10 Holiday Tech Gifts With Hidden Privacy Problems

10 Holiday Tech Gifts With Hidden Privacy Problems

Tech companies are making a list and checking it twice, and if you’re not careful with your holiday gift giving, your friends and family will be on it.

When you plug in that shiny new gadget and hook it up to your WiFi, chances are it will get straight to work sending data back home to corporate servers. But Mozilla, the makers of Firefox, want holiday shoppers to have a fighting chance at privacy. This week, the organisation published a privacy gift guide as part of its Privacy Not Included project.

It’s a massive undertaking. Mozilla researchers worked through the privacy policies of over 75 popular tech products, spending hundreds of hours wading through the legalese to help consumers understand corporate data practices.

The list includes products you’ve heard of. Some of them might even be on your list. We’re not shaming holiday shoppers here, privacy problems don’t mean you shouldn’t buy something if you have other priorities. But it’s important to know what you’re getting into when it comes to your data. Make an informed choice.

Here are the 10 gadget gifts with privacy issues you need to know about.

Meta Quest Pro

Screenshot: Meta
Screenshot: Meta

The Quest Pro is the latest VR headset from the social media and VR giant Meta. It’s the company’s most ambitious entry in its effort to construct a digital alternative to our reality called the “metaverse” where we can all… attend virtual meetings or something. Mark Zuckerberg swears it’s going to be a thing.

Zuckerberg’s dreams aside, the Meta Quest Pro is a pretty cool device. It’s the most advance AR/VR headset on the market — with an advanced price tag to match. It’s also got an unbelievably complex privacy policies, spread across 14 different pages and 37,700 words. It’s got cameras on the outside and the inside, pointed right at your face. During setup, you can consent to having your eyeballs tracked for targeted ads. Happy holidays!

Cameras: Yes

Microphones: Yes

Location tracking: Yes

What data it collects: Name, email address, phone number, biometric data, contacts, purchase information, browsing history, location data, video and audio recordings

Can you delete the data: Mozilla says it’s not clear whether you can delete the data in all locations.

How the company uses the data: Advertising, working with third parties, processing voice, face, and transcript information

Mozilla says:

“This expensive gadget also delivers a whole lot of cameras sitting on your head — looking at your face, monitoring your eye movements, facial expressions, body movements, and at the world around you. The Quest Pro reportedly comes with 16 cameras total — 5 looking at your face, 5 looking out from your face, and 3 each on the two controllers. It sure sounds pretty creepy.”

Steam Deck

Photo: Phillip Tracy/Gizmodo
Photo: Phillip Tracy/Gizmodo

The Steam Deck is a long-awaited game console that earned mostly stellar reviews, with a few caveats. Gizmodo called it a “glorious but unfinished dream console.” It’s sure to be a popular gift this year — if the company can fill enough orders.

Mozilla says there’s good news and bad news. The privacy policy is pretty great, if a little vague, the organisation says, but there are some serious security concerns, including questions about encryption.

Cameras: No

Microphones: Yes

Location tracking: No

What data it collects: Name, age, email address, country of residence, payment information, gaming data

Can you delete the data: Yes

How the company uses the data: Steam’s privacy policy is above average. Data use is limited, not harnessed for marketing, and the company says it will only disclose information when complying with legal obligations.

Mozilla says:

“We can’t confirm it meets our Minimum Security Standards because we can’t confirm it uses encryption or if Valve has a way to manage security vulnerabilities. We emailed Valve three times with our privacy and security questions and haven’t heard back from them. There is a lot written out there on the internet about how to set up encryption on the Linux-based SteamOS yourself. However, we don’t think that users should have to go through that to protect their data.

What’s the worst that could happen with your brand new Steam Deck playing all those games online? Well, Steam is an online gaming community and those have been known to be pretty toxic, especially to women, the LGBTQ+ community, and minority gamers.”

