Long-time Slashdot reader theodp writes: On the AWS News Blog, AWS Chief Evangelist Jeff Barr has published a kind of obituary for AWS Documentation on GitHub (RIP, 2018-2023). From the blog post: "About five years ago I announced that AWS Documentation is Now Open Source and on GitHub. After a prolonged period of experimentation we will archive most of the repos starting the week of June 5th, and will devote all of our resources to directly improving the AWS documentation and website." "The primary source for most of the AWS documentation is on internal systems that we had to manually sync with the GitHub repos. Despite the best efforts of our documentation team, keeping the public repos in sync with our internal ones has proven to be very difficult and time consuming, with several manual steps and some parallel editing. With 262 separate repos and thousands of feature launches every year, the overhead was very high and actually consumed precious time that could have been put to use in ways that more directly improved the quality of the documentation." "Our intent was to increase value to our customers through openness and collaboration, but we learned through customer feedback that this wasn't necessarily the case. After carefully considering many options we decided to retire the repos and to invest all of our resources in making the content better."

Read more of this story at Slashdot.

My Photo Stream, the free cloud-based photo syncing feature Apple launched in 2011, is shutting down on July 26th, according to an Apple Support page spotted by Bloomberg's Mark Gurman. The Verge reports: The end of My Photo Stream won't come as too much of a surprise. Although it was free, it came with a long list of restrictions on the amount of photos you could upload, and these were only saved on Apple's servers for 30 days. Photos saved in the cloud then had to be manually saved locally if you wanted to keep them on a secondary device and, perhaps worst of all, 9to5Mac notes that high-quality photos weren't synced in their original resolution. iCloud's free storage may be relatively limited at just 5GB, but at least it acts like a modern cloud storage service with photos and videos stored in their full resolution. Apple's support page notes that new photo uploads to My Photo Stream will come to an end on June 26th, and that the feature will disappear entirely a month later. "The photos in My Photo Stream are already stored on at least one of your devices," Apple's page notes, "So as long as you have the device with your originals, you won't lose any photos as part of this process."

Read more of this story at Slashdot.

Amazon plans to invest $12.7 billion into its cloud business in India by 2030, the e-commerce group said Thursday, as it pushes ahead to scale up the AWS infrastructure in the key overseas market at a time when it has pared back several other services in the region. From a report: The U.S. giant, which earlier invested $3.7 billion on AWS infra in India and currently maintains two data center regions in the South Asian market, said its spendings will support 131,700 full-time jobs across roles such as engineering, telecommunications and construction. Thursday's announcement is a noteworthy escalation in AWS's initial strategy. The cloud giant had earlier said that it will invest $4.4 billion on AWS in the South Asian economy.

Read more of this story at Slashdot.

Slashdot reader storagedude writes: If cloud service providers are the only ones who can get security right, will everyone eventually move to the cloud? That's one of the questions longtime IT systems architect Henry Newman asks in a new article on eSecurity Planet. "The concept of zero trust has been around since 2010, when Forrester Research analyst John Kindervag created the zero trust security model. Yet two years after the devastating Colonial Pipeline attack and strong advocacy from the U.S. government and others, we are still no closer to seeing zero trust architecture widely adopted," Newman writes. "The only exception, it seems, has been cloud service providers, who boast an enviable record when it comes to cybersecurity, thanks to rigorous security practices like Google's continuous patching." "As security breaches continue to happen hourly, sooner or later zero trust requirements are going to be forced upon all organizations, given the impact and cost to society. The Biden Administration is already pushing ambitious cybersecurity legislation, but it's unlikely to get very far in the current Congress. I am very surprised that the cyber insurance industry has not required zero trust architecture already, but perhaps the $1.4 billion Merck judgment that went against the industry last week will begin to change that. "The central question is, can any organization implement a full zero trust stack, buy hardware and software from various vendors and put it together, or will we all have to move to cloud service providers (CSPs) to get zero trust security? "Old arguments that cloud profit margins will eventually make on-premises IT infrastructure seem like the cheaper alternative failed to anticipate an era when security became so difficult that only cloud service providers could get it right." Cloud service providers have one key advantage when it comes to security, Newman notes: They control, write and build much of their software and hardware stacks. Newman concludes: "I am somewhat surprised that cloud service providers don't tout their security advantages more than they do, and I am equally surprised that the commercial off-the-shelf vendors do not band together faster than they have been to work on zero trust. But what surprises me the most is the lack of pressure on everyone to move to zero trust and get a leg or two up on the current attack techniques and make the attack plane much smaller than it is."

