Security researcher Paul Moore discovered in November 2022 that eufy cameras upload unencrypted facial recognition thumbnails and video data to AWS cloud servers (s3.amazonaws.com). The New York Attorney General confirmed video data was NOT protected by end-to-end encryption, and active streams could be accessed without authentication via predictable URLs. Anker admitted in February 2023 that they had been lying about encryption. Firmware analysis reveals hardcoded endpoints including s3.amazonaws.com and p2p-connector-cn.eufylife.com (Chinese server).

Exodus Privacy report (v4.2.5) identifies Conversant (an advertising/tracking network owned by Epsilon/Publicis) embedded in the Nanit app. Conversant specializes in cross-device identity resolution and targeted advertising using personal data.

Motorola-branded baby monitors are manufactured and operated by Hubble Connected, a third-party company licensing the Motorola name. Parents buying the "Motorola" brand trust is misplaced — it's a white-label operation. Hubble Connected's app has received criticism for requiring cloud subscriptions for basic features like video playback and alerts. Security researchers have found vulnerabilities in Hubble Connected cameras allowing unauthorized video access.