For many, “online shopping” is interchangeable with “visiting Amazon.” The platform’s wide selection, deep discounts, and seemingly-telepathic recommendation engine are largely unmatched. So it’s little surprise that Amazon has its own pseudo-holiday: “Prime Day,” that secular, two-day span of deals on July 15 and 16.
I’m an Amazon user myself — recent purchases include a yoga mat, a refrigerator filter, and a children’s book. But I’m also a privacy advocate. And so I approach Prime Day with a certain wariness, and encourage others to do the same.
Among Amazon’s most popular products are connected devices — toys, watches, speakers, and other gadgets that communicate with the internet. Some of these products are made by Amazon, but most of them are made by third-parties who simply use Amazon as a storefront. Many of these products gather intimate information about us: what we say, where we go, what we search for. Some of the companies behind these products keep that data safe, but others are less scrupulous, and sell it or use it in ways we wouldn’t expect.
Surprisingly, privacy policies for many of these connected products are difficult to decipher or find, if they even exist at all. So there’s no practical way to determine how exactly this baby monitor, or this smart watch, or this thermostat is handling your data.
By now, most of us know that what was once the stuff of dystopian science fiction is very much reality: we need to worry about the corporate spy in our kitchen. In addition to getting the product we thought we were buying, we’re taking on risks related to privacy and security. We’re being profiled, tracked, and targeted based on the information we’re giving up to get products that are subsidized by our data.
Further, consumers have no clear insight into whether or not the product is insecure. Does that baby monitor use encryption? Is the password that came with that thermostat unique, or universal to all models? This isn’t an abstract concern: these devices are also vulnerable to hackers. Take the Nest camera. In January, a Bay Area woman was told nuclear weapons were on their way to Los Angeles, Chicago and Ohio. The source of the frightening rumor? Her Nest camera, which was taken over by a malevolent hacker.
So what to do when browsing a digital storefront with potentially insecure products? Here are some tips:
When shopping, skip products that don’t have privacy policies — that’s a major red flag. Further, don’t settle on a product just because it does have a policy. Even if it exists, its privacy and security features could be terrible. Instead, ensure the product uses encryption; the company provides automatic security updates; the product requires strong passwords; and the company has a way to manage security vulnerabilities.
To make it easy to find privacy-minded products, Mozilla has put together our *Privacy Not Included shopping guide. It doesn’t cover every product, but it gives you an idea of what to look for when you’re seeking your next gadget.
Also: Watch out for apps. Many connected devices rely on apps on your smartphone to control it. The apps often ask to use the phone’s camera, microphone, or location tracking. Monitor that carefully, as some of the permissions the apps ask for might surprise you.
When you’re done shopping, think about clearing your site data. The average person sees an average of 4,000 ads a day. Browsers like Firefox make it easy to clear your browsing history which will limit the ability of advertisers to target you (and, Firefox blocks third party cookies by default as well).
While we wait for laws to catch up with the largely unregulated connected landscapes that exist today, you can take action and join the growing chorus of users demanding that tech be better.
A big part of freedom is having autonomy and control over our lives. When our devices spy on us, part of that freedom is compromised. Don’t let them get away with it — on Prime Day or any other day. No discount is worth it.