The holiday season is for sharing, but with some gifts, people could be sharing too much of their own personal data. That voice assistant that’s half off on Black Friday might seem like a great gift to you, but you may want to be more cautious for a person focused on their.
But you’ll need to start wrapping your head around these issues as more and more smart devices enter our lives. While internet of things devices can be convenient and helpful, they’re also notorious for weak cybersecurity and can share your personal data with third parties without your knowledge.
To help you out, Mozilla published its annual Privacy Not Included gift guide on Wednesday, with ratings on the security of 77 products — from toys and smart home gadgets to wearables and pet tech — along with a review of how the devices share your data. Mozilla, best known for its Firefox browser, creates its gift guide to build awareness of the privacy and security issues that can crop up with items on holiday shopping lists. The guide debuted in 2017.
Its researchers looked through all the devices’ privacy policies, asked how the companies were encrypting the data they collected, as well as if the gadgets had automatic security updates, required strong passwords and properly addressed vulnerabilities, among other requirements for its minimum security standards.
Unlike the gift guide in 2018, where fewer than half of the gifts met that standard, 62 products on Mozilla’s list passed the test this year. Those standard-meeters include the Nintendo Switch, the Apple Watch 5, Sonos One SL speakers, Sony’s PlayStation 4, Amazon’s Kindle and Amazon’s Fire Kids HD.
Fifteen products didn’t meet the standards. Three of those are Amazon’s Ring security products for their lack of encryption, reported security vulnerabilities, and partnerships with over 600 police departments in the US.
Ring defended its products.
“Ring takes customer security seriously and we have experienced, full teams dedicated to ensuring the safety and security of our products and systems. We have taken measures to help secure Ring devices from unauthorized access,” Ring said in a statement. “These measures include preventing the installation of third-party applications on the device, rigorous security reviews, secure software development requirements, and encryption of communication between Ring devices with services such as AWS servers.”
Another product that failed to make the mark was a smart dog collar from Link AKC. Mozilla raised an issue with it because there are no available details on encryption for the data this device transfers.
Link AKC said it was surprised by Mozilla’s findings, pointing out that it does use end-to-end encryption, as well as require strong passwords and provide regular security updates.
“We continue to update and evolve our products and our overarching goal continues to be to offer consumers the best smart tracking collar on the market,” Joe McKee, Link AKCs chief technical officer, said in an email.
The Tile Mate tracker was temporarily listed as not meeting minimum standards but Mozilla updated the list on Wednesday morning, noting that Tile does meet the standards. Tile had said it missed Mozilla’s deadline for responses.
Other products missed the minimum security standard by one of the five points, like a Wi-Fi-connected pressure cooker. Mozilla couldn’t determine how it handled vulnerability reports.
You can look through the guide and see for yourself what gifts would be best for your privacy-focused friends. You can also leave ratings for how creepy you think a product is on Mozilla’s “creep-o-meter,” which goes from “not creepy” to “super creepy.”
Originally published Nov. 20 at 8 a.m. PT.
Update, 8:59 a.m. PT: Adds information that Tile Mate’s status has been upgraded.