Google Pixel Watch

Photo: Florence Ion/Gizmodo
Photo: Florence Ion/Gizmodo

Google’s new watch is the company’s latest smart device, and our crack product review team says it’s an elegant, if simple, device.

But, of course, Google doesn’t exactly have a stellar privacy reputation. The Pixel Watch collects a wide variety of information that the company uses for advertising and other purposes. When the device collects a variety of health information, like heart rates and menstrual cycles, it’s enough to pause and think about whether you want to strap it on your body.

Cameras: No

Microphones: Yes

Location tracking: Yes

What data it collects: Name, email, phone number, address, birthday, gender, voice and audio recordings, biometric data, contacts, heart rate, movement, sleep data, menstrual cycle, health data, nearby devices, purchase information, data from connected Spotify accounts, search history, details about how you use smart home products

Can you delete the data: Yes

How the company uses the data: Advertising, sharing data with third parties, combining information with data from third parties, developing algorithms

Mozilla says:

What’s the worst that could happen with Fitbit [which operates the Pixel Watch] and all the personal and health related data it collects? Well, in 2021 it was reported that health data for over 61 million fitness tracker users, including both Fitbit and Apple, was exposed when a third-party company that allowed users to sync their health data from their fitness trackers did not secure the data properly. Personal information such as names, birthdates, weight, height, gender, and geographical location for Fitbit and other fitness-tracker users was left exposed because the company didn’t password protect or encrypt their database. This is a great reminder that yes, while Fitbit might do a good job with their own security, anytime you sync or share that data with anyone else including third party apps, your employer, or a insurance company, it could be vulnerable.I don’t know about you, but I don’t need the world to know my weight, how well I sleep, and where I live. That’s really dang creepy.

Amazon Fire HD Tablets

Screenshot: Amazon
Screenshot: Amazon

If you want a cheap tablet that isn’t a piece of junk, Amazon has the best game in town. You can pick up some of their offerings for well under $100, and while they won’t compete with the versatility of an iPad, they’re perfect for simple tasks like browsing the web and reading eBooks.

According to Mozilla, they’re also a convenient way to give Amazon your data. The organisation gave the company’s tablets a thumbs down for privacy practices.

Cameras: Yes

Microphones: Yes

Location tracking: Yes

What data it collects: Name, address, phone numbers, IP address, age, gender, location, audio and video recordings, contacts, purchase history, Alexa search requests, the TV shows you watch, details about the music and podcasts you listen to, smart home device usage

Can you delete the data: Mozilla says it’s not clear whether you can delete the data in all locations.

How the company uses the data: Advertising, sharing data with third parties, combining information with data from third parties, improving Alexa

Mozilla says:

“Trying to read through Amazon’s crazy network of privacy policies, privacy FAQs, privacy statements, privacy notices, and privacy documentation for their vast empire is a nightmare. There are so many documents that link to other documents that link back even more documents that understanding and making sense of Amazon’s actual privacy practices feels almost impossible. We wonder if this is by design, to confuse us all so we just give up? Or, if maybe even Amazon’s own employees possibly don’t know and understand the vast network of privacy policies and documentation they have living all over the place?”

Ray-Ban Stories

Screenshot: Ray-Ban
Screenshot: Ray-Ban

We all love sunglasses, but what if they shared all your data with Meta, Facebook’s parent company? In the past, that was just a beautiful dream. The Ray-Ban Stories sunglasses make it a nightmarish reality.

The Ray-Ban Stories, released last year, are part of a partnership with Meta to develop AR products. The sunglasses have two cameras and three microphones built-in that connect to Meta apps, as well as voice commands you can use to record what you’re seeing and hearing and post it to social media. They also shield your eyes from the sun, I guess.

Cameras: Yes

Microphones: Yes

Location tracking: Yes

What data it collects: Name, email address, password, photo, video and video recordings, contacts, social media usage, purchase information, voice search history, browsing data

Can you delete the data: Mozilla says it’s not clear whether you can delete the data in all locations.

