What NOT to Buy This Holiday Season – Guide for Security Conscious Buyers (List)

Nov 20, 2018

As tech editors, we often play a role in making products popular and mainstream even though they aren’t really secure. While most of the news space is given to shiny new features, only rarely do we talk about security loopholes and privacy disasters. Much of this scrutiny and doubt is then diverted towards products that aren’t designed inside the Silicon Valley. Many users automatically tend to believe that anything out of China is insecure and the products are designed to steal our data. While a legit concern, the same worry isn’t shared as much when it comes to homegrown products.

For example, many assume that everything Apple has got to be secure, partly due to the company’s vocal marketing strategy and a little due to its users being loyal fans. As the Black Friday and Cyber Monday deals galore is about to hit us all, tens of millions of us will make purchases potentially buying Internet-connected devices that are nothing but creepy. Here’s how to make sure the products you are buying meet at least the minimum security checks.

Considering the risks: what’s “secure enough” for you may not be secure enough for everyone

As I have shared in a previous piece, it’s difficult to resist these pretty looking, helpful little gadgets. While the trade-off is almost understood by the buyer that you have to share at least some of your data, how do we weigh the risks? Everyone has a different level of concern about privacy and security. But if you know one of your friends doesn’t believe in “if I don’t have anything to hide, why should I worry about sharing data anyway,” should you be giving them a gift that will just make them more concerned about their privacy?

Depending on your level of concern around this hotly debated but increasingly obscure concept of digital security and privacy, you can make a decision whether a risk is worth taking. For me, when I bought my first robot vacuum cleaner and a smart toothbrush, I thought if I don’t unnecessarily connect these products to Wi-Fi, gave them limited app privileges, and didn’t share my location information with them, I should be okay. (Or, so I thought…)

Now, this wouldn’t be true for everyone. For some, they would want to make use of all the features that an IoT product has to offer; for a different person, they wouldn’t want to risk sharing even this amount of information.

Before you go on a shopping spree this season, make sure you know the product maker offers at least basic forms of protections as advised by experts at Mozilla:

  • It doesn’t spy on you by asking access to the camera or microphone even when it has nothing to do with them
  • Doesn’t unnecessarily ask for location data
  • Requires users to opt for strong passwords
  • Offers encryption and is prompt to fix issues
  • Sends regular security updates
  • Offers parental controls

If you don’t want to go through all of that testing process, here’s a list shared by Mozilla to at least give you some idea about the security of a handful of products. That BB-8 you have been eyeing? Not a clever purchase…

Shockers? Google Home is apparently secure enough; Sphere BB-8? Not so much

Mozilla has worked on a small list of products to help you see if they are really really creepy. “We realize people want to just know which products are safer than others,” the company wrote (emphasis is ours)The company clarified that it’s not saying whether to buy a certain product or not, it’s just trying to share which products meet the minimum security requirements (more details are available here).

We are Mozilla – not a consumer product review company – so we won’t say “Buy this, don’t buy that. Instead, we used our technical expertise to create a set of minimum security standards we think all products should meet in order to be sold in stores.

Those standards include using encryption, automatic security updates, requiring strong passwords, a system to manage vulnerabilities, and having an accessible privacy policy. 33 of the 70 products in our guide meet those minimum security standards.

The list includes a myriad of products, including smart speakers that are becoming ubiquitous, coffee makers, smartwatches, teddy bears (yep!), drones, tablets, baby monitors, and more.

Here are the products that received a yes or a no from Mozilla’s tech experts.

Secure Not so secure
Sphero BB-8 Robot
Xbox One Bose QuietComfort 35 II
Nintendo Switch
Sphero Mini
Samsung Gear Sport Jabra Elite 65t Earbuds
Fitbit Charge 3 Tracker Apple Airpods
Beeline Smart Bike Compass Evo Robot
Harry Potter Kano Coding Kit
Anova Precision Cooker Sous Vide
Philips Hue Smart Light Kit Google Pixel Buds
Behmor Brewer Coffee Maker
WeMo Mini Smart Outlet
Athena Safety Wearable
Tile Mate
Mycroft Mark 1 Garmin Vivosport
Roku Streaming Players Google Chromecast
Withings Body Scale Nest Learning Thermostat
Fitbit Versa Watch Quell 2.0 Wearable Pain Relief
Petnet SmartFeeder Whistle 3 Smart Tracker
Philips Hue Smart Light Kit Peloton Bike
Sonos One Soundmoovz
Apple Watch 4 Parker Teddy Bear
Apple iPad Dot Creativity Kit
Amazon Kindle
Fitbit Ionic Watch TicWatch Pro
Petcube Play
Nest Hello Video Doorbell
Apple TV Cue the Robot
Fitbit Aria 2 Scale Tractive GPS 3G Pet Tracker
Amazon Fire HD Kids Edition Sky Viper Journey
Apple Homepod SmartThings Outlet
Google Home Dash the Robot
Amazon Echo & Dot Parrot Bebop 2
Amazon Fire TV DJI Spark Selfie Drone
Amazon Echo Show & Spot
Nest Cam Outdoor Security Camera
Petchatz HD Amazon Fire HD Tablet
Furbo Dog Camera Hidrate Spark 2.0 Water Bottle
Amazon Cloud Cam Security Camera Petzi Treat Cam
Dobby Pocket Drone
Nest Cam Indoor Security Camera
CogniToys Dino

You can find the complete list over here. Click on any product to find the details of this basic security checkup; once inside the product page, you can also see the “creepiness” level of a product, but since that’s based on user input, we would advise not to trust that particular metric and go with Mozilla’s own results.