Not all of the products examined were bad, and Mozilla found that about 22 did a good job of protecting user privacy by not collecting, selling, or sharing data. These devices ranged from the iRobot Roomba to the Garmin Venu and Apple Homepod Mini. The researchers sought to figure out whether items had cameras, microphones or location tracking features as well as any other tools that collected data on users. Mozilla also examined whether devices used encryption or forced users to have strong passwords. “We also found that consumers continue to shoulder way too much of the responsibility to protect their own privacy and security. Consumers are asked to read complicated documents scattered across multiple websites to even begin to understand how their data is being used,” Caltrider said. “Smart exercise equipment stood out as especially problematic. Consumers buy equipment like a Peloton bike or a NordicTrack treadmill to work out in the privacy of their own homes. Unfortunately, there seems to be little privacy with these devices.” Apple was commended by the researchers because it does not share or sell any of the data it collects, while Garmin’s fitness watches protect users’ personal data. The Sonos One SL speaker was also praised for being built without a microphone. Mozilla leveled harsh criticism at home exercise equipment companies like Peloton, NordicTrack, Tonal, and SoulCycle, all of which collect extraordinary amounts of personal information and routinely sell it as a way to make money. “The NordicTrack Treadmill is especially problematic: They can sell your data, call or text your phone number even if you’re on a do-not-call list, and may collect data from data brokers to target you with ads,” Mozilla said. The report notes that because of privacy laws passed in California, many companies have added sections specifically governing those that live in the state. But many companies have no privacy policy at all or make it difficult to find and hard to read.
