Do you have a ‘smart’ device in your home? If you think the answer is ‘no’, then you are almost certainly mistaken.
Smart devices have slowly taken over, whether we realise it or not — from printers and speakers to fridges and televisions. And all of them might be ‘spying’ on us.
The idea of ‘smart homes’ is that every major appliance in the house can be connected to the internet, and, in turn, to your smartphone.
This transforms your phone into a remote control for your home, even when you are out.
Turn the dishwasher on while you walk the dog; brew a cup of tea as you brush your teeth (with a smart toothbrush which will tell you if you’ve cleaned your upper molars for long enough); look inside the fridge even when you’re in the supermarket. There is hardly a device or gadget that cannot be rendered ‘smart’.
Smart devices have slowly taken over, whether we realise it or not — from printers and speakers to fridges and televisions. And all of them might be ‘spying’ on us
But what we gain in convenience, we may be losing in privacy.
The advent of smart devices means we are constantly placing personal data into the hands of some of the world’s biggest manufacturers: our photo albums, address books, precise location, even intimate details about our health and our sex life.
All of it is being harvested via once-innocuous appliances such as washing machines, ovens and televisions.
Last month, consumer organisation Which? highlighted the problem in an eye-opening report that asked ‘Why are our smart homes spying on us?’.
Indeed. And how are they doing it?
There are two main methods. First, many appliances may not have a camera or microphone to spy on you, but do have trackers — software — that can send data about how you use it to the manufacturer.
What does the manufacturer do with the data? They could sell it to advertising companies, notably Google, Meta (the parent company of Facebook) and TikTok.
More worryingly, many manufacturers also insist you connect your appliance to a related phone app.
‘Potentially, then your phone becomes a stepping stone to giving away other stuff like contact information [from your address book] to the manufacturer,’ says David Emm, senior security researcher at cyber security firm Kaspersky Lab.
You will often be asked to grant the app privacy permissions, and most people do not read the full details; some apps automatically access personal details, such as your name, email and location, as a default.
Many car manufacturers even seem to collect details of your sex life, a detail buried deep within their privacy policies. As soon as you hook up your phone to your car, for example, it can download your entire address book, and often your text messages, too.
Car makers can theoretically see what you’ve been looking at online and what your onboard cameras are recording. Parked outside the GP surgery for half an hour? Your car knows you’re seeing the doctor.
‘I think it’s a massive abuse of trust,’ says Tony Smith, chief technology officer at Rightly, a company that helps consumers gain more control over their personal data.
So which devices should you be wary of, and what information are they gathering?
Car
Most cars are now computers on wheels. It’s great when you need to know your tyre pressure, but terrible for privacy.
The Mozilla Foundation, which champions internet privacy and investigated auto firms, said: ‘Modern cars are a privacy nightmare…They can collect super-intimate information about you — from your medical information, your genetic information, to your sex life, to how fast you drive, where you drive and what songs you play in your car — in huge quantities.’
They do this by accessing your phone, which you have to ‘pair’ with the car to play music or use your phone as a key fob, allowing you to unlock the car or locate it when necessary.
Connected: Many modern cars record personal data by accessing your phone, which you have to ‘pair’ with the car to play music
Once they have accessed your phone, they can examine your health tracking apps and other personal information, like texts.
All of the 25 car brands Mozilla probed scored poorly. The worst was Tesla. This year it emerged that Tesla employees had shared videos recorded by cameras in customers’ cars.
Nextt came Nissan, whose privacy policy includes collecting data on your ‘sexual activity’.
Kia also states that it can collect information about your ‘sex life or sexual orientation information’ in their privacy policy. How do they that?
‘We’re not sure — which makes it even more problematic,’ state the Mozilla researchers, who say Kia and Nissan have not commented on the issue.
Once your phone is linked to the car, and you have given permission to the car company to access your data, it could, in theory, trawl through your health apps or dating apps to find out more about your sex life. But we don’t know if they have ever done this.
Six car firms say they can collect your ‘genetic information’.
Sleep tracker
Fitness trackers are increasingly common, not just to monitor people’s steps and heart rate while exercising, but also their sleep during the night, their stress levels and their menstrual cycles.
Xiaomi, a Chinese company, makes one called a Smart Band, which is well regarded and fairly cheap. Some models cost as little as £35.
However, researchers at the Mozilla Foundation have concerns over what data Xaomi is handing over to third parties.
Though Xiaomi stresses it only shares information where it is legal and legitimate, Mozilla concludes: ‘This device collects a lot of personal information and we can’t exactly tell where all that personal information is going in the confusing world of privacy policies we reviewed.’
