Security & Privacy 101
Canary’s approach to safeguarding your data
People today are bringing more and more connected devices into their homes.
Since 2017, the average household has more connected devices than people and pets as the promise of these devices have become more clear to consumers—smarter home surveillance, smarter energy usage, smarter shopping and more.
But as connected devices continue to enter modern homes, safety concerns around privacy and general security arise. Each device can act as a potential vector that, if not properly safeguarded or designed, can enable a hacker to access your home network and everything connected to it.
Since day one, Canary knew about this reality, which is why every device, feature or update we implement is considered first and foremost from a security and privacy perspective for you.
Our Approach
Protecting user privacy and security has always been our number one priority as a company.
Our customers allow our devices into the most private spaces of their homes—their living rooms, bedrooms, nurseries and more—to protect home and family. It’s not a responsibility we take lightly, and we value the trust users place in Canary to proactively secure their data and protect their privacy.
Canary has always gone above and beyond to make our devices, and the cloud infrastructure they rely on, among the most secure in the industry. Throughout development we worked with various external security professionals and consulting agencies to create a hack-proof product that people can trust and rely on to protect not only their home from unwanted intruders, but malignant cyberthreats as well. And, for us, security begins at the factory.
During the manufacturing process of any Canary device, our products undergo tests in a semi-self-aware state where various security procedures are performed and documented. We do this for every single device we make, and if they meet an incredibly high standard ensuring security integrity at the end of these tests, each device is then assigned a unique set of cryptographic credentials. These credentials allow a Canary device to connect to our encrypted cloud system and validate itself as a genuine, untampered device.
Once a device is validated, it becomes certified as operational and only at this point can it be used by a Canary customer. If a device fails this rigorous validation process, it automatically becomes unusable and never reaches the market. This process ensures that every Canary device is able to communicate and authenticate itself exclusively through encrypted communication channels to our servers—preventing it from “talking” to a fake server presenting itself as part of our system.
When a user activates and pairs a genuinely certified Canary device to their Canary account, all information that lives on the device, as well as all information that is communicated to our cloud system, is fully encrypted. Each device uses a unique pair of encryption keys to access our servers, which cycle every few seconds—meaning that even if a wide scale data breach were to occur, video content captured by a user’s device is inaccessible.
And we didn’t stop there—our customers can rest assured that their video content is even safe from us! No Canary employee is able to access any customers’ video storage. There is only one dedicated individual at Canary with the proper authorization who can access video content from a user, and may only do so when presented with a valid court order. At the end of the day, these security precautions, which go further than current industry standards, enable Canary’s smart home security cameras to be among the most secure connected consumer devices on the market today.
How We Train Canary
Canary uses artificial intelligence, computer vision and deep learning technologies to offer advanced detection capabilities for its users—meaning that Canary devices are developing capabilities to not only detect motion and flag activity to users, but also identify what exactly it is detecting and quickly relay that information to users.
Such technologies, however, require vast amounts of information to hone its accuracy and ability to correctly identify what a camera is seeing at any given moment. While it may make sense to “train” such a system with real video content captured by our users, it would also be a violation of their privacy—so we don’t do that.
As an alternative to respect user privacy, we instead fine-tune our algorithms by integrating opensource networks trained on external datasets to hone our smart detection capabilities. This process is how the Canary system is trained today, and always will be—and never with captured user data.
Security and the protection of user data and privacy takes effort and resources, and this is an area that we have historically invested heavily in and will continue to do so as people’s lives become more connected with new technology.
You, our customer, trust us dearly, and that’s a privilege we will always honor with best-in-class security standards.