Mozilla’s Naughty-or-Nice List Rates Connected Devices on Privacy and Data Security
Mozilla publishes second annual *Privacy Not Included list of connected smart-home and entertainment devices, and how they rank on privacy and cybersecurity. Enter the Creep-o-Meter.
When friends and family make their holiday wish lists, they provide parameters such as brand, model, size, shape, color, energy consumption, resolution, lumens, color temperature, and popularity.
Thankfully, the snot-nosed ingrates have a self-appointed savior in Mozilla, the Web-technology pioneer behind Firefox. The company has published its second annual list of naughty and nice products for the holiday season, judging their worthiness by the secrets they keep and the cyberthreats they suppress.
The media streamers, voice assistants, pet feeders, smart thermostats, Fitbits, gaming consoles and drones that don’t meet Mozilla’s minimum standards – or that generally creep consumers out – get dinged on the Creep-O-Meter.
Mozilla itself makes no judgment on the creepiness of any given product. It simply presents the objective data on a product's security-related features, and lets the rest of the world assign an ick factor.
The Creep-O-Meter is a silly gimmick, but the whole Mozilla exercise is a useful one, and potentially a type of service that integrators could provide, especially during the holidays, when connected gear rains down on careless, digitally naive consumers who are grateful the manufacturer randomly assigned them an easy p-a-s-s-w-o-r-d to remember.
Minimum Security Standards
- Encrypted communications
The product must use encryption for all of its network communications functions and capabilities. This ensures that all communications are not eavesdropped or modified in transit.
- Security updates
The product must support automatic updates for a reasonable period after sale, and be enabled by default. This ensures that when a vulnerability is known, the vendor can make security updates available for consumers, which are verified (using some form of cryptography) and then installed seamlessly. Updates must not make the product unavailable for an extended period.
- Strong passwords
If the product uses passwords for remote authentication, it must require that strong passwords are used, including having password strength requirements. Any non unique default passwords must also be reset as part of the device’s initial setup. This helps protect the device from vulnerability to guessable password attacks, which could result in device compromise.
- Vulnerability management
The vendor must have a system in place to manage vulnerabilities in the product. This must also include a point of contact for reporting vulnerabilities or an equivalent bug bounty program. This ensures that vendors are actively managing vulnerabilities throughout the product’s lifecycle.
- Privacy Practices
Some Creep-o-Meter Standings
In early rounds of consumer evaluations, there seems to be no discernible pattern on the level of ick consumers assign to certain products. Why would Amazon Echo, for example, seem creepier than Google Home (below)?
Some of the products are icky at first sight, even without reviewing Mozilla's objective privacy and data-security criteria. The Fredi baby cam? The kid in the app looks horrified -- probably by the sight of the Darth Vader plastic puppy on the dresser, pretending to be an adorable plaything. Creepy for sure, according to me ... and 81% of early voters.
In my view, the Parker Teddy Bear seems straight out of The Miscreant's Handbook, but only 27% of early reviewers ranked it super-creepy. Granted, the thing doesn't connect to the network.
In fact, it doesn't do much of anything, so it wouldn't be subject to IoT breaches. But in the hands of an ill-intentioned visitor, the floppy pile of fluff could be hacked to house a discreet camera or remote-controllable fart machine.
Here’s how some of the evaluated products are faring on Mozilla’s crowd-sourced Creep-o-Meter scale:
2019 State of the Industry Special Report - CE Pro Download
The custom electronics industry saw a healthy 8 percent growth rate in 2018, down slightly from the blazing 11 percent growth in 2017 but still admiringly strong. Our 2019 State of the Industry indicates that readers expect to see even more growth in 2019. Get your copy today.
Julie Jacobson is founding editor of CE Pro, the leading media brand for the home-technology channel. She has covered the smart-home industry since 1994, long before there was much of an Internet, let alone an Internet of things. Currently she studies, speaks, writes and rabble-rouses in the areas of home automation, security, networked A/V, wellness-related technology, biophilic design, and the business of home technology. Julie majored in Economics at the University of Michigan, spent a year abroad at Cambridge University, and earned an MBA from the University of Texas at Austin. She is a recipient of the annual CTA TechHome Leadership Award, and a CEDIA Fellows honoree. A washed-up Ultimate Frisbee player, Julie currently resides in San Antonio, Texas and sometimes St. Paul, Minn. Follow on Twitter: @juliejacobson Email Julie at email@example.com
Control & AutomationProduct Briefs: HTA Calculator; Onkyo, Pioneer Firmware; KanexPro, DTV GameControl; Luxul Firmware
Control4 Remains Dedicated to Customers and Dealers, Wins 10 Quest for Quality Awards
ISC West 2019: Security Show Made Me Go Hmmm
HTSA Moves Bar Higher in Lighting Fixture Biz Dev
SnapAV’s Big ISC Surprise: Self-Contained Security, Home Automation System With OvrC
View more on Control & Automation