We already know the hottest holiday gadget gifts are cool but are they secure and trustworthy too? Mozilla — yep, the folks behind internet browser Firefox — just released a new report and shopping guide called *Privacy Not Included. The idea behind it is to help people shop for gifts based on price, performance, and on how well they protect privacy and security as well.
In an email, Ashley Boyd, Mozilla VP of Advocacy explained that researchers reviewed 70 of the most popular gadget gifts across six categories: Toys & Games; Smart Home; Entertainment; Wearables; Health & Exercise; and Pets. For each product, Mozilla looked at a range of questions including Can it spy on you? Can you control it to make it more secure? What could happen if something went wrong?
Mozilla partnered with the Internet Society and Consumers International, a leading consumer advocacy group with hundreds of member organizations in over 100 countries, to come up with a set of guidelines for internet-connected products. They call these rules the Minimum Security Standards, and they include Encrypted communication to prevent snoops from seeing your data, regular security updates to patch privacy holes, strong password requirements, and privacy restrictions that let you opt-out of having your data sold for marketing. Mozilla even enlisted researchers from Carnegie Mellon University to comb through the privacy policies of each company too.
Of the 70 products in the guide, just 33 of them met all of the minimum requirements. Some of the “safer” ones include the highly sought-after Nintendo Switch, Google Home, Harry Potter Kano Coding Kit, Athena Safety Wearable, Sony PS4, Apple TV, and Findster Duo Plus Pet Tracker. However, the list of products that do not meet these basic privacy guidelines includes some of the most popular gadget gifts of the year as well.
Amazon products are nailed with negatives in Mozilla’s guide. According to the guide, the Fire HD tablet misses the mark because Amazon shares information with third parties doesn’t have a default passcode requirement, and doesn’t delete the data it stores about you. Amazon’s Echo Show is a bit better because it requires a password when you set it up, but it still falls short by storing and sharing user data with third parties.
Apple, on the other hand, fares a bit better. The iPad, Apple Watch, and HomePod all get a seal of approval from Mozilla, but since Apple still shares information with third parties they’re not perfect either.
Even seemingly innocuous gadgets like the smart Hue lights by Philips are dinged because they don’t encrypt communications sent over WiFi, and have no additional password security. These are little things that companies sometimes overlook or ignore, according to Mozilla, but they can have real privacy implications. For instance, if someone knows when your lights are on or off, they might be able to figure out when you’re home or away, or even when you’re sleeping — which is ultra creepy.
Speaking of the “creep factor,” Mozilla wants real people to rate the gadgets too based on what they call the “Creep-O-Meter.” The interactive tool is part of the guide that encourages shoppers to rate how creepy they think a product is using a sliding scale of “Super Creepy” to “Not Creepy,” as well to share how likely or unlikely they are to buy it. So far more than 2500 people have shared their real-user Creep-O-Meter ratings.
“While there’s no shortage of holiday shopping guides, most focus on price and performance, not privacy, which Mozilla sees as a major oversight,” Boyd said in a press release. “We hope this guide helps consumers make smart and more informed holiday shopping decisions, while also inspiring them to demand that companies make it a priority to offer products that protect their privacy and security.”
A Mozilla PR associate told me that Mozilla’s not telling people that you should or should not buy products based on the *Privacy Not Included guide, but rather take all of the potential pitfalls into account when you’re hunting for a great deal on a hot gadget.