Why are your supposedly end-to-end encrypted cameras producing non-encrypted streams in the first place?
Under what circumstances is video actually encrypted?
Do other parts of Eufy’s service rely on unencrypted streams, such as Eufy’s desktop web portal?
How long is an unencrypted stream accessible?
Are there any Eufy camera models that *don’t* send unencrypted streams?
Will Eufy completely disable transmission of unencrypted streams? When? How? If not, why not?
If not, will Eufy disclose to its customers that their streams are not always end-to-end encrypted? When and where?
Did Eufy change the stream URLs to something more difficult to reverse engineer? If not, will Eufy? When?
Are unencrypted streams still accessible when cameras use HomeKit Secure Video?
Is it true that “ZXSecurity17Cam@” is a real encryption key? If not, why did that appear in your code labeled encryption key and in a 2019 GitHub repository?
Besides the thumbnails and the unencrypted streams, are there any other private data or identifying elements that Eufy’s cameras allow access to via the cloud?
Besides potentially tapping an unencrypted stream, are there other things Eufy’s servers can do remotely with a camera?
What’s stopping the Eufy and Anker staff from tapping into these streams?
What other specific measures will Eufy take to address its safety and reassure customers?
After these revelations, has Anker engaged independent security firms to conduct an audit of its practices? Which?
Will Anker offer refunds to customers who purchased cameras based on Eufy’s privacy commitment?
Why told Anker The edge that it was not possible to watch the unencrypted stream in an app like VLC?
Does eufy share video recordings with law enforcement?