Amazon-owned Ring is best known for its connected doorbell, which features an HD camera, motion sensor, microphone, speaker and other sensors, all integrated with an app to allow users to view real-time video and communicate with visitors from anywhere in the world.

According to the EFF, the Ring Doorbell app (Ring for Android v3.21.1) sends data to four major analytics and marketing companies. This data includes full names, IP addresses, sensor data from the doorbells and “persistent identifiers”.

“The danger in sending even small bits of information is that analytics and tracking companies are able to combine these bits together to form a unique picture of the user’s device,” wrote EFF security researcher Bill Budington. The EFF asserts that this all occurs without meaningful notification or consent, with the third parties either never mentioned or mentioned only briefly on an internal page, which users are unlikely to check.

The organisation’s testing found that personally identifiable information was sent to branch.io, mixpanel.com, appsflyer.com and facebook.com.

Facebook is alerted when the Ring app is opened and when other device actions occur, with other information sent to the social media company including time zone, device, language preferences, screen resolution and a unique identifier. AppsFlyer, a big data company, is sent information including data from the Ring Doorbell sensors (its magnetometer, gyroscope and accelerometer), while MixPanel is sent users’ full names, email addresses, device information and app settings.

“Ring claims to prioritise the security and privacy of its customers, yet time and again we’ve seen these claims not only fall short, but harm the customers and community members who engage with Ring’s surveillance system. This goes a step beyond that, by simply delivering sensitive data to third parties not accountable to Ring or bound by the trust placed in the customer-vendor relationship,” Budington wrote.

Privacy advocates and lawmakers have raised concerns about Ring’s ability to function as a surveillance tool, particularly due to its partnership with more than 600 law enforcement agencies, a characterisation Amazon has rejected.

A group of US senators are in the process of scrutinising Ring over its security practices, revealing that four Ring employees had been fired for snooping on private videos captured by the connected devices.

Amazon-owned Ring is best known for its connected doorbell, which features an HD camera, motion sensor, microphone, speaker and other sensors, all integrated with an app to allow users to view real-time video and communicate with visitors from anywhere in the world.

According to the EFF, the Ring Doorbell app (Ring for Android v3.21.1) sends data to four major analytics and marketing companies. This data includes full names, IP addresses, sensor data from the doorbells and “persistent identifiers”.

“The danger in sending even small bits of information is that analytics and tracking companies are able to combine these bits together to form a unique picture of the user’s device,” wrote EFF security researcher Bill Budington. The EFF asserts that this all occurs without meaningful notification or consent, with the third parties either never mentioned or mentioned only briefly on an internal page, which users are unlikely to check.

The organisation’s testing found that personally identifiable information was sent to branch.io, mixpanel.com, appsflyer.com and facebook.com.

Facebook is alerted when the Ring app is opened and when other device actions occur, with other information sent to the social media company including time zone, device, language preferences, screen resolution and a unique identifier. AppsFlyer, a big data company, is sent information including data from the Ring Doorbell sensors (its magnetometer, gyroscope and accelerometer), while MixPanel is sent users’ full names, email addresses, device information and app settings.

“Ring claims to prioritise the security and privacy of its customers, yet time and again we’ve seen these claims not only fall short, but harm the customers and community members who engage with Ring’s surveillance system. This goes a step beyond that, by simply delivering sensitive data to third parties not accountable to Ring or bound by the trust placed in the customer-vendor relationship,” Budington wrote.

Privacy advocates and lawmakers have raised concerns about Ring’s ability to function as a surveillance tool, particularly due to its partnership with more than 600 law enforcement agencies, a characterisation Amazon has rejected.

A group of US senators are in the process of scrutinising Ring over its security practices, revealing that four Ring employees had been fired for snooping on private videos captured by the connected devices.