How the company uses the data: Advertising, working with third parties, processing voice data and transcripts, improving algorithms

Mozilla says:

Beyond all of these very serious privacy concerns, there’s another, perhaps even bigger privacy concern that must be considered. Meta/Facebook and Mark Zuckerberg seem quite obsessed with owning the real estate on our faces for the augmented reality and virtual reality metaverse of the future. But what does it mean when a person puts cameras and microphones on their face and points them out at the world? How do you know if you’re being recorded by these glasses? Mea says there’s a little LED light that shows they are recording, but some privacy regulators worry that isn’t enough to protect people from unknown recording.”

Amazon Ring Security Cameras

Photo: Amazon
Photo: Amazon

Amazon’s Ring security camera and smart home products are controversial because it sure seems like the company is working on a big ol’ nation-wide surveillance network. Amazon also has a bad track record in terms of partnering and sharing data with police without informed consent from users of its products.

Cameras: Yes

Microphones: Yes

Location tracking: Yes

What data it collects: Name, phone number, email, postal address, age, gender, location, video and audio recordings, biometric data

Can you delete the data: Mozilla says it’s not clear whether you can delete the data in all locations.

How the company uses the data: Sharing with third parties, advertising, working with law enforcement

Mozilla says:

“Ring has a history of not protecting users’ privacy. At one point they reportedly stored customer data — including video recordings — unencrypted on an Amazon cloud server and employees could access any of this data. There have also been reported data leaks and concerns that the Ring Doorbell app is full of third-party trackers tracking a good amount of personal information that Amazon Ring doesn’t disclose.”

Amazon Echo Show Kids Edition

Screenshot: Amazon
Screenshot: Amazon

Surprise! It’s another Amazon product. If you’ve ever looked at your kids and thought “why doesn’t Amazon have more data about them,” fear not. Bring home an Amazon Echo Show and you’ll have a camera pointed right at your children for them to love and enjoy.

The Echo Show is a essentially a smart speaker with a screen you can use to make video calls, watch YouTube, cruise around the web, and control smart home products. The kids version of the device comes with a number of perks for families, like a complimentary year of Amazon Kids+, which includes a ton of free content, parental controls, and bonus skills for Alexa. But according to Mozilla, it might not be worth the privacy tradeoff.

Cameras: Yes

Microphones: Yes

Location tracking: Yes

What data it collects: Your kid’s name, date of birth, gender, email, phone number, voice and video recordings, IP address, location, browsing history, Alexa search requests, music streaming data, video streaming data, podcast streaming data, smart home device usage, purchase history

Can you delete the data: Mozilla says it’s not clear whether you can delete the data in all locations.

How the company uses the data: Advertising, sharing data with third parties, combining information with data from third parties, improving Alexa

Mozilla says:

“With Amazon for Kids products, Amazon hopes to collect data on your child with your parental consent… They use this information on your child to, among other things, provide personalised offerings and recommendations. Yes, they’re learning about your child to target your child with more stuff they’ll want you to buy. They do say they won’t serve third-party interest-based ads when your kids are using an Amazon child profile. So that’s something.”

Verizon GizmoWatch

Screenshot: Verizon
Screenshot: Verizon

Do you love your kids but hate their privacy? We’ve got the perfect idea. This gift, a watch, comes from a mobile phone company, complete with its very own cellular service plan. The Verizon GizmoWatch is aimed at kids who children who aren’t old enough to have their own phone. But, apparently, you’ve never too young to send data to corporate servers.

The GizmoWatch lets you spy on your own child by tracking their GPS information. (Finally!) It also lets you set up a contact list of 10 people your kid can text and call, along with other features including a step tracker, reminders, and push notifications parents can send to the watch remotely.

All of that is particularly concerning because, as Mozilla points out, Verizon has a bad privacy track record which includes breaking explicit promises about what it will and won’t do with you data.

