Amazon, Facebook, and Peloton top Mozilla's list of privacy poor gifts

You might want to rethink that Ring camera you were going to give your mom.

WASHINGTON, DC - MARCH 12: Amazon Echo devices are seen displayed at the new Amazon Books store in G...
The Washington Post/The Washington Post/Getty Images

Mozilla’s research team has released a sort of reverse holiday gift guide, filled with recommendations not for products to buy but, instead, for ones to stay away from. The companies topping the list are pretty much exactly the ones you’d expect.

The annual “privacy not included” gift guide is meant to help keep shoppers and gift-receivers safe while they’re considering gift options for the holiday season. As Mozilla notes, most tech companies prefer obfuscation to transparency when it comes to their privacy protection measures. You might end up buying your spouse or parent a device that’s spying on them 24/7 — not a great look, even if the tech itself is helpful.

Topping the list: Amazon’s Echo and Ring devices, Peloton’s exercise equipment, and Facebook’s Portal and Oculus Quest 2. Mozilla has also included a number of apps on its list, such as Grindr and Tinder.

Mozilla hasn’t had time to review the privacy options on every single piece of tech available right now, so the company recommends using its findings as a general guide to which brands to consider or avoid. Amazon’s Echo devices all have similar privacy options, for example.

The worst of the worst — Quite a few companies have multiple devices represented on this year’s list, but Amazon edges out the competition with a stunning 15 entries. Many of these are Echo devices, like the Echo Dot Kids Edition, which Mozilla reminds readers will target children with personalized recommendations and generally track their habits. Or Ring’s Always Home Cam, which is generally creepy and can maybe report your activities to the police.

Peloton’s Tread and Bike are both included in the list, and not just because the Tread was literally maiming children. Researchers found a huge API flaw that allowed anyone at all to request account data from other users, including age, gender, location, weight, and workout statistics. Other exercise equipment, like NordicTrack’s Treadmill, has been included on the list for having truly miserable privacy policies too because it will sell your data and forces users to agree to be contacted for marketing purposes even if they’ve requested to be on a do-not-call list. Yikes.

Facebook’s Portal gets a few mentions, mostly for the ways in which freshly rebranded parent company Meta just generally collects overwhelming amounts of user data. The same goes for another of its products, the Oculus Quest 2.

Shop wisely this year — Mozilla’s research division has long worked to make the tech world a safer place for consumers, and the Privacy Not Included guide is a genuinely helpful addition to this mission. The guide’s specifics are in-depth and could really help some people think twice before gifting an Echo device or connected treadmill this year.

The very existence of the guide — even if it isn’t read cover-to-cover — is also educational. That Mozilla, an internet company with a fair amount of clout, would spend so much time researching this illustrates just how tricky the balance between privacy and smart features has become.

It’s clear, from the wide variety of devices Mozilla warns against, that we’re in dire need of overwhelming privacy policy change from higher governing powers. In the meantime, we’ll just have to keep sounding the alarm.