Read more of this story at Slashdot.

Long-time Slashdot reader theodp writes: AWS offered A Look Inside the Making of an NFL Football Schedule in conjunction with Thursday's release of the 2023 NFL Schedule Powered by AWS. AWS notes that producing the schedule required the use of 4,000+ AWS EC2 Spot Instances. An AWS promotional video claims they "saved the NFL an estimated $2 million each season" by leveraging AWS Spot Instances for a discount of up to 90% off compared to AWS On-Demand pricing.. "In just three months," AWS explains, "National Football League (NFL) schedule makers methodically build an exciting 18 week 272-game schedule spanning 576 possible game windows." Up until 10 years ago, AWS notes in an accompanying infographic, the NFL used a white-boarding process to manually craft its schedule. Not to diminish the NFL's and AWS's 2023 scheduling achievement, but the 2013 documentary The Schedule Makers told the remarkable tale of the husband-and-wife duo of Henry and Holly Stephenson, who for almost a quarter of a century in the pre-Cloud era managed the scheduling for 30 Major League Baseball (MLB) teams who each played 162 regular season games a year. According to the May 1985 Atari Compendium (pg. 38), the Stephensons were using a self-written program running on a 64K IMS-8000 to help schedule games for the MLB (2,106 games over a 6-month season), NBA, and NASL/MISL (defunct soccer leagues). So perhaps the NFL's claim that "There's no way the NFL could deliver the quality of schedule that we put out every year for our fans and television partners without the contributions of our friends at AWS" should be taken with a grain of salt.

Read more of this story at Slashdot.

Google's cloud business has turned profitable for the first time in the three years it's been reporting operating metrics. CNBC reports: The segment generated $191 million in operating income on $7.45 billion in revenue in the first quarter, according to Alphabet's earnings statement. In the year-ago quarter, the unit reported a $706 million loss on $5.82 billion in revenue. The cloud business includes the Google Cloud Platform, which rents out cloud infrastructure and services that companies can use to build and run their own applications, as well as Google Workspace productivity software subscriptions. Cloud customers include Deutsche Bank, Major League Baseball, PayPal and UPS.

Read more of this story at Slashdot.

"Once-booming demand for cloud-computing services is slowing..." reports Bloomberg. "When Microsoft and Amazon report results next week, analysts are anticipating the slowest revenue growth for their cloud-computing businesses since the firms started breaking out performance last decade." For years, demand for cloud-computing services has steadily driven growth at both Microsoft and Amazon... Microsoft's Intelligent Cloud unit, which is home to its Azure cloud-services business, accounted for 38% of its revenue and 39% of operating income in 2022. Amazon Web Services was the fastest-growing of the Seattle-based company's major businesses last year and generated $22.8 billion in operating income. The rest of Amazon's businesses combined posted a $10.6 billion operating loss. For both companies, cracks are starting to appear. In the first three months of 2023, growth for Microsoft's Azure unit and Amazon Web Services is expected to fall to 31% and 14%, respectively, excluding currency fluctuations, according to the average of analyst estimates compiled by Bloomberg. A year ago, Azure sales expanded 49% and Amazon Web Services 37%. In a shareholder letter released last week, Amazon said AWS "faces short-term head winds" related to the economic backdrop that will "soften" the growth rate. This echoed what it said in its most recent results. Microsoft also warned of a slowdown in cloud software sales last quarter. Wall Street has been getting more cautious. UBS lowered growth estimates for Azure last week, warning "customer efforts to optimize/trim their cloud spend will be deeper and last longer than most think...." Jefferies [financial services company] sees slowing cloud demand as "a key concern" for Amazon. Analyst Brent Thill said that because AWS generates so much of Amazon's operating income, "a stabilization in cloud is crucial for shares to outperform." For Alec Young, chief investment strategist at MAPsignals, Microsoft and Amazon remain attractive despite the slowdown, which he expects to be a temporary pause before growth re-accelerates. "There's still a lot of runway ahead for cloud computing, so I don't think investors should obsess too much over the level of growth over a couple quarters," he said.

Read more of this story at Slashdot.

