In December 2019, Wyze exposed an Elasticsearch database containing 2.4 million users' personal information for 22 days with no password protection. The database was open on the public internet for anyone to find and access. Exposed data included: email addresses, WiFi SSIDs (home network names), camera device IDs, Alexa integration tokens, and body metrics from Wyze Scale users. Security researchers at Twelve Security discovered the breach and published their findings. Wyze waited approximately two weeks after learning of the breach before notifying affected users. Wyze's explanation: an employee copied production data to a test server and "accidentally" removed security protections. A home security camera company left 2.4 million customers' data -- including home network names and camera IDs -- on the open internet for three weeks.

Wyze simultaneously claims they never sell data while admitting their data sharing practices "may be considered a sale" under California law (CCPA). The privacy policy confirms data is shared with advertising partners for "targeted advertising." The app includes AD_ID, ACCESS_ADSERVICES_AD_ID, and ACCESS_ADSERVICES_ATTRIBUTION permissions, confirming active ad tracking infrastructure.

The Nest Doorbell Wired 2nd Gen uploads ALL video to Google cloud servers for storage, indexing, and event search — despite on-device ML being marketed as a privacy feature. The device connects to 10+ Google endpoints including firestore.googleapis.com, clients3.google.com, and cloudresourcemanager.googleapis.com. While Google claims video is separate from ads, the Google account linking doorbell footage to search history, YouTube, Gmail, and Maps creates a unified profile. Google Assistant text interactions explicitly MAY inform ad personalization.

Palantir's ELITE system (Enhanced Leads Identification and Targeting for Enforcement) ingests Medicaid records from HHS -- healthcare data submitted by poor people to access medical treatment -- and combines it with passport records, Social Security files, IRS tax data, and license-plate reader data to generate AI-powered arrest dossiers for ICE. Medicaid data exists because the government promised to provide healthcare to low-income people. Palantir's system repurposes that data as a targeting tool to identify and deport them. ImmigrationOS, a $30 million contract awarded April 17, 2025, was designated as sole-source -- Palantir was the "only source" capable of delivering. The DHS awarded a 5-year, $1 billion contract for an AI platform covering both CBP and ICE. In December 2025, Palantir also received a USCIS contract -- meaning the company now has contracts with both the enforcement and benefits sides of the immigration system. Total federal contracts since Trump took office: over $900 million.

Axon itself concedes that Stealth Mode does NOT disable the emission of Bluetooth or Wi-Fi radio signals. Officers in undercover and tactical operations remain fully detectable and trackable via fixed MAC addresses. The feature name is functionally misleading.

Infinova Group (Nanjing, China) acquired Swann in October 2014 for US$87.5M. A PRC government entity became controlling shareholder of Infinova as of January 2020 (reported by IPVM). Swann's privacy policy makes zero mention of Infinova, its Chinese ownership, or the PRC government stake. Cloud backend was provided by OzVision (US company with R&D in Israel, partnered with Dahua Technology). Data flows through swann-cloud.com, api.swannsecurity.com, and ozvision.com.

The FTC found that Ring employees and third-party contractors in Ukraine and the Philippines had unrestricted access to customer video feeds for years. One employee watched a female customer's bedroom camera for months without her knowledge. Contractors viewed, downloaded, and shared customers' private videos. Ring had no meaningful access controls, no audit logging, and no limits on which videos employees could watch. The FTC ordered Ring to pay $5.8 million in consumer refunds in May 2023 and required the company to delete data and implement a comprehensive privacy program. Ring's "strict policies" amounted to nothing -- any employee with credentials could watch any customer in any room.

Clearview AI scraped 50 billion photos from the internet -- Facebook, Instagram, LinkedIn, Twitter, news sites, personal blogs -- without the knowledge or consent of any person photographed. The company announced it was on track for 100 billion faceprints, enough for 14 photos of every person on Earth. The NYT investigation that exposed Clearview in January 2020 revealed the company had been operating in near-total secrecy, publishing fake information about its location and erasing founders' social media profiles. Co-founder Charles C. Johnson is a far-right blogger who was permanently banned from Twitter in 2015 for soliciting funds to "take out" a civil rights activist. CEO Hoan Ton-That resigned in December 2024 and was replaced on February 19, 2025 by Hal Lambert, a Trump campaign fundraiser. The world's largest facial recognition database was built by scraping billions of photos without consent, founded partly by a far-right figure, and is now led by a political fundraiser.