Doorbell
Smart doorbells allow you to see and talk to anyone at your door — even when you are in another country — via an app on your phone that connects to a camera and microphone on the doorbell.
Ring, owned by Amazon, is the most successful smart doorbell on the market and says ‘your privacy is our priority’.
Fine: Doorbell manufacturer Ring gave ‘every employee — as well as hundreds of Ukraine-based third-party contractors — full access to every customer video
However, this year it was fined $5.8 million (£4.6 million) after the U.S.-based Federal Trade Commission found Ring gave ‘every employee — as well as hundreds of Ukraine-based third-party contractors — full access to every customer video, regardless of whether the employee or contractor actually needed that access to perform his or her job function.’
Ring insists it has beefed up its security since then and denies breaking the law.
Security camera
Modern ‘smart’ security cameras make it possible to monitor suspicious activities outside your home — via your mobile phone.
Which? highlighted how some major manufacturers require you to provide not just your name and email to register the device, but also your date of birth and precise location.
Ezviz is a Chinese brand owned by Hikvision, itself partly controlled by the Chinese state.
Last year, the UK government banned Hikvision CCTV cameras from sensitive public sites over fears that footage could be accessed by the Chinese authorities.
Which? found that it shared data with a large number of companies, notably Pangle (TikTok’s business marketing unit), Huawei, the Chinese phone maker, as well as Google and Meta, the parent company of Facebook.
Television
Most TVs are ‘smart’ — and stream BBC iPlayer, Netflix or Disney+ shows from the internet.
But they gather data, too. Using Automatic Content Recognition, TV makers monitor what you watch and sell the information to advertisers to target their ads.
Most TVs let you opt out, but LG, Samsung and Sony add it to an ‘accept all’ in the privacy policy.
Amazon Echo smart speaker
Voice-activated smart speakers, such as Amazon Echo, Google Nest, Bose or Sonos play radio and music, set timers and turn on lights.
But they have to be always listening to hear commands, so do they monitor conversations to profile you? Amazon insists not and says it doesn’t sell data on.
Baby monitor
Baby monitors used to be simple: they sent any crying noise to parents via a radio frequency.
Now, most monitors run over wi-fi, allowing you to capture the room’s temperature and include video — letting you receive the footage on your phone, even when you are not in the house.
Video feed: Most baby monitors run over wi-fi, allowing you to capture the room’s temperature and include video — letting you receive the footage on your phone
Some even include a ‘sock’ that wraps around the baby’s ankle to measure heart beat, oxygen levels and sleep patterns.
Most manufacturers process and store huge amounts of your child’s data. Take Cuboai, a top-rated monitor, which in its privacy policy says it uses AI technology to work out if a child is in danger — for instance, if their face is covered.
‘Therefore, to enhance the performance of our service… we collect, process, and utilise the voice recordings, photos, images, and other personal data of children (under the age of 12) using our products.’
Washing machine
Most modern washing machines want you to pair the appliance with the manufacturer’s app on your phone. This, they say, is to optimise the smooth running of the machine.
But it means handing over information about yourself. Hoover, for instance, will not allow use of the app without knowing when customers were born, and — if you are using an Android phone — it wants access to your phone’s address book, according to Which?.
It also wants your location, claiming it needs this information for ‘weather forecast for optimal planning of laundry cycles’.
Oven
Bosch boasts that its Series 8 accent line sensor oven is AI-powered.
The days of having to poke a cake with a skewer to find out if it is perfectly baked are over. Now cameras inside the oven, and technology connected to the HomeConnect app, mean the oven will ping you a message when it’s done.
But in return, you have to give up lots of data —including your location, video and image data.
Fridge
Some smart fridges have a digital screen on the door, from which you can message your kids when you are at work, telling them what’s for tea. Some include internal cameras so you can see on your phone — when at the supermarket — if you have run out of milk.
LG has an app called ThinQ, which connects various LG appliances to a voice-activated speaker such as Alexa or Google Nest, meaning you can demand the fridge make more ice by just shouting across the room.
By downloading ThinQ you agree to LG collecting your name, location, your voice and profile picture.
Its privacy policy states it shares data with third parties including Google: ‘We may collect personal information about your online activities on websites and connected devices over time and across third-party websites, devices, apps and other online features and services,’ says LG.
Like many such policies, the wording is broad and vague, covering almost everything you do online, meaning you’re giving a fridge manufacturer the right to harvest huge amounts of personal data.
Some links in this article may be affiliate links. If you click on them we may earn a small commission. That helps us fund This Is Money, and keep it free to use. We do not write articles to promote products. We do not allow any commercial relationship to affect our editorial independence.