How To Keep Your Internet-Connected Device From Spying On You 

How To Keep Your Internet-Connected Device From Spying On You 

A typically geeky holiday might sound something like this: You wake up on the morning of December 25, run down to your Christmas tree, unwrap everything in a frenzy, plug in all your long-awaited gadgets, connect them to your wifi, and speed past the installation screens (or manuals) to start having all kinds of fun.

What’s the problem? In your frenzy to try out all of your brand-new devices, you haven’t spent the time to fully understand what they’re up to. What data are they collecting? What data are they sending somewhere else? What privacy issues might you face months later?

If this sounds far-fetched, think of the hundreds of thousands of homes that unwrapped a CloudPets connected teddy bear back in 2016. One poorly secured online database later, and more than two million messages left for the cuddly stuffed animal—as well as 800,000 customer emails and passwords—sat in an unprotected database for anyone to play with.

Before you fire up that wifi dinosaur or tiny robot, consider this excellent holiday advice from The Guardian’s Alex Hern:

“Some gifts aren’t salvageable. Your tech-obsessed brother may have thought the Fisher Price teddy bear with a camera in its nose was cute for your new baby, but, before the company fixed a breach, it allowed hackers to steal children’s names, birthdates and genders, along with other data. You would be best off pulling the batteries out and using it as a simple soft toy.”

I’ll go one step further. When you’re buying a connected toy or gadget, think about what it collects from you, how it stores that information and, most importantly, the track record of the company that now has a copy of everything you’ve done with your new toy.

You can’t predict data breaches—a startup might be better about keeping your data safe than an established company, or vice versa. You can, however, make an honest evaluation of a company’s capabilities: What’s its data retention policy? How do you delete data your connected toy has collected? Is the company storing your data locally on your toy or on the cloud? How do you delete your account entirely, once you’re tired of playing with whatever you purchased? How do you secure your account? Can you make a strong password? Is two-factor authentication available?

Before you give a new company a window into your private life, you need to vet it. If you need a little help, Mozilla has a great privacy-focused database worth exploring, and you can read over the U.S. PIRG Education Fund’s “Trouble in Toyland” 2018 report for some general insight.

When in doubt, remember the golden rule of data security: You can lie to your toys. Don’t give it your child’s real name or birthday. Don’t set it up with your regular email address. Use a unique password. (Always use a unique password.) Pick a phony address. Don’t give a toy a picture of you or your kids.

But not every gift under your tree is going to be a connected toy. You might get a mainstream device, like a smart speaker, a new smartphone, a smartwatch, a smart something from an established company like Google, Amazon, Facebook, etc. Just because you’re familiar with an object, or know a lot about the company, doesn’t mean that you should let the device do whatever it wants with you and your data. As Hern explains:

“So don’t just accept the default settings when you first turn on your smart humidifier. Take a second, or five, to look into the settings of your new devices, and see how much control they give you. You will almost certainly be able to put tighter controls on how your data is used (do you really want personalised adverts?) and you may find ways to improve the user experience as well.”

We’ve covered data privacy tips for all of the major platforms: Android, iOS, Windows, and macOS; as well as various major “smart” products and the companies you frequently interact with, like Google, Facebook, Apple—even Reddit.

While it will always take you a little time to go through all of a device or service’s privacy settings, it’s time well spent. Put it off because you’re more interested in playing with your new gadget, and you’ll probably forget about everything you can (and should) do to lock it down. Keeping companies from taking advantage of you is the best holiday gift you can give yourself, even if it’s not as much fun as a pair of PhD socks.


The Cheapest NBN 50 Plans

Here are the cheapest plans available for Australia’s most popular NBN speed tier.

At Lifehacker, we independently select and write about stuff we love and think you'll like too. We have affiliate and advertising partnerships, which means we may collect a share of sales or other compensation from the links on this page. BTW – prices are accurate and items in stock at the time of posting.

Comments