB Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites … so you don’t have to. Hate mail may be directed to @RiCHi or [email protected]. Ask your doctor before reading. Your mileage may vary. Past performance is no guarantee of future results. Do not stare into laser with remaining eye. E&OE. 30.

Image sauce: Jametlene Reskp (via Unsplash; leveled and cropped)

Richi Jennings

Richi Jennings is a foolish independent industry analyst, editor, and content strategist. A former developer and marketer, he’s also written or edited for Computerworld, Microsoft, Cisco, Micro Focus, HashiCorp, Ferris Research, Osterman Research, Orthogonal Thinking, Native Trust, Elgan Media, Petri, Cyren, Agari, Webroot, HP, HPE, NetApp on Forbes and Bizarrely, his ridiculous work has even won awards from the American Society of Business Publication Editors, ABM/Jesse H. Neal, and B2B Magazine.

richi has 643 posts and counting.See all posts by richi