Indoor Cameras Reviewed and Tested for Privacy Concerns
June 3, 2020So you really want to install an internet connected camera inside your house? Well, today on the hookup we’re going to look at 10 indoor cameras from 8 different brands and determine if any of them have what it takes to overcome the massive privacy concerns that come with installing a camera inside your home.
I am a huge advocate for security cameras. When done right they increase security and peace of mind more than any other gadget out there, but I’m also very concerned with privacy, and those two worlds are constantly at odds with each other. Moving cameras indoors makes the situation infinitely more delicate, so today, we’re going to determine if it is ever possible to have a camera in your house without introducing a possible invasion of privacy.
What am I talking about when I say “invasion of privacy”? There are three main case where your privacy could be compromised:
Case 1 is the one that we’ve seen on the news: some hacker living in their parent’s basement with nothing better to do decides to gain access to a camera feed and use the two way audio to spy on and terrorize families and kids.
Case 2 is another valid concern where bored and unethical employees at camera companies who are given administrator access to cameras for valid reasons, end up using them to spy on users, watch their recorded footage, and generally invade their privacy.
Case 3 is an unfortunately very real potential privacy breach that comes from governments either forcing giving subsidies to companies to provide them with a “back door” that can be used spy on domestic or international citizens. I know this sounds like a tinfoil hat conspiracy theory, but this is unfortunately very real and has been proven to have happened multiple times in the not so distant past.
The problem with these privacy concerns is that camera companies can implement security measures to stop hackers and make you feel better about case 1, but cases 2 and 3 are directly related to negligence at the manufacturer level, so they can’t really be mitigated by any camera specific features.
So, from this point on in the video I’m going to look at these cameras through two different lenses, and you need to decide for yourself which one is right for you: First, I’m going to assume that camera companies are trustworthy and the claims that they make are truthful. I’ll analyze the features of each camera and tell you which ones I think performed the best.
Then, you can step into my shoes, and we will trust no one. I’ll show you how to set up an indoor camera to be completely secure to the point where you could feel comfortable installing it in your own bedroom if that’s what you’re into. I’d recommend watching the whole video and then making your decision, but feel free to use the timestamps if you already know what you’re interested in.
Before we get started, lets see which cameras are on the chopping block today: From least expensive to most we’ve got the WyzeCam V2, the Blink Mini, the EZVIZ C1C, the Eufycam 2K, the WyzeCam PTZ, the Sonoff GK200, IoTech’s Ucam, EufyCam’s Pan&Tilt, the Reolink E1 Pro, and the SimCam AI. Here we go.
Case 1:
Hackers gain access to your cameras in one of two ways: Either through compromised logins from other websites, or built in administrator override passwords that are extracted by skilled hackers from firmware updates. Both of these methods can be used by relatively low skilled bad actors who can obtain large lists of compromised and leaked login and password combinations online, or look up firmware vulnerabilities on sites dedicated to compiling that type of information. Almost all the major camera breaches that have made the news have been from login and password combinations leaked by unrelated websites, but you can be sure that those reported stories are only the tip of the iceberg and that invasions of privacy are far more likely than we realize.
Of the cameras that I reviewed, there are a few different methods of ensuring your camera feed is secure and safe from hackers. The blink mini requires all users to use 2 factor authentication on their accounts, but uses email to provide the security code. While this is better than nothing, it’s likely that someone who reuses the same username and password over and over will also do the same for their email account as well, rendering this method ineffective. Wyze offers 2 factor authentication using SMS text messages, which is a significantly more secure method and Eufy plans to release 2 factor authentication in August of this year, but no word of whether it will be email or text message based.
Instead of 2 factor authentication, UCAM and SimCam have implemented their own unique methods for protecting your privacy. UCAM’s main selling point is the use of “blockchain” technology to encrypt your video feed and login. I’m skeptical of this claim since “blockchain” usually requires a network of private computer to verify blocks, but at the very least UCAM addresses the issue of insecure passwords by using a randomly generated private key to link your camera to your app, rather than requiring a username and password, and once a camera is locked to a mobile device it cannot be accessed anywhere else without the approval of the master device.
SimCam provides some protection from hacking by allowing you to activate something called LAN mode, which only allows your cameras to be viewed if you are on the same local network, and the ability to deactivate LAN mode is limited to pre-registered devices. This is my least favorite implementation of hacking countermeasures, but it’s something.
