Despite high-profile hacks of connected teddy bears and webcams, gadget reviews rarely seem to test for privacy and security. Consumer Reports is hoping to change that by developing review criteria in conjunction with several security and privacy experts. Some examples:
– Do users have to generate a non-default login and password?
– Does the vendor address reported vulnerabilities and offer bug bounties?
– Does the vendor audit its own security and limit employee access to data?
– Can users control the data they're sharing and delete what they've generated?
– Does the vendor disclose data collection and take only what it needs to make the product work?
– Does the vendor notify authorities if a breach occurs?
– Do consumers get notified if a government or other third-party requests their data?
For now, Consumer Reports bills the criteria as a starting point, and hasn't included them in any reviews. But the long-term goal is to devise a standard that any entity can use.