Moxie Robot

Moxie Robot

Review date: Nov. 1, 2023

|
|

Mozilla says

|
People voted: Somewhat creepy

Moxie Robot, the learning robot with heart, is an AI-powered robot that talks to and teaches your kid. It sounds like something out of a sci-fi movie! We just can’t decide whether the genre of that movie would be comedy or horror. Moxie’s super expressive and adorable screen face is supposed to comfort your kid. Its conversations and programmed activities apparently don’t just entertain your child but can help them with emotional regulation, boost their confidence, and support their overall development. Amazing! But to do that, your kid's new “supportive friend” has to record what your child says and does and share that with the likes of Google and OpenAI. Yeah, it's kinda creepy.

What could happen if something goes wrong?

Welp, here we are. We've officially entered the world of AI chatbot robots for kids marketed to help build emotional intelligence, health habits, and strong relationships. Embodied, the makers of Moxie, claim is endless compassion and unlimited patience for your small child. That's all cool...anything to helps kids grow up to be outstanding people is nice. But is an AI chatbot robot with AI driven by OpenAI, the makers of ChatGPT, the best way to teach your kids that. Especially since Embodied also tells parents in their privacy policy to, "Please help us protect your children’s privacy by teaching your child to never provide personal information without your permission." We're not sure how an AI robot teaches emotional intelligence and strong relationships when the kids aren't supposed to share any personal information? Also, is it realistic to expect a child to understand the concept of never providing personal information to their robot friend? We're not quite about that expectation from Moxie's makers.

When its LED bar is blue, Moxie is listening. And, hey, just because Moxie the magical robot is almost the exact premise of a horror movie released last year, that doesn’t necessarily mean it’s a scary technology! The makers of Moxie do take extra care to keep images and recordings of your child private, that’s good. But when it comes to your kid’s activities and chat transcripts with Moxie? Well, we hope what they’re doing to protect those is good enough too.

Video recordings and images of your child don’t leave Moxie, but data from them do. Embodied, Inc’s privacy policy says that once they are transformed into “Facial Expression Datapoints” and “User Image Datapoints” locally that the originals are automatically deleted. Embodied says they keep that information but not which user they belong to.

Recordings of your youngster’s little voice that Moxie “hears” are handled differently. Buckle up because there’s a few steps. The audio recording is sent to Google Cloud STT (Speech-to-Text) where it’s transcribed (and becomes “Audio Transcript Data”) and sent back to Moxie. Moxie tries to come up with an answer based on Embodied’s language processor. If it doesn’t know what to say, then some of that transcript can be sent to OpenAI – who apparently always has an answer. Then OpenAI’s answer is “filtered” by Embodied before Moxie says that response to your child. Now, Embodied says that neither Google or OpenAI stores any of that information, but also suggests that you read both privacy policies to learn how your personal information is treated by those companies. Hmm. That worries us a bit because OpenAI, the company behind ChatGPT, doesn't have the best track record for data privacy.

Like other household robots, you can bring Moxie in and out of standby mode with magic words, “Hello Moxie” or “Moxie, please wake up” and “Moxie please go to sleep” to end the interaction. When Moxie is listening, “anyone in range of the video or audio recording capabilities of Moxie may be recorded, including your child, members of your family or others in the home at the time the robot is recording.” That could make for an awkward conversation if Moxie rolls in while you’re gossiping with the neighbor. Especially since kids don’t always remember to put their toys away when they’re done playing. It's worth having a glance at Moxie’s LED bar – lavender means standby (not recording).

Besides what your child (or anyone else) says to Moxie, Embodied can also collect information about how your kiddo interacts with their new robot friend–like whether they hug Moxie (Moxie Interaction Data), what games they play together (Activity Data), and what Embodied interprets all that to mean about your child’s development (Insight Data). All that information is stored together (except for Activity Data), anonymously in the cloud. We should remind you now that cloud storage does come with a certain degree of risk and that anonymized data can be easy to re-identify. Especially, we would think, depending on what your child tells Moxie about their home and life. (In this demo one of the first questions Moxie asks is, “where is ‘here’?” And in this testimonial, Moxie is compared to an "interactive journal.") And remember, according to Embodied it’s actually on you, the parent, to make sure that your child “never provide[s] personal information [to Moxie] without your permission.” Oof. As someone who has talked to a child before, I can tell you that would be a tall order. To be fair, it seems like Embodied mostly uses that information to help Moxie interact with your child and report on their progress to you. Still, they do have access. And Moxie’s privacy policy says it can also be analyzed by their AI platform and used to “improve the AI.”

