Recent reports allege that Eufy security cameras upload images to the cloud even if a camera is configured for local (microSD) storage. Worse yet, the images are not encrypted and can be viewed by anyone with the right URL without any access controls. I assume these reports refer to Eufy's cloud storage service.
Is this an issue if my Eufy cameras are configured to use HomeKit Secure Video?
The thumbnail images are stored in the cloud when sending alerts to users...the alerts are going out over the Internet so it should be expected that some information will be in the cloud at some point. I would assume if you don't have Eufy send alerts to your phone or devices, then I would not expect any thumbnails to be stored in the cloud. Text alerts are cloud based.
See this article about the Eufy issue and especially the following paragraph near the end of the article which really explains the reason for thumbnails on the cloud:
https://arstechnica.com/gadgets/2022/12/more-eufy-camera-flaws-found-including-remote-unencrypted-feed-viewing/
You could argue that anyone who wants to be notified of camera incidents on their phone should expect some cloud servers to be involved. You might give Eufy the benefit of the doubt, that the cloud servers you can access with the right URL are simply a waypoint for streams that have to leave the home network eventually under an account password lock.
Recent (2022-12-01) Eufy privacy/security vulnerabilities
