Ursula Page/Shutterstock
An elf on the shelf watching you might be the least of your concerns this holiday season.
With the increasing prevalence of smart-home tech, it’s easy to get caught up in the novelty of it all. You can start your coffee maker from your phone! You can ask your speaker to order groceries! You can build a do-it-yourself surveillance state in your own home and record every corner of your house with wall-mounted cameras — and watch them on your phone!
You might be rushing to the shelves to get your loved ones one of these futuristic gadgets, but not surprisingly, it turns out internet-based tech isn’t always so safe. In fact, it’s often quite the opposite — internet-of-things gadgets leave you vulnerable to digital attacks.
Mozilla, the creator of the popular web browser Firefox, created a 2018 holiday tech gift guide ranked solely by how creepy certain items are. Mozilla’s team broke down each gadget’s level of security — including whether it uses encryption, if it shares information with third parties, whether it can spy on you, and if its privacy policy is easily-understandable.
Then, Mozilla asked users to rank each item on a scale of “not creepy” to “super creepy,” and asked whether they were likely to buy the product. The results range from gadgets like game consoles, which users didn’t think were very creepy and felt likely to buy, to a shady baby monitor with a default password of “123” that users thought was “super creepy” and weren’t likely to buy.
Mozilla
In no particular order, here are the top-10 creepiest internet-based gadgets on sale for the holiday season that you might want to avoid:
10. Petzi Treat Cam
This camera lets users talk to their pets and give them treats when they aren’t home. Mozilla said the device is pretty solid when it comes to basic security features like encryption and third-party sharing, but 36% of users felt it was “super creepy,” and 74% said they were unlikely to buy it.
9. Furbo Dog Camera
It seems like people really don’t like cameras that constantly stream video of their pets. Mozilla’s only knock on this product was the fact that it shares information with third parties for unexpected reasons.
Regardless, 44% of users found the device “super creepy’ and 81% said they probably wouldn’t buy it.
8. DJI Spark Selfie Drone
At first, it might not seem like a drone could be that big of a security risk. However, DJI drones are so prone to attack that the US military banned them for military use.
Mozilla says DJI’s Spark Selfie Drone doesn’t use encryption, has a privacy policy written at a grade 17 level, shares your information with third parties for unexpected reasons, doesn’t require users to change the default password, and doesn’t have parental controls.
37% of users found this drone to be “super creepy,” while 66% said they weren’t likely to buy it.
7. Dobby Pocket Drone
Good things come in pairs, and apparently so do creepy tech gadgets. Just as two pet cameras found their way on the top-10 list, so did two drones.
The Dobby Pocket Drone is a pocket-sized drone that serves as a smaller and more affordable alternative to more premium drones. However, it’s also kind of creepy.
Mozilla wasn’t able to determine any of the security features on its criteria list, except for the fact that a password isn’t required for use. So in theory it could be perfectly safe, but the fact that its security functions aren’t clearly laid out is concerning.
45% of users found the drone “super creepy,” and 88% said they weren’t likely to buy one.
6. Google Home
Hollis Johnson/Business Insider
Although it seems like smart speakers are becoming pretty common, apparently not everyone is onboard with them. Google’s smart speaker, Home, uses Google’s Assistant to perform just about any function a smart speaker can perform. Mozilla knocked the Home for requiring a grade 14 reading level to understand the privacy policy, and for sharing your information with third parties for unexpected reasons.
47% of users found the Google Home to be “super creepy,” and 47% said they probably wouldn’t buy one.
5. CogniToys Dino
This toy dinosaur is somewhat like a watered down smart assistant for kids. It doesn’t have a screen, and instead of performing tasks like turning on your lights or reading the weather, it answers your kids’ questions. CogniToys says the Dino “talks, listens, learns and laughs alongside kids.” and can even lead them through a guided meditation.
Mozilla didn’t find any major security flaws with the device, besides the fact that it requires a grade 14 reading level to understand the privacy policy. A 2017 security audit found that some unencrypted information could be transmitted from the device, however.
44% of respondents said the Dino is “super creepy,” and 89% said they probably wouldn’t buy one.
4. Amazon Echo and Echo Dot
No smart speaker is safe when it comes to being labeled as creepy.
Amazon’s Echo and Echo Dot are next up on the list. Mozilla says the privacy policy requires a grade 14 reading level, shares your information with third parties for unexpected reasons, and doesn’t delete the data it stores on you.
54% of users said the Echo is “super creepy,” and 72% said they weren’t likely to buy one.
3. Amazon Echo Show and Spot
Poor Alexa can’t catch a break. Mozilla had the same concerns with these Echo devices as with the previous pair.
59% of users said they find the screen-based Echo devices “super creepy” and 79% said they probably wouldn’t get one.
2. Amazon Cloud Cam
Mozilla had the same security concerns with this Amazon security camera as with the previous two. It can detect motion, record at night, and notify you via mobile phone if someone is breaking into your house.
56% of users said the always-watching Amazon camera was “super creepy,” while 87% said they probably wouldn’t get one.
1. FREDI Baby Monitor
The other items on this list weren’t in any real particular order, but this is definitely the creepiest gadget listed and deserves the No. 1 spot.
The FREDI Baby Monitor might seem innocent enough at first. It’s a nice way to keep track of your children when you can’t physically be in the room, and you can access a live feed on your phone.
However, this is probably not a device you want in your home. These types of baby monitors are incredibly vulnerable to attack. Mozilla says the monitor doesn’t use encryption, has a default password of “123” that doesn’t require a change, there aren’t any automatic security updates, and the company doesn’t manage security vulnerabilities.
Hackers have been able to gain access to these FREDI cameras and watch people in their homes, which is a feature you probably don’t want in a baby monitor.
Needless to say, 81% of users found this camera “super creepy,” and 95% said they probably wouldn’t buy one.