What NOT to Buy This Holiday Season – Guide for Security Conscious Buyers (List)
As tech editors, we often play a role in making products popular and mainstream even though they aren't really secure. While most of the news space is given to shiny new features, only rarely do we talk about security loopholes and privacy disasters. Much of this scrutiny and doubt is then diverted towards products that aren't designed inside the Silicon Valley. Many users automatically tend to believe that anything out of China is insecure and the products are designed to steal our data. While a legit concern, the same worry isn't shared as much when it comes to homegrown products.
For example, many assume that everything Apple has got to be secure, partly due to the company's vocal marketing strategy and a little due to its users being loyal fans. As the Black Friday and Cyber Monday deals galore is about to hit us all, tens of millions of us will make purchases potentially buying Internet-connected devices that are nothing but creepy. Here's how to make sure the products you are buying meet at least the minimum security checks.
Considering the risks: what's "secure enough" for you may not be secure enough for everyone
As I have shared in a previous piece, it's difficult to resist these pretty looking, helpful little gadgets. While the trade-off is almost understood by the buyer that you have to share at least some of your data, how do we weigh the risks? Everyone has a different level of concern about privacy and security. But if you know one of your friends doesn't believe in "if I don't have anything to hide, why should I worry about sharing data anyway," should you be giving them a gift that will just make them more concerned about their privacy?
Depending on your level of concern around this hotly debated but increasingly obscure concept of digital security and privacy, you can make a decision whether a risk is worth taking. For me, when I bought my first robot vacuum cleaner and a smart toothbrush, I thought if I don't unnecessarily connect these products to Wi-Fi, gave them limited app privileges, and didn't share my location information with them, I should be okay. (Or, so I thought...)
Now, this wouldn't be true for everyone. For some, they would want to make use of all the features that an IoT product has to offer; for a different person, they wouldn't want to risk sharing even this amount of information.
Before you go on a shopping spree this season, make sure you know the product maker offers at least basic forms of protections as advised by experts at Mozilla:
- It doesn't spy on you by asking access to the camera or microphone even when it has nothing to do with them
- Doesn't unnecessarily ask for location data
- Requires users to opt for strong passwords
- Offers encryption and is prompt to fix issues
- Sends regular security updates
- Offers parental controls
If you don't want to go through all of that testing process, here's a list shared by Mozilla to at least give you some idea about the security of a handful of products. That BB-8 you have been eyeing? Not a clever purchase...
Shockers? Google Home is apparently secure enough; Sphere BB-8? Not so much
Mozilla has worked on a small list of products to help you see if they are really really creepy. "We realize people want to just know which products are safer than others," the company wrote (emphasis is ours). The company clarified that it's not saying whether to buy a certain product or not, it's just trying to share which products meet the minimum security requirements (more details are available here).
We are Mozilla - not a consumer product review company - so we won't say "Buy this, don't buy that. Instead, we used our technical expertise to create a set of minimum security standards we think all products should meet in order to be sold in stores.
The list includes a myriad of products, including smart speakers that are becoming ubiquitous, coffee makers, smartwatches, teddy bears (yep!), drones, tablets, baby monitors, and more.
Here are the products that received a yes or a no from Mozilla's tech experts.
|Secure||Not so secure|
|PS4||Sphero BB-8 Robot|
|Xbox One||Bose QuietComfort 35 II|
|Nintendo Switch||Sphero Mini|
|Samsung Gear Sport||Jabra Elite 65t Earbuds
|Fitbit Charge 3 Tracker||Apple Airpods|
|Beeline Smart Bike Compass||Evo Robot
|Harry Potter Kano Coding Kit||Anova Precision Cooker Sous Vide|
|Philips Hue Smart Light Kit||Google Pixel Buds|
|Behmor Brewer Coffee Maker||WeMo Mini Smart Outlet|
|Athena Safety Wearable||Tile Mate|
|Mycroft Mark 1||Garmin Vivosport|
|Roku Streaming Players||Google Chromecast|
|Withings Body Scale||Nest Learning Thermostat|
|Fitbit Versa Watch||Quell 2.0 Wearable Pain Relief|
|Petnet SmartFeeder||Whistle 3 Smart Tracker|
|Philips Hue Smart Light Kit||Peloton Bike|
|Apple Watch 4||Parker Teddy Bear|
|Apple iPad||Dot Creativity Kit|
|Fitbit Ionic Watch||TicWatch Pro|
|Petcube Play||Nest Hello Video Doorbell|
|Apple TV||Cue the Robot|
|Fitbit Aria 2 Scale||Tractive GPS 3G Pet Tracker
|Amazon Fire HD Kids Edition||Sky Viper Journey|
|Apple Homepod||SmartThings Outlet|
|Google Home||Dash the Robot|
|Amazon Echo & Dot||Parrot Bebop 2|
|Amazon Fire TV||DJI Spark Selfie Drone|
|Amazon Echo Show & Spot||Nest Cam Outdoor Security Camera|
|Petchatz HD||Amazon Fire HD Tablet|
|Furbo Dog Camera||Hidrate Spark 2.0 Water Bottle|
|Amazon Cloud Cam Security Camera||Petzi Treat Cam|
|Dobby Pocket Drone|
|Nest Cam Indoor Security Camera|
You can find the complete list over here. Click on any product to find the details of this basic security checkup; once inside the product page, you can also see the "creepiness" level of a product, but since that's based on user input, we would advise not to trust that particular metric and go with Mozilla's own results.