• United States



Mozilla’s Privacy Not Included guide reveals if holiday gifts will spy on you

Nov 08, 20174 mins
Internet of ThingsPrivacySecurity

Black Friday ads are leaking left and right, but do you know if that holiday gift can spy on you or be hacked?

It’s ticking closer and closer to gift-giving season. Whether you are waiting for retailers to release previews or are keeping an eye on Black Friday ad leaks to shop for good deals, Mozilla hopes you will choose gadgets that respect online privacy and security.

That’s why the company released a “Privacy Not Included” a guide. “This holiday season, don’t buy your loved ones an Internet-connected gadget that compromises their privacy or security — no matter how nifty or cute that gadget may be,” it said.

The holidays, Mozilla said, is “the most wonderful time of the year…unless you buy a gift that spies on your kids or gets your friend hacked.”

So, a team of Mozilla researchers “reviewed dozens of popular toys, game consoles, exercise gadgets, and smart home accessories ranging in price from $25 to $900.” Their hope is that you will use the guide to decide if a gift comes with privacy included.

The guide is broken down into the following categories: Toys, Game Consoles, Home Hubs, Smart Home Accessories, Gadgets & Gizmos, and Health and Exercise. Each item listed under the categories has a safety review that includes if the item can spy on you via camera, microphone or tracking location and what the item will know about you, such as if you must create an account, if it has privacy controls, and if you can delete your data by contacting the company.

If you are shopping for electronics, then you can already start comparing different retailers’ prices for smart 4K TVs, cell phones, gaming consoles and “smart” Internet of Things (IoT) devices. If any of those items are also listed on *Privacy Not Included, then you can get a worst-case scenario of “what could happen if something went wrong.”

Amazon Echo/Show, Google Home, Samsung SmartThings, Wink Hubs

An example of the what could happen with an Amazon Echo/Show is that “it could be used to spy on you when you’re naked or doing other such things.”

The what-could-happen scenario with Google Home is “it could listen to you and know everything happening in your home.”

For the Samsung SmartThings Home Monitoring Kit, “it could know your daily routine, and that data could be used against you.”

And Wink Hubs “could let others know the patterns of activity in your home.”

Toys that spy

Shopping for kids? Here are a few examples of those worst-case scenarios. Mozilla decided nothing bad could happen if something went wrong with SmartLetters or AirJamz Air Guitar.

However, Edwin the Duck “could know how often you bathe your kids and when you put them to bed.” Hello Barbie “could record and say weird and creepy things to your children.” And Toymail Talkie “could allow hackers to start talking to or leaving messages for your kids.”

Security issues with smart home accessories

The worst-case scenarios range from serious to silly. A Nest Protect, for example, “could ignore a fire,” while the Nest Indoor and Outdoor security cameras “could be used to spy on you when you’re naked or doing other such things.”

The August Smart Door Lock “could unlock the door unexpectedly or get hacked and open your door to a stranger.” The Chamberlain MyQ Smart Garage Hub “could know when you are home, and it could open your garage door for random strangers if hacked.” And the Sonos Play:1 “could share data with others that you are depressed because of your sad playlist.”

Those were just a few examples from *Privacy Not Included. Overall, it’s a good guide to consult when it comes to your privacy for the listed products.

Mozilla noted, “With *Privacy Not Included, we can help shoppers choose more responsible technology. We can also do something bigger — fuel a movement for rules and mores that enshrine online privacy and security. We can demand change from the businesses that make digital products, and the governments that oversee them, to ensure privacy and security are built into our digital lives.”

ms smith

Ms. Smith (not her real name) is a freelance writer and programmer with a special and somewhat personal interest in IT privacy and security issues. She focuses on the unique challenges of maintaining privacy and security, both for individuals and enterprises. She has worked as a journalist and has also penned many technical papers and guides covering various technologies. Smith is herself a self-described privacy and security freak.