Moxie also collects account information about the little mentors and their parents through their Parent App which walks you through the “parental verification process” with a third party called PRIVO. It’s a way of making sure that children have their parents’ permission before they gab it up with their bionic buddy. That’s the law in the US for apps that collect information from kids (COPPA). Moxie is compliant with it. That’s also where parents will find the secret keys– the recovery key and Analytics User ID– they need to access or delete information linked to their little one. Through the app, you can technically take back your consent for Embodied to collect your child’s data through Moxie, but that means it’s lights out for Moxie, who would be “render[ed] inoperable” by this. Not much of a choice given that $800 (on sale) is a heck-of-a-lot for an analog toy. This consent to share data thing actually worries us a good bit.

There’s much to consider with Moxie. Can a five-year-old consent to having their conversations with their friend recorded and analyzed? Can you trust the OpenAI, the artificial intelligence that is the driving force behind Moxie’s personality? Sidenote: we were keen to learn more about that, but the page FAQ: Artificial Intelligence and Moxie is blank. The moral questions with Moxie make us wistful for a simpler time for toys, where the “talking” Teddy Ruxpin was cutting edge. Then again, his box didn’t promise to decrease your child’s anxiety in social settings or improve their emotional intelligence. Those are really good things! So if you do accept all that, then the worst thing that could happen is that your child confides in Moxie and then that transcript is exposed and re-identified, revealing to the world your big secret: that you've been passing off grocery store cookies as homemade... Or maybe something even more personal than that? We sure hope that isn’t likely since Embodied seems to have some serious cybersecurity measures in place. Still, their privacy policy also warns, "While Embodied works hard to protect your information, no security method is 100% secure. Thus, Embodied cannot guarantee that the security methods and/or precautions we take are failure proof.
" Yeah, we have to say that this little AI chat robot for little children is kinda creepy. We were really on the fence about giving Moxie our *Privacy Not Included warning label. We decided to err on the side of caution and not give it that, but it was REALLY close. We do think parents should be very careful with Moxie if the care about their prvacy and their child's privacy at all.

Tips to protect yourself

- Ask your child to never say sensitive information to Moxie as it is shared with OpenAI
- Check the Safety Usage instructions from Moxie
- Opt your child out of as much personal data collection as possible
- Turn the microphone off when you do not need it
- Do not sign up with third-party accounts. Better just log in with email and strong password.
- Chose a strong password! You may use a password control tool like 1Password, KeePass etc
- Use your device privacy controls to limit access to your personal information via app (do not give access to your camera, microphone, images, location unless neccessary)
- Keep your app regularly updated
- Limit ad tracking via your device (eg on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization)
- Request your data be deleted once you stop using the app. Simply deleting an app from your device usually does not erase your personal data.

  • mobile

Can it snoop on me? information

Camera

Device: Yes

App: No

Microphone

Device: Yes

App: No

Tracks location

Device: Yes

App: Yes

What can be used to sign up?

What data does the company collect?

How does the company use this data?

Please note, we were really on the fence if Moxie and Embodied's use of data should earn this privacy ding. We probably could have dinged them here but decide to err on the side of caution and keep a close eye on them. Just please, be careful.

Moxie Privacy policy

"Data will be automatically recorded by Moxie in the form of video files and audio files and is linked to the AUID. Anyone in range of the video or audio recording capabilities of Moxie may be recorded, including your child, members of your family or others in the home at the time the robot is recording."

"You can opt-out of parental consent to Embodied’s data collection practices at any time although this may mean that some of the Embodied Services will not be operational. If you opt-out of the data collection practices, Moxie will become non-operational because Moxie's operation relies on audio and video data processing."

"Moxie shares voice data with Google to 1) perform speech recognition of your child’s voice and 2) as our cloud-based storage provider."

