Internet Enabled Consumer Devices

How to Improve Privacy of Internet-Connected Toys

11 May 2017

CogniToys Dino and Hello Barbie record conversations that children have with them and store it in the cloud. Source: University of WashingtonCogniToys Dino and Hello Barbie record conversations that children have with them and store it in the cloud. Source: University of WashingtonPrivacy is a concern for everyone in an age of digital everything. As more devices are connected, more clouds store our data and companies gather information about our habits, it is becoming a complex problem. One that includes how children use internet-connected toys and how their information is stored by these devices.

While internet-connected toys are extremely popular, concern has risen from recent security breaches from toy companies such as VTech, a producer of children’s tablets, which was hacked allowing the personal data of more than 200,000 kids to be accessed. Fears over the hack led Germany to ban the Cayla toy because of privacy issues.

Other toys such as Hello Barbie, CogniToys Dino and more joke and tell stories to children and become “smarter” as the kids interact with them, storing recordings of children in the cloud.

Researchers at the University of Washington have found that both parents and children who play with internet-connected toys become concerned about privacy once learning these devices record their conversations, according to a new study.

The study involved nine parent-child pairs, asking each of them questions about certain toys. Researchers also observed children—aged six to 10 years old—playing with Hello Barbie and CogniToys Dino to see their interactions.

Researchers found that the kids didn’t know their toys were recording their conversations and parents generally are worried about their children’s privacy when they played with the toys. Because the toys lifelike exteriors gave the perception they are trustworthy, kids were more willing to tell the toys secrets or personal information compared to communicating with similar tools not intended as toys, such as Siri or Amazon Alexa.

Some kids were troubled by the idea of their conversations being recorded. After one parent explained to their child that their conversation could be shared widely on the computer, the child responded saying “That’s pretty scary.”

The study offers some insight into how toy designers and policymakers could improve privacy for future toys including a way that notifies children when they are recording. This might include a prompt by the toy saying something such as “I’ll remember everything you say to me” instead of just a red recording light.

Parents universally wanted parental controls such as the ability to disconnect the toys from the internet or control the types of questions to which the toys will respond. Researchers recommend toy designers delete recordings after a week’s time or give parents’ permission to delete conversations.

“It’s inevitable that kids’ toys, as with everything else in society, will have computers in them, so it’s important to design them with security measures in mind,” says Franziska Roesner, a UW assistant professor at the Allen School. “I hope the security research community continues to study these specific user groups, like children, that we don’t necessarily study in-depth.”

The full results from the study can be found at the UW’s Tech Policy Lab.

To contact the author of this article, email

Powered by CR4, the Engineering Community

Discussion – 0 comments

By posting a comment you confirm that you have read and accept our Posting Rules and Terms of Use.
Engineering Newsletter Signup
Get the GlobalSpec
Stay up to date on:
Features the top stories, latest news, charts, insights and more on the end-to-end electronics value chain.
Weekly Newsletter
Get news, research, and analysis
on the Electronics industry in your
inbox every week - for FREE
Sign up for our FREE eNewsletter