Mozilla has released the latest edition of its *Privacy Not Included shopping guide, aiming to provide holiday buyers with a concrete list of how the most popular items handle privacy issues.
Mozilla researchers spent over 950 hours examining 151 popular connected gifts, identifying 47 that had what they called "problematic privacy practices." The worst, according to Mozilla, include Facebook Portal, Amazon Echo, NordicTrack Treadmill and other workout tools.
Not all of the products examined were bad, and Mozilla found that about 22 did a good job of protecting user privacy by not collecting, selling, or sharing data. These devices ranged from the iRobot Roomba to the Garmin Venu and Apple Homepod Mini.
The researchers sought to figure out whether items had cameras, microphones or location tracking features as well as any other tools that collected data on users. Mozilla also examined whether devices used encryption or forced users to have strong passwords.
Jen Caltrider, *Privacy Not Included lead researcher, told ZDNet that while gadgets may be getting smarter, they are also getting creepier and far more prone to security lapses and data leaks -- even among leading companies like Microsoft, Amazon and Facebook.
"We also found that consumers continue to shoulder way too much of the responsibility to protect their own privacy and security. Consumers are asked to read complicated documents scattered across multiple websites to even begin to understand how their data is being used," Caltrider said.
"Smart exercise equipment stood out as especially problematic. Consumers buy equipment like a Peloton bike or a NordicTrack treadmill to work out in the privacy of their own homes. Unfortunately, there seems to be little privacy with these devices."
Many of the most problematic devices came from companies notorious for lackluster privacy features, including Amazon and Facebook. The Facebook Portal was spotlighted as an extraordinarily dangerous device because it routinely sends data collected by its AI-powered smart camera and microphone back to Facebook.
Apple was commended by the researchers because it does not share or sell any of the data it collects, while Garmin's fitness watches protect users' personal data. The Sonos One SL speaker was also praised for being built without a microphone.
Mozilla leveled harsh criticism at home exercise equipment companies like Peloton, NordicTrack, Tonal, and SoulCycle, all of which collect extraordinary amounts of personal information and routinely sell it as a way to make money.
"The NordicTrack Treadmill is especially problematic: They can sell your data, call or text your phone number even if you're on a do-not-call list, and may collect data from data brokers to target you with ads," Mozilla said.
"Major culprits include Kwikset, Amazfit, Ubtech, Onyx Boox, Fi Series 2, and Whistle pet trackers. Amazon's Alexa is everywhere. That makes us nervous. Amazon Alexa is embedded in numerous products, including ones that Amazon doesn't manufacture," Mozilla explained.
"That concerns us because Alexa and Amazon retain records of Alexa interactions. Even if you ask Amazon to not collect personal data on their kids, they say they still might collect some data. And Alexa Skills seem to be problematic in its oversight/privacy."