Internet-enabled smart devices have become a holiday tradition—but there are downsides to owning connected devices that stay on around the clock and are capable of recording sound and video from inside your home. You might end up buying exercise equipment that sells the recipient’s most intimate data or a smart speaker that eavesdrops on your parents.
Mozilla, the nonprofit software community, has compiled a list of connected devices for its fifth annual “Privacy Not Included” gift guide, ranking gadgets based on “creepiness” and delineating, which products meet basic security standards. The list also notes which products are capable of snooping on users with the camera, microphone, or GPS.
The goal of the guide is two-fold: arm shoppers with the information they need to choose gifts that protect their friends and family, while also spurring the tech industry to do more to safeguard consumers.
For this 2021 edition, Mozilla researchers claim that they spent more than 950 hours reviewing 151 popular connected gifts across six categories: Smart Home, Toys & Games, Entertainment, Wearables, Health and Exercise, and Pets. Researchers combed through privacy policies, pored over product and app features, and quizzed companies.
47 products were branded with a warning label
Mozilla identified at least 47 products that have especially problematic privacy practices, branding them with a ‘*Privacy Not Included” warning label. The worst offenders include Facebook Portal, Amazon Echo, and NordicTrack Treadmill.
“Facebook is the creepiest of the big tech companies. Its Facebook Portal is equipped with an AI-powered smart camera and microphone that sends data back to Facebook (er, Meta) regularly. Meanwhile, Amazon’s Echo Dot for Kids can read your children bedtime stories — all while helping Amazon potentially learn a lot about your kid. And the e-reader Onyx Boox doesn’t even have a privacy policy,” the company said in a press statement.
The NordicTrack Treadmill is especially problematic, the report warns. “They can sell your data, call or text your phone number even if you’re on a do-not-call list, and may collect data from data brokers to target you with ads.”
Amazon Alexa is embedded in numerous products, including ones that Amazon doesn’t manufacture. That concerns us because Alexa and Amazon retain records of Alexa interactions. “Even if you ask Amazon to not collect personal data on their kids, they say they still might collect some data. And Alexa Skills seem to be problematic in its oversight/privacy,” the company’s research added.
Further, too many companies make it difficult to even find their privacy policies. Major culprits include Kwikset, Amazfit, Ubtech, Onyx Boox, Fi Series 2, and Whistle pet trackers, according to the research.
On the other hand, researchers identified 22 “Best Of” products that get privacy right by not collecting, selling, or sharing data, including the Garmin Venu, iRobot Roomba, and Apple Homepod Mini. The guide also identifies which products meet Mozilla’s Minimum Security Standards, like using encryption and requiring users to use a strong password.
Not surprisingly, Apple is the least creepy of the big tech companies since they don’t share or sell user data. Garmin’s fitness watches also protect users’ personal data. And the Sonos One SL speaker is specially built without a microphone, which makes it a privacy-centric device.
Jen Caltrider, a researcher at Mozilla said in a statement, “While gadgets may be getting smarter, they are also getting creepier and way more prone to security lapses and data leaks — even among leading companies like Microsoft, Amazon, and Facebook. We also found that consumers continue to shoulder way too much of the responsibility to protect their own privacy and security. Consumers are asked to read complicated documents scattered across multiple websites to even begin to understand how their data is being used.”