"The Spectre vulnerability that has haunted hardware and software makers since 2018 continues to defy efforts to bury it," reports the Register: On Thursday, Eduardo (sirdarckcat) Vela Nava, from Google's product security response team, disclosed a Spectre-related flaw in version 6.2 of the Linux kernel. The bug, designated medium severity, was initially reported to cloud service providers — those most likely to be affected — on December 31, 2022, and was patched in Linux on February 27, 2023. "The kernel failed to protect applications that attempted to protect against Spectre v2, leaving them open to attack from other processes running on the same physical core in another hyperthread," the vulnerability disclosure explains. The consequence of that attack is potential information exposure (e.g., leaked private keys) through this pernicous problem.... Spectre v2 — the variant implicated in this particular vulnerability — relies on timing side-channels to measure the misprediction rates of indirect branch prediction in order to infer the contents of protected memory. That's far from optimal in a cloud environment with shared hardware... The bug hunters who identified the issue found that Linux userspace processes to defend against Spectre v2 didn't work on VMs of "at least one major cloud provider."

Read more of this story at Slashdot.

"AWS has provided you with a cloud-optimized Linux distribution since 2010," notes the cloud service's blog. This week they announced the third generation of Amazon's Linux distro: 'Amazon Linux 2023'. Every generation of Amazon Linux distribution is secured, optimized for the cloud, and receives long-term AWS support.... Deploying your workloads on Amazon Linux 2023 gives you three major benefits: a high-security standard, a predictable lifecycle, and a consistent update experience. Let's look at security first. Amazon Linux 2023 includes preconfigured security policies that make it easy for you to implement common industry guidelines. You can configure these policies at launch time or run time. For example, you can configure the system crypto policy to enforce system-wide usage of a specific set of cipher suites, TLS versions, or acceptable parameters in certificates and key exchanges. Also, the Linux kernel has many hardening features enabled by default.... When looking for a base to serve as a starting point for Amazon Linux 2023, Fedora was the best choice. We found that Fedora's core tenets (Freedom, Friends, Features, First) resonate well with our vision for Amazon Linux. However, Amazon Linux focuses on a long-term, stable OS for the cloud, which is a notably different release cycle and lifecycle than Fedora. Amazon Linux 2023 provides updated versions of open-source software, a larger variety of packages, and frequent releases. Amazon Linux 2023 isn't directly comparable to any specific Fedora release. The Amazon Linux 2023 GA version includes components from Fedora 34, 35, and 36. Some of the components are the same as the components in Fedora, and some are modified. Other components more closely resemble the components in CentOS Stream 9 or were developed independently. The Amazon Linux kernel, on its side, is sourced from the long-term support options that are on kernel.org, chosen independently from the kernel provided by Fedora. Like every good citizen in the open-source community, we give back and contribute our changes to upstream distributions and sources for the benefit of the entire community. Amazon Linux 2023 itself is open source. Their announcement notes that Amazon Linux is the most used Linux distribution on AWS, with hundreds of thousands of their customers already using Amazon Linux 2.

Read more of this story at Slashdot.

Politico reports: Governments and businesses have spent two decades rushing to the cloud — trusting some of their most sensitive data to tech giants that promised near-limitless storage, powerful software and the knowhow to keep it safe. Now the White House worries that the cloud is becoming a huge security vulnerability. So it's embarking on the nation's first comprehensive plan to regulate the security practices of cloud providers like Amazon, Microsoft, Google and Oracle, whose servers provide data storage and computing power for customers ranging from mom-and-pop businesses to the Pentagon and CIA.... Among other steps, the Biden administration recently said it will require cloud providers to verify the identity of their users to prevent foreign hackers from renting space on U.S. cloud servers (implementing an idea first introduced in a Trump administration executive order). And last week the administration warned in its national cybersecurity strategy that more cloud regulations are coming — saying it plans to identify and close regulatory gaps over the industry.... So far, cloud providers have haven't done enough to prevent criminal and nation-state hackers from abusing their services to stage attacks within the U.S., officials argued, pointing in particular to the 2020 SolarWinds espionage campaign, in which Russian spooks avoided detection in part by renting servers from Amazon and GoDaddy. For months, they used those to slip unnoticed into at least nine federal agencies and 100 companies. That risk is only growing, said Rob Knake, the deputy national cyber director for strategy and budget. Foreign hackers have become more adept at "spinning up and rapidly spinning down" new servers, he said — in effect, moving so quickly from one rented service to the next that new leads dry up for U.S. law enforcement faster than it can trace them down. On top of that, U.S. officials express significant frustration that cloud providers often up-charge customers to add security protections — both taking advantage of the need for such measures and leaving a security hole when companies decide not to spend the extra money. That practice complicated the federal investigations into the SolarWinds attack, because the agencies that fell victim to the Russian hacking campaign had not paid extra for Microsoft's enhanced data-logging features.... Part of what makes that difficult is that neither the government nor companies using cloud providers fully know what security protections cloud providers have in place. In a study last month on the U.S. financial sector's use of cloud services, the Treasury Department found that cloud companies provided "insufficient transparency to support due diligence and monitoring" and U.S. banks could not "fully understand the risks associated with cloud services."

