Toying with privacy
From talking dolls to miniature versions of Mom and Dad’s cell phones, tablets, and smart watches, store shelves are piled high this season with the latest versions of internet connected toys.
As digital technologies advance, more connected toys will come onto the marketplace. Some will offer a tremendous amount of fun for your family, while others could pose a potential risk to your child’s privacy.
Just a few weeks ago, toy giant VTech made news when they revealed a data breach affecting more than 10 million user accounts, including more than 6.3 million children’s profiles. Customers in Canada, the U.S., the UK, Australia, Hong Kong, and many European countries were affected by the hack. A post on VTech’s website indicated that in Canada alone, the personal data of 316,482 children and 237,949 adults was compromised.
The company said in a press release that the hack targeted its app store, “Learning Lodge,” where customer names, email addresses, passwords, password reset questions and answers, IP addresses, and mailing addresses were stored, along with its Kid Connect and Planet VTech databases. It exposed names, genders, and birth dates from children’s profiles. VTech also said in a public statement that it is investigating whether or not the hacker stole photos, chats, and audio files of children and their parents. This office is aware of the potential impact of this breach on British Columbians and is monitoring the situation.
Another popular toy, Mattel’s Hello Barbie, is also raising data security concerns. When the doll’s belt buckle is held down, everything your child says to Barbie is transmitted to a cloud-based companion app. There, the comments are processed while her necklace glows to indicate that she’s listening. Then Barbie starts to talk back to your child, for up to an hour at a time. The manufacturer makes the conversations available to parents through a password-protected site, and says that these conversations can be erased at any time.
Aside from the fact that your child’s conversations with a doll are being recorded and stored by a toy manufacturer, privacy experts are warning that hackers could turn the talking toy into a device that could eavesdrop on a family’s conversations. That’s exactly what happened earlier this year when an American family discovered their nanny cam had been hacked. A Minnesota mother was alerted to the bizarre situation when the device in her baby’s room started to randomly emit strange music. After further investigation, she discovered that images of their baby’s crib from their nanny cam had been posted on a foreign website, along with thousands upon thousands of similar nursery photos from other users’ cameras.
Coming up next will be a talking dinosaur from CogniToys, the first toy to be powered by IBM’s Watson supercomputer. The toy, which was funded by KickStarter and is still under development, sounds like a bit like a kid’s version of Siri, Apple’s “virtual assistant.” Set for release in early 2016, the dinosaur is being marketed as an “internet connected smart toy that learns and grows with a child.” Time will tell if the manufacturer also built sound privacy features into the dino’s design to protect the personal information of children and their families.
“Connected” toys can offer educational benefits, enhance playtime, and inspire young imaginations. Here a few online safety tips to consider if your child has a smart toy on his or her Christmas list:
Educate yourself. Go online before making the purchase and learn as much as you can about how the toy works.
Assess the risk. What personal information does the toy manufacturer want to collect from you or your child? How will they process and store this information?
Engage in your child’s activity. When the toy is for a young child, choose a strong password and change it up every few months. Play along with your child or stay nearby, especially when the toy is new to your home.
Go undercover. Consider using a pseudonym when creating an online profile for your child. This will help safeguard their personal information if a breach occurs.