Is your Christmas present spying on you? How to assess gifts’ privacy risks

An interactive Hello Barbie doll is seen in February 2015.
Mattel introduced its interactive Hello Barbie doll in 2015 but withdrew it after privacy concerns were raised about the recordings it made of the children who spoke to it.
(Mark Lennihan / Associated Press)

Buying a holiday gift is a bit of a gamble, and not just because it may be ill-fitting or unwanted. Thanks to the advent of interconnected, “smart” products and services, your gift may pose a threat to a friend or loved one’s privacy.

Interactive toys and gadgets often collect a boatload of data about their users and their surroundings. Device manufacturers may convert the information into dollars by selling it to advertisers or data brokers. And even manufacturers that pledge never to share what they collect can’t guarantee that hackers won’t grab the data anyway.

You might think that we Californians don’t have to worry about this, having voted in 2020 to adopt the country’s most extensive data protections. But those safeguards apply only to websites, not to the devices in your home, car or purse.


Jen Caltrider, lead author of the Mozilla Foundation’s Privacy Not Included guide, said the privacy issues raised by smart devices range from the annoyance of targeted ads shadowing you around the web to the physical threat of someone stalking you with the help of a poorly designed Bluetooth tagger. There’s also the chance that weak data security by the manufacturer could allow criminals to steal your personal information or hack into the stream of information sent to and from the device.

Noting how even the biggest companies have a record of data breaches, Caltrider said, “It’s just inevitable that data’s going to leak. ... Anything that’s next to the internet is just not safe.”

Granted, that’s the perspective of someone who spends her workdays reading privacy policies and pondering worst-case scenarios for the sake of an annual guide to privacy risks. Others may feel that the convenience offered by smart products outweighs the potential loss of privacy if things go wrong. We all strike our own balance.

Still, you’ll want to consider things like Wi-Fi connections, data collection practices and recording capabilities of the items you put on your holiday shopping lists. Here are some questions to ask yourself, based on suggestions from Caltrider and other privacy experts from the Electronic Frontier Foundation and Consumer Reports.

Under California law, websites must give you control over your personal information. Some sites aren’t making that easy to do, however.

Sept. 1, 2021

Does the device connect to the internet?

A good starting point is to ask whether a gift you’re weighing has the ability to connect to the internet or a home network. If it doesn’t, that eliminates a huge number of potential privacy problems, said Jason Kelley, associate director of digital strategy on the EFF’s activism team.


You may lose crucial features, though, if you turn a smart device into a dumb one. So the next question to ask is: Are the web-enabled features essential? Your answer could be different from the one offered by your sister, your uncle, your niece or whoever else you may have in mind for this present.

Consider the case of a smart home door lock. You might think a front door lock that can be opened from afar with an app — to allow packages to be delivered inside instead of left on your porch, or to let a neighbor water your houseplants while you’re at the Grand Canyon — is a great leap forward. Your sister might think it’s a pointless and risky technological flex. She might like the idea of a deadbolt that can be unlocked without a key, but only if it relies on a fingerprint or a Bluetooth app, not a web portal that can be accessed a continent away.

Kelley’s rule of thumb: Don’t buy something with “smart” in the name unless that’s the whole point.

Visitors to the Trader Joe’s in Hollywood are being instructed to download a parking app to their phones. Doing so will reveal a lot about you.

Nov. 9, 2021

Does the device have a camera, a microphone or other sensors?

Internet-connected devices that can see and hear come with the risk that they could snoop on their owners. That threat was one of the reasons Mattel discontinued its interactive “Hello Barbie” doll not long after it was released in 2015, in the wake of an outcry from security researchers and consumer advocates.

Nevertheless, audio, video and biometric recording gear may be essential to the device’s performance. A robot vacuum, for example, wouldn’t be much of a helper if it couldn’t find its way around a room. (Although that doesn’t necessarily justify a Wi-Fi connection.) Ditto for a fitness tracker that can’t detect your heart rate and location.

Another reason a device may have digital eyes and ears is to make it easier to use, as in the case of voice-controlled TV sets, stereos and digital personal assistants (think Amazon’s Alexa). These gadgets listen to everything you say, waiting for a command they’ve been programmed to recognize. And once most of these devices hear a command, they send a recording of your voice to the internet to be analyzed (sometimes by third parties), raising a number of privacy issues.

