Eufy glitch allowed other Eufy owners to see through other home's cameras.. it's been fixed apparently but

Well I was thinking more along the lines of being persecuted because you were seen on a video recording with/near an "enemy of the state" or something like that. Or being denied medical coverage (argh, US!) because of certain purchases... We might know some things but it's certainly not everything.. all it takes is creative use of existing infrastructure..

Example:

Note: I have the option of allowing the police access and have chosen not to give it. I am happy to provide videos of certain date/times if requested. So far I believe Ring still allows me to have this ability but of course the company controls this not me which is the problem.

Maybe, maybe not. To me it is analogous to mouse traps and we are the mice. They offer you a nice piece a cheese in a trap. They could give it to you without it, and some do but we, mostly out of ignorance, jump on it thinking we have no choice. We actually do. And by our choices, just supported their design. I have been guilty of it. Been burned, hard! and am now extremely aware and borderline paranoid:

Doorbells, I have had ring, Skybell. Now replaced by an RCA HSDB1. Much better quality, offers the capability to connect to 5GHz and a local stream. You can decide to use the cloud... or not.
Nest Protect smoke/CO detectors, replaced with zigbee version of it. 60% cheaper. 100% more reliable and just as easy to setup and no cloud.
Ecobee replaced by a simple zwave thermostat. The cheapest I could find. Saved 80% of the cost and now have much greater flexibility in coordinating my HVAC into my security system as I am setting up everything according to room temperature, presence detection, window open/close status. Things the ecobee could not do. So it isn't quite subjective. It is much more capable, local controlled and completely cloud independent. After all isn't it what hubitat is about?
I only recently got rid of all my alexa devices... 14 of them, discovering that I could get the exact same voice coverage with a combination of 3 Homepods and my pre-existing 3 iOS devices. Again, saved a bunch of money in the upgrade process. Got local voice processing which is faster. Is it cloud independent? Not quite but it is a step in the right direction.

as @erktrek so rightfully pointed to, so many of these devices are dependent on the services the company which sold offers. I have had plantlink and a number of others go bankrupt on me rendering devices, which I though worked well, completely useless. Fool me once, shame on you... fool me twice... shame on me. No amount of convenience will get me to fall into this trap again. The more people feed the monsters behind the mouse traps... the more mouse traps there will be.

Everything that you have stated here is subjective because they fit your needs, but not necessarily the needs of others.

I use the Nest Hello because when someone rings the doorbell, that video shows up on our Google Home devices. You would be hard pressed to make that happen on generic display devices. I have it integrated via the Google SDM, but haven't thought up a need for the events so haven't done anything with them.

Interesting, because I can do all those things with my Ecobee.

The cloud dependency is surely a big part of it, but I switched from ST primarily because Hubitat was leagues faster in response times due to its local nature, not because of its capabilities. In fact, when I switched, its functionality was arguably less due to the maturity of the community developments on the ST side. Let's face it, much of the functionality we enjoy on Hubitat today was built on the backs of those efforts.

Which is why I only buy into the products that I believe have staying power. Those mom and pop shops with a niche product may look interesting, but it's not something that I would buy into. However, I'm the type to build a soil moisture solution out of an Arduino and a sensor. Others may need the simplicity of something that works out of the box.

Sure, I could pare down my Google Home devices and simply carry my phone around, but that does reduce the convenience of it...

Everyone needs to stop telling everyone else what's important. If people feel that they need some functionality only serviced by a cloud solution, so be it. In general, I personally believe local beats cloud in most cases, but it's not our place to convince them otherwise.

I think it's fine. You don't look too bad in that get up to be honest. But last Wednesday evening at 11.05pm when you also used the high heels... that was definitely too much.

Not just convenience, functionality too. Annoyingly Google Assistant, even when running on a device that is fixed in a room (like a tablet) is blissfully unaware of where it is (eg. which room) which means you have to address the target specifically in your voice command. Whereas with GH, if set up, you do not.

Yep! "Turn on the lights" is a panic moment if your phone answers...

I use EUFY Security Cameras and very interested in your Blue Iris reference with EUFY.

The breach Eufy suffered this week allowed non owners to access the config of the cameras.

So in your case you are recording to Blue Iris but how do you stop someone reconfiguring your camera, or just viewing/listening to indoor cams?

All my EUFY cameras record either direct to an internal micro SD card or to the SSD in the Eufy Homebase.

Is Eufy actually storing video in the Cloud?

I keep the EUFY cameras on their own VLAN which will mitigate migration onto the user LANs and have just found some port settings to restrict accessibility of the EUFY Security system so it can only be accessed on the home LAN, or VPN back to home, which I already have for accessing HE when out and about.

This is incorrect bit the truth may not be much better. Everything i saw pointed to a configuration problem they implemented and not a breach by hackers.

