As holiday shoppers buy their final few gifts for family and friends, Mozilla has released its annual Privacy Not Included list of electronics that pose security concerns.
The electronics are rated by a “creep-o-meter” that ranges from not creepy to very creepy. The company looked at aspects like the device’s ability to spy on the user, encryption technology, privacy policies, data collection and sharing, password protections, parental controls, security vulnerabilities and more.
The goal of the guide is to help people who are buying electronics understand that they might be getting more than they paid for.
On the top of the list for least creepy products is the Nintendo Switch. Mozilla said the device has easy-to-use parental controls and does a good job of protecting user security. On the downside, the privacy policy is difficult to understand and the company shares user data with third parties for what Mozilla considers unexpected reasons.
The Harry Potter Kano Coding Kit, Beeline mart Bike Compass and PS4 devices are also all considered some of the less creepy tech gifts on the market.
On the other end of the spectrum, the Google Home, Amazon Echo and Dot, CogniToys Dino, Amazon Cloud Cam, Amazon Echo Show and Spot and the FREDI Baby Monitor were all rated “super creepy” by Mozilla.
For the FREDI Baby Monitor, Mozilla said the default password for the camera is 123 and is easily hackable. It also doesn’t have a privacy policy that’s easy to find and the company running it doesn’t manage security vulnerabilities for users.
Jeremy Gillula, the tech projects director with the Electronic Frontier Foundation, said any device that’s connected to the internet has some level of vulnerability.
“It’s a tossup for me between any smart phone and one of the home assistants,” Gillula said.
The apps people download on their phones collect the most information, he said, and they often times sell it to third parties for things like targeted advertising.
Most tech companies collect some information from users to look for ways to improve their products. However, many will also sell that information.
“When you’re sharing something with a company, unless they have a very ironclad privacy policy, you could be sharing it with much more than that one particular company,” Gillula said. “No matter how much you trust them, if they are sharing it with someone else, that’s something you have to realize.”
Even weather apps collect and sell user data to other companies.
“I wish everybody knew just how pervasive the third-party tracking (is) and a third-party sharing of data,” Gillula said.
In the end, though, the security concern different tech toys offer depends on the user and how much information they are comfortable with sharing.
“Privacy does come down to a personal definition for an individual what I might consider an acceptable level of privacy might be ridiculously too strict for someone else,” Gillula said.
If you’re really concerned with your privacy, the safest thing to do is stay away from devices connected to the internet unless they’re absolutely necessary.
