Amazon’s Ring smart doorbell surveillance product has been caught sending user data to Facebook and other companies without making Ring users aware their data was being shared. That’s according to an investigation from the Electronic Frontier Foundation (EFF). What’s even more alarming is Ring users are having their data sent to Facebook even if they themselves don’t have Facebook accounts.
The EFF examined Ring’s latest Android app and found that it had four unlisted trackers sending Ring user data back to four websites including branch.io, mixpanel.com, appsflyer.com, and facebook.com. This is despite Ring’s privacy policy, which purports to list all the trackers being used in its software. That privacy policy was last updated over a year and a half ago and doesn’t list three of the four new trackers discovered.
So what data is Ring sending to Facebook and other companies? The EFF says the information includes “the names, private IP addresses, mobile network carriers, persistent identifiers, and sensor data on the devices of paying customers.” As the EFF explains:
The danger in sending even small bits of information is that analytics and tracking companies are able to combine these bits together to form a unique picture of the user’s device. This cohesive whole represents a fingerprint that follows the user as they interact with other apps and use their device, in essence providing trackers the ability to spy on what a user is doing in their digital lives and when they are doing it. All this takes place without meaningful user notification or consent and, in most cases, no way to mitigate the damage done.