PS5

Warning: *Privacy Not Included with this product

Entertainment Holiday Guide 2023 Toys & Games Gaming Platforms

PS5

Sony
Wi-Fi Bluetooth

Review date: Nov. 1, 2023

|
Mozilla researched 8 hours
|

Mozilla says

|
People voted: Somewhat creepy

Sony's PS5 is finally easier to get your hands on than it has been in recent years, so this may be your moment to play "without limits," as they say. Especially as old trusty (or big clunky, as original PS5 owners can relate) will soon earn vintage status since Sony’s releasing a lighter version -- which has already earned the nickname “Slim” -- just in time for the holidays. But whether you go with the classic console or its slimmed down successor, one thing’s for sure: its beefed up power and high-quality output makes games like God of War, Horizon Forbidden West, and the brand new Spiderman 2, fast and beautiful. If only your trusty PS5 were better at privacy. Ah well, here's to a web slingin' good time and hoping your Sony doesn't overshare your personal information.

What could happen if something goes wrong?

Not gonna lie, this privacy researcher loves her PS5. I also recognize it collects and shares lots of information on me. Things like name, email, phone number, location, and lots and lots of device information and info on how much I game (not that much, really, I’m too busy reading privacy policies), when I game, how good I am at gaming (pretty terrible, actually). Sony knows what obstacles I jump in a game, what levels I reach, who I play against, how many times I die, and more. Am I worried Sony knows I’m terrible at racing games, while kinda obsessed with Kassandra from Assassins Creed Odyssey? No, not really. But maybe it’s hard for me to get worked up about the privacy of my gaming history knowing that cars can collect information about my heartbeat, fingerprints, and sex life. Anyhoo!

Sony does say in their privacy policy they can collect information from third parties and combine that with data they already have on you. Fortunately, they lay out who those third parties generally are and for what purposes, so that’s nice. We sure hope they aren’t collecting any data on you from data brokers. But they can collect data on you from others users you are linked to and from any social media you link, so be mindful of that.

Sony says they can use all the information they collect on you for things like targeted marketing and advertisements they show on their own and third-party websites and services. This isn’t great. It’s also not uncommon in our data economy right now. Also remember, when you play games from other companies on the platform, you may share your data with those third parties and their privacy policies would apply to your personal information. So many freakin’ privacy policies to just play games.

And Sony says they can share your information not just with third parties for advertising purposes, but also within the huge Sony Group -- which includes music, videos, software, and much more -- “so that other Sony group companies may contact you about products, services or other offerings that may be of interest to you.” So yeah, all that data about how bad you are at video games and who you like to play games with could be shared around pretty far and wide.

Also with the PS5, Sony now records all voice chats in order to combat abuse during online gaming. Users experiencing abuse can submit recordings--no more than 40 seconds--of abusive voice interactions to Sony for review. There will be no way to opt out of this. And Sony reserves the right to monitor and record everything else you do too on the Playstation Network and potentially remove any of that content. This tug-of-war between privacy and safety feels mostly fine to us, because something needs to be done about abuse in online gaming, especially abuse targeting women gamers. Just know, if you use the voice chat features on the new PS5 you are being recorded, although not actively listened to by Sony, at all times.

What’s the worst that could happen with your PS5? Well, it’s always smart to set up two-factor authentication to keep bad people from sneaking into your PlayStation account and buying a bunch of games at your expense. That could be costly and you don’t want that headache. And it’s good to be mindful all your voice chats are being recorded, so probably good to not shout out your social security number over voice chat (duh). All in all though, it seems from this gamer’s perspective the biggest privacy worry comes when non-male gamers try to talk over voice chat and get harassed out of the games by immature people. That really does need to stop.

