For many, the start of a new year is a time for kicking old habits and making room for new ones. It’s also a popular time for giving and receiving tech gifts that empower these habits and hobbies, from Google Home to Fitbit.

In Mozilla’s *Privacy Not Included buyer’s guide, security researchers pored through the privacy and security practices of over 70 popular smart devices you may have scored this season. In short, they read the terms and conditions for you! Read on for what you actually need to know.

While the majority met Mozilla’s Minimum Security Standards (meaning the product manufacturers met the baseline for securing their devices against hackers and other bad actors), some companies are still falling short on protecting user privacy. In other words: a stranger might have a hard time hacking your Apple device, for example, but did you know that Apple contractors can review your Siri voice recordings without your knowledge? As The Guardian reported, it’s entirely possible.

If you connect a device to the internet, by nature it becomes vulnerable to hackers. Below are 3 basic steps you should take now to add an extra layer of protection, from activating two-factor authentication to deleting your data history that many products don’t need to function properly, anyway.

  1. Turn on two-factor authentication (2FA)

Though virtually every smart device, app and account now offers two-factor authentication, many people still don’t recognize its importance in thwarting hackers (and therefore don’t turn it on). 2FA is an extra layer of protection beyond your password, and it takes just minutes to set up. After a Mississippi family made headlines after falling victim to a super creepy Ring security camera hack, 2FA seems more important than ever. Turn it on now for that new gaming console/smart camera/home assistant you just unboxed. (Go ahead, we’ll wait.)

Instructions on setting up 2FA on Ring

2) Treat your smart device like a lover with a cheating past

Okay, so you’ve turned on 2FA, and now you even know what the acronym stands for. Amazing! Are your web-connected devices totally in the clear then? Can you trust your spy cams to spy on the bad guys and not on you?

Here’s some tough love from your friendly neighborhood nonprofit tech company: Even when smart device makers do a good job securing user data to ensure it doesn’t get in the “wrong” hands, there is no telling what they do with that data themselves. For some products, it’s like being asked to trust a lover after he was caught cheating on you. Or, more specifically, if you’re a multibillion-dollar company named Facebook with a terrible track record when it comes to protecting users’ privacy who now wants to sell you an AI-powered smart camera with an always-listening microphone in your home.

Alas, if Facebook Portal still proves irresistible, at least consider opting out of having your voice data and video recordings stored.

Do you use Amazon Alexa, Google Home or Apple Siri? Learn how to opt out of human review of your voice assistant recordings.


3) Don’t kid yourself

As large tech companies like Apple, Google and Amazon expand their smart home ecosystems, putting devices in our apartments, on our bodies, and tracking our trips to the grocery store, the trove of personal data they have on each of us grows (and grows). Unfortunately, policies and enforcement haven’t quite caught up with the rapid growth of smart devices, especially when it comes to enforcing privacy laws that protect minors. For instance, Amazon Ring, which makes a range of web-connected monitoring gadgets from video doorbells to security cams, say they don’t track children. In practice, however, there’s no way to enforce this.

On the fitness tracking front, companies are also extending their reach to much younger customers, like the Ace 2 for kids aged 6 and up. While some device makers have specific parameters around what data they collect from children (see Fitbit’s privacy policy for children’s accounts for example), the gray area gets murky when kids use web-connected products intended for adults.

Tweet: Care about kids and tech? You might like this short film by Mozilla's own @remixmanifesto on the complex nature of tech in the lives of families. https://vimeo.com/245992513

When it comes to keeping kids’ private lives offline, it’s up to parents to take certain precautions, especially when a smart device is present at home. (Consider deleting data history from smart voice assistants as mentioned above, or even setting up regular reminders to delete health info from your child’s fitness tracker.)

Ultimately, Mozilla argues that the responsibility of keeping internet-connect gadgets secure should fall on the companies that make them. But until manufacturers heed Mozilla’s call to protect and prioritize users, adding protection like two-factor authentication yourself and treating web-connected devices with a healthy dose of skepticism would benefit all digital citizens as we build new habits for the coming decade.

Related content