Amazon's Ring was sued in Seattle on Monday, June 2 over its "Familiar Faces" feature, in a proposed class action that claims Ring scans and stores the faces of people who walk past its doorbell cameras without their consent (Reuters). The plaintiff, Virginia resident Charles Sigwalt, puts the problem in one sentence: "Millions of other Americans passed by a Ring security camera and unknowingly had their facial recognition information collected."
If you build camera software, that sentence is worth sitting with — because it describes a liability that has nothing to do with bad intentions and everything to do with where the data lives.
What Familiar Faces actually does
Ring announced Familiar Faces last September and shipped it in December, over objections from the EFF and Senator Ed Markey. The feature is genuinely convenient: it uses AI facial recognition to learn the people who regularly come to your door, so instead of "A person is at the door," you get "Dad is at the door."
The Ring owner opts in. The mail carrier, the neighbor, the kid selling raffle tickets, and the stranger cutting across your lawn do not. They never installed the app, never saw a consent screen, and in most states never had a way to say no. Their faceprint gets computed anyway. That asymmetry — consent from the buyer, none from the people actually being scanned — is the entire legal theory of the lawsuit.
Amazon's defense, offered when the feature launched, is that face data is encrypted, never shared, and that unidentified faces are auto-deleted after 30 days. That may all be true. It also doesn't touch the claim. The complaint isn't "Ring leaked the faces." It's "Ring collected and processed them in the first place, from people who never agreed." Encryption protects data in transit and at rest. It does nothing about whether the data should exist on a server at all.
This is a pattern, not an incident
The Familiar Faces suit lands on top of a long Ring privacy record. In 2023, Amazon settled with the FTC for $5.8 million after the agency found that essentially every employee and contractor could access any customer's private video, whether they needed to or not. Ring spent years granting police a way to request footage from users, in some cases without a warrant. Earlier this year, the company's Super Bowl ad for "Search Party" — an AI feature that scans Ring footage across the network to find lost pets — drew enough backlash that founder Jamie Siminoff spent weeks doing damage control, and Ring canceled a planned partnership with Flock Safety, the surveillance-camera network that has reportedly handed footage to ICE and other federal agencies.
None of these are the same story. But they rhyme, and the rhyme is structural: a camera that sends everything to a vendor's cloud, and a vendor that keeps finding new things to do with the footage once it's there. The footage is the asset. New features are new ways to monetize or analyze the asset. The privacy incidents aren't bugs in that model — they're the model working as designed. (We made the same architectural argument when cities started bagging their own street cameras: the bag is a patch, the architecture is the bug.)
Why a local-only camera can't be the defendant in this kind of suit
Here's the part worth saying plainly, because it's the whole reason this matters for how you choose camera software.
To recognize a familiar face, a system has to (1) capture the face, (2) compute a biometric template from it, and (3) store that template somewhere it can compare against later. A cloud camera does all three on a server it owns. That server is exactly where a "you collected my faceprint without consent" claim attaches.
A camera that does none of those things has nothing to attach to. That's the design behind Background Camera RemoteStream. It turns an old Android phone into a recording camera, and it is built on a few deliberate refusals: storage is local-only — footage stays on the device, not on our servers, because we don't run servers for your footage. There's no account and no sign-up, so there's no identity to tie footage to. There's no cloud upload, no tracking, and no facial recognition at all — the app doesn't compute faceprints, doesn't have a "Familiar Faces" mode, and couldn't build a neighborhood scan even if someone asked, because the data never leaves the phone in your hand.
You cannot be named in a class action over biometric data you structurally never hold. The strongest privacy guarantee isn't a policy promising to protect the faces — it's an architecture that never collects them. (We've written before about the tells that a camera app is quietly uploading more than it admits, and why a hidden upload is the one thing a camera business can't easily give up.)
The honest caveats
A local-only phone camera is not a doorbell, and it is not for everyone. You don't get cross-device AI search, you don't get "Dad is at the door" notifications, and you are responsible for your own footage instead of outsourcing that to Amazon. For some people the convenience of cloud features is worth the trade. The point of the lawsuit, and of this post, is that it is a trade — and that the people being scanned on the sidewalk never got to weigh in on it.
If your reaction to the Familiar Faces suit is "I want a camera that simply never sends anyone's face anywhere," that camera exists, and it's probably already in a drawer in your house as an old phone.
Background Camera RemoteStream — local-only storage, no account, no cloud, no tracking, no facial recognition: play.google.com/store/apps/details?id=com.superfunicular.digicam · superfunicular.com
Sources: TechCrunch, June 2, 2026; Reuters, June 2, 2026; EFF.
Top comments (0)