Amazon’s Ring keeps a log of every time a smart doorbell is rung, a motion-sensing camera is activated or the app is used on a smartphone – but claims NO video is saved
- Investigation found Amazon’s Ring has databases logging user interactions
- Records almost every instance the camera is activated or a feature is used
- Expert says the feature said it poses a ‘serious threat to people’s privacy’
- Ring claims no video clips are saved and this policy is spelled out on its website
Amazon’s Ring keeps a log of every single time one of its cameras, doorbells or apps is activated and used, it has been revealed.
Events that are logged include motion detected by the cameras, a doorbell being activated or pressed by a visitor, or an action by the user to activate a live feed to converse with a visitor.
The data recorded also includes exact GPS co-ordinates of the devices as well as the duration of each event in seconds.
It has also been found that every time the Ring app is used by a customer, a permanent note of the device model and which network it uses is saved and recorded in a vast database.
Experts have slammed the feature and said it poses a ‘serious threat to people’s privacy’ and could easily be stolen or misused by criminals.
Scroll down for video
Every movement identified by Amazon’s Ring devices is saved and recorded in vast databases, it has been revealed. It has also been found that every time the Ring app is used by a customer it makes a permanent note of the device model and which network it uses (file photo)
David Emm, principal security researcher at Kaspersky, a cybersecurity firm, said: ‘This development unfortunately doesn’t surprise me.
‘Home assistants and other smart technology – i.e. devices that have the power to monitor aspects of our everyday lives – gives huge companies access to lots of data, which is valuable even where that data is anonymised.
‘However, they can be a serious threat to people’s privacy – consumers are handing valuable information over freely and often without realising it.
‘In today’s digital era, such information could be used by companies directly or shared with third parties, or stolen and misused by cybercriminals.’
The BBC obtained the information via an information request to Ring for two devices under the data subject access request (DSAR) protocol that exists.
This enables any user to access their own data via the Ring website to see what data the firm has access to.
Amazon owns Ring and has a policy that no video clips older than 30 days are saved and are scrubbed from its servers.
Customers that opt for its ‘Ring Protect’ system have videos recorded and stored for up to 30 days before they are automatically deleted. Users can log on and delete them manually beforehand, if they wish.
Users that choose not to have the protect plan are only able to access the live stream and no videos are stored, according to Ring’s protocols.
A Ring spokesperson told MailOnline: ‘Ring’s Privacy Notice sets forth the type of information Ring collects and what Ring does with that information. Please refer to the Privacy page for more information.’
Amazon owns Ring and the company has a policy that no video clips older than 30 days exist and must be scrubbed from the servers (file photo)
According to the BBC investigation, which looked at two cameras over a 129-day span, almost 26,500 individual events were registered, with data pertaining to the user split over 11 databases.
One database also included every interaction with Ring’s apps and featured a separate call every time the app was opened, the feed was zoomed in and clocked when each call started and finished.
The BBC found no evidence of videos being recorded.
Mr Emm added: ‘It’s vital that companies selling such products are open and explicit about the data they collect, and how they will use it.
‘People should also think carefully when they are considering buying smart devices.
‘If they do purchase these products, they should always ensure that updates are available, create hard-to-guess passwords for the device, and disable any feature they do not intend to use, or which causes them any privacy concerns.’