Read more of this story at Slashdot.

Security camera company Arlo is reversing course on its controversial decision to apply a retroactive end-of-life policy to many of its popular home security cameras. The Verge reports: On Friday, Arlo CEO Matthew McRae posted a thread on Twitter, announcing that the company will not remove free storage of videos for existing customers and that it is extending the EOL dates for older cameras a further year to 2025. He also committed to sending security updates to these cameras until 2026. The end-of-life policy was due to go into effect January 1st, 2023, and removed a big selling point -- seven-day free cloud storage -- for many Arlo cams. McRae now says all users with the seven-day storage service will "continue to receive that service uninterrupted." But he did note that "any future migrations will be handled in a seamless manner," indicating there are changes coming still. The thread did not provide details on specific models other than using the Arlo Pro 2 as an example of a camera that will now EOL in 2025 instead of 2024, as previously announced, with security updates continuing until 2026. There was also no update on the plans to remove other features, such as email notifications and E911 emergency calling, or whether "legacy video storage" will remain. The EOL policy applied to the following devices: Arlo Gen 3, Arlo Pro, Arlo Baby, Arlo Pro 2, Arlo Q, Arlo Q Plus, Arlo Lights, and Arlo Audio Doorbell.

Read more of this story at Slashdot.

Amazon's cloud unit will spend $35 billion on new data centers in Virginia by 2040, underscoring its determination to stay ahead of rivals Microsoft and Alphabet. From a report: The investments at multiple locations will create an estimated 1,000 jobs in Virginia, the state said in a news release Friday. Virginia is Amazon Web Services' most important hub, where dozens of data centers power applications for customers across the Eastern US. A number of sites are under consideration and will be selected at a later date, the state said. AWS is the largest provider of cloud computing and last year dropped an estimated $28.4 billion on capital expenditures, according to BofA Securities analysts. The Amazon division sells governments and companies processing power and software services, and encourages them to unplug their own data centers in favor of the on-demand computing tools from Amazon's servers.

Read more of this story at Slashdot.

Google is officially shutting down its Stadia cloud gaming service today, Wednesday, January 18, after having failed to gain the traction that the company was expecting. Google servers that host the service are due to shut down at 11:59 p.m. Pacific Time. MacRumors reports: Launched in November 2019, the service was designed to allow for cloud-based gaming across a range of devices, including PCs, Chromebooks, Macs, iPhones, and iPads. Reports began emerging in early 2021 of Stadia's underwhelming uptake among gamers, shortly after Google's decision to kill its only in-house Stadia game development studio, Stadia Games and Entertainment (SG&E), only two years into its life. Since announcing the shutdown in September 2022, Google has promised to refund any and all Stadia purchases. They've also recently offered a tool to make Stadia controller capable of using Bluetooth, allowing them to be used with other gaming platforms.

Read more of this story at Slashdot.

An anonymous reader shares a report: David Heinemeier Hansson, CTO of 37Signals -- which operates project management platform Basecamp and other products -- has detailed the colossal cloud bills that saw the outfit quit the cloud in October 2022. The CTO and creator of Ruby On Rails did all the sums and came up with an eye-watering cloud bill for $3,201,564 in 2022 -- or $266,797 each month. Plenty of that spend -- $759,983 -- went on compute, in the form of Amazon Web Services' EC2 and EKS services. On Twitter, Hansson contrasted that cost with the spend needed to acquire servers packing 288 vCPUs and plenty more besides over three years. Hansson was at pains to point out that even that bill was the result of a concerted effort to keep it low. "Getting this massive spend down to just $3.2 million has taken a ton of work. The ops team runs a vigilant cost-inspection program, with monthly reporting and tracking, and we've entered into long-term agreements on Reserved Instances and committed usage, as part of a Private Pricing Agreement," he wrote. "This is a highly optimized budget."

Read more of this story at Slashdot.

