- Internet-enabled “smart” devices collect intimate personal data from inside your home, and it can be hard to tell whether that data is kept private and secure.
- “Privacy Not Included” is a gift guide from the nonprofit Mozilla published Tuesday that ranks smart devices based on “creepiness” and indicates whether they meet basic security standards.
- The project ranked 76 connected devices and found that 7 didn’t meet minimum security standards that “every company should take to protect consumer privacy.”
- Visit Business Insider’s homepage for more stories.
An internet-enabled “smart” device may seem like the perfect holiday gift – but there are downsides to owning connected devices that stay on around the clock and are capable of recording sound and video from inside your home.
Privacy and security watchdogs have repeatedly raised concerns with connected devices, and people have proven it’s possible to hack popular gadgets like Amazon them with lasers and malicious apps.
Mozilla, the nonprofit software community, compiled a list of connected devices for its annual “Privacy Not Included” gift guide, ranking gadgets based on “creepiness” and delineating which products meet basic security standards. The list also notes which products are capable of snooping on you using a camera, microphone, or GPS.
Privacy concerns also affected Mozilla’s rankings – for example, the gift guide notes that Amazon’s Ring home security gadgets work with over 600 police departments, who have access to Ring locations and can request security footage with users’ consent.
Ashley Boyd, Mozilla's vice president of advocacy, told Business Insider that the gift guide is intended to give consumers a sense of what privacy expectations they should hold for connected devices. In some cases, Boyd said, users should reconsider whether a smart device is worth the privacy risks, rather than a non-connected device.
"It can be really hard to gauge how your data is being used ... we wanted to fill a gap in information," Boyd said. "For example, I live in the second floor in a duplex and it is a pain to go down the stairs to see who's at the door, but the risks of a Ring doorbell are not enough for me to buy it."
Mozilla identified 60 products that meet basic security requirements and seven products that don't. Here are the products that Mozilla recommends you steer clear of.
1. Ring Video Doorbell
Mozilla notes that Ring has been hacked in the past, and it's unclear whether it's possible for users to delete data that Ring accumulates. The gadget is also capable of snooping using GPS data, video, and audio.
In a statement to Business Insider, a Ring spokesperson said the company "takes customer security seriously."
"We have experienced, full teams dedicated to ensuring the safety and security of our products and systems. We have taken measures to help secure Ring devices from unauthorized access. These measures include preventing the installation of third-party applications on the device, rigorous security reviews, secure software development requirements, and encryption of communication between Ring devices with services such as AWS servers," the Ring spokesperson said.
2. Ring Indoor Cam
Mozilla cites similar concerns for the Ring Indoor Cam, noting that Amazon "stored customer data - including video recordings - unencrypted on an Amazon cloud server and employees could access any of this data," as Techcrunch reported earlier this month.
3. Ring Security Cams
Like the other Ring products, the security cam is dinged by Mozilla for opaque policies around privacy and security.
"They aren't as transparent as we would like them to be about their privacy and data deletion practices," Mozilla writes.
4. Wemo WiFi Smart Dimmer
Mozilla was unable to determine how the Wemo Smart Dimmer encrypts data or protects users' privacy. The dimmer, which lets users dim lights with an app on their phone, was also found to be vulnerable to cyberattacks.
Belkin, the company that manufactures the device, did not respond to Business Insider's request for comment.
5. Artie 3000 Coding Robot
This gadget, designed to help teach kids how to code, is WiFi-enabled and is praised by Mozilla as a device that "sounds pretty darn fun." But it has no clear privacy policy and isn't transparent about how it handles user data, meaning it fails to meet Mozilla's basic security requirements.
A spokesperson for Educational Insights did not immediately respond to Business Insider's request for comment.
6. Litter-Robot 3 Connect
This robot is designed to scoop cat litter automatically and connects to WiFi so that users can watch their cats on a cam and gauge "waste drawer levels" from an app.
"Unfortunately, this product raises as many red flags and the litter box itself probably does when Fluffy is dealing with an upset stomach. The company didn't take the time to get back to us with answers to our privacy and security questions. They also do not meet our Minimum Security Standards because the only privacy policy we could find was one for the website," Mozilla wrote.
A spokesperson for Litter Robot did not immediately respond to a request for comment.
7. OurPets SmartScoop Intelligent Litter Box
This device is yet another "smart" litterbox capable of alerting owners when their cat has entered or left the box and can automatically scoop poop into a bin. It doesn't have any clear privacy policy despite connecting to WiFi and running a smartphone app.
"What's the worst that could go wrong with a Bluetooth connected litter box with potentially poor privacy and security protections? Perhaps not a whole lot. But we'd rather see them take your security and privacy seriously so we don't have to find out," Mozilla wrote.
A spokesperson for OurPets did not immediately respond to Business Insider's request for comment.