"Embodied shares some Audio Transcript Data with our third-party natural language processor (NLP), OpenAI. You can read more about how OpenAI uses your personal information here: https://openai.com/privacy/"

"In operational mode, Moxie collects Audio Data and Video Data utilizing its camera, microphones, and sensors."

"Parental Access to Information
Even after the parent or guardian has provided Embodied consent to collect and user her Child’s personal information, the parent or guardian can 1) review, correct and/or delete the Child’s personal information and/or 2) stop collection or use of the Child’s personal information. To do so, please send your request to the following address at Embodied or email us at [email protected]. Please note: Parents must be using the Parent App or have the recovery key for Embodied to respond to certain requests related to Moxie data. Be sure to include your email address and/or contact information. We will let you know what additional information we require to verify that you are a parent."

"Embodied strives to protect the information provided to and/or collected by us when you use the Embodied Services through commercially reasonable administrative, technical, and organizational safeguards. While Embodied works hard to protect your information, no security method is 100% secure. Thus, Embodied cannot guarantee that the security methods and/or precautions we take are failure proof.
"

"The Parent App collects information from you to serve your needs, communicate with you, manage our content, allow you to track your child’s progress in meeting developmental goals you set, and improve Embodied Services and products."

"The Parent App utilizes Privacy Vaults Online (“PRIVO”) to verify your identity and also to confirm that you have provided verifiable parental consent pursuant to COPPA. To do that you must share certain information with PRIVO. You may learn more about PRIVO’s privacy policy at https://www.privo.com/privo-privacy-policy. Embodied does not receive the information you provided to PRIVO for identity verification but is notified that you have provided verifiable parental consent. "

"Moxie shares voice data with Google to 1) perform speech recognition of your child’s voice and 2) as our cloud-based storage provider. You can read more about how Google uses your personal information here: https://policies.google.com/privacy."

"Embodied shares some Audio Transcript Data with our third-party natural language processor (NLP), OpenAI. You can read more about how OpenAI uses your personal information here: https://openai.com/privacy/. "

"The Parent App and Moxie do not allow links to social networks. The Parent App and Moxie do not share personal information with third parties for marketing purposes."

"...we may share your personal information to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful requests for information we receive, or to otherwise protect our rights, the rights of parents and children using Moxie or other third 
parties. "

"Advertising or Targeting Cookies - We may use first-party or third-party cookies and web beacons to deliver content, including ads relevant to your interests, on our eCommerce Site or on third party sites. This includes using technologies to understand the usefulness to you of the advertisements and content that has been delivered to you, such as whether you have clicked on an advertisement or searched for our products, services or company."

"Embodied will be selling MOXIE on Amazon (via a site on Amazon for Embodied – https://www.amazon.com/dp/B0C1M76VR9?ref=myi_title_dp) (“Amazon’s Embodied Site”). On Amazon’s Embodied Site, Amazon collects your Amazon.com login information, personal contact information, and shipping information. More specifically, Amazon collects contact information, billing information, and shipping information. Amazon only provides Embodied with your shipping information, the product(s) purchased and your name. "

California CCPA Privacy Rights

"Do Not Sell: Subject to certain exceptions, California residents have the right to opt out of the "sale" of their personal information. We do not sell personal information of children or information collected from our Parent App to third parties for their advertising or marketing purposes. We do not monetize the information you provide; however, we work with third party advertisers on our eCommerce site to provide relevant advertising, which may be considered a “sale.” Please review our Cookie Policy below for information on third parties we work with. To exercise your Do Not Sell rights, please contact Embodied at (855) 945-3411 or [email protected]. Only the eCommerce Site includes marketing and remarketing cookies. The Parent App, the Moxie and the G.R.L. Site do not utilize these cookies."

Do not sell or share my personal information page on Moxie
"As described in our Privacy Policy, we collect information on our websites, and, if available, our mobile apps, and share that information with third parties, including advertising partners, in order to show you ads on other websites that are more relevant to your interests, including ads that promote our products and services and those of other Shopify merchants. We may do this through the sharing of personal information we collect when you visit our websites, and, if applicable, our mobile apps, and through cookies and similar technologies. These activities may be considered a “sale” or “sharing” of your personal information under certain U.S. state privacy laws. Depending on where you are, you may have the right to opt out of these activities."

How can you control your data?