Tips to protect yourself

  • Set up two-factor authentication on your Playstation account immediately
  • Adjust your privacy settings
  • Be aware that anything said over microphone is being recorded
  • Do not sign up with third-party accounts. Better just log in with email and strong password.
  • Chose a strong password! You may use a password control tool like 1Password, KeePass etc
  • Use your device privacy controls to limit access to your personal information via app (do not give access to your camera, microphone, images, location unless neccessary)
  • Keep your app regularly updated
  • Limit ad tracking via your device (eg on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization)
  • Request your data be deleted once you stop using the app. Simply deleting an app from your device usually does not erase your personal data.
  • When starting a sign-up, do not agree to tracking of your data if possible.
  • Read Playstation's Safety Guide
  • mobile

Can it snoop on me? information

Camera

Device: No

App: Yes

Microphone

Device: Yes

App: Yes

Tracks location

Device: Yes

App: No

What can be used to sign up?

What data does the company collect?

How does the company use this data?

We ding this product as it can combine your data with data from other third-party sources and share data with third parties for targeted, interest based advertising.

Online safety, account security, and privacy

"We use your personal information to provide you with the games you play and to enable the features and functions of PlayStation Network, playstation.com, and our mobile apps.
In addition, we may use your information to understand, improve, and enhance our existing services, and to develop new ones. These enhancements may include improving user interfaces, game performance, or game design.
We may also use your personal information to protect you, other users, our rights and properties, or those of our partners. For example, we may use your information to enforce our terms of service or other applicable terms, to identify fraudulent activities and to prevent abuse, or for auditing, compliance, and legal purposes."

"We may share your personal information with third parties, such as service providers:
to provide you with the services, games, or apps you requested; to process your payments; or to protect the security of your personal information or against fraud,
or partners such as:
game publishers to deliver you their games and when we jointly deliver advertising, sweepstakes, promotions, or contests; security and fraud mitigation partners; Sony Group, to support various business and security processes; or business transfer partners in the context of mergers and acquisitions.
We will share your online ID with other users when you play a game with them.
In addition, we may share your information with police and other government authorities to protect any person, their property, or their rights."

Privacy Policy

"We may target and personalize our marketing communications, purchase recommendations and advertisements that we display on our and third-party websites and services based on the information we have collected about you. You may notice this personalization on the PlayStation Store (whether via console, website or in-game), in marketing communications, or when you visit our and third-party websites (such as social network sites) that show purchase recommendations or advertisements from us. You have options to control our use of information we have collected about you to personalize marketing to you, and can learn more about them in the Choices section of this Privacy Policy."

"We may receive information, including the following, from third party sources and combine it with information we already directly collect from you. We will handle the information in accordance with this Privacy Policy.
Game, social media, or other information, from those third parties or services you link your Account with, or who provide information to power PlayStation Network features.
Information from other users, for example if those users have given us access to their profiles and if you are one of their connections, or information about you is otherwise made accessible to us by them.
Information from third-parties as appropriate given our relationship, for example from anti-fraud service providers we might obtain fraud risk scores; from law enforcement or partners, we might obtain IP addresses and details of suspected unlawful or malicious activity."

"We may share information with the following partners:
Game publishers, such as the content you have purchased from PlayStation Store so that they can deliver that content to you in-game, and ensure your entitlement to access that content is reflected across different gaming platforms.
Other service, application or website providers, for operational purposes, or for additional purposes, with your permission (such as when you link your Account to your account with them).
Advertising and promotional partners, with whom we are jointly delivering services or features, such as sweepstakes, contests, promotions, or advertising.
Sony Group, for purposes related to providing you with content, products, or services, including games, videos, music, software and software applications; community administration or development; to support various business and security processes; research and development; and so that other Sony group companies may contact you about products, services or other offerings that may be of interest to you."

"We may share your information with police and other government authorities if we believe that it is reasonably necessary to comply with a law, regulation, or legal process, to detect, protect and enforce the safety of any person, their property or their rights, to address fraud and security and report criminal activity. The majority of the cases in which we have shared information with police and government authorities concern their investigations into stolen devices, unauthorized use of payment methods, or moderation purposes and safety of PlayStation Network and its users. In a small number of cases, we have also provided information in response to anti-fraud or more serious criminal investigations."

