Gift-giving season is here at last, and some of the hottest items on the list will likely be connected toys and gadgets and Internet-of-Things appliances.
To help you choose which gadgets deserve their place under the Christmas tree, Mozilla, the nonprofit organization known for its Firefox browser, just released its “Privacy Not Included” list for 2018.
From interactive pet cameras, all-knowing parrots, drones and smart speakers, Mozilla evaluated the security and privacy policies of 70 popular gadgets that you will likely encounter this season.
Although Mozilla stresses that its list shouldn’t be taken as the ultimate buying guide, it does expose the security weaknesses of connected toys and gadgets and Internet-of-Things appliances in general.
With companies looking to capitalize on the smart home and connected gadget boom, let this list serve as a reminder that consumer security and privacy are still paramount. Ready to dive in and see what Mozilla has to say about your favorite gadgets? Read on and let’s go!
“Meets Minimum Security Standards” badge
Let’s start with the good news first. Out of 70, a total of 31 gadgets earned the company’s “Meets Minimum Security Standards” badge for their adherence to Mozilla’s guidelines for a connected gadget’s security. Needless to say, these are gadgets that don’t have any major security holes and they’re safe enough to buy.
If you’re a fan of the Nintendo Switch, the PlayStation 4, the Apple iPad and HomePod, the WyzeCam, Amazon Fire and Echo gadgets, the Google Home, or Roku streamers, you’ll be ecstatic that they’ve earned Mozilla’s security badge. (See the complete list below).
Products that have security issues
31 gadgets may have earned Mozilla’s approval, but many of them barely missed out on the “Meets Minimum Security Standards” due to one or two issues.
However, some of the products sorely lack the security features that Mozilla requires. Here are some of them:
FREDI Baby Monitor
The FREDI Baby Monitor fails in both Mozilla’s security evaluation and user votes. This is not surprising since it has red flags all over it. For something that’s supposed to keep an eye on your baby 24/7, its security (or lack thereof) is troubling.
It also doesn’t prompt you to change its default password so it’s very vulnerable to hackers and spies nor does it have automatic security updates.
Based on the total disregard of this company for its customer’s security and privacy, please stay away from the FREDI Baby Monitor.
Anova Precision Cooker Sous Vide
The Anova Precision Cooker Sous Vide makes meal preparation easier by letting you precisely cook a meal remotely via its companion app.
It’s also not known if it does automatic security updates, so it misses out on Mozilla’s minimum security requirements. It’s still a cool cooking gadget, though.
DJI Spark Selfie Drone
Based on Mozilla’s findings, drones still have a long way to go when it comes to security and privacy.
The DJI Spark Selfie Drone, as cool as it may sound, still lacks a majority of the basic security features that Mozilla requires.
Adding insult to injury, it doesn’t require you to change its default password, leaving you open to attacks.
However, it does apply security updates automatically and you can delete your data from the device. Now that Mozilla’s evaluation is out, maybe some of its security weaknesses will be addressed by DJI in future patches.
Parrot Bebop 2 Drone
However, it gets good marks for not sharing its data with third parties and its automatic security updates.
Dobby Pocket Drone
Zerotech’s Dobby Pocket Drone may be reasonably priced for all the features it offers but does it pose a security risk? 40% of the voters think it’s super creepy.
Well, based on how much Mozilla can’t determine about this company’s policies, it could very well be.
Based on this lack of transparency of this product, the Dobby Pocket Drone fails Mozilla’s minimum security standards. It may be relatively cheap, but with how much we don’t know about its data collection practices, it’s wise to stay away from it this holiday season if you care about your security.
Full “Privacy Not Included” list
Here’s a list of all the gadgets that Mozilla evaluated and a link to their page. Please take note of the “Meets Minimum Security Standards” badge:
- Amazon Cloud Cam Security Camera – (Meets Minimum Security Standards)
- Amazon Echo and Dot – (Meets Minimum Security Standards)
- Amazon Echo Show – (Meets Minimum Security Standards)
- Amazon Fire HD Kids Edition – (Meets Minimum Security Standards)
- Amazon Fire HD Tablet
- Amazon Fire TV – (Meets Minimum Security Standards)
- Amazon Kindle
- Anova Precision Cooker Sous Vide
- Apple Airpods
- Apple Homepod – (Meets Minimum Security Standards)
- Apple iPad – (Meets Minimum Security Standards)
- Apple TV – Badge
- Apple Watch 4 – (Meets Minimum Security Standards)
- Athena Safety Wearable – (Meets Minimum Security Standards)
- Beeline Smart Bike Compass – (Meets Minimum Security Standards)
- Behmor Brewer Coffee Maker – (Meets Minimum Security Standards)
- Bose QuietComfort 35 II
- CogniToys Dino
- Cue the Robot
- Dash the Robot
- DJI Spark Selfie Drone
- Dobby Pocket Drone
- Dot Creativity Kit
- Evo Robot
- Findster Duo Plus Pet Tracker – (Meets Minimum Security Standards)
- Fitbit Aria Air – (Meets Minimum Security Standards)
- Fitbit Charge 3 Tracker – (Meets Minimum Security Standards)
- Fitbit Ionic Watch – (Meets Minimum Security Standards)
- Fitbit Versa Watch – (Meets Minimum Security Standards)
- FREDI Baby Monitor
- Furbo Dog Camera – (Meets Minimum Security Standards)
