How to weed out unsafe smart products from the safe ones this holiday blitz

The era of smart gifts is upon us, and so is the next holiday shopping bonanza. Every year, more and more smart gizmos get snagged off the shelves. But many of these Internet-connected devices are notoriously unsafe, exposing customers to hidden dangers.

Seeing how IoT vendors continue to push unsafe products onto the market, Mozilla went elbow deep into their underpinnings, and into the privacy policies and apps that accompany them. The web giant’s “Privacy Not Included” buyer guide, the second of its kind in as many years, aims to “help you shop smart—and safe—for products that connect to the internet.”

This year’s iteration has grown to 70 connected products in six categories, including Toys & Games, Smart Home, Entertainment, Wearables, Health & Exercise, and Pets. It answers questions like “Can it spy on me?” and “What does it know about me?”, or “Can I control it?” and “Does the company show it cares about consumers?”

Readers can use a Creep-O-meter to chime in with their own opinion and experience, while the guide’s “minimum security standards” benchmark should help users make informed decisions about the smart products they plan to put under the tree this year. It also rates the reading level for privacy policy documentation, such as middle school reading level, or college reading level.

“Needing a college degree to understand how a company plans to use your personal information is not ideal,” Mozilla researchers believe.

If you plan on buying a Nintendo Switch, PlayStation 4, Amazon Kindle or a Harry Potter Kano Coding Kit, you’ll be happy to know Mozilla ranks them highly on their not-creepy meter. But, as we scroll through the list, the Creep-O-Meter smiley face slowly turns from happy, to uncertain, to worried, to completely creeped out. Examples at this end of the spectrum include the Apple Homepod with its always-on listening features, the Nest Cam Outdoor Security Camera that records everything for better or worse, and the CogniToys Dino, a Wi-Fi connected dinosaur toy designed to listen to your kid’s questions, adapt its responses to their age, and grow with the child over time.

Every product on the list comes with its own evaluation page. The FREDI Baby Monitor, one of the creepiest, “has a history of being easily hacked, uses a default password of ‘123’, and doesn’t have a privacy policy we could find from the manufacturer,” Mozilla says.

For those wondering what could possibly go wrong using this product…:

“There is a lot of anecdotal evidence out there demonstrating these baby cameras are regularly and routinely hacked. Potentially, someone could access the video feed during private moments and spy on your family,” Mozilla researchers note.

In the latest hacking incident involving this product, a remote attacker used it to spy on a mother breastfeeding her baby.