If you’re planning on picking up some cool new smart device for a loved one this holiday season, it might be worth your while to check whether it’s one of the good ones or not. Not just in the quality of the camera or step tracking, but the security and privacy practices of the companies that will collect (and sell) the data it produces. Mozilla has produced a handy resource ranking 70 of the latest items, from Amazon Echos to smart teddy bears.
Each of the dozens of toys and devices is graded on a number of measures: what data does it collect? Is that data encrypted when it is transmitted? Who is it shared with? Are you required to change the default password? And what’s the worst-case scenario if something went wrong?
Some of the security risks are inherent to the product — for example, security cameras can potentially see things you’d rather they didn’t — but others are oversights on the part of the company. Security practices like respecting account deletion, not sharing data with third parties, and so on.
Altogether, 33 of the products met Mozilla’s recently proposed “minimum security standards” for smart devices (and got a nice badge); 7 failed; and the rest fell somewhere in-between. In addition to these official measures there’s a crowdsourced (hopefully not to be gamed) “creep-o-meter” where prospective buyers can indicate how creepy they find a device. But why is BB-8 creepy? I’d take that particular metric with a grain of salt.