Annual *Privacy Not Included holiday buyers’ guide reveals companies backsliding on privacy and security features, with children’s connected toys and gadgets among the worst offenders
Amazon and Microsoft stand out for all the wrong reasons this year, after agreeing to pay a combined $45 million to settle FTC lawsuits over alleged privacy violations
(SAN FRANCISCO, CA | NOVEMBER 15, 2023) -- They see you when you’re sleeping, they know when you’re awake: The season’s hottest connected tech gifts are lending Santa’s elves a lot of surveillance help this year, many of which are collecting and sharing more — and more intimate — personal data than ever before.
According to Mozilla’s 2023 *Privacy Not Included holiday buyers’ guide, children’s connected toys and apps — which collect and repurpose hoards of data — are among the worst in class. Products using Amazon’s Alexa, for example, got in trouble in 2023 for keeping and using children’s voice recordings for years. And Embodied Inc’s Black Mirror-esque AI Moxie Robot records and shares its “conversations” with kids with Google and ChatGPT-maker OpenAI.
Meanwhile, many companies that Mozilla researchers previously rated positively — including Sonos, Eufy, and Bose — have earned new privacy warning labels this year. Others that already carried warning labels, like Amazon, Samsung, Wyze and Microsoft XBox got even worse on data collection, use, sharing, and security. Wyze had serious security vulnerabilities that it was slow to respond to over the past couple of years, and Bose now says it can possibly sell data on users’ head movements while using headphones. FTC charges and fines against Amazon and Microsoft have confirmed researchers’ concerns about those products’ privacy violations, especially when it comes to children’s uses.
The 2023 holiday edition of *Privacy Not Included reviews over 150 popular tech products across six categories, including Smart Home, Toys & Games, and Wearables – like the Microsoft XBox, Sonos, Garmin Fitness Trackers, Apple Watches, Fitbit, Peloton Bikes, Amazon Ring, iRobot vacuums, Tile Trackers, Bose headphones, and the Tamagotchi Uni. Mozilla researchers spend an average of eight hours researching each product in the guide, which entails scouring companies’ track records, pouring over privacy policies and regulatory filings, and contacting each company with questions.
This year’s guide details how Microsoft and Amazon were both fined by the FTC for allegedly violating a children’s online privacy law. Microsoft will pay $20 million for allegedly collecting and retaining personal information from children who signed up to its XBox gaming system without notifying or getting consent from parents. And Amazon will pay $25 million over charges that it kept sensitive information it collected from children through Alexa’s voice recordings for years. Amazon allegedly disregarded parents’ deletion requests and sometimes used the data to train its own algorithm.
Says Jen Caltrider, lead researcher for *Privacy Not Included: “The privacy and security of our favorite apps and gadgets has gotten worse across the board, but especially among children’s products. The companies that are good at privacy do it by not collecting any data in the first place. Alexa, did you catch that?”
*Privacy Not Included is a buyers’ guide focused on privacy rather than price or performance. Launched in 2017, the guide has reviewed hundreds of products and apps. It arms shoppers with the information they need to choose gifts that protect the privacy of their friends and family, while also spurring the tech industry to do more to safeguard consumers.
The sheer number of connected products now on the market makes it harder for consumers to distinguish between those that handle their personal data with care and those that don’t.
Caltrider concluded: “All in all, if you're looking to give gifts that protect and respect the privacy of your loved ones this holiday season, maybe stick to good old-fashioned books.”
The privacy and security of our favorite apps and gadgets has gotten worse across the board, but especially among children’s products...if you're looking to give gifts that protect and respect the privacy of your loved ones this holiday season, maybe stick to good old-fashioned books.
Jen Caltrider, Mozilla
Additional findings from this year’s report:
Regulators are stepping up to protect consumers. The FTC has picked up the pace in holding companies accountable for terrible privacy and security practices. Amazon, Amazon Ring, Microsoft’s Xbox, and mental health app BetterHelp have all come under fire and been held accountable by the agency.
Tech advancements mean even more data collection and sharing. Wyze’s smart home app asks for permission to read text messages. Bose headphones can track people’s head movements and might be able to sell that data. Most at-home workout devices collect detailed activity data, but Lululemon Studio takes it a step farther: It can collect audio and video recordings of workouts.
North America | Helena Dea Bala, [email protected]
Europe | Tracy Kariuki, [email protected]