- Garmin Vivosport
- Google Chromecast
- Google Home – (Meets Minimum Security Standards)
- Google Pixel Buds
- Harry Potter Kano Coding Kit – (Meets Minimum Security Standards)
- Hidrate Spark 2.0 Water Bottle
- Jabra Elite 65t Earbuds
- Mycroft Mark 1 – (Meets Minimum Security Standards)
- Nest Cam Indoor Security Camera
- Nest Cam Outdoor Security Camera
- Nest Hello Video Doorbell
- Nest Learning Thermostat
- Nintendo Switch – (Meets Minimum Security Standards)
- Parker Teddy Bear
- Parrot Bebop 2
- Petchatz HD – (Meets Minimum Security Standards)
- Petcube Play – (Meets Minimum Security Standards)
- Petnet SmartFeeder – (Meets Minimum Security Standards)
- Petzi Treat Cam
- Philips Hue Smart Light Kit
- PlayStation 4 – (Meets Minimum Security Standards)
- Quell 2.0 Wearable Pain Relief
- Roku Streaming Players – (Meets Minimum Security Standards)
- Samsung Gear Sport – (Meets Minimum Security Standards)
- Sky Viper Journey
- SmartThings Outlet
- Sonos One – (Meets Minimum Security Standards)
- Sphero BB-8 Robot
- Sphero Mini
- TicWatch Pro
- Tile Mate
- Tractive GPS 3G Pet Tracker
- WeMo Mini Smart Outlet
- Whistle 3 Smart Tracker
- Withings Body Scale – (Meets Minimum Security Standards)
- WyzeCam – (Meets Minimum Security Standards)
- Xbox One – (Meets Minimum Security Standards)
Users chime in – Do you agree?
Aside from the security evaluation, Mozilla also opened up a “creepiness” scale where voters can judge whether a product is “super-creepy” or not. And of course, even with Mozilla’s “Meets Minimum Security Standards” badge, users don’t necessarily agree with how creepy a product can be.
Let’s face it, any connected gadget with a camera and microphone can be potentially hacked so it’s automatically “creepy” by default.
But among all the 70 gift ideas that are in Mozilla’s “privacy not included” list, here are the gadgets voted by users as very creepy, in spite of Mozilla’s assessments. Take these with a grain of salt though, this is not exactly a sound scientific method and the sample sizes are still insignificant.
Additionally, Mozilla’s “How creepy do you think this is?” voting scale is completely arbitrary and anyone can chime in, regardless of their actual experience with the product.
But just out of curiosity, let’s check out what the voters think. Did they get it right or do you totally disagree with the results?
FREDI Baby Monitor
Not surprisingly, the one product that a majority of users overwhelmingly voted as “super creepy” is the Fredi Baby Monitor.
Dobby Pocket Drone
Probably based on Mozilla’s evaluation, the Dobby Pocket Drone was also marked as super creepy by the voters.
Hidrate Spark 2.0 Water Bottle
The Hidrate Spark smart bottle has a great concept behind it – it pairs with your smartphone via Bluetooth and its app can track how much water you’ve drank and how much more you need to drink to reach your workout goal.
I personally don’t find this feature that creepy at all but 32% of voters think otherwise. Maybe because the main feature that makes the Hidrate water bottle smart is its app’s location tracking (which it needs to track your workouts). Hidrate also shares your information with third parties and Mozilla can’t say if it uses encryption for your data.
The Petcube Play is marketed as an interactive smart camera for your pet. It allows you to remotely monitor, talk to and play with your furry friend with its built-in motion detecting HD camera, microphone and yep, a laser pointer.
This cute little toy actually gained Mozilla’s “Meets Our Minimum Security Standards” badge but voters still think it’s “very creepy.”
Petcube does share your information with third parties and it has a camera and two-way audio. However, the upside is that its data is encrypted, it gets regular security updates, and you are required to change its default password.
Furbo Dog Camera
Another pet monitoring system that made it to voters’ super-creepy list is the Furbo Dog Camera. Similar to the Petcube Play, the Furbo also has an HD camera with an around-the-clock video storage option, two-way audio plus barking alerts and a treat dispenser.
It also met Mozilla’s minimum security standards so it’s interesting to find out why 46% of the voters (all 98 of them on the last count) find it super-creepy.
It’s a great gadget for pet lovers, for sure, but it probably gets a ding for sharing your data with third parties. On the bright side, it does use data encryption and it gets regular security updates. And like any connected gadget with a camera and a mic nowadays, hackers can potentially break into it and spy on you.
The Google Home meets Mozilla’s minimum security standards too but that didn’t exempt it from the voters’ super creepy list.
Similar to Google Home, Amazon’s Echo smart speakers were judged to be super creepy by a majority of the voters despite meeting Mozilla’s minimum security standards.
Again, it may be the fact that they have always-listening mics and that your information is being shared with third parties that pushed it to super creepy status for many voters.
Connected toys are getting so popular but as usual, they can pose real privacy risks if they’re not handled properly. Take the CogniToys Dino, for example.
This cuddly dinosaur is meant to answer your kid’s questions, sort of like an Alexa for kids. But to facilitate this, behind that lovable green facade is a microphone, of course, and location tracking in its app and the voters just won’t have any of that.
Tap or click below to listen to more about gifts that will spy on you in a Consumer Tech Update.