Moxie Robot, the learning robot with heart, is an AI-powered robot that talks to and teaches your kid. It sounds like something out of a sci-fi movie! We just can’t decide whether the genre of that movie would be comedy or horror. Moxie’s super expressive and adorable screen face is supposed to comfort your kid. Its conversations and programmed activities apparently don’t just entertain your child but can help them with emotional regulation, boost their confidence, and support their overall development. Amazing! But to do that, your kid's new “supportive friend” has to record what your child says and does and share that with the likes of Google and OpenAI. Yeah, it's kinda creepy.
What could happen if something goes wrong?
When its LED bar is blue, Moxie is listening. And, hey, just because Moxie the magical robot is almost the exact premise of a horror movie released last year, that doesn’t necessarily mean it’s a scary technology! The makers of Moxie do take extra care to keep images and recordings of your child private, that’s good. But when it comes to your kid’s activities and chat transcripts with Moxie? Well, we hope what they’re doing to protect those is good enough too.
Recordings of your youngster’s little voice that Moxie “hears” are handled differently. Buckle up because there’s a few steps. The audio recording is sent to Google Cloud STT (Speech-to-Text) where it’s transcribed (and becomes “Audio Transcript Data”) and sent back to Moxie. Moxie tries to come up with an answer based on Embodied’s language processor. If it doesn’t know what to say, then some of that transcript can be sent to OpenAI – who apparently always has an answer. Then OpenAI’s answer is “filtered” by Embodied before Moxie says that response to your child. Now, Embodied says that neither Google or OpenAI stores any of that information, but also suggests that you read both privacy policies to learn how your personal information is treated by those companies. Hmm. That worries us a bit because OpenAI, the company behind ChatGPT, doesn't have the best track record for data privacy.
Like other household robots, you can bring Moxie in and out of standby mode with magic words, “Hello Moxie” or “Moxie, please wake up” and “Moxie please go to sleep” to end the interaction. When Moxie is listening, “anyone in range of the video or audio recording capabilities of Moxie may be recorded, including your child, members of your family or others in the home at the time the robot is recording.” That could make for an awkward conversation if Moxie rolls in while you’re gossiping with the neighbor. Especially since kids don’t always remember to put their toys away when they’re done playing. It's worth having a glance at Moxie’s LED bar – lavender means standby (not recording).
Moxie also collects account information about the little mentors and their parents through their Parent App which walks you through the “parental verification process” with a third party called PRIVO. It’s a way of making sure that children have their parents’ permission before they gab it up with their bionic buddy. That’s the law in the US for apps that collect information from kids (COPPA). Moxie is compliant with it. That’s also where parents will find the secret keys– the recovery key and Analytics User ID– they need to access or delete information linked to their little one. Through the app, you can technically take back your consent for Embodied to collect your child’s data through Moxie, but that means it’s lights out for Moxie, who would be “render[ed] inoperable” by this. Not much of a choice given that $800 (on sale) is a heck-of-a-lot for an analog toy. This consent to share data thing actually worries us a good bit.
Tips to protect yourself
- Ask your child to never say sensitive information to Moxie as it is shared with OpenAI
- Check the Safety Usage instructions from Moxie
- Opt your child out of as much personal data collection as possible
- Turn the microphone off when you do not need it
- Do not sign up with third-party accounts. Better just log in with email and strong password.
- Chose a strong password! You may use a password control tool like 1Password, KeePass etc
- Use your device privacy controls to limit access to your personal information via app (do not give access to your camera, microphone, images, location unless neccessary)
- Keep your app regularly updated
- Limit ad tracking via your device (eg on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization)
- Request your data be deleted once you stop using the app. Simply deleting an app from your device usually does not erase your personal data.
What can be used to sign up?
What data does the company collect?
"Parent’s name and email address, and child’s first name and birth date. Primary User Images, Activity Data, Moxie Interaction Data, Insight Data; Activity Data, such as how long children are using Moxie, if children read a book with the robot, how many missions the children have completed with Moxie, badges and trophies earned, and other information to help parent’s track a child’s general activities and progress; Whether and where other objects or persons may be located in a room (collected through Moxie’s camera); Sensor and telemetry data from Moxie"
Audio Data and Audio Transcript Data, Video Data, Facial Expression Datapoints, Child's image datapoints
How does the company use this data?
How can you control your data?
What is the company’s known track record of protecting users’ data?
While Moxie has not been caught in data breaches, OpenAI, with which Moxie shares data, was accused of string of data protection breaches in August 2023.
Child Privacy Information
Can this product be used offline?
User-friendly privacy information?
Links to privacy information
Does this product meet our Minimum Security Standards?
All data with PII is encrypted (ARGON2ID13 for the symmetric key and xchacha20poly1305) and only the parent/guardian has the encryption key. For the android disk encryption: 128 Advanced Encryption Standard (AES) with cipher-block †gchaining (CBC) and ESSIV:SHA256. The master key is encrypted with 128-bit AES via calls to the OpenSSL library. Also our secure boot chain uses a 2048-bit RSA key for the bootloader, and 4096-bit RSA for the OS. All data is encrypted on the wire using TLS/SSL. Data at rest in the data center is encrypted with AES.
Access to the email used to register is required for login. The user can click the link or enter the code sent via email to login. Users are also provided with a recovery key which they are prompted to save in order to recover data if necessary. Only the user knows and can access the recovery key.
Researchers or users can report security issues to [email protected].
Is this AI untrustworthy?
What kind of decisions does the AI make about you or for you?
AI is utilized to determine how Moxie will respond to a user’s conversation. In addition, AI may be utilized to set a schedule of recommended activities that the user can engage in (e.g., reading, dancing, talking about animals, doing breathing exercises).
Is the company transparent about how the AI works?
Does the user have control over the AI features?
Got a comment? Let us hear it.