We ding this product for forcing users into 'consent' to allow Embodied to collect their child’s data through Moxie, as otherwise Moxie is 'inoperable'.

Privacy Policy

"A parent may also revoke consent in the Parent App to allow Embodied to collect their child’s data through Moxie but this will render Moxie inoperable.

"You can opt-out of parental consent to Embodied’s data collection practices at any time although this may mean that some of the Embodied Services will not be operational. If you opt-out of the data collection practices, Moxie will become non-operational because Moxie's operation relies on audio and video data processing."

A parent may deactivate the parent account in the Parent App. When you delete or deactivate the parent account, you and your child’s personal information is deleted. The aggregated, anonymized data collected when Moxie is operational is not deleted."

Customers can deactivate their account which erases all account data in the Moxie Robot app.

Children's Privacy Policy

"Please help us protect your children’s privacy by teaching your child to never provide personal information without your permission."

"Even after the parent or guardian has provided Embodied consent to collect and user her Child’s personal information, the parent or guardian can 1) review, correct and/or delete the Child’s personal information and/or 2) stop collection or use of the Child’s personal information. To do so, please send your request to the following address at Embodied or email us at [email protected]. Please note: Parents must be using the Parent App or have the recovery key for Embodied to respond to certain requests related to Moxie data. Be sure to include your email address and/or contact information. We will let you know what additional information we require to verify that you are a parent."

What is the company’s known track record of protecting users’ data?

Average

While Moxie has not been caught in data breaches, OpenAI, with which Moxie shares data, was accused of string of data protection breaches in August 2023.

Child Privacy Information

"Please help us protect your children’s privacy by teaching your child to never provide personal information without your permission."

"Moxie was designed with the help of child development experts to support the emotional and social development of children ages 5 - 10. Corporate information about Embodied, our online store, more information about Moxie and our AI, are available at moxierobot.com. Parents and purchasers must be 18 or older to shop online or register through the Parent App."

Note: We noticed the link from Moxie's privacy policy to their Children's Privacy Statement was broken at the time of this review in November, 2023.

Can this product be used offline?

No

User-friendly privacy information?

No

Uhg, Moxie requires lots of privacy policy reading if you want to be certainly you understand where all your data is going. This includes perusing Moxie's privacy policies, as well as OpenAI's and Google's privacy info. Happy reading parents!

Links to privacy information

Does this product meet our Minimum Security Standards? information

Yes

Encryption

Yes

All data with PII is encrypted (ARGON2ID13 for the symmetric key and xchacha20poly1305) and only the parent/guardian has the encryption key. For the android disk encryption: 128 Advanced Encryption Standard (AES) with cipher-block †gchaining (CBC) and ESSIV:SHA256. The master key is encrypted with 128-bit AES via calls to the OpenSSL library. Also our secure boot chain uses a 2048-bit RSA key for the bootloader, and 4096-bit RSA for the OS. All data is encrypted on the wire using TLS/SSL. Data at rest in the data center is encrypted with AES.

Strong password

N/A

Access to the email used to register is required for login. The user can click the link or enter the code sent via email to login. Users are also provided with a recovery key which they are prompted to save in order to recover data if necessary. Only the user knows and can access the recovery key.

Security updates

Yes

Manages vulnerabilities

Yes

Researchers or users can report security issues to [email protected].

Privacy policy

Yes

Does the product use AI? information

Yes

Is this AI untrustworthy?

Can’t Determine

What kind of decisions does the AI make about you or for you?

AI is utilized to determine how Moxie will respond to a user’s conversation. In addition, AI may be utilized to set a schedule of recommended activities that the user can engage in (e.g., reading, dancing, talking about animals, doing breathing exercises).

Is the company transparent about how the AI works?

Can’t Determine

Moxie connects to Google and OpenAI's ChatGPT functionality to provide AI.

Does the user have control over the AI features?

No

*privacy not included

Dive Deeper

  • ChatGPT-maker OpenAI accused of string of data protection breaches in GDPR complaint filed by privacy researcher
    TechCrunch
  • Meet Moxie, a robot friend designed for children
    CNN
  • Playing and Learning With Moxie, the AI-Based Robot for Kids
    PC Magazine

Comments

Got a comment? Let us hear it.