„Be Smart. Shop Safe,“ warns Mozilla's annual buyer's guide for secure connected products. Based on their conversations with developers and dozens of privacy experts, they've awarded smiley faces with different expressions to rate products from „Not Creepy“ up to „Super Creepy“.
„While the variety of smart devices on offer is rapidly increasing, so are the number of products that pay no heed to even basic security measures…“ notes the editor of Mozilla's Internet Health Report. „Now that more and more companies collect personal data about you, including audio and video of your family, and sensitive biometric and health information, like your heart rate and sleeping habits, it's worrying that more are not upfront about the privacy and security of their products.“
Or, as The Next Web writes, „god bless Mozilla for having our lazy backs.“
And, well, if you're a user of any Ring camerasâ¦ we're sorry. Basically, there are five things that every product must do:
– Have automatic security updates, so they're protected against the newest threats
– Use encryption, meaning bad actors can't just snoop on your data
– Include a vulnerability management pathway, which makes reporting bugs easy and, well, possible
– Require users to change the default password (if applicable), because that makes devices far harder to access
– Privacy policies — ones that relate to the product specifically, and aren't just generic
Doesn't seem too much to ask right…? Well, of the 76 devices Mozilla selected, 60 of them passed this test… And what devices didn't meet the criteria?
There were nine of them overall (including the Artie 3000 Coding Robot and the Wemo Wifi Smart Dimmer), but the real loser in this test is the Amazon-owned Ring. Three of the company's products (which is effectively all of their major devices) didn't meet Mozilla's criteria. Yes, that's right, the Ring Video Doorbell, Ring Indoor Cam, and Ring Security Cam all didn't meet minimum standards for security…. The main reasons for not meeting this criteria is due Ring's history with poor encryption policies, and vulnerability management.
To be fair, Nest Cam's Indoor and Outdoor Security Cameras and Google Home also fell into the „Very Creepy“ category — and so did Amazon's Echo smart speakers. (The Amazon Echo Show even made it into Mozilla's highest „Super Creepy“ category, where the only other product was Facebook Portal.) But at least the Nest Hello Video doorbell only appears in Mozilla's „Somewhat Creepy“ category.
„Just because something on your wishlist this year connects to the internet, doesn't mean you have to compromise on privacy and security…“ warns the editor of Mozilla's Internet Health Report. And in addition, „Fitness trackers designed for kids as young as 4 years old, raise questions about what we are teaching our children about how much digital surveillance in their lives is normal.“ Going forward, they suggest that we push for better privacy regulations — and that whenever we rate products on performance and price, we should also rate them on their privacy and security.
But in the meantime, as Mozilla explained on Twitter, „Friends don't let friends buy creepy gifts.“
Read more of this story at Slashdot.