Sunday, December 17, 2017

This Xmas be prepared for the Internet of Toys (IoToY) that collect data on your kids

This Xmas no doubt many children will be given toys that are connected to the Internet. Many of the toys not only connect to the Internet but collect data about your children.

The Internet of Toys (IoToY)
The acronym IoToY should be a good companion for the already ubiquitous IoT the Internet of Things that is used to refer to all those things that are connected to the Internet.
Among those toys connected to the Internet are Mattel's Hello Barbie. The doll is able to carry on a simple conversation with a child and can remember the owner's likes and dislikes.
Toy Talk
A company called Toy Talk provides both the voice recognition software and processing for all the data it receives both for Hello Barbie and the DreamHouse Companion apps. Its privacy policy is explained here.
The data that users of Hello Barbie provide stays on Toy Talks servers and the company can access it whenever it pleases. It can share the information with third parties as well, including vendors who help maintain the technology.
Many people may not be bothered that Toy Talk collects this information. Some may even think that it is a good idea since it could help improve the product.
Others however may be concerned about the lack of privacy when a child talks to the toy. There also may be concern that the information on Toy Talks' servers may be hacked.
Once the data is out there on the Internet, it can be spread far and wide
Opting out of data collection
In many cases it may be difficult if not impossible to opt out of data collection by websites. A recent article about a pregnant woman who tried to keep her pregnancy secret from data collectors covers some of the problems.
There are a number of add-ons to browsers that can help stop some data collection or use. One is optout.aboutads. Another deals with Google Analytics.
Parental permission required for toy companies to start collecting data
Fortunately parental permission is required for companies to collect data from these connected toys, usually through an accompanying smartphone app.
Parents should read carefully the privacy policies of the company to see what data the company keeps, whether they share it and where it is stored.
Why are so many IoToYs not adequately secured?
Mainly it is just a matter of the amount of money required to hire a qualified team to do the necessary work.
The company CloudPets included in its line of products internet connected teddy bears. It stored user credentials in a database that was not even secured by a password or behind a firewall. It was discovered by security researchers rather than hackers fortunately.
The parent company of Cloud Pets is in financial difficulties with share prices at about a half cent each. The company did not even reply to comments on their security problem by researchers.
If makers of IoToYs spend considerable money on making their toys secure they may price themselves out of a market where other makers with less security features in their toys are able to sell much cheaper because their cost is much lower.


No comments:

US will bank Tik Tok unless it sells off its US operations

  US Treasury Secretary Steven Mnuchin said during a CNBC interview that the Trump administration has decided that the Chinese internet app ...