How to Use This Guide
Need help understanding how to use this guide? Here you go:
If you don’t find the product you are looking for, search to see if we reviewed any other products made by that company. Often, criteria will match from one product to another from the same company. We simply don’t have time to review all the connected products out there.
*Privacy Not Included Warning Label
Our *Privacy Not Included buyer’s guide now comes with *Privacy Not Included warning labels on products we think consumers should think twice about before buying. It’s no small thing to assign such a label to a product, so we set ourselves some strict standards. If we can’t confirm a product meets our Minimum Security Standards, it automatically earned the *Privacy Not Included label, as we feel those standards are the minimum a product should meet to be on the market. We also look at how a company uses the data the product collects on you, how you can control the data the company collects, and what the company’s known track record is over the past two years for protecting their users’ data. How a company performed on these criteria determined if we assigned them the warning label. You will see little mini-warnings in our review section of the guide to help you understand what our concerns are.
What could happen if something goes wrong
It’s likely nothing bad will happen with most of the products in this guide. However, it’s also good to think through what could happen if something goes wrong. We explain what concerns users should have about the product and often lay out a potential worst-case scenario—in some cases for fun and in some cases based on things that have already happened.
Our Creep-O-Meter is for you to share your opinion. Read the review of the product, then rate how creepy or not creepy you think the product is. Click vote to see how your opinion stacks up with others.
Can it snoop on me?
Just because a device has a camera, microphone, or tracks location doesn’t mean it will snoop on you. It simply means it could and you should be aware of that. Also, many connected devices are controlled by apps on your phone. The apps often ask to use the phone’s camera, microphone or location tracking. Keep an eye on that, as some of the permissions the apps ask for might surprise you.
What is required to sign up?
To use a product do you need to give up your email address, your phone number, or sign in through a third party such as a social media account like Facebook? This is good to know ahead of time so you’re aware of what you’ll need to use the product.
What data does this product collect?
Connected devices collect information on their users. We look at what personal, biometric, and social data a product is likely to collect on you when you use it. Knowing what sorts of personal information you’ll need to give up to use a product is useful to help understand just how much a company could be learning about you. The more information you give up, the better they may know you. Personal data includes things like name, email address, phone number, gender, age, and date of birth. Biometric data includes things like voice recordings, fingerprint, facial recognition, height, weight, heart rate, sleep data, menstrual cycles, and blood oxygen levels. Social data includes things like your contacts and friends or connections you have through a platform, like gamer friends through a gaming console or connections you have through a fitness app.
A note on biometric data. Your voice, heart rate, activity levels, stress levels, sleep patterns, menstrual cycles, even your fingerprint and facial features are some of the most intimate, sensitive data devices can collect on you. You should be aware if a device collects this data and how that data is used after it is collected.
How does it use this data?
Nearly every company collects some kind of information on its users. That’s how the internet works. It’s how they use and care for this information that matters. You should know whether a company shares or sells your personal information to others and for what reasons. This criteria is one of the criteria we use to determine if a product receives our *Privacy Not Included warning label. Companies that share or sell your data to third parties received a mini-warning label.
How can you control your data?
Companies collect a lot of data on their consumers. Who controls that data? Being able to contact a company and ask them to delete any data they have on you is a very good thing.
What is the company’s known track record of protecting users’ data?
It’s one thing for a company to say they care about their users’ privacy. It’s another thing to show. We looked at the track records of all the companies in the guide dating back to January, 2018 to see if they had known data breaches, security vulnerabilities, or other public privacy missteps. We found concerns ranging from small—an employee accidentally replying to all in an email exposing users email addresses—to large—corporate espionage and data breaches involving millions of users’ data. This criteria is one of the criteria we use to determine if a product receives our *Privacy Not Included warning label. Companies that had multiple or large privacy or security breaches received a mini-warning label.
Can this product be used offline?
Does every product really need to be connected to the internet to work? What happens if the internet goes out or you just want to use that smart scale as a scale? Some *Privacy Not Included users reached out to us over the past couple of years and asked us to include this in our guide. We aim to please!
User friendly privacy info?
Privacy information should be clear, readable, and communicate basic information to consumers about what happens to their data. Privacy policies are often written more for lawyers than consumers. That’s why it’s nice to see more and more companies creating consumer-friendly privacy pages to outline how they handle your personal information and the data they collected on their users. We hope to see this trend continue.
Our Minimum Security Standards
Encryption is your friend. It protects your private and personal information by scrambling it up into a code so that the only people or machines who can read it are the ones on the other end who have the key to unscramble that code. Products that don’t use encryption send personal information over the internet unscrambled so anyone can see it.
Sometimes security vulnerabilities are found in products after they are sold to the public. For that reason, companies should have a way to quickly push a security update out to the product automatically so it fixes the security vulnerability without the consumer ever needing to worry about it.
Remembering passwords might be annoying, but having a good password is still one of the best lines of defense we have when it comes to protecting our privacy and security. It’s great when a password is required. But default passwords that are the same for all consumers and never change can be just as bad. You should be required to change the default password to a strong password. Products with a default password that does not require changing can leave users’ personal information exposed.
Security vulnerabilities in products happen. It’s how companies manage them when they arise that matter. We looked at whether or not companies have a system in place to manage vulnerabilities in the product when they are found. This includes having a point of contact for reporting vulnerabilities or an equivalent bug bounty program.
Privacy policies detail a lot of important information about how companies collect, use, and share your personal information. Because of that, this information should be easily found and easily understood.
Does the product use AI?
More and more products use artificial intelligence these days. It’s not just smart speakers and facial recognition in security cameras either. It’s AI in dog toys and fitness trackers and connected workout equipment. For our reviews, we defined AI as: “Changes are made to the product’s technology continually based on your user data.” What does all this mean for consumers? We’re just starting to understand. However, most consumers don’t know when AI is being used or how it may affect their experience. We believe companies should provide this information to consumers as AI-enabled products become more prevalent.
Does the AI use your personal data to make decisions about you?
We think consumers should know if a product uses their personal data to make decisions for or about them.
Does the company allow users to see how the AI works?
One of the biggest issues surrounding artificial intelligence in our consumer products is having access to essential information about how AI-enabled features work. For example, what data does it collect and how does it use that information to make decisions for or about you. Knowing how it works lets users evaluate if there may be a chance of bias or ethical implications they should consider before using a product driven by AI.
When news breaks or we come across a relevant article about a product in this guide, we will share it in the updates section on each product page.
We love to hear your thoughts and feedback on the products in this guide. And other users might like to join you in a conversation about any experiences or concerns you’ve had with a product. Please join the conversation in the comment section at the bottom of each product page.
If you would like to read more about the research methodology we used to create this guide, please check out our methodology section.