Ever wonder what that gift ranks on the ‘Creep-O-Meter’?
Teddy bears linked to your smartphone, smart home speakers, a baby monitor with sensors that let you “feel” motion in the nursery.
All great holiday gifts — unless they spy on you, says the second annual Mozilla Foundation shopping guide to the naughty and the nice among web-connected smart devices.
From Apple TV to the Fredi wireless baby monitor, 70 tech products are included in the 2018 edition of the foundation’s “Privacy not Included” buyers’ guide that rates toys and devices according to their security practices.
It also uses an interactive tool to let website visitors indicate their level of comfort with the product and whether they’d be likely to buy it.
Mozilla, a Silicon Valley notfor-profit known as the maker of the open source Firefox web browser, says the aim is to help people make sound tech-buying decisions during the holiday season that factor in security as well as price and performance.
“We wanted to reach average people as consumers through their pocket books” said the guide’s creator Jen Caltrider. “We are not Consumer Reports, but we can give people some tools to help them make good decisions.”
She said Mozilla has surveyed its members since last year’s first shopping guide and found strong interest in the privacy and security of connected toys and smart home products.
“People know they should care but they have no real way to understand what they should do, so they start to get resigned. They say ‘I’ll just take my chances.’ ”
According to research for the Office of the Privacy Commissioner of Canada most Canadians sense that protection of personal information is diminishing, while concern about how personal information is being used by companies mounts.
Nearly 70 per cent of consumers believe companies are vulnerable to hacks and cyberattacks, according to separate research by accounting and consulting firm PwC.
Only 10 per cent feel they have complete control over their personal information while just one-quarter believe most companies handle their sensitive personal data responsibly.
Nearly 90 per cent of consumers say they will take their business elsewhere if they don’t trust a company.
Caltrider, meanwhile, said some vendors have disputed negative ratings and some have altered their practices to achieve a better result.
“Part of the goal is to create a dialogue with the companies to say are you doing the best you can to build privacy and security into your products,” she said, adding the ratings are based on data from sources including company and consumer reports. “We’ve had some interesting discussions.”
Merry creepy Christmas?
The Mozilla buyers’ guide applies a “Creep-O-Meter” sliding scale with accompanying emoji to rate the items from “not creepy” to “super creepy” based on how much they are deemed to encroach on privacy.
The guide, for example, rates digital media player Apple TV as “somewhat creepy” in part because the hardware can employ
location tracking.
Apple TV is still among products that meet the foundation’s minimum security standard, though, requiring the use of encryption and automatic security patches, among other criteria.
The Amazon Echo Dot smart speaker, which also met the minimum standard, still rates as “very creepy” because the device is capable of remote tracking and “it shares your information with
third parties for unexpected reasons,” according to the guide.
Parker Teddy Bear, which has no Wi-Fi or Bluetooth but requires you to download an app on your smartphone to explore whether Parker is happy and healthy, gets a “somewhat creepy” because the app does use your smartphone or tablet’s camera.
The Fredi Baby Monitor is “super creepy” in light of findings by security researchers SEC Consult that flagged vulnerability to hacking after a mother last summer said the device was used
to spy on her family. SEC said it found flaws in the Fredi Wi-Fi baby monitor that would allow an outside attacker to remotely connect to the device and use its built-in camera without authentication, although the company that makes the device said it guarantees its security.
Video game console the Nintendo Switch, on the other hand, was rated “not creepy” because it meets most of the standards, as did the Mycroft smart speaker that uses open-source software and has an easy-to-read privacy policy.