The gift-giving season is nigh, along with all the “Black Friday” sales. So it’s once again time for my annual gift guide for products you should consider or avoid if you care about security and privacy.
Companies are scrambling to make all of our devices “smart”. The first push was connecting everything to the internet, creating the Internet of Things. The next wave is adding “AI” to everything. While many of these fancy features are quite handy, they have opened us up to pretty nasty security vulnerabilities. Furthermore, many of these devices (and the apps you use to control them) are mining and monetizing your data. You can take steps to protect yourself and your network, but it’s not easy. And I’m actually worried that in the near future, it will be almost impossible. We need privacy regulations to protect our data and regulators need to hold companies accountable for security negligence. In the meantime, we can spend money on products that are most secure and services that respect our privacy. This supports the companies that are doing the right things and incentives the rest to follow suit.
Conversely, you should generally avoid buying cheap smart devices and cell phones. Many of them have poor or non-existent security, mine and sell private data, and have horrible tech support. Spend the extra money for brand-name products from companies with reputations to maintain.
A couple more things to consider before you read on. First, just because someone already has a smart device doesn’t mean you can’t gift them a better one – one that’s more secure and doesn’t make money off your personal data. Second, you can help your loved one with the gift of your time, too – help them to secure the products they already have and protect their privacy. Finally, if you’re the one who needs help, don’t be afraid to add a request for aid on your holiday wish list. I’ve got specific ideas below.
Worst Gifts for Privacy & Security
Sadly, the list of worst gifts hasn’t changed a whole lot over the years – except that some have actually gotten worse. For a full write-up, you can look at the lists from last year and 2021. I’m going to start with some new and updated information, and then just quickly rattle off the perennial list of gifts that are bad for security and privacy.
- Modern cars. Okay, so maybe the only people who give cars as gifts are in commercials. But Mozilla recently released a hair-raising report on how much data is being collected and shared by newer cars. It’s absolutely astounding – and right now there’s very little you can do to stop it.
- The Internet of Cellular Things. Like modern cars, many newer medical devices and pricier home add-ons like solar panels and back-up batteries come with the ability to access the internet on their own – without your help or control. And the reason they do this is to collect data. Oftentimes this is harmless “telemetry” data that helps them to monitor status and even fix bugs, but you can bet that they will also be selling whatever data they can. Again, maybe these aren’t common holiday gifts, but as cellular modems get cheaper, this is going to become much more common in all “smart” devices. Be aware of this.
- Smart devices from Google, Amazon & Facebook. While generally true of any smart devices, internet-connected devices from these three companies are particularly suspect. Note that this includes devices from companies that were bought out, too: Ring, Nest, Fitbit, Waze, Blink, Eero, Roomba, Twitch, and others. I would also stay away from Facebook’s Ray-Ban Meta smart glasses, regardless of their privacy promises. I guarantee they will change, and not for your benefit.
- DNA testing kits. Companies like 23andMe and Ancestry.com sell DNA kits that can help you find lost relatives, trace your lineage, and supposedly even help you find congenital medial problems. But there’s arguably nothing more personal than your DNA – your genes are you. And there’s no getting that information back if it’s stolen or sold to a third party. (If you’ve already given your DNA to one of these companies, you can close your account and request that your data be deleted and DNA destroyed – see here or here.)
- Tracking and fitness devices. There are a ton of these things on the market now, including the horrid child monitoring device Angel Watch, Tile and Samsung tracking tags, and fitness trackers like FitBit and Halo. These types of devices are chock full of sensors, including GPS, and send their data to the cloud. Location data is extremely valuable and is often sold “anonymously” to third parties – but it can be very easy to de-anonymize this sort of data.
Again, I’ve written extensively about bad gifts and much of the advice just hasn’t changed. See previous lists for more information. See also Consumer Report’s Naughty List for detailed reviews of dozens of products.
Best Gifts for Privacy & Security
Okay, so enough about the bad gifts. Let’s get to the good ones! And remember – if your intended recipient already has one of these things, but it’s a bad one, then your gift can be to replace it with a better one that’s more secure and protects their privacy.
- Password Manager. The first thing you should do to protect your online accounts is to use a strong, unique password for each one. The human brain just cannot do this – you need a password manager. I recommend BitWarden or 1Password. (At this point, I would steer clear of LastPass.) You can buy someone a one-year subscription or include them in a family plan.
- A privacy-respecting VPN service. A virtual private network will protect your web traffic from your internet service provider (ISP). When you’re in a hotel, coffee shop, hotel, airplane, or some other place with free WiFi, then they are your ISP. (And on mobile devices, your carrier is your ISP.) Wirecutter has a very good write-up on the best VPNs. I would recommend Proton VPN, IVPN or Mullvad. NOTE: Be careful when reading VPN reviews – many are written by the same companies that own the service.
- Cloud storage. DropBox, Google Drive, and Microsoft OneDrive are all very popular. But despite using strong encryption, they’re not truly private – because they hold the encryption keys. To store and share files, you should choose a service that lets you create and control the key. I prefer Sync.com. (If you insist on using something else, then at least consider using Cryptomator to guard the private stuff.) Note that Apple’s iCloud now has an option for you to hold the encryption key called Advanced Data Protection, though it does have some exceptions (email, contacts or calendar).
