Ring, the Amazon-owned maker of smart-home doorbells and web-enabled security cameras, is changing its privacy settings two weeks after a study showed the company shares customers’ personal information with Facebook, Google and other parties without users’ consent.
The change will let Ring users block the company from sharing most, but not all, of their data. A company spokesperson said people will be able to opt out of those sharing agreements “where applicable.” The spokesperson declined to clarify what “where applicable” might mean.
Ring will announce and start rolling out the opt-out feature soon, the spokesperson told CBS MoneyWatch. The planned change to Ring’s privacy settings has not been previously reported.
Ring makes high-end doorbells that can alert you and provide real-time video over your phone when someone is at the door. The doorbells, which connect to your home’s wifi, sell for around $100 and up.in 2018 for a reported $1 billion as part of the ecommerce giant’s expansion into internet-enabled products for the home.
More recently, Ring has faced privacy concerns around its technology. In late January, an Electronic Frontier Foundation (EFF) study found the company regularly shares user data with Facebook, including that of Ring users who don’t have accounts on the social media platform.
“They have not given a reasonable explanation for why they would need to share the user data with third-party partners,” said Bill Budington, a staff technologist at the EFF, a digital privacy advocacy group that did the Ring study.
In response to the EFF study, Ring said it relies on “third-party service providers” to help improve its service. It adds that such data sharing is “limited to appropriate purposes.”
“Packed with third-party trackers”
EFF’s January investigation found Ring’s phone app was “packed with third-party trackers sending out a plethora of customers’ personally identifiable information.” Ring does not appear to be sharing its users’ videos, according to the EFF study.
Yet EFF claims the company shares a lot of other user data, including people’s names, email addresses, when the doorbell app was being used, the number of devices a user has, model numbers of devices, user’s unique internet addresses and more.
Such information could allow third parties to know when Ring users are at home or away, and potentially target them with advertising for services based on that info. Budington said data miners often use identifiers gleaned from Ring and other sources to connect users with personal information collected elsewhere.
Ring does tell customers in its privacy disclosures on its website that it shares some of their data. It also provides a list of third parties it has agreements with. But Facebook does not appear on that list. Neither do a number of other companies that Ring shares data with, according to EFF.
The other companies Ring shares customer data with are small and not well known. One is Branch.io, which consults on web marketing campaigns. Branch’s website says the company unifies “fragmented data to show you each customer’s full journey. The result: More data to optimize your campaigns and maximize ROI.”
Branch has had its own security concerns. A year and a half ago, the company was blamed for spreading a software bug to various websites that used its service. Some experts at the time claimed the bug could have exposed data belonging to as many as 645 million people. Branch CEO Alex Austin told CBS MoneyWatch that the reports of its software bug were “blatantly false” and that no user data was compromised.
Austin also said Branch’s work for Ring is limited to ensuring that when a user clicks “a link, it opens the [Ring] app and takes you to the correct page,” noting that Ring doesn’t use his company’s analytics platform.
Branch collects some user data from partners like Ring, including IP addresses and “advertising identifiers,” Austin said. He added that the company does not collect names or email addresses and that any data it does scoop up is “pseudonymized and purged from raw logs after seven days.”
Critics say that Ring has struggled to respond to criticism of its privacy policies following the EFF’s study. Although it confirmed that it shares more data with third parties than it previously told users, the company said in a statement that it contractually limits its partners to use the data only for “appropriate purposes,” including helping Ring improve its app and user experience.
Ring also upgraded its app late last month to include a control panel that lets users see what devices or other users they have approved to access their account and disconnect them.
“Like many companies, Ring uses third-party service providers to evaluate the use of our mobile app, which helps us improve features, optimize the customer experience and evaluate the effectiveness of our marketing,” a Ring spokesperson said in a statement.
EFF’s Budington calls the company’s response to the data-sharing concerns “inadequate.” He said Ring could remove the personal identifiers in user data before sending it to third-parties. “It shows the lackluster approach they have had to user privacy and security,” he said.
Ring has landed in hot water over privacy concerns before. Ring’s CEO Jamie Siminoff gave an interview to CNET in early January acknowledging that company was looking to correct past mistakes.
Last year, Ring was revealed to have partnered with local police departments to help them convince its users to share video footage with law enforcement. Ring’s app allows local police departments to directly ask users if they can access their video files. Ring home security cameras have also been , including a group that ran a podcast in which the hosts aired live instances of their snooping over home security cameras and harassing users.