How to Use This Guide
Need help understanding how to use this guide? Here you go:
Our new Creep-O-Meter is for you to share your opinion. Read the review of the product, then rate how creepy or not creepy you think the product is and how likely you are to buy it. Click vote to see how your opinion stacks up to others.
Our Minimum Security Standards
Can it spy on me?
Just because a device has a camera, microphone, or tracks location doesn’t mean it will spy on you. It simply means it could and you should be aware of that. Also, many connected devices are controlled by apps on your phone. The apps often ask to use the phone’s camera, microphone or location tracking. Keep an eye on that, as some of the permissions the apps ask for might surprise you.
Encryption is your friend. It protects your private and personal information by scrambling it up into a code so that the only people or machines who can read it are the ones on the other end who have the key to unscramble that code. Products that don’t use encryption send personal information over the internet unscrambled so anyone can see it.
Shares information with third parties for unexpected reasons
Nearly every company collects some kind of information on its users. That’s how the internet works. It’s how they use and care for this information that matters. You should know whether a company shares or sells your personal information to others and for what reasons.
Change Default Password
Remembering passwords might be annoying, but having a good password is still one of the best lines of defense we have when it comes to protecting our privacy and security. It’s great when a password is required. But default passwords that are the same for all consumers and never change can be just as bad. You should be required to change a default password. Products with a default password that does not require changing can leave users’ personal information exposed.
Automatic security updates
Sometimes security vulnerabilities are found in products after they are sold to the public. For that reason, companies should have a way to quickly push a security update out to the product automatically so it fixes the security vulnerability without the consumer ever needing to worry about it.
Delete the data it stores on you
Companies collect a lot of data on their consumers. Who controls that data? Being able to contact a company and ask them to delete any data they have on you is a very good thing.
Parental controls on toys, tablets, smart speakers, and many other connected devices can be a very good way to protect the privacy and security of both young and old. Not all products need parental controls, but parents should look to see if they are an option for connected products they will buy and let their children use.
Company manages security vulnerabilities
Security vulnerabilities in products happen. It’s how companies manage them when they arise that matter. We looked at whether or not companies have a system in place to manage vulnerabilities in the product when they are found. This includes having a point of contact for reporting vulnerabilities or an equivalent bug bounty program.
What could happen if something goes wrong
It’s likely nothing bad will happen with most of the products in this guide. However, it’s also good to think through what could happen if something goes wrong. We lay out a potential worst-case scenario for each product, in some cases for fun and in some cases based on things that have already happened with the product.
When news breaks or we come across a relevant article about a product in this guide, we will share it in the updates section on each product page.
We love to hear your thoughts and feedback on the products in this guide. And others users might like to join you in a conversation about any experiences or concerns you’ve had with a product. Please join the conversation in the comment section at the bottom of each product page.
If you would like to read more about the research methodology we used to create this guide, here is a post our researchers wrote about that.
Why We Made This Guide
Welcome to version 2.0 of our *Privacy Not Included buyer’s guide. The goal is to help you shop smart—and safe—for products that connects to the internet.
Last year we made version 1.0 of this guide. We didn’t know if people would be interested in a guide about the privacy and security of connected toys and smart home products. Turns out, they were. And it wasn’t just people who were interested. We discovered companies were too. It seems both consumers and companies are starting to see the value in connected products that are safe, secure, and private.
We took the lessons learned last year and put them to work to build a better guide this year. What does that look like?
This guide is more opinionated.
There is a Creep-O-Meter.
We wanted users of this guide to be able to share their opinion too. It’s important companies, and other consumers, see which products people think are safe, and which products people feel are a bit creepy. So we created our Creep-O-Meter—a users rating on each product—to let folks give their opinion too. Try it out, it’s fun.
Bigger and better.
We added a few things this year. Our product list has grown to 70 connected products across six categories. Last year we answered the questions “Can it spy on me?” and “What does it know about me?”. This year we added “Can I control it?” and “Does the company show it cares about consumers?” to that list. Hopefully the information provided in each product review will help people shop smart for connected products.
We hope you use and enjoy this guide to help you think about, shop for, and buy products that show they value privacy and security. We as consumers need to demand that value from the people who build our products. It’s how we’ll start to make the internet, and our lives, a bit safer in this digital world.
The Team at Mozilla
For any questions about the guide or to offer constructive feedback, please email email@example.com