'ZDNET Recommends': What exactly does it mean?
ZDNET's recommendations are based on many hours of testing, research, and comparison shopping. We gather data from the best available sources, including vendor and retailer listings as well as other relevant and independent reviews sites. And we pore over customer reviews to find out what matters to real people who already own and use the products and services we’re assessing.
When you click through from our site to a retailer and buy a product or service, we may earn affiliate commissions. This helps support our work, but does not affect what we cover or how, and it does not affect the price you pay. Neither ZDNET nor the author are compensated for these independent reviews. Indeed, we follow strict guidelines that ensure our editorial content is never influenced by advertisers.
ZDNET's editorial team writes on behalf of you, our reader. Our goal is to deliver the most accurate information and the most knowledgeable advice possible in order to help you make smarter buying decisions on tech gear and a wide array of products and services. Our editors thoroughly review and fact-check every article to ensure that our content meets the highest standards. If we have made an error or published misleading information, we will correct or clarify the article. If you see inaccuracies in our content, please report the mistake via this form.
Bad Santa: Amazon, Facebook top Mozilla's naughty list of privacy-crushing gifts
Mozilla has released the latest edition of its *Privacy Not Included shopping guide, aiming to provide holiday buyers with a concrete list of how the most popular items handle privacy issues.
Mozilla researchers spent over 950 hours examining 151 popular connected gifts, identifying 47 that had what they called "problematic privacy practices." The worst, according to Mozilla, include Facebook Portal, Amazon Echo, NordicTrack Treadmill and other workout tools.
Not all of the products examined were bad, and Mozilla found that about 22 did a good job of protecting user privacy by not collecting, selling, or sharing data. These devices ranged from the iRobot Roomba to the Garmin Venu and Apple Homepod Mini.
The researchers sought to figure out whether items had cameras, microphones or location tracking features as well as any other tools that collected data on users. Mozilla also examined whether devices used encryption or forced users to have strong passwords.
Jen Caltrider, *Privacy Not Included lead researcher, told ZDNet that while gadgets may be getting smarter, they are also getting creepier and far more prone to security lapses and data leaks -- even among leading companies like Microsoft, Amazon and Facebook.
"We also found that consumers continue to shoulder way too much of the responsibility to protect their own privacy and security. Consumers are asked to read complicated documents scattered across multiple websites to even begin to understand how their data is being used," Caltrider said.
"Smart exercise equipment stood out as especially problematic. Consumers buy equipment like a Peloton bike or a NordicTrack treadmill to work out in the privacy of their own homes. Unfortunately, there seems to be little privacy with these devices."
Many of the most problematic devices came from companies notorious for lackluster privacy features, including Amazon and Facebook. The Facebook Portal was spotlighted as an extraordinarily dangerous device because it routinely sends data collected by its AI-powered smart camera and microphone back to Facebook.
Mozilla researchers said Amazon's Echo Dot for Kids -- which can be used for reading children bedtime stories -- tracks information about children. The e-reader Onyx Boox doesn't have any privacy policy at all.
Apple was commended by the researchers because it does not share or sell any of the data it collects, while Garmin's fitness watches protect users' personal data. The Sonos One SL speaker was also praised for being built without a microphone.
Mozilla leveled harsh criticism at home exercise equipment companies like Peloton, NordicTrack, Tonal, and SoulCycle, all of which collect extraordinary amounts of personal information and routinely sell it as a way to make money.
"The NordicTrack Treadmill is especially problematic: They can sell your data, call or text your phone number even if you're on a do-not-call list, and may collect data from data brokers to target you with ads," Mozilla said.
The report notes that because of privacy laws passed in California, many companies have added sections specifically governing those that live in the state. But many companies have no privacy policy at all or make it difficult to find and hard to read.
"Major culprits include Kwikset, Amazfit, Ubtech, Onyx Boox, Fi Series 2, and Whistle pet trackers. Amazon's Alexa is everywhere. That makes us nervous. Amazon Alexa is embedded in numerous products, including ones that Amazon doesn't manufacture," Mozilla explained.
"That concerns us because Alexa and Amazon retain records of Alexa interactions. Even if you ask Amazon to not collect personal data on their kids, they say they still might collect some data. And Alexa Skills seem to be problematic in its oversight/privacy."