Of these cameras that have implemented measures to protect your privacy against hackers, or will be in the near future, here are the top performers:
- The EufyCam Pan and Tilt has the highest quality video, and the most impressive in app customization. You can set it to detect any motion, just people, just pets, loud noises, or even specifically alert you if it detects crying. I was also able to get an advance version of their homekit compatible firmware and the thing that struck me the most was the lack of lag in the homekit video stream which is as close to instantaneous as I’ve ever seen in a video camera.
The EufyCam can simultaneously play video in eufy app, homekit live view, RTSP feed, and record to the local SD card, which covers pretty much all the bases.
Unfortunately, the homekit implementation is only for homekit compatibility, not homekit secure compatibility, which means you’ll still need to use the Eufy App for most functionality including common features like pan and tilt and reviewing saved footage. I’m also disappointed that the Eufy Pan and Tilt still only uses the 2.4 gigahertz wifi band… and in 2020 and I think it’s unacceptable for companies to be producing high bandwidth devices that rely on the congested and inferior 2.4 gigahertz band, aside from that, assuming that Eufy delivers two factor authentication in August, the Eufy Pan and Tilt was the best camera the camera that I tested assuming the companies themselves can be trusted.
- The UCAM performance was also respectable, and even though it still only uses the 2.4 gigahertz wifi band I did appreciate the addition of an ethernet port, though I’m not sure how often it will be used by their typical customer. Even though it is only 1080p, the UCAM video looks great and the UCAM app offers both local continuous recording to an SD card or cloud video storage that is supposedly encrypted on your device before it is stored on the UCAM servers. Since UCAM’s whole selling point is security of your data it seems like they may have better policies in place as a company, but I personally am not in the business of trusting companies to uphold their promises, and again, that is a decision you will need to make for yourself.
- The WyzeCam has two things going for it: It’s cheap, and it has the same cool extra features of the Eufy like person detection and sound detection, but in my tests the Wyze had the worst video quality and really struggled in situations where the lighting was inconsistent in the scene. I’m also a little concerned about the direction of the company, as they seem to be moving towards a more cloud and subscription based model. I’ve been using a WyzeCam in my house for the last years with their optional RTSP firmware, and I had it blocked from the internet with my firewall. It worked without issue until I updated to the latest firmware to include it in this video and now the camera refuses to join a network without internet access, it just defaults back to the setup mode if I block its access to the internet.
I’ve also got a list of cameras to avoid: The worst of which is the Blink Mini. If you’re not familiar with blink cameras, they are easy to use versatile battery powered cameras, and in my outdoor camera test, they were one of the top performers. The blink mini on the other hand manages to include all the shortcomings of a battery powered camera, while still needing to be plugged in. It seems like they just took the exact same software that was in their battery cameras and threw it in some cheap indoor hardware. This means no recording to the device, no person detection, oh, and the live view times out after 60 seconds… on a plug in camera. Also, if you weren’t a blink customer before April of 2020 you’re going to need to pay monthly for cloud storage. I don’t know why the blink team thought this camera needed to exists, but you shouldn’t buy it.
The SimCam is expensive, $130 to be exact, so you would expect it to do more than other cameras. The idea behind the SimCam is really cool, it has on device AI computer vision to do things like object tracking, pet detection, vehicle detection and person detection including facial recognition. You can imagine how important it is that all of these services are handled locally on the camera in order to protect your privacy, so the SimCam seems like a great idea. Guess what? If you block the SimCam from the internet, none of the locally processed ai works. I don’t understand why they would go through all the trouble to produce a locally processed ai camera and then have it be reliant on the internet for delivering and archiving the locally stored footage.
It’s also worth noting, the SimCam has motorized pan, but it’s loud enough that you could basically never use it without drawing significant attention to the camera. The SimCam does use the 5 gigahertz wifi band though, so it’s got that going for it.
Neither Reolink, EZVIZ, nor Sonoff offer 2 factor authentication or the ability to bind a camera to a specific mobile device, so they don’t have any built-in defense against hacking. The Sonoff camera had the worst video quality of the cameras that I tested, and while the EZVIZ actually produced a decent image at a great price, their parent company Hikvision has had some serious privacy related allegations made against them by the US government, and the EZVIZ loses all functionality without an internet connection, so you should probably skip it. The Reolink E1 Pro on the other hand is the camera that have decided to use in my house to replace my custom firmware WyzeCam V2.
