These sex toys and dating apps may jeopardize your privacy, Mozilla warns

Before you pick up that new vibrator for Valentine’s Day, you may want to make sure it won’t collect your data. Mozilla’s new “Privacy Not Included” report looks at 50 sex toys and dating apps and ranks them based on how they respect users’ privacy. And the answers aren’t sexy.

Mozilla’s new Valentine’s Day-themed guide looks at various sex tech companies’ product features, privacy policies, security components, and relationships with artificial intelligence, according to a press release obtained by the Daily Dot. The report, which was released on Tuesday, also includes a Creep-O-Meter emoji guide that ranks toys based on how they interact with users’ data.

The guide comes with Mozilla’s recommended products that “get privacy, security, and AI right,” and includes a “minimum security standards” guide informing shoppers on products’ encryption capabilities and security vulnerabilities.

Generally speaking, smart sex toys are “still a gamble,” Mozilla’s press release warns. Approximately half the toys reviewed by the Firefox developer received the Privacy Not Included label. This means Mozilla recommends users think twice before purchasing these toys, as they failed to adequately protect users’ security or private data. Problems ranged from “a vibrator that doesn’t provide automatic security updates” to “a sex doll with a confusing privacy policy.”

A screengrab of Mozilla's Privacy Not Included guide.

However, Mozilla praised larger sex toy companies including Lovense and Vibease. We-Vibe, in particular, was recognized for improving user safety and security since the mid-2010s, when We-Vibe’s parent company paid $4 million to customers in a class-action lawsuit regarding its data collection practices.

Meanwhile, the infamous Qiui Cellmate was chastised for its “history of being hacked” and “forcing users to pay a ransom to regain access to their privates.”

Dating apps generally fared poorly in Mozilla’s guide. Out of all 24 dating apps, 21 were given the Privacy Not Included label, according to Mozilla’s press release.

“Despite the intimate nature of dating apps and the potential for abuse, publicity and not privacy is the status quo,” Mozilla writes. “Many dating apps push users to sign in with social media like Facebook, granting them access to more personal data than users might think. Further, data breaches and flaws seem to be almost routine—Tinder, Bumble, OKCupid, Facebook Dating, and others have all had recent incidents.”

The guide also explores privacy and security risks for queer users. Mozilla said Grindr, for example, “is a privacy and security nightmare.” Grindr collects and shares data on its users with third-parties, including previously sharing users’ HIV status with third-party vendors (which the Daily Dot reported in 2018). On the other hand, queer lo-fi dating app Lex was praised by Mozilla for its “crystal clear” privacy policy and “minimal” data collection, according to the press release.

“Dating apps know a whole lot about us, and so do the companies that collect and share that data,” report lead Jen Caltrider said in the press release. “Connected sex toys are fun with consent, just like sex IRL. Connected sex toys aren’t fun if someone hijacks your device and takes control of your sex toy without your consent though—and that happens.”

Caltrider also addressed what some users may wonder: How do you talk about sex toy and dating app privacy with your partner(s)? “As with everything in relationships, when it comes to how to handle privacy, communication is key,” Caltrider told the Daily Dot. “What would you as a couple be comfortable with the world knowing about you? Your drug use, your HIV status, your favorite type of sex toy?”

Read Mozilla’s full Privacy Not Included Valentine’s Day guide here.