That’s why you want the device to have an indicator that shows when it is recording, said Yael Grauer, an investigative journalist at Consumer Reports. Because sometimes a device will think it hears a command and start recording, potentially capturing sensitive personal information on the sly (and, in one notorious incident, sharing the recording with another family).

Other features to look for, privacy experts say, are whether the device stores its recordings internally instead of sending them to the cloud, where there’s a greater risk of data breaches and misuse; whether recordings stored in the cloud can be easily deleted by you at any time, and are automatically deleted after a certain period; and whether the company increases security by encrypting the recordings and data it stores.

How much information is collected?

Sadly, the answers to many key questions about a potential gift can’t be found on the packaging. Instead, you’ll have to wade through the company’s privacy policy.

Once there, you should check how much personal data the device collects — particularly, whether it collects more information than is needed to support the device’s intended use — and whether those data are shared with third parties.

Caltrider pointed out some red flags: If a privacy policy is “super crazy long,” she said, find a different product. If it says “they may sell your data to third parties,” find a different product. And if it says “they share your information with a whole bunch of others,” find a different product.

Companies also collect personal data under the guise of product registration. “It’s very likely some companies are selling that information as well,” Kelley said, noting how often the registration forms ask about your occupation and income level. Registration may help you stay in the loop for software updates, but in California, you don’t need to register a product to activate the warranty.

The FTC says leading internet service providers don’t live up to claims they care about users’ privacy, often saying one thing and doing another.

Nov. 12, 2021

What happens to the data?

The consumer electronics industry typically has razor-thin margins, cutthroat competition and rapidly declining prices. That may explain why some device manufacturers collect information about users just so they can sell it.

So before you give your tía a Roku stick to connect her TV to a wealth of programming online, consider that Roku has declared itself to be a targeted advertising company, not just a device maker. It collects detailed records of what its customers watch and do on their TVs, then sells that information to marketers so they can target their pitches more precisely — potentially showing your tía different come-ons from the ones they show you. Mozilla dubbed the Roku stick “the nosy, gossipy neighbor of connected devices.”

Roku is just one of many companies in the streaming video arena that are making bank off their customers’ personal information. A report this year by Common Sense Media examined five streaming devices and 10 streaming services; all but the ones from Apple allowed third parties to track users’ viewing habits (some also did so themselves) and monetized the data through targeted advertisements.

Again, the best way to learn about a device maker’s data sales is to read its privacy policy, and even that may offer only a vague picture of where a user’s data will go. An easier alternative would be to search online for news articles about the company’s business model and privacy complaints. Publicly traded manufacturers like Roku tell analysts exactly what their plans are for squeezing cash out of their customers’ personal information.

Who might use this gift?

Just as your gift recipient may be more or less worried than you are about privacy, they may also be notably more or less tech-savvy than you too.

Many devices allow users to adjust the settings to pare the amount of personal information collected, change where recordings are stored and opt out of an endless stream of unsolicited marketing emails or ads. With devices that use Amazon’s Alexa personal assistant technology, for example, you can dial back the amount of information sent to Amazon’s servers. But Grauer said you have to ask yourself whether the person you’re buying for has the time, inclination and ability to make those adjustments.

Another question is whether the gift might be shared with children, inadvertently exposing them to privacy risks. A smart device, video game or app with a built-in social network for chatting and sharing user-generated content might be perfectly fine for adults, but it raises all sorts of issues when kids are involved. See, for example, the Federal Trade Commission’s settlement this year with the makers of Recolor, an online coloring book for mobile devices that lets you share your creations — along with photos of yourself and other images — with the Recolor community.

Spurred by the pandemic, companies are installing employee-tracking software to monitor productivity. Many haven’t told their workers.

Nov. 16, 2021

More resources for judging privacy risks

If you want to go deeper into how to tell whether a potential gift comes with hidden privacy thorns, here are three sources worth consulting:

  • The Digital Standard is an open, community-based effort to define the industry’s best practices when it comes to privacy, security and other core aspects of connected devices and services. Its site includes a framework for evaluating privacy threats.
  • The Mozilla Foundation’s website lays out the metrics it uses to judge devices and services each year for its Privacy Not Included guide.
  • YourThings, a website that rates connected devices for their cybersecurity strengths and weaknesses, publishes its methodology on its website too. There’s a close relationship between security and privacy; when it comes to personal information stored on a device, your privacy depends on the device’s ability to keep your secrets safe from intruders.