LastPass revealed today that attackers stole customer vault data after breaching its cloud storage earlier this year using information stolen during an August 2022 incident. BleepingComputer reports: This follows a previous update issued last month when the company's CEO, Karim Toubba, only said that the threat actor gained access to "certain elements" of customer information. Today, Toubba added that the cloud storage service is used by LastPass to store archived backups of production data. The attacker gained access to Lastpass' cloud storage using "cloud storage access key and dual storage container decryption keys" stolen from its developer environment. "The threat actor copied information from backup that contained basic customer account information and related metadata including company names, end-user names, billing addresses, email addresses, telephone numbers, and the IP addresses from which customers were accessing the LastPass service," Toubba said today. "The threat actor was also able to copy a backup of customer vault data from the encrypted storage container which is stored in a proprietary binary format that contains both unencrypted data, such as website URLs, as well as fully-encrypted sensitive fields such as website usernames and passwords, secure notes, and form-filled data." Fortunately, the encrypted data is secured with 256-bit AES encryption and can only be decrypted with a unique encryption key derived from each user's master password. According to Toubba, the master password is never known to LastPass, it is not stored on Lastpass' systems, and LastPass does not maintain it. Customers were also warned that the attackers might try to brute force their master passwords to gain access to the stolen encrypted vault data. However, this would be very difficult and time-consuming if you've been following password best practices recommended by LastPass. If you do, "it would take millions of years to guess your master password using generally-available password-cracking technology," Toubba added. "Your sensitive vault data, such as usernames and passwords, secure notes, attachments, and form-fill fields, remain safely encrypted based on LastPass' Zero Knowledge architecture."

Read more of this story at Slashdot.

Amazon Web Services has secured a five-year contract with the US Navy for cloud services, just weeks after scoring its share of a major US Department of Defense deal for cloud computing. From a report: The cloud division of online marketplace Amazon has been awarded a contract worth $723.9 million by the Department of the Navy as a single-award fixed-price enterprise software license blanket purchase agreement. The details were disclosed in a contract notice posted on the Department of Defense website. According to the notice, the agreement is for AWS to provide the Department of the Navy with access to its commercial cloud environment, Professional Services, and AWS training and certification courses. The Department of the Navy indicated that the purchase agreement will not obligate funds at the time of award, but instead these will be committed as task orders are issued using a variety of Navy funding types, including operation and maintenance and working capital funds.

Read more of this story at Slashdot.

Microsoft has quietly banned cryptocurrency mining from its online services, and says it did so to protect all customers of its clouds. From a report: The Windows and Azure titan slipped the prohibition into an update of its Universal License Terms for Online Services that came into effect on December 1. That document covers any "Microsoft-hosted service to which Customer subscribes under a Microsoft volume licensing agreement," and on The Register's reading, mostly concerns itself with Azure. Microsoft's Summary of Changes to the license states: "Updated Acceptable Use Policy to clarify that mining cryptocurrency is prohibited without prior Microsoft approval." Within the license itself there's hardly any more info. A section headed "Acceptable Use Policy" states: "Neither Customer, nor those that access an Online Service through Customer, may use an Online Service: to mine cryptocurrency without Microsoft's prior written approval."

Read more of this story at Slashdot.

Google, Oracle, Microsoft and Amazon will share in the Pentagon's $9 billion contract to build its cloud computing network, a year after accusations of politicization over the previously announced contract and a protracted legal battle resulted in the military starting over in its award process. The Associated Press reports: The Joint Warfighter Cloud Capability is envisioned to provide access to unclassified, secret and top-secret data to military personnel all over the globe. It is anticipated to serve as a backbone for the Pentagon's modern war operations, which will rely heavily on unmanned aircraft and space communications satellites, but will still need a way to quickly get the intelligence from those platforms to troops on the ground. The contract will be awarded in parts, with a total estimated completion date of June 2028, the Pentagon said in a statement. Last July, the Pentagon announced it was cancelling its previous cloud computing award, then named JEDI. At the time, the Pentagon said that due to delays in proceeding with the contract, technology had changed to the extent that the old contract, which was awarded to Microsoft, no longer met DOD's needs. It did not mention the legal challenges behind those delays, which had come from Amazon, the losing bidder. Amazon had questioned whether former President Donald Trump's administration had steered the contract toward Microsoft due to Trump's adversarial relationship with Amazon's chief executive officer at the time, Jeff Bezos. A report by the Pentagon's inspector general did not find evidence of improper influence, but it said it could not determine the extent of administration interactions with Pentagon decision-makers because the White House would not allow unfettered access to witnesses. "It's the most important cloud deal to come out of the Beltway," said analyst Daniel Ives, who monitors the cloud industry for Wedbush Securities. "It's about the Pentagon as a reference customer. It says significant accolades about what they think about that vendor, and that's the best reference customer you could have in that world."