Cameras: Yes

Microphones: Yes

Location tracking: Yes

What data it collects: Kid’s name, age gender, phone number, email, audio and video recordings, locaiton data, phone call metadata, step tracking information, contacts

Can you delete the data: Mozilla says it’s unclear whether kids’ data can be deleted.

How the company uses the data: Selling data, sharing data with third parties, combing with data from third parties

Mozilla says:

“They do also say they can share this personal information with service providers but promise to not allow any of that personal information to be used “for behavioural advertising, to compile profiles, or any other purpose.” That sounds pretty OK. Except, Verizon has been caught in the past collecting or using personal information in ways they said they wouldn’t, so you have to trust Verizon and their service providers and business affiliates to protect and respect you and your child’s personal information. Which might be OK. It also might not be, so please be aware of that.”

Eufy Security Cameras

Screenshot: Eufy
Screenshot: Eufy

Just picture it. You’re sitting around the living passing gifts around. A family member picks up a box, hungrily tears open the wrapping paper, and looks up at you smiling. “It’s a security camera. Just what I always wanted!”

Before you head over to Eufy to make this holiday dream come true, you should be aware that the company has, surprise, some privacy issues to know about. Ironically for a product with security in the name, it has some digital security issues as well.

Cameras: Yes, obviously

Microphones: Yes

Location tracking: Yes

What data it collects: Name, email, gender, biometric information including facial recognition data, location data, voice and video recordings

Can you delete the data: Mozilla says it’s not clear whether you can delete the data in all locations.

How the company uses the data: Advertising, sharing data with third parties, combining with data from third parties

Mozilla says:

“Eufy has also had some significant security vulnerabilities. In June 2022, security experts found three security vulnerabilities in Eufy’s Homebase 2 video storage and management device that could have allowed hackers to take control of the hub, control it remotely, or steal video footage. Eufy/Anker developed fixes for these security vulnerabilities and released them to users in a timely manner. And in May 2021, Eufy was forced to apologise for a bug that exposed the camera feeds of 712 users to strangers. Eufy said the glitch happened during a software update and “users were able to access video feeds from other users’ cameras.” Eufy said in a statement the glitch was fixed an hour after it was discovered.

Nintendo Switch

Et tu, Nintendo? (Photo: Andrew Liszewski/Gizmodo)
Et tu, Nintendo? (Photo: Andrew Liszewski/Gizmodo)

The Switch’s popularity continues to soar years after the gaming console’s release. The games are great, the switching gimmick is still fun after all this time, and it’s one of the cheaper game systems on the market from a major company.

Unfortunately, Mozilla says it’s worried about recent changes to the device’s privacy policy. That’s a shame, as Nintendo is a company that’s historically been above average when it comes to privacy practices.

Cameras: Yes (Technically. There’s an infrared camera in the controller.)

Microphones: No

Location tracking: Yes

What data it collects: Name, age, gender, birthday, email, phone number, location data, health information, advertising ID numbers, data about your gaming

Can you delete the data: Mozilla says it’s not clear whether you can delete the data in all locations.

How the company uses the data: Advertising, sharing data with third parties, combining with data from third parties

Mozilla says:

“Nintendo also says they can ‘receive information about you from other sources, including from other users of our services, and third-party services and organisations.’ This worries us a bit because they say they can take this information they receive from third party sources and combine it with information they have about you and build an even bigger profile on you. And they say they can use that information to do things like offer you customised content, provide you with tailored advertising, and send you promotional materials from them or their affiliates and business partners (which could be a pretty good number of companies). So, Nintendo collects a good deal of personal information and says they can use and share that with third parties for targeted, interest-based advertising. None of this is great.

Nintendo also says they can aggregate or de-identify the personal information they collect on you and then that new de-identified data is no longer subject to their privacy policy and they can do pretty much whatever they want with it.”