Is your Christmas present spying on you? How to assess the privacy risks of gifts | Seattle Times



Buying a Christmas present is a game of chance, and not just because it might fit poorly or be undesirable. With the advent of connected, “intelligent†products and services, your gift could pose a threat to the privacy of a friend or loved one.

Interactive toys and gadgets often collect a lot of data about their users and their surroundings. Device manufacturers can convert the information into dollars by selling it to advertisers or data brokers. And even manufacturers who undertake to never pass on the data they have collected cannot guarantee that hackers will not attack the data anyway.

You’d think Californians don’t have to worry about that after they voted to take over the country in 2020 most extensive data protection regulations. However, these safeguards only apply to websites, not devices in the home, car, or handbag.

Jen Caltrider, lead author of the Mozilla Foundation Data protection not included Guide said the privacy issues posed by smart devices range from the harassment of targeted ads shadowing you on the internet to the physical threat that someone poses you with the help of a poorly designed one Bluetooth tagger. There is also the possibility that weak data security from the manufacturer allows criminals to steal your personal information or to hack into the data stream that is being sent to and from the device.

Note that even the largest companies have a record of Data breachessaid Caltrider, “It’s just inevitable that data will leak. … Anything besides the Internet is just not safe.”

Granted, this is the perspective of a person who spends their working days reading privacy policies and thinking about worst-case scenarios in order to create an annual guide to privacy risks. Others may argue that the convenience that smart products offer outweighs the potential loss of privacy if things go wrong. We all find our own balance.

However, you should consider things like Wi-Fi connections, data collection practices, and recording capabilities for the items that you put on your Christmas shopping lists.

Here are some questions to ask yourself based on suggestions from Caltrider and other privacy experts at the Electronic Frontier Foundation and Consumer Reports.

Is the device connecting to the internet?

A good place to start is whether a gift you are weighing can be connected to the Internet or a home network. Failure to do so eliminates a host of potential privacy issues, said Jason Kelley, associate director of digital strategy on the EFF’s activism team.

However, you can lose important features if you turn a smart device into a dumb device. So the next question is: Are the web-enabled features essential? Your answer might be different from that of your sister, uncle, niece, or whoever you come up with for this gift.

Consider the case of a smart home door lock. You might think a front door lock can be open remotely via app – Allowing packages to be delivered indoors instead of leaving them on your porch, or letting a neighbor water your houseplants while you are at the Grand Canyon – is a big step forward. Your sister might think it’s a pointless and risky technological flex. She may like the idea of ​​a bolt that can be opened without a key, but only when it needs it a fingerprint or a bluetooth app, not a web portal that can be accessed a continent away.

Kelley’s rule of thumb: don’t buy anything with “smart” in its name, unless that’s the whole point.

Does the device have a camera, microphone or other sensors?

Internet-connected devices that can see and hear run the risk of spying on their owners. This threat was one of the reasons Mattel has stopped its interactive activities Doll “Hello Barbie” not long after its release in 2015, in the wake of an outcry from Security researcher and consumer advocates.

Still, audio, video, and biometric recording devices can be critical to the device’s performance. A vacuum robot, for example, would not be a great help if it cannot find its way around a room. (Although it doesn’t have to be justify a Wi-Fi connection.) Ditto for a fitness tracker that cannot detect your heart rate or your location.

Another reason a device can have digital eyes and ears is because it is easier to use, as in the case of voice-controlled televisions, stereos, and digital personal assistants (think Amazon’s Alexa). These devices hear everything you say and wait for a command to be programmed. And as soon as most of these devices hear a command, they send a recording of your voice to the internet for analysis (sometimes by a third party), which creates an a number from Privacy issues.

That’s why you’d want the device to have an indicator that shows when it’s recording, said Yael Grauer, investigative journalist at Consumer Reports. Because a device sometimes thinks it hears a command and starts recording, it has the potential to stealthily capture sensitive personal information (and in a notorious incident share the recording with another family).