The big issue for Eufy here is that no mater what you do if you are remote and want easy access to your cameras remotely you use there servers to establish the connection to the camera. If you are local it stays on your network, if you are remote it goes through their servers to get to your remote device. That system seems to be what got borked in this event. Somehow it connected folks to the wrong cameras.

Eufy also supports RSTP which likely is what Blue Iris uses to connect and record content on the local lan.

The problem is no matter what you do you cannot avoid their servers to view your cameras without RSTP. That applies even if the content is on your local network on the device. Once the connection is established it is a different story though.

I did not mention hackers... I referred to an unauthorised access to private data, a breach.

The fact it was a Change Control issue does not make it better it is worse, because they are sharing user's personal data to unauthorised people - all without the aid of a malicious attack.

With Change Control like this they don't need hackers

If they are getting basic Change Control messed then I do not hold out for a robust cyber defence capability

I have been experimenting, with the Eufy Bases on the WIFI but denied internet access (firewall rule), when I was away I was able to view the Eufy Camera live streams (via HomeKit while on a VPN back to home) and recording made in HomeKit, but allowing notifications to be sent.

I have a guide on it and will be testing it over the next few days.

So the next step is to allow certain access for the EUFY Homebases to connect with the mother ship while blocking remote access to live cameras, recordings and configuration.

Setting up and using a VPN to access home services - such as EUFY Security Cameras and Hubitat is overly difficult and is very helpful.

I have just been dismantling one of the offline indoor cameras, I had been using them to augment external cameras by fitting them to windows by blue tacking them to the glass, they work quite well but the IR lamp won't work through glass. (if you do this remove the micro SD card first!!)

I was looking at physically disconnecting the camera's microphone, which is very easy to do, so now suitably muted I can get the internal ones working pointing out of the house.

For the other indoor cameras, I can add a zigbee/zwave switch and have them turn on when in AWAY mode.

Seems like a case for setting up a personal VPN on your home network. Remote access w/out using Eufy cloud (assuming Eufy provides a local access option when you're at home on the same network, and you can turn off Eufy cloud storage/saving of video).

I guess no one is talking about the fingerprint reader in the doorbell button?

But mistakes and impacts can be minimized by using well trained or competitive human
That's the difference of experienced companies and amateur companies

A vpn doesn't really help as there software still figures out the initial connection through Eufy's servers. Once that is completed you can connect locally. Think of it like this i can be on the same wifi network with my phone and open the Eufy security app. When that happens the software talks logs into Eufy's server and finds the best path to my cameras. If i am local it ia direct. If it isn't then then the camera punches a whole throght my network to Eufy's server and then to my endpoint device.

If you want to cut Eufy out completely then use something like Motion on linux or blueiris over RSTP. Then bypass them cometely. Then you need either a VPN to your home network or Port forwarding to get to your local server to get access.

This whole discussion has beaten over and over on their own forums.

I am not trying to argue with you. Just providing you some information and a good dose of opinion.

Given the topic here being about Eufy and privacy, I was just broadening the discussion on the overall home automation and the designs/concepts being used being inefficient.

I use the Nest Hello because when someone rings the doorbell, that video shows up on our Google Home devices. You would be hard pressed to make that happen on generic display devices. I have it integrated via the Google SDM, but haven't thought up a need for the events so haven't done anything with them.

Google/nest and privacy are oxymorons. Yes they sell you on a lot of features which in can be done better, safer, more reliably without relying on their cloud. It is not a matter of if but when they get hacked, they have a server downtime, they decide to discontinue their service or charge you for it or push a firmware which breaks something, or an internet service outage, your system will go down. In the meantime they will happily sell whatever data you are giving them to the highest bidder. I am doing exactly the same thing on my tablet which works even without internet connection at all and yes... it is also much faster if that matters. A lot of people jump on these things out of ignorance and attracted by the cool features without realizing what is behind them. Even if it may not be initially ill intended, the whole concept is absurd as exposes to unnecessary risks, multiply points of failures and is a drag for performance.

I too was a very early ecobee supporter. I ended up getting rid of them because of server outages preventing me from adjusting my HVAC while traveling or even through my home automation system. Yes you can do a lot and my HVAC control today using presence detection, Keen zigbee vents were inpired by them but their downtime, lack of local API (though you can now workaround it through homekit), data collection and firmware updates being cloud pushed instead of pull just got me to dump it. Great concept... only if they made it cloudless.

If you are happy with what you have, I am happy for you. Just be aware of what you are getting yourself into and that you have choices.

However, with the caveat that this is completely wrong!

Google - unlike Facebook and co. - sells advertising spaces and services, but not your data.

I have knowledge and proof of the contrary… I happen to have relatives in the promotional marketing business and yeah they buy your personal info from Google for targeted advertising… they would otherwise not be so aggressive at preventing people from blocking data collection.

Anecdotal evidence =/= "proof"

I think that really depends on how you define advertising services and personal data right.

Google has no issue selling whatever they can parse out from your online activity. Now how closely that resembles what you define as peraonal data could largely be dependent on what it is they parsed out exactly.