I’m going to go out on a limb here and predict that many people this 2017 holiday season will be getting or giving some sort of connected device. When you think about it, with electronics becoming smaller and less expensive, more and more manufacturers are figuring out creative ways to add connectivity to a wide variety of devices. From toys to speakers to smartphones to home automation to appliances to just about anything, the Internet of Things is here, and there is a huge push to connect everything with anything. And while connected things open up new opportunities and capabilities, it also potentially enables companies to do things you might not want them to do, like have access to private data, location information, or even audio and video. And you might not even know this is happening. But while some gadgets are clearly labeled with “batteries not included,” not many are showing anything like “privacy not included.” Mozilla is doing something about this, you’ll be happy to know, with their appropriately named holiday buyer’s guide: *Privacy Not Included. Read on to learn more! (*Disclosure below.)
When it comes to the world of connected gadgets and devices, there truly isn’t that much regulation from privacy and security standpoints. And often, it is up to the consumer to understand what devices connect to what services and know how their data is being used. Often, companies make it difficult to know how information is shared, or they may not disclose it at all. While smartphone and tablet apps do have increased scrutiny by Apple or Google, for example, in terms of how the data is accessed and used, and the types of services used (location, media, data, etc.), outside of the app itself, it’s a wild, wild world.
Unfortunately, in the past, there were simply no adhered to standards in terms of security and privacy. Think back a year or so when it was unveiled that many webcams were vulnerable to hacks or exploits because of default admin usernames and passwords literally burned into the webcam’s firmware. Or there were some webcams that had peer-to-peer networking automatically built into the software. While WiFi router companies are now shipping their devices with unique usernames and password for administration, unpatched or older WiFi routers exist in the 10’s of thousands, as consumers simply don’t know how to upgrade their routers or even do basic administration on them.
Whose Responsibility Is Privacy & Security Then?
So, if you extend this model to ANY type of connected device or gadget, many of which have absolutely NO security whatsoever, you can probably see how there is a new clear and present danger coming from these new connected items. The biggest problem also is that privacy and security don’t seem to be the responsibility of the manufacturer, but rather that of the consumer. Would you even know which devices are insecure or exposing your private information? And if you did know that something connected to the Internet in some way, would you know how it connects or what private information or data it is sharing and for what reason? Or even how to stop or report it?
Think about a hypothetical toy that helps put a child to sleep at night. (And I wouldn’t be surprised if something like this actually exists.) Let’s say that it knows when it is nighttime by light detection or a location-based clock. Also, let’s say that the child can talk to it to have it read a bed-time story by request. And let’s say that this toy can ask the child questions like “what did you do today?” or “where did you go?” or “who did you play with?”. Those seemingly innocent questions and other data can be a wealth of information for marketers (or hackers). Location data can be transmitted. Activity can be logged. Conversations can be captured and stored. And eventually, a child can innocently provide a fairly detailed profile of themselves, their family, and their friends.
But who cares, right? The toy talks to my kid and helps them fall asleep!
While the pendulum may be swinging the wrong way with a glut of connected and potentially insecure devices flooding the market, trust me, that pendulum will swing back in the favor of privacy and security, once more cases of privacy invasion or hacking surface. And, once that happens, regulators will arrive with even stronger rules. But that will take time. As the pendulum swings, however, security companies or organizations will emerge to bridge that gap and provide transparency and information to the consumer.
Blind Faith…For Now…And Tools to Help
The important thing to remember is until these privacy and security standards are finalized, they still need to be adopted and embraced by software, service, and product developers and manufacturers. And, while this governance may work within some countries, there is no guarantee it will be adopted worldwide.
So, it boils down to this. For now, consumers themselves must be the ones to understand and govern their own connected services and devices.
And therein lies another problem. The range of “tech-savviness” is huge. It is influenced by a multitude of factors: geographic location, culture, education, race, religion, and social-economic status, to name just a few. If we, as consumers, are the ones who need to provide this initial privacy and security screening and regulation, we are in for a long, long, long, uphill battle. And, I would predict, that a majority of consumers will simply choose to adopt a “blind faith” that the manufacturers are looking out for everyone’s best interest.
I feel what will be required is a massive educational effort directed towards the end user. Companies with clear social consciences will, I believe, step forward. And once they do step up, others will join as well so as not to be “left behind” or come across as “not caring.” Perhaps this is simply wishful thinking on my part. But the grassroots efforts are there (and probably have been for quite a while).
Shortly, Mozilla will be announcing *Privacy Not Included. Part campaign and part educational service, *Privacy Not Included will offer concerned consumers a buyer’s guide of sorts, to enable them to not only learn about privacy and security concerns they should think about but also detailed “reviews” of many popular toys.
Transparency has been a buzzword for many years across all sorts of industries. And while there are requirements on what must be disclosed on a product, often privacy and security are hidden away in a Terms of Service or Privacy Disclosure (who reads those things anyway, right?). Mozilla and the *Privacy Not Included guide will allow for the transparency of privacy- and security-related aspects of these popular consumer products in the form of this independent buyer’s guide.
In the next few weeks, I will be going into greater detail on what can be obtained within this Mozilla Buyer’s Guide so that you can understand what is found there, how it can be used, and to help the efforts of sharing this important effort.
Until then, and if you are doing your 2017 holiday shopping early, take a few extra minutes to do some research on that toy or connected gadget you are considering purchasing. Know what you are signing up for, literally. Education is a powerful shopping asset so be informed.
Disclosure: This is a sponsored post and I have received compensation to prepare to research it as well as write it. All opinions within this article, unless otherwise noted, are my own and are not subject to the editorial review from any 3rd party. More information can be found on my About page.
HTD says: As a consumer shopping for friends and family, you have the responsibility to become educated on your purchases, particularly around privacy and security. Empower your buying decisions with research to ensure those gifts are only giving what they disclose they are.