- Private email. So, speaking of email, contacts and calendar… Gmail, Yahoo Mail, Outlook, and most of the other popular “free” email providers are horrible about privacy. You are their product, not their customer. There are many degrees of privacy when it comes to email providers. For most people, Fastmail is a great option. Not only does it have excellent email features, it also has a calendar, contact manager, notes and file storage. If you want to go for a super-private service, I would highly recommend Proton, but you could also check out Skiff.
- Apple products. Apple is one of the very few big tech companies that don’t need your data. Apple sells hardware and makes a hell of a lot of money doing it. And whether it’s altruism or just capitalism at work here, they’ve made a point of making user privacy a key product differentiator. Apple’s record isn’t perfect. But they have a huge reputation to protect and they’re trying very hard to get privacy right.
And here are some specific products to consider.
- iVerify app. I recently interviewed the founders of iVerify about mobile security, which was quite eye-opening. Their $3 personal app is well worth the money, if only for the detailed security checklists and OS update notifications. But if you are a high-value target for hackers, this app can help protect you against mercenary spyware.
- NextDNS. A nifty solution for blocking tracking and avoiding malicious websites is a privacy-oriented DNS service. The basic plan is free, which will work for most people. But if you have a ton of smart devices like me, you’ll probably need to pay for a plan.
- Apple HomePod mini. This is a nice, private alternative to Amazon Echo or Google Home speakers with a built-in digital assistant (Siri). It’s not portable and the recipient will need an iPhone or iPad to get the most out of it. But it sounds great and will respect your privacy way better than Alexa or Google. It can also be used as an Apple Home automation hub.
- Apple TV. Smart TV’s are watching what you watch – many of them include some flavor of Automatic Content Recognition. I recommend disconnecting your smart TV from the internet and using an external streaming box like Apple TV to watch Netflix, Amazon Prime Video, Disney+ and other streaming services.
- Apple AirTags. If you lose stuff a lot, AirTags can be a life-saver. They’re amazingly good at tracking things – luggage, purses, wallets, key rings, bikes, backpacks and even cars. NYPD recently gave out AirTags to try to thwart auto theft. However, I have to also say that despite Apple’s best efforts AirTags have been used to stalk people. But I believe that Apple has gone to great lengths to mitigate this risk – to the point where creepers who want to stalk people will use other products instead. I use AirTags all the time and have no qualms giving them as gifts.
- USB Condom or portable phone charger. When you charge your smartphone or tablet on a USB port that you don’t own, you run the real risk of your device being hacked. This is called juice jacking and can be a problem with public charging ports. But there are two easy fixes: bring your own portable charger or use a power-only USB cable (aka, a “data blocker” or “USB condom”).
- Webcam cover. Just because the little green light isn’t on doesn’t mean someone isn’t using your webcam. Without a physical off-switch or cover, it could be used to spy on you. Is this likely? Probably not. But the solution is simple and cheap. Note that Apple warns about using these, so there’s one caveat. (You can also just use a little piece of a Post-It Note, too, like Mark Zuckerberg.)
- Privacy screen. If you’re worried about someone shoulder-surfing your PIN or otherwise spying on your screen, you can buy special covers for your laptop or smartphone screen that will make it impossible to read at an angle.
- Faraday pouch. A Faraday Cage is something designed to block radio signals. Your phone, passport, key fob and credit cards all send and receive wireless communications. Okay, so why does that matter? Bad guys can actually do nefarious things if they can get close enough to these devices. For example, someone can steal your car by tricking it into believing your fob is nearby. So, sometimes you want to put these devices in a bag that blocks radio frequencies (RF). Some gift ideas include RF-blocking wallet, passport holder and car key fob pouch/box. If you want to keep your smartphone from giving you away, you can also get a phone pouch.
- Firewalls Don’t Stop Dragons. My book is pretty big (almost 600 pages and over 200 tips), so it’s not really a stocking stuffer – but it’s a great gift for just about anyone who wants to improve their security and privacy. And if you really dig my cool dragon-and-castle logo, you can even buy some merch at the Firewalls Don’t Stop Dragons Swag Shop.
- Other resources. This list is enormous. It contains a lot of the same things I have here, but some more obscure items, as well.
Give the Gift of Your Time
After several years of recommending stuff made by other people, I decided last year that I wanted to create something myself. Helping others to improve their security and privacy is great – I do my best. But what if I could help my tribe to help their tribes? Sorta like that old 80’s shampoo commercial… and they told two friends, and they told two friends.
So I’ve put together some security and privacy coupons that you can give to your loved ones this holiday season (or really, at any time). I’ve chosen some top tips for defending your devices and data, and turned them into printable, giftable coupons. An example is shown below.
Now, maybe you’re thinking: I wish someone would give me one of these coupons. Well, you can put these coupons on your wish list! Look through the list and call out the specific ones you’d like to receive.
You can look for more ideas from my lists from previous years: 2022, 2021, and 2020. (They actually go back to 2017, if you want more.) You should also look at the excellent write-up from Mozilla’s Privacy Not Included 2023 gift guide.
Need practical security tips?
Sign up to receive Carey's favorite security tips + the first chapter of his book, Firewalls Don't Stop Dragons.
Don't get caught with your drawbridge down!