How can you control your data?

We ding this product as it is unclear if all users, regardless of which privacy laws they live under, have the same rights to have their data deleted. Sony's Playstation privacy documentation seems to be contradictory on this point.

Privacy Policy

"We may retain information about you as long as it is necessary for us to fulfill the purposes outlined in this policy. In addition, we may retain your information for an additional period as is permitted or required to, among other things, comply with our legal obligations, resolve disputes, and enforce agreements. Where required by applicable law, we shall delete your information when the information is no longer necessary or requested to do so. Even if we delete your information from active databases, the information may remain on backup or archival media as well as other information systems."

"Your Rights
In addition to the rights described below, you can also access, amend or delete some information through your Account Settings page.
Request to Access and Correct: You have the right to request that we inform you of the PI we hold about you, as well as to request the correction of any inaccurate information about you.
Right of Access: You have the right to request that we inform you of the PI we have collected, used and shared about you, and to obtain a copy of it.
Right of Deletion: You have the right to request that we delete the PI we have collected or retained about you in some circumstances as defined by law. To request removal of certain of your PI from a blog, forum, or message board, please contact us as described in the Contact Us section above. Following your request for deletion, please be aware that the information that we collect about you may still be retained for legal, accounting, business continuity (backup), anti-fraud and community reasons.

In some cases, your choices to provide, change or delete information may affect our ability to deliver our Services, or your user experience. We may decline to process requests which are not otherwise required by applicable law. You have the right not to be unlawfully discriminated against because you have exercised these rights.

To make a Request to Access or Deletion, please visit www.playstation.com/ccpa, or contact Consumer Services toll-free at 1-800-345-7669. After you submit a request, we will require you to confirm your request, and verify your identity by requesting details of your account, devices, payment instruments or past transactions. We reserve the right to deny your requests if we cannot verify your identity."

Online Safety, Account Security, and Privacy Page

"We give all users the ability to access and delete the personal information we have about them. Depending on your country, you may have additional rights."

What is the company’s known track record of protecting users’ data?

Needs Improvement

In October 2023, Sony reported server security breaches that exposed employee data.

In September 2023, ‘All Of Sony Systems’ were allegedly hacked by Ransomed.vc group. Within those 6,000 files are supposedly a bevy of documentation, including unknown “build log files,” a swath of Java resources, and HTML data.

Security vulnerabilities have been reported in the PS5 over the past couple of years. In 2021, Threatpost reported back-to-back security breaches. In 2022, Ars Technica reported on a potentially "essenttially unpatchable" vulnerability and another hack that could unlock root privileges for PS5 hackers. As far as we can tell, none of these security vulnerabilities resulted in a major leak of users' personal information.

Child Privacy Information

"We are committed to respecting children's privacy. We will not collect PI from anyone we have actual knowledge is under the age of 13, without a parent's consent. We do not share the PI of children who we have actual knowledge are under the age of 16 for delivery of advertising purposes. If you are creating an account for your child, we recommend that you and your child read our Privacy Information for Young Players to help them understand how we handle their PI and their rights over their PI.

With parental consent, we will collect, use and share information collected from or about children in accordance with the practices described in this document, with the following exceptions.

Information You Provide to Us
A parent only needs to provide limited information about their child (an email address and date-of-birth) to create an Account for their child. Providing gender is optional.
Only with the parent's approval to create an Account for the child, can a child add their address.
The spending limit of the Account for your child is set by the associated parent's Account.

