A few weeks ago, I wrote an article, “Those New Connected Holiday Gifts May Be Spying On You.” It discussed privacy and security concerns about connected devices, specifically, the devices we are or will be rushing out to gift during this holiday season. The funny thing is, suddenly there seems to be increased discussion around this topic. It could be the season of gift giving, or perhaps people are starting to pay attention. Regardless, this article goes into some details as to what Mozilla is doing to educate the gift-giving and receiving public via their site *Privacy Not Included. (*Disclosure below.)
Interestingly, in just the couple of weeks since I published my first article on this topic, I have come across two other articles discussing the same concerns.
The first comes from The Guardian and it discusses an investigation that discovered that strangers could talks through Bluetooth or WiFi-enabled toys to children, completely bypassing any security (or lack thereof). In my article, I alluded to a hypothetical toy that could interact with a child, tricking that child into innocently providing private and personal information. The Guardian article lists out some specific toys that are vulnerable to this.
A few days later, Business Insider published a story on how consumers are starting to question the privacy and security of their connected devices, despite their desire to “be more connected.”
Now, I’m a guy who is all about devices and gadgets and connectivity. However, I also regularly write about privacy and security and online safety. Seems a bit like an oxymoron, doesn’t it? Well, I think you can have both of these things together. But it requires one particular thing: information and education.
I’m all for buying connected devices as long as you know what you are getting and what the device does. But, as I wrote earlier, it’s often difficult to know exactly how a device or toy may or may not be safe, secure, and/or private.
And this is where the Mozilla connected gift buying guide, *Privacy Not Included, comes into play. If you still want to learn more about the topic of security and privacy of connected devices, be sure to give my first article a read.
Here, however, I’m going to walk through how Mozilla’s connected gift guide works and the types of things you can find there.
*Privacy Not Included Connected Gift Guide
The Mozilla connected gift buying guide is divided up into various connected gadget categories:
- Toys
- Game Consoles
- Home Hubs
- Smart Home Accessories
- Gadgets & Gizmos
- Health & Exercise
Within each of these categories are up to twenty of some of the most popular connected gadgets for this holiday season. And, in looking through the categories and lists, I see that several items that I actually own and use are there.
Hello Barbie is Back
As the first article mentioned above discussed, connected toys are under increased scrutiny. So, I decided to pick on one that a few years ago came under criticism for being not only hackable, but also invaded the privacy of kids, specifically Hello Barbie.
The way that the *Privacy Not Included guide looks at connected devices is quite straightforward. First it provides the summary of the item as well as any important context. It then breaks down the analysis into some basic questions:
- Can it spy on me?
- What does it know about me?
- What could happen if something goes wrong?
And then it provides a link (if available) to the Privacy Policy.
The questions above are important ones you should ask when buying a connected device. The answers may not be immediately apparent. If you need to do research, hold off on buying the device until you have some background information.
In the case of Hello Barbie, Mozilla notes that it doesn’t have a camera (green text which is good), nor does it track location (another green light). But, it does have a microphone (noted in red). And the fact that Hello Barbie has a microphone is part of what makes this toy intriguing. Kids interact with it. But this new version, one can assume from reading the Mozilla guide (I don’t have a Hello Barbie), has more controls than the previous version. So, yes, you have to create an account (a bad thing) but via the account (I’m assuming) you can set up privacy controls (good) and you can delete your data (another good thing). Lastly, no data is being shared with any 3rd parties (again, good).
But do take time to look at the “what could happen if something went wrong” question. These are not far-fetched hypotheticals. There is a possibility with the Hello Barbie that it could record and speak odd things to your kids.
A Thermostat that Listens to You
Now let’s take a look at a device I do own, the Ecobee4. This is a connected thermostat that can automatically and manually adjust the temperature of your home. The control can be done remotely via a connected app on a smartphone or tablet. What’s new about the Ecobee4 is its integration with Amazon Alexa. This means that this connected thermostat is listening, all of the time. But actions are only triggered when the keywords (“Alexa”) are triggered and then the audio that it captures is sent to the Amazon servers for analysis and interaction. Here’s what the Mozilla guide says about the Ecobee4.
The description of the Ecobee4 is accurate and the Safety Review is important to read and understand. For starters, no camera – a good thing in terms of privacy. But after that, you need to pay attention. There is a microphone obviously because that is required for the Amazon Alexa service. And using the companion app, your location can be tracked. Both those things have privacy red flags.
In terms of what the Ecobee4 knows about you, this is a bit of a gray area. According to the Mozilla guide, you do have to create an account which doesn’t have privacy controls (both red flags). You can delete your data though, and according to the guide, data isn’t shared (again, both good). However, this is where my knowledge of Ecobee and Amazon come into play. In fact, you need both an Ecobee account AND an Amazon account for the full functionality. So, yes, technically the data is not shared with a 3rd party if you consider those two companies are functioning as a single entity.
And what could go wrong? Well, you have a mic that is always listening, and you have activity and actions in your home potentially being captured. With this particular device, I would recommend reading the privacy policies of both companies to truly understand what is shared and stored.
A Smart Home That’s Watching
Another device of mine is the Wink Hub 2. In most cases, in order to make your home “smart,” you need some kind of hub that connects a variety of smart devices (e.g., lights, cameras, doors, etc.) I truly like the functionality that the Wink provides, especially as it integrates other connected devices from around your home. However, when you integrate other items, you potentially open yourself up to privacy and security concerns.
Again, the Mozilla description is accurate. As are the recommendations from a safety and privacy standpoint. And, from seeing all of the “red” on their review, you may want to think twice about this if you are hyper-concerned about privacy. As I mentioned, there are a variety of devices that you can connect to the Wink Hub. And when you have other company devices connected, as I mentioned with the Ecobee4, you potentially expose more private information with other companies.
There is an account requirement (red) and no perceivable way to control your privacy (red) and it isn’t clear if you can delete your data (another red). On top of that, according to the guide, advertising data is shared (yes, red again). And with any smart home hub, using the app and interacting with other connected devices can map out a pattern of your home activity (e.g., someone who hacks in could know based on the activity when you are home or not).
The *Privacy Not Included Guide is YOUR Guide
I only chose three examples of connected devices to show how you can use the Mozilla guide to educate and potentially better your understanding of privacy and safety concerns. But from chatting with quite a few friends and families, I have found that most people believe they cannot rely on the companies themselves to provide safety and privacy standards at an acceptable enough level.
If you want to protect your home, you need to ensure you are educated. Using guides like Mozilla’s *Privacy Not Included is an important step towards that education. My recommendation is to start with the Mozilla guide and then take a deeper dive into the specific company whose product you are thinking about purchasing or using.
But, the other side of me still is in favor of connectivity. There is much to be gained through automation. You can save time and even money by automating repetitive tasks or by having your home turn off lights automatically when they aren’t being used, for example. While some connected toys I feel may take away some of the imagination of playtime, other devices like smart hubs and exercise gadget can actually improve your life.
Disclosure: This is a sponsored post and I have received compensation to prepare to research it as well as write it. All opinions within this article, unless otherwise noted, are my own and are not subject to the editorial review from any 3rd party. More information can be found on my About page.
HTD says: This holiday season, be sure you come armed with knowledge of privacy and safety when shopping for connected devices. The Mozilla *Privacy Not Included guide helps better your shopping game, making your final purchase even more intelligent!
