Security cameras in homes and small businesses stream unencrypted to Chinese cloud servers and nobody knows or cares

You buy a $30 Wyze or generic IP camera on Amazon for your front door. You connect it to Wi-Fi and download the app. The camera now streams video of your front door — and everything visible from it — to a cloud server. Where? You do not know. The privacy policy says 'servers in the United States' but network analysis shows connections to Chinese IP addresses (Alibaba Cloud, Tencent Cloud). The camera firmware has not been updated in 18 months. It has known vulnerabilities (CVEs published on NVD) that allow remote access. An attacker — or the manufacturer — can watch your front door, see when you leave and return, identify your visitors, and monitor your daily pattern. You paid $30 for a surveillance device pointed at yourself. So what? There are an estimated 70+ million consumer security cameras in US homes. The majority are manufactured by Chinese companies (Hikvision, Dahua, or white-label OEMs using the same firmware). The FCC banned Hikvision and Dahua from new sales in 2022 for national security reasons — but millions of installed cameras remain operational, streaming to servers controlled by companies with legal obligations to share data with the Chinese government under China's National Intelligence Law. The cameras that people buy for security are themselves a security vulnerability. Why does this persist? Consumers buy on price. A $30 camera outsells a $120 camera 10:1. Manufacturing in China is cheap. The cloud infrastructure is free (subsidized by the Chinese government, which benefits from the surveillance data). American/European alternatives (Arlo, Ring, Eufy) are 3-5x more expensive. Consumers cannot evaluate firmware security — there is no 'nutrition label' for IoT device security.