Information You May Choose to Share
A parent can control, through the “Free Communication” setting on their child's Account, their child's ability to use (and share PI through) text chat, voice chat, video chat, and other messaging features from communicating directly with other users in games, apps or via system software features. Please note that a child's Account can still (1) Send and receive predetermined text messages created by a game or app, (2) Create and see other users' in-game character names, designs, and clan titles, (3) Use communication services via an Internet browser unless specifically disabled, and (4) Communicate via system messaging on PS3 and PS Vita.
A parent can control their child's ability to post or view user-generated content, including photos, videos, drawings, and content imported from outside sources (any of which might contain PI) through the user-generated content control. This will not prevent video capture of a child Account user's online gameplay.
A parent can agree to our collection and use of their child's PI without consenting to our disclosure to third parties, except when the disclosure is inherent to the Services we are providing.

When a parent allows their child's Account to participate in games, chat or user-generated content features, they also consent to SIE sharing information with the publishers of the games, applications, or services that incorporate those features and the collection of information entered into such features by the child's Account (e.g. typing text into the chat feature).

If you discover your child under the age of 13 has provided PI to us without your consent, once we verify you are the child's parent, we will promptly: (a) provide direct notice to you indicating what, if any PI of your child has been collected and how it has been used or disclosed; (b) remove and cease the use of your child's PI or other information from our database and (c) by notice to you, confirm compliance with the foregoing."

Can this product be used offline?

No

User-friendly privacy information?

No

Sony's Playstation privacy documentation isn't the easist to read and we did find some contradictions between their consumer privacy explainer page and their actual privacy policy that left us scratching our heads.

Links to privacy information

Does this product meet our Minimum Security Standards? information

Yes

Encryption

Yes

Strong password

Yes

You need a strong password to access your PlayStation Network account. You can set up a passcode for your PlayStation device.

Security updates

Yes

Manages vulnerabilities

Yes

Privacy policy

Yes

Does the product use AI? information

Yes

Is this AI untrustworthy?

Can’t Determine

What kind of decisions does the AI make about you or for you?

Sony is planning to employ AI via its Sony AI arm.

Is the company transparent about how the AI works?

Can’t Determine

Does the user have control over the AI features?

Can’t Determine

*Privacy Not Included

Dive Deeper

  • PlayStation 5: Pros & Cons Of Recording Voice Chat On PS5 & In Games
    Screen Rant Link opens in a new tab
  • ‘All Of Sony Systems’ Allegedly Hacked By New Ransomware Group [UPDATE]
    Kotaku Link opens in a new tab
  • Sony confirms server security breaches that exposed employee data
    The Verge Link opens in a new tab
  • New PS5 exploit unlocks root privileges, read/write memory access
    Ars Technica Link opens in a new tab
  • Why You Probably Need To Change Your Privacy Settings On PS5
    Slash Gear Link opens in a new tab
  • Console hacker reveals PS4/PS5 exploit that is “essentially unpatchable”
    Ars Technica Link opens in a new tab
  • PS5 issues: All the big PlayStation 5 problems to look out for
    Tom's Guide Link opens in a new tab
  • Critical Vulnerability In The Way Sony PS3, PS4, And PS5 Consoles Read Bu-Ray Discs Allows Rooting And Modifying The Firmware
    Information Security Newspaper Link opens in a new tab
  • Back-to-Back PlayStation 5 Hacks Hit on the Same Day
    Threat Post Link opens in a new tab
  • How to Manage PlayStation, Switch, and Xbox Privacy Settings
    New York Times Link opens in a new tab
  • PS5 vs. Xbox Series X: Security and Privacy Features Compared
    IGN Link opens in a new tab
  • PS5 games could get even better thanks to Sony AI
    Tom's Guide Link opens in a new tab
  • PS5 won’t actively monitor or listen to your voice chat, Sony says
    Polygone Link opens in a new tab
  • Sony clears up when and how it’ll listen to recordings of PS5 voice chats
    The Verge Link opens in a new tab
  • Sony's AI-created PS5 soundtracks could react to your playstyle and emotions
    TechRadar Link opens in a new tab
  • Sony establishes AI R&D division
    GamesIndustry.biz Link opens in a new tab
  • PlayStation Safety
    PlayStation Link opens in a new tab

Comments

Got a comment? Let us hear it.