Mozilla security experts identify 47 ‘creepy’ smart products that people give as holiday gifts

Internet-enabled smart devices have become a holiday tradition—but there are downsides to owning connected devices that are on around the clock and capable of recording sound and video from inside your home. You can buy exercise equipment that sells the recipient’s most intimate data or a smart speaker that listens to your parents.

The non-profit software community, Mozilla, has compiled a list of connected devices for its fifth annual “Privacy Not Included” gift guide, which ranks gadgets based on “creep” and describes which products are basic. meet safety standards. The list also notes which products are capable of spying on users with cameras, microphones or GPS.

The guide’s goal is twofold: to hand buyer information they need to choose gifts that protect their friends and family, as well as inspire the tech industry to do more to protect consumers.

For this 2021 edition, Mozilla researchers claim they spent more than 950 hours reviewing 151 popular connected gifts across six categories: smart homes, toys & games, entertainment, wearables, health & exercise, and pets. . Researchers combed through privacy policies, looked at product and app features, and questioned companies.

47 products were branded with a warning label

Mozilla has identified at least 47 products that have particularly problematic privacy practices, branding them with a ‘*Privacy not included’ warning label. The worst offenders include the Facebook Portal, Amazon Echo, and NordicTrack Treadmill.

“Facebook is the weirdest of the big tech companies. Its Facebook Portal is equipped with an AI-powered smart camera and microphone that routinely sends data back to Facebook (er, meta). Meanwhile, Amazon’s Echo Dot for Kids can help you get more information out of your device.” can read bedtime stories to kids — all of which potentially helps Amazon learn a lot about your child. And the e-reader Onyx Books doesn’t even have a privacy policy,” the company said in a press statement. said in.

The NordicTrack treadmill is particularly problematic, the report warns. “They may sell your data, text your phone number even if you are on the Do Not Call or Do Not Call list, and collect data from data brokers to target you with advertisements.”

Amazon Alexa is built-in to many products, including those that Amazon does not manufacture. This worries us because Alexa and Amazon maintain records of Alexa interactions. “Even if you ask Amazon not to collect personal data on your kids, they say they may still collect some data. And Alexa Skills appears to be problematic in its monitoring/privacy. occurs,” said the company’s research.

In addition, too many companies make their privacy policies difficult to find. The major culprits include Kwikset, Amazfit, Ubitech, Onyx Books, Fi Series 2 and Whistle Pet Trackers, according to research.

On the other hand, researchers identified 22 “best” products that achieve privacy by not collecting, selling or sharing data, including the Garmin Venu, iRobot Roomba and Apple HomePod Mini. The guide also identifies which products meet Mozilla’s minimum security standards, such as using encryption and requiring users to use a strong password.

Not surprisingly, Apple is the least intimidating of the big tech companies because they don’t share or sell user data. Garmin fitness watches also protect users’ personal data. And the Sonos One SL speaker is specifically built without a microphone, making it a privacy-focused device.

Jane Caltrider, a Mozilla researcher, said in a statement, “While gadgets are getting smarter, they are also getting weaker and more prone to security lapses and data leaks – even as Microsoft, Amazon And even among major companies such as Facebook. We also found that consumers continue to assume a great deal of responsibility to protect their privacy and security. Consumers are asked to read complex documents scattered across multiple websites to find it understand how their data is being used.”


Leave a Reply

Your email address will not be published. Required fields are marked *