Naughty or nice: Beware privacy policies when you gift tech

Holiday season is in the air. Some of you may have just celebrated Hanukkah; others will be celebrating Christmas, Kwanzaa, or Winter Solstice. If, you are sharing presents as part of those celebrations, you may want to more closely examine the gifts you are giving or receiving.

It is predicted that people in the United States will spend approximately $3.8 billion on smart home devices like Amazon’s Echo or Google’s Home. This does not even include other Internet of Things (IoT) and internet-connected devices. These devices provide almost unimaginable convenience and connectivity. However, cyber-security experts warn that there are risks associated with being plugged in all the time.

Every time you purchase one of these devices, somewhere along the way, you will be presented with a privacy policy issued by the maker of the device. We have all seen these; they are cousins to the end-user license agreements (EULA) that people have waded through with software purchases since sometime in the 1980s. These agreements basically are a use-at-your-own-risk warning that ensures the software maker is not held accountable for anything that goes wrong as you use your computer. A privacy agreement is a statement or legal document that discloses some or all of the ways a party gathers, uses, discloses, and manages a customer or client’s data. It fulfills a legal requirement to protect a customer or client’s privacy. If you are like most people, you just want to get to using your new device or app, so you scroll to the end of this lengthy document and click accept.

You may want to take a bit more time to look over those privacy notices, though. Smartphones have really pushed consumers to appreciate convenience and connectivity. With that convenience come some costs. Those costs are tied into privacy policies — if the companies making these devices prioritize privacy at all.

Luckily, the Mozilla Foundation  — you likely know them via their subsidiary, which makes the Firefox browser — has a guide to help people as they make gift decisions. As the organization believes “the internet must always remain a global public resource that is open and accessible to all”, it has been highly active in advocating for security and privacy.

Mozilla’s list is known as the “*Privacy Not Included Guide“. To prepare the list, Mozilla allows users to list items on a scale from “Not Creepy” to “Creepy.” It’s an easy-to-navigate website that shows photos of products, lists them in categories and — most importantly — tells consumers whether they feel the gifts maintain a set of minimum security standards for IoT devices. These standards include whether the products use passwords, manage vulnerability, update for security frequently, encrypt all network communications, and make their privacy policies easily accessible and understandable. 

In this list Mozilla works to answer several questions: 

  • Can it spy on me?
  • What does it know about me
  • Can I control it?
  • Does the company show it cares about consumers?

As a tech junkie, I must admit that I enjoy many of the conveniences offered by some of these devices. I do, however, want to know exactly what information is being used so that I can make a choice as to using the device. An example: Our smartphones use location data; unless you turn the service off, they know every place you have been and can actually make predictions as to what you may do next. I was a bit taken aback the first time my Android phone showed me how long it would take to get someplace before I even asked it. Did I turn location services off? Temporarily. I missed the convenience of being told how long it would take to drive to my next appointment. I have read the privacy agreement provided by Google though and decided that I could accept their having this data. I feel better, though, knowing that they encrypt all the data as it goes to the servers that power this artificial intelligence (AI) technology and that I have to use passwords along with multi-factor authentication to access the information. I am taking that risk. 

You, however, may not want to take that risk. Knowing that an Amazon Echo or Google Home must listen to you all the time in order to answer all your needs may be too much for you. You may not feel comfortable with that Fredi baby monitor, which has been hacked in the past and has a default password of “123”. You may feel absolutely fine with knowing that your Fitbit fitness tracker connects to your smartphone or that the cool Parrot Bebop 2 drone uses an open Wifi network as it follows you around taking photos. All of you likely have varying comfort levels; you deserve to be well informed in order to make your choices. Mozilla helps us along with this. 

In the age of Cambridge Analytica, most of you now recognize the importance of your data. Companies and individuals may have both positive and nefarious usages for it. You deserve to know what you may be sharing. 

I highly suggest taking a look at the *Privacy Not Included Guide as you’re making your gift purchases this year.

https://foundation.mozilla.org/en/privacynotincluded/

Leave a Reply

Your email address will not be published. Required fields are marked *