Other traits to look out for, according to privacy experts, are whether the device stores its recordings internally rather than sending them to the cloud, where there is a greater risk of data breach and abuse; whether you can delete recordings stored in the cloud at any time without any problems and are automatically deleted after a certain period of time; and whether the company is increasing security by encrypting the records and data it stores.

How much information is collected?

Unfortunately, the answers to many important questions about a possible gift cannot be found on the packaging. Instead, you need to work through the company’s privacy policy.

There you should check how much personal data the device is collecting – in particular whether it is collecting more information than is necessary for the intended use of the device – and whether this data is being passed on to third parties.

Caltrider pointed out some red flags: If a privacy policy is “super crazy long,” she said, look for a different product. If it says “they can sell your information to someone else,” find another product. And if it says “they’ll share your information with a whole bunch of others,” find another product.

Companies also collect personal data under the guise of product registration. “It is very likely that some companies will also sell this information,” said Kelley, noting the number of times the registration forms ask about your occupation and income. Registration can help you stay up to date with software updates, but in California you don’t need to register a product to activate your warranty.

What will happen to the data?

The consumer electronics industry typically has wafer-thin margins, cutthroat competition and rapidly falling prices. That could explain why some device manufacturers Collect information about users just so they can sell it.

So before you give your aunt a Roku stick to hook her TV up to a plethora of online programming, keep in mind that Roku declared himself one targeted advertising agency, not just a device manufacturer. It gathers detailed records of what its customers see and do on their televisions, and then sells that information to marketers so they can target their sales pitches more precisely – it may show your aunt different gigs than the ones they’re showing you. Mozilla called the Roku stick “the curious, chatty neighbor of connected devices. “

Roku is just one of the many companies out there in the streaming video arena Make a bank out of the personal data of their customers. A report this year by Common Sense Media examined five streaming devices and 10 streaming services; all but Apple enabled third parties to track users’ viewing habits (some did so themselves) and monetized the data through targeted advertising.

The best way to learn more about a device manufacturer’s data sales is to read their privacy policy, and even that may only offer a vague picture of where a user’s data is going. A simpler alternative would be to search for news articles online about the company’s business model and privacy complaints. Listed manufacturers like Roku tell analysts exactly what their plans are to extract money from their customers’ personal information.

Who could use this gift?

Just as your gift recipient may be more or less concerned about privacy than you are, they may also be more or less tech-savvy than you.

On many devices, users can customize settings to reduce the amount of personally identifiable information collected, change the location of recordings, and unsubscribe from an endless stream of unsolicited marketing emails or advertisements. For devices that use Amazon’s Alexa personal assistant technology, for example, you can call back the amount of information sent to Amazon’s servers. But Grauer said one needs to wonder if the person you’re buying for has the time, inclination, and ability to make these adjustments.

Another question is whether the gift could be shared with children, thereby inadvertently exposing them to privacy risks. A smart device, video game, or app with a built-in social network for chatting and sharing user-generated content might be perfectly fine for adults, but it poses all sorts of problems when kids are involved. See for example the Comparison this year with the makers of Recolor, an online coloring book for mobile devices that allows you to share your creations – along with photos of yourself and other images – with the Recolor community.

Additional resources for assessing privacy risks

If you want to dig deeper into whether a potential gift has hidden thorns in privacy, here are three sources worth consulting:

  • the Digital standard is an open, community-based effort to define industry best practices for privacy, security, and other key aspects of connected devices and services. His website contains a framework for Assessment of privacy threats.
  • Mozilla Foundation website defines the metrics it uses it to assess devices and services each year for its Privacy Not Included guide.
  • Your things, a website that rates connected devices based on their cybersecurity strengths and weaknesses, publishes his methodology also on his website. There is a close relationship between security and privacy; When it comes to personal information stored on a device, your privacy depends on the device’s ability to protect your secrets from intruders.

This story originally appeared in Los Angeles times.



Comments are closed.