As I mentioned before, even though these companies have made an effort to prevent hacking, you still have to trust their claims that the companies themselves will keep your data safe and private. UCAM for instance claims that your footage is encrypted on the device before it is sent to the cloud, making it “impossible” for them to view your footage because they would need your private key. But since the private key is viewable in plain text in their app, couldn’t they just retrieve it from the app and then view your footage? Unfortunately, claims like the ones made by UCAM are difficult or impossible to verify and require you to just take their word for it.
That’s why, in every case, the safest thing for you to do is trust no one but yourself. Security cameras are appliances with a specific job, they should record video and show you video when you ask. As long as there is an option for local storage, that means a camera shouldn’t need to contact cloud servers for anything, right?
So, why was it that when I tested these cameras every single one was in constant contact with manufacturer cloud servers? The average consumer is ignorant to privacy concerns and instead is focused on a cameras’s ease of use. This means cameras will use services like p2p to be accessible from outside their local network, and some will offload video to the cloud for services like person detection, notifications, and scheduling. I am not saying that all communication with cloud servers means that a camera is violating your privacy, but what I am saying is that it’s impossible to determine what data is being collected by these cameras because it is being sent securely from your camera to their servers.
As is my recommendation for every security camara ever, you should either completely block them from the internet, or assume that the footage is not private. This is truly the only way to protect your privacy against all possible threats. There are two problem with this solution: First, not all routers have the ability to create rules to block specific devices from using the internet, and second, some cameras really don’t like having their internet taken away and end up losing most if not all of their functionality.
In fact, every camera except the Reolink failed in some way when blocked from the internet, some more than others. The EZVIZ app became completely non-functional, while the RTSP stream remained without granting it access to the internet, but it’s only a 1080p stream, and it’s limited to the 2.4 gigahertz wifi band. Similarly, the Sonoff camera has an accessible RTSP stream with an internet connection, but the app is non-functional… also if you are considering using the sonoff camera in a nursery or childs room, you should be aware that if it ever loses power, it will yell the following messages at you on startup. The Eufycam did produce a functional RTSP stream without an internet connection, but has a 5 minute timeout period after power on where it continually tries to connect to the internet before eventually allowing local communication. In my opinion the Eufy has enough limitations in this locally controlled mode that it isn’t a viable option.
So lets talk about the Reolink E1 pro. Not only is it the highest resolution camera I tested coming in at 2560×1440, but the app is fully functional without any connection to the internet. Motion detection works, video playback works, pan and tilt work, settings changes work, everything works as long as you are on the same local network, or have a VPN set up for when you are away. Another huge selling point? This camera connects to your 5 gigahertz wifi network, meaning faster transfer speeds and less network channel congestion. It has two RTSP streams, both a main stream and a lower resolution substream, and the pan and tilt functionality is nearly silent.
If you aren’t able to lock the camera down using your firewall, I wouldn’t recommend the Reolink due to the lack of two factor authentication, but if you can, and you want a great indoor camera with virtually zero privacy concerns, the Reolink E1 Pro is unbeatable in this space. Be careful when purchasing this camera, there is also a cheaper version called the Reolink E1 that lacks the ability to output an RTSP stream and has lower resolution.
One other option that I’m not going spend too much time talking about is custom firmware for these cameras. There are projects to open source firmware on both the WyzeCam style cameras, and a project in its infacy to use custom firmware on the sonoff camera, but in my opinion, if you are capable of installing these custom firmwares you would be much better off buting a Reolink E1 Pro and manually blocking it from the internet… the picture quality and 5 gigahertz wifi reliability is not even in the same ballpark as the wyzecam or sonoff camera. If you’re interested in how I quarantine my IoT products checkout my ultimate smart home network series, and stay tuned for an update video within the next few weeks where I’ll upgrade from my USG to the new Dream Machine Pro.
Thank you to all of my awesome patrons over at patreon for continuing to support my channel and making it possible for me to make comprehensive comparison videos like this one. If you’re interested in supporting my channel please check out the links down in the description. If you enjoyed this video, please hit that thumbs up button and consider subscribing. And as always, thanks for watching the hookup.
My choice given you can block your cameras from the internet:
Reolink E1 Pro: Amazon US: https://amzn.to/2U0KoiE
Reolink Direct with ($42 with Coupon Code ytb5E1pro): https://reolink.com/product/e1-pro/?aff=50
My top 3 choices for those without the ability (or desire) to block cameras from the internet:
1. EufyCam Pan & Tilt: https://amzn.to/3hfnAnV
-
IoTeX UCAM (Ships July): https://ucam.iotex.io/
-
WyzeCam V2 (Shipping Now): https://amzn.to/2ZVdTWZ