Americans are expected to spend $3.8 billion on Amazon's Echo Dot, Google's Home and other smart home devices this holiday season. And that figure doesn't include the even wider market of other Internet-connected devices.
But as consumers develop an increasing appetite for the convenience and connectivity attached to these smart devices, cybersecurity experts are warning about the costs that can come with staying plugged in. They caution that many of the companies that make smart devices often carry convoluted privacy policies — if they prioritize user privacy at all.
The Mozilla Foundation, the nonprofit behind the Firefox search browser, is encouraging consumers to consider security and privacy in their purchases as much as performance or price. Mozilla just rolled out its second annual "Privacy Not Included" guide, which now includes reviews for 70 Internet-connected devices.
"Mozilla developed this gift guide to help people make informed decisions about privacy and security this holiday season," Mozilla's vice president of advocacy, Ashley Boyd, tells NPR's Scott Simon.
From baby monitors to drones, the guide invites consumers to score products on a privacy scale that slides from "Not Creepy!" to "Super Creepy!"
"It's not just an issue of being creepy," Boyd says. "There's a real safety concern that we're wanting to address and make folks aware of."
To name one example, some people may not be aware that their location is being shared from their devices. "There are some real significant safety concerns for many populations about revealing location," Boyd says. Domestic abusers, for example, have used spyware and internal GPS to stalk their victims through their smartphones or their data-grabbing apps.
Boyd says there is a growing need for the kind of transparency Mozilla hopes to offer. She said this year's Cambridge Analytica scandal, when up to 87 million Facebook users had their data compromised, was "a good example of people doing one thing online and it turning into something entirely what they did not expect and something entirely different."
That high-profile unmasking of online vulnerabilities has driven more people to examine their digital footprint and seek transparency, she says. "We're seeing people change their behavior online and wanting more information."
As part of the guide's grading rubric, Mozilla answered questions such as: "Can it spy on me?" and "What does it know about me?" The foundation added two new questions this year: "Can I control it?" and "Does the company show it cares about consumers?"
As demand for consumer security information swells, Boyd hopes companies take note. "Wouldn't it be great if we have something like a nutrition label? What information it collects and what security features it has?" she asks.
"We think that's possible. And we're showing that consumers care about this information. We think companies can do better."
NPR's Sarah Handel and Caitlyn Kim produced and edited this story for broadcast.
You won’t find a paywall here. Come as often as you like — we’re not counting. You’ve found a like-minded tribe that cherishes what a free press stands for. If you can spend another couple of minutes making a pledge of as little as $5, you’ll feel like a superhero defending democracy for less than the cost of a month of Netflix.