Ring says police need a warrant or subpoena to get your videos, but Amazon admitted it gave police your doorbell footage at least 11 times in one year without asking you or requiring any court order — they just decided it was an 'emergency'. Ring tells you that you control who sees your videos. But the FTC found Ring's own employees and contractors were secretly watching customers' bedroom and bathroom cameras for months — one employee spied on at least 81 women. You had zero control over this.
What they claim: Ring's privacy page emphasises 'Customers have control' and states users control 'who's able to see and access their videos, devices and personal information.' Ring's Terms of Service place sole responsibility on users for compliance with surveillance laws.
What we found: FTC found (2023, Case No. 2023113) that Ring gave employees and hundreds of Ukraine-based contractors unrestricted access to customer video feeds including bedrooms, bathrooms, and cameras labelled 'Spy Cam'. One employee viewed thousands of videos from at least 81 female users over months. Users had no knowledge of or control over this access. $5.8 million settlement.
What they claim: Ring Video Doorbell 2nd Generation is a 2.4GHz Wi-Fi doorbell camera with a single camera, microphone, and PIR motion sensor. It has no NFC hardware, no phone-call capability, and no contact-list functionality.
What we found: The Ring app (com.ringapp v3.99.1) requests NFC permission, READ_CONTACTS, WRITE_CONTACTS, READ_PHONE_STATE, BLUETOOTH_PRIVILEGED, BROADCAST_STICKY, and DOWNLOAD_WITHOUT_NOTIFICATION. These permissions have no relationship to the doorbell's hardware capabilities and indicate data collection well beyond what the device requires.
What they claim: Ring's privacy page states 'Ring does not use facial recognition technology in any of its devices or services' and markets the product as a simple home security doorbell.
What we found: Ring uses AI-based motion detection for recording activation but, per Mozilla's analysis, 'lacks transparency about AI operations and users cannot control these features.' The device communicates with 9+ hardcoded Amazon cloud endpoints (api.ring.com, fw.ring.com, es.ring.com, ps.ring.com, ring.amazon.dev, etc.), sending all video to Amazon's cloud for processing. The FTC found Ring used customer videos to train algorithms without consent — the nature of those algorithms was not disclosed.
What they claim: Ring's privacy page says users are 'in control' of their data and can 'delete videos manually or automatically via storage period expiration.'
What we found: The Ring app requests ACCESS_BACKGROUND_LOCATION, RECEIVE_BOOT_COMPLETED (auto-starts on phone boot), and FOREGROUND_SERVICE_LOCATION — enabling persistent background location tracking even when the app is not in use. The app also has DOWNLOAD_WITHOUT_NOTIFICATION permission, allowing silent background downloads. Users are not informed these capabilities exist, let alone given control over them.
What they claim: Ring has partnered with over 1,800 police departments and maintains the Neighbors app which allows law enforcement to request footage from Ring owners in specific neighbourhoods.
What we found: Ring's privacy page states 'Ring does not provide law enforcement agencies with direct access' but the Neighbors app Community Requests feature allows police to post requests for footage from Ring owners in specific areas, creating a distributed surveillance network. Nearly 1 in 10 US police departments have access to this system. Ring's ToS places sole legal responsibility on users for surveillance compliance, while Ring profits from the surveillance infrastructure.
What they claim: Ring markets its Search Party and Community Requests features as voluntary community safety tools.
What we found: In February 2026, Ring abandoned its planned integration with Flock Safety — a license plate surveillance company reportedly used by ICE for immigration searches — after public backlash from a Super Bowl ad. The Fulu Foundation (co-founded by Louis Rossmann) launched a $10,000 bounty to break Ring's cloud lock-in, as enabling end-to-end encryption disables person detection, facial recognition, 24/7 recording, preroll, and AI video search.
What they claim: Ring privacy page states: 'Ring does not provide law enforcement agencies with direct access, or any sort of back door access' and requires 'written request for personal information (e.g., subpoenas, search warrants or court orders)' before responding to law enforcement.
What we found: Amazon admitted to Congress (Sen. Ed Markey inquiry, 2022) that it shared Ring footage with police without owner consent at least 11 times in 2022 using an 'emergency request' process that bypasses the stated warrant/subpoena requirement. Ring maintains an emergency request form that law enforcement can use to obtain footage without any court order or user consent.
What they claim: Ring claims 'privacy and security built in' as a core pillar and states 'From the initial idea to the final product, privacy and security are at the core of the decisions we make.'
What we found: FTC complaint details that Ring used customer videos to train algorithms without consent, failed to implement basic security safeguards, and allowed unrestricted employee access to video feeds. Ring was required to delete improperly retained data and submit to independent security assessments for 20 years — indicating systemic security failures, not 'built in' privacy.
What they claim: Ring's privacy page states 'Ring does not sell personal information to third parties' and presents itself as focused solely on home security.
What we found: EFF investigation (January 2020) found the Ring Android app sends customer PII to four analytics and marketing companies: Facebook (app open/device action notifications), Google, MixPanel (full names, email addresses, device info, number of Ring locations), and AppsFlyer (device sensor data including magnetometer, gyroscope, accelerometer). The app requests 39 permissions including READ_CONTACTS, WRITE_CONTACTS, READ_PHONE_STATE, and ACCESS_BACKGROUND_LOCATION — far exceeding what a doorbell camera needs.
What they claim: Ring states it is 'committed to being transparent about our privacy and security practices' as one of its three core privacy pillars.
What we found: Mozilla's Privacy Not Included review found Ring buries privacy notices with 'teeny tiny font' on marketing-focused pages. The EFF found third-party tracking occurred 'without meaningful user notification or consent.' Ring's emergency law enforcement request process was not disclosed on the privacy page — it was only revealed through congressional inquiry. The app's data sharing with Facebook, MixPanel, AppsFlyer, and Google was not disclosed to users.
What they claim: Ring markets the Video Doorbell as a security device to 'help protect their homes' with 'privacy and security built in.'
What we found: CVE-2019-9483: Ring Doorbell sent Wi-Fi credentials in plaintext HTTP during setup, allowing attackers to steal network passwords. Mozilla/Cure53 (2023): device is vulnerable to Wi-Fi deauthentication attacks — attackers can take the doorbell offline so their activities go unrecorded, directly undermining the security purpose. Amazon ignored Mozilla's disclosure for 90+ days. The device lacks 802.11w (Protected Management Frames) and WPA3 support.
What they claim: Ring Video Doorbell 2nd Generation is certified for 2.4GHz Wi-Fi 802.11 b/g/n operation as a home security device.
What we found: The device only supports 2.4GHz Wi-Fi without 802.11w Protected Management Frames or WPA3, making it inherently vulnerable to deauthentication attacks as confirmed by Mozilla/Cure53. For a security device, the radio design lacks the security features available in modern Wi-Fi standards. The FCC filing shows basic wireless certification without any security-specific testing for a device marketed as home security.