Read more of this story at Slashdot.

An anonymous reader quotes a report from ZDNet: One bit of accepted wisdom in some cloud circles is that OpenStack, the open-source Infrastructure as a Service (IaaS) cloud, is declining. Nothing could be further from the truth. It's alive, well, and growing like crazy. According to the 2022 OpenStack User Survey, OpenStack now has over 40 million production cores. Or, in other words, it's seen 60% growth since 2021 and a 166% jump since 2020. Not bad for a so-called also-run, eh? It's not just telecoms, where OpenStack has become the backbone of major cell companies such as China Mobile and Verizon. Nor is it just other major companies such as the Japanese instant messaging service LINE, the on-demand, cloud-based financial management service company Workday, Walmart Labs, and Yahoo. No, many other, much smaller companies have also staked their cloud future on OpenStack. Why? There are many reasons. As Jonathan Bryce, executive director of the Open Infrastructure Foundation (OpenInfra Foundation), OpenStack's parent organization, said, "OpenStack supports the ever-changing world of infrastructure where now we have GPUs, FPGAs, smart NICs, and smart storage. At the same time, you can still get direct access to the underlying hardware." This, in turn, enables "OpenStack users to create such amazing things as telecom cloud workloads on the cloud that can do edge transcoding video. With this, people can watch 4K videos on their phones using 5G." Another reason for OpenStack's growing popularity is its Kubernetes integration. Thanks to Linux OpenStack Kubernetes Infrastructure (LOKI), Kubernetes is now deployed on over 85% of OpenStack deployments. In addition, Magnum, the OpenStack container orchestration service, is also gaining popularity. 21% of users are now running production workloads with it. [...] Kubernetes is also very useful with hybrid clouds. OpenStack is often used in hybrid clouds. Indeed, 80% of OpenStack users are deploying it in hybrid clouds. To make it easier to build out hybrid clouds, operators are turning to Octavia, an open-source, operator-scale load-balancing program. Today, not quite 50% of OpenStack deployments are using Octavia. OpenInfra Foundation's general manager Thierry Carrez said: "Hype is nice, but substance lasts, and as OpenStack deployments continue to grow in staggering numbers, the OpenStack community is proving that it's not only alive and well, but also delivering indisputable value to organizations."

Read more of this story at Slashdot.

Anker's popular Eufy-branded security cameras appear to be sending some data to the cloud, even when cloud storage is disabled and local only storage settings are turned on. MacRumors reports: The information comes from security consultant Paul Moore, who last week published a video outlining the issue. According to Moore, he purchased a Eufy Doorbell Dual, which was meant to be a device that stored video recording on device. He found that Eufy is uploading thumbnail images of faces and user information to its cloud service when cloud functionality is not enabled. Moore demonstrates the unauthorized cloud uploading by allowing his camera to capture his image and turning off the Eufy HomeBase. The website is still able to access the content through cloud integration, though he had not signed up for cloud service, and it remains accessible even when the footage is removed from the Eufy app. It's important to note that Eufy does not appear to be automatically uploading full streaming video to the cloud, but rather taking captures of the video as thumbnails. The thumbnails are used in the Eufy app to activate streaming video from the Eufy base station, allowing Eufy users to watch their videos when away from home, as well as for sending rich notifications. The problem is the thumbnails are uploaded to the cloud automatically even when the cloud functionality is not active, and Eufy also seems to be using facial recognition on the uploads. Some users have taken issue with the unauthorized cloud uploads because Eufy advertises local-only service and has been popular among those who want a more private camera solution. "No Clouds or Costs," reads the Eufy website. Moore suggests that Eufy is also able to link facial recognition data collected from two separate cameras and two separate apps to users, all without camera owners being aware. Moore received a response from Eufy in which Eufy confirmed that it is uploading event lists and thumbnails to AWS, but said the data is not able to "leak to the public" because the URL is restricted, time limited, and requires account login. There is also another issue that Moore has highlighted, suggesting Eufy camera streams can be watched live using an app like VLC, but little information on the exploit is available at this time. Moore said that unencrypted Eufy camera content can be accessed without authentication, which is alarming for Eufy users. There's a dedicated Reddit thread where other Eufy users are reporting the same thing happening.

Read more of this story at Slashdot.