Santa isn’t alone in keeping an eye on you this holiday season.
Nearly a third of the 151 popular connected gifts analyzed by the Mozilla Foundation as part of its annual “Privacy Not Included” shopping guide didn’t meet basic standards for digital security and privacy, the digital rights group said Tuesday.
A Facebook spokesperson declined to comment on the report, while officials for Amazon and NordicTrack didn’t respond to emails seeking comment.
In reaching their conclusions, Mozilla researchers analyzed product and app features, and combed through privacy policies. The team also asked manufacturers about their use of location tracking, data collection and other potentially privacy-infringing technologies. The researchers also accounted for each company’s track record in protecting consumer privacy.
“While gadgets may be getting smarter, they are also getting creepier and way more prone to security lapses and data leaks,” Jen Caltrider, lead researcher for the project, said in a statement.
Mozilla’s fifth annual report comes amid continued growth in consumer demand for connected devices ranging from smart speakers and video doorbells to data-tracking fitness equipment and robots, destined to become popular holiday gifts.
But those devices and services often collect their users’ personally identifiable information, which is often later sold to data brokers who use it for targeted advertising.
Not all of the products reviewed by the Mozilla team were privacy violators. A total of 22 products made Mozilla’s “Best Of” list for exceptional privacy and security practices. Apple took the title of “least creepy” of the big tech companies, because it promises not to share or sell consumer data. Garmin got props for protecting privacy in its smartwatches.
Consumers are still being asked to shoulder too much responsibility for protecting their privacy and security, Caltrider said, pointing to some companies that require people to track down complicated documents across several websites to even start getting an idea of how their data is used.
Mozilla singled out Facebook, which now calls itself Meta, as the “creepiest of the big tech companies.” The organization called out Facebook’s AI-powered Portal chat device as a particularly bad offender because it regularly sends data back to the company.
Meanwhile, Amazon’s Alexa digital assistant is seemingly everywhere, embedded in numerous products made not just by Amazon, but also by third-party companies. According to Mozilla, data is often collected by the Alexa-powered devices even if you ask them not to collect data, say, on your kids. Mozilla says there’s less oversight over Alexa Skills, which are voice-controlled apps and features created by third-party companies.
Smart home exercise equipment, which is designed to let consumers work out in the privacy of their homes rather than in a gym, also collects oodles of personal data that could be sold or shared.
Mozilla singled out the NordicTrack Treadmill. The company behind it reserves the right to sell your data and may collect data from brokers to target you with ads, Mozilla said. It may also call or text your phone number even if you’re on a do-not-call list,