What NOT to Buy This Holiday Season – Guide for Security Conscious Buyers (List)

Rafia Shaikh
black friday 2018 gift guide

As tech editors, we often play a role in making products popular and mainstream even though they aren't really secure. While most of the news space is given to shiny new features, only rarely do we talk about security loopholes and privacy disasters. Much of this scrutiny and doubt is then diverted towards products that aren't designed inside the Silicon Valley. Many users automatically tend to believe that anything out of China is insecure and the products are designed to steal our data. While a legit concern, the same worry isn't shared as much when it comes to homegrown products.

For example, many assume that everything Apple has got to be secure, partly due to the company's vocal marketing strategy and a little due to its users being loyal fans. As the Black Friday and Cyber Monday deals galore is about to hit us all, tens of millions of us will make purchases potentially buying Internet-connected devices that are nothing but creepy. Here's how to make sure the products you are buying meet at least the minimum security checks.

Considering the risks: what's "secure enough" for you may not be secure enough for everyone

As I have shared in a previous piece, it's difficult to resist these pretty looking, helpful little gadgets. While the trade-off is almost understood by the buyer that you have to share at least some of your data, how do we weigh the risks? Everyone has a different level of concern about privacy and security. But if you know one of your friends doesn't believe in "if I don't have anything to hide, why should I worry about sharing data anyway," should you be giving them a gift that will just make them more concerned about their privacy?

Depending on your level of concern around this hotly debated but increasingly obscure concept of digital security and privacy, you can make a decision whether a risk is worth taking. For me, when I bought my first robot vacuum cleaner and a smart toothbrush, I thought if I don't unnecessarily connect these products to Wi-Fi, gave them limited app privileges, and didn't share my location information with them, I should be okay. (Or, so I thought...)

Now, this wouldn't be true for everyone. For some, they would want to make use of all the features that an IoT product has to offer; for a different person, they wouldn't want to risk sharing even this amount of information.

Before you go on a shopping spree this season, make sure you know the product maker offers at least basic forms of protections as advised by experts at Mozilla:

  • It doesn't spy on you by asking access to the camera or microphone even when it has nothing to do with them
  • Doesn't unnecessarily ask for location data
  • Requires users to opt for strong passwords
  • Offers encryption and is prompt to fix issues
  • Sends regular security updates
  • Offers parental controls

If you don't want to go through all of that testing process, here's a list shared by Mozilla to at least give you some idea about the security of a handful of products. That BB-8 you have been eyeing? Not a clever purchase...

Shockers? Google Home is apparently secure enough; Sphere BB-8? Not so much

Mozilla has worked on a small list of products to help you see if they are really really creepy. "We realize people want to just know which products are safer than others," the company wrote (emphasis is ours)The company clarified that it's not saying whether to buy a certain product or not, it's just trying to share which products meet the minimum security requirements (more details are available here).

We are Mozilla - not a consumer product review company - so we won't say "Buy this, don't buy that. Instead, we used our technical expertise to create a set of minimum security standards we think all products should meet in order to be sold in stores.

Those standards include using encryption, automatic security updates, requiring strong passwords, a system to manage vulnerabilities, and having an accessible privacy policy. 33 of the 70 products in our guide meet those minimum security standards.

The list includes a myriad of products, including smart speakers that are becoming ubiquitous, coffee makers, smartwatches, teddy bears (yep!), drones, tablets, baby monitors, and more.

Here are the products that received a yes or a no from Mozilla's tech experts.

SecureNot so secure
Sphero BB-8 Robot
Xbox OneBose QuietComfort 35 II
Nintendo Switch
Sphero Mini
Samsung Gear SportJabra Elite 65t Earbuds
Fitbit Charge 3 TrackerApple Airpods
Beeline Smart Bike CompassEvo Robot
Harry Potter Kano Coding Kit
Anova Precision Cooker Sous Vide
Philips Hue Smart Light KitGoogle Pixel Buds
Behmor Brewer Coffee Maker
WeMo Mini Smart Outlet
Athena Safety Wearable
Tile Mate
Mycroft Mark 1Garmin Vivosport
Roku Streaming PlayersGoogle Chromecast
Withings Body ScaleNest Learning Thermostat
Fitbit Versa WatchQuell 2.0 Wearable Pain Relief
Petnet SmartFeederWhistle 3 Smart Tracker
Philips Hue Smart Light KitPeloton Bike
Sonos OneSoundmoovz
Apple Watch 4Parker Teddy Bear
Apple iPadDot Creativity Kit
Amazon Kindle
Fitbit Ionic WatchTicWatch Pro
Petcube Play
Nest Hello Video Doorbell
Apple TVCue the Robot
Fitbit Aria 2 ScaleTractive GPS 3G Pet Tracker
Amazon Fire HD Kids EditionSky Viper Journey
Apple HomepodSmartThings Outlet
Google HomeDash the Robot
Amazon Echo & DotParrot Bebop 2
Amazon Fire TVDJI Spark Selfie Drone
Amazon Echo Show & Spot
Nest Cam Outdoor Security Camera
Petchatz HDAmazon Fire HD Tablet
Furbo Dog CameraHidrate Spark 2.0 Water Bottle
Amazon Cloud Cam Security CameraPetzi Treat Cam
Dobby Pocket Drone
Nest Cam Indoor Security Camera
CogniToys Dino

You can find the complete list over here. Click on any product to find the details of this basic security checkup; once inside the product page, you can also see the "creepiness" level of a product, but since that's based on user input, we would advise not to trust that particular metric and go with Mozilla's own results.

Share this story

Deal of the Day