Concerned about robot vacuum privacy? Read this article to find out what you need to know.
Robot vacs are fantastic labor-saving devices, helping to lighten the load of exhausted homeowners and apartment dwellers everywhere. For example, let’s say you’re watching your kid play baseball at your local park.
Suddenly, you get a call from your sister (who you haven’t seen in years) to let you know she’s in town for a few days and wants to drop by. While you wish dear sis had given you more notice, at least you have a robotic vacuum cleaner you can deploy remotely.
That way, you don’t have to rush home to vacuum your floors. Your robotic cleaning assistant will get them sparkling clean for you by the time you return home to spend time with your sibling.
Millions of people worldwide love their internet-connected devices such as Fitbits, phones, and even fridges. However, some fear that hackers can access these gadgets and steal their sensitive information.
Robotic vacuum cleaners are no exception. They’re not only connected to the internet—they also have cameras and wander around your home.
The California Consumer Privacy Act (CCPA)
California has one of the most stringent and all-encompassing data privacy laws in the entire country. It’s called the California Consumer Privacy Act (CCPA). It gives consumers the right to know what personal information a business can collect and how it’s used and shared.
The law also states that consumers have the right to delete personal information, opt-out of selling their sensitive data, and be free from discrimination when exercising their CCPA rights.
However, even if you don’t live in the Golden State, robot vacuums sold nationwide generally comply with this law. That’s how influential it is!
How Robotic Vacuum Cleaner Companies Use Your Data
Most robotic vacuum companies share de-identified or aggregated information with third parties. However, this provision is standard for all kinds of businesses, not just those that manufacture robotic vacuum cleaners.
While most robotic vacuum cleaner companies limit data collection to only what’s required to run their devices, they often use this data for other purposes. For example, while Eufy doesn’t sell your data, it collects personal information it uses to show targeted ads for products they and third parties sell. Again, this is pretty standard in retail—not just for robotic vacuum cleaner companies.
How Robotic Vacuum Cleaner Companies Protect Your Privacy
A robot vac like a Roomba creates detailed maps of your home as it cleans, and this helps it identify obstacles and the most efficient cleaning routes. Because a robotic vacuum cleaner collects this personal data, most companies have robust security protections. That way, hackers won’t get their hands on your private information.
There’s always a risk that a robotic vacuum cleaner could have its data stolen. However, the risk is minimal if the bot has adequate security measures. These safeguards include encryption, two-factor authentication, automatic software updates, and email notifications when a user logs in from a new IP address or device.
Most manufacturers of robotic vacs are pretty good at encrypting users’ sensitive information, including user credentials and usage data. Some robotic vacs that allow a homeowner to use their device for surveillance and security use AES encryption for their video streams.
This is difficult to crack and is even more so if there’s an option to password protect the stream. This means that if someone steals your phone and runs the app, that person won’t be able to watch the video feed without the correct password.
iRobot’s Security Features
According to Consumer Reports, iRobot is among the best companies when it comes to data security. This manufacturer not only uses encryption—it’s also exceptional at issuing regular updates to patch security vulnerabilities. iRobot even invites outside security researchers to monitor its products for security flaws.
iRobot says it’s “committed to the absolute privacy” of its customer-related data. That’s why the company allows customers to opt-out of sending map data to the cloud by using a switch in the mobile app. Additionally, iRobot doesn’t sell data to third parties without customers’ informed consent.
Amazon is planning on buying iRobot—a deal estimated to be worth more than $1.7 billion. This has made some people nervous about how Amazon will use the consumer data it collects. However, the company says that it will continue to adhere to iRobot’s stringent privacy data guidelines.
Roborock’s Security Precautions
When it comes to data security, one of the best companies is Roborock. According to Richard Chang, CEO and founder of the company, “All images that are captured for object recognition are processed on board the robot vacuum immediately, and are not sent out through the cloud to any servers.” By processing data locally, Roborock is helping to ensure user data stays private.
Roborock apps and devices only use Transport Layer Security (TLS), an industry standard for network communication security. Some of Roborock’s vacuums are powered by a Qualcomm APQ8053 processor chip, which provides additional security precautions.
Also, all firmware installation in Roborock’s vacs is protected by Qualcomm’s Silicon Secure feature. This means that unauthorized firmware can’t be installed. For example, the S6 MaxV from Roborock will only run a restricted program with a pre-digital signature.
Where Robotic Vacuum Companies Fall Short
While most robotic vacuum companies have good data privacy policies, they could be better. One area where many companies fall short is their explanations of what data is collected and how it’s managed aren’t as straightforward as they could be.
For example, while Ecovacs and Samsung earn a “Very Good” rating from Consumer Reports for data security in their robotic vacs, these companies could do a better job of disclosing how they limit employee access to user information.
One exception is iRobot’s documentation on how user data is stored, which is impressively comprehensive. This documentation explicitly details the company’s public bug bounty program and how it submits products for external penetration testing. It also describes how iRobot conducts routine automated scans on iRobot’s operating environment.
One area where Roborock falls short is that it doesn’t offer two-factor authentication. However, they’re considering adding it soon.
How to Delete Your Data On an iRobot Device
If you want your data deleted on an iRobot device, the best way is through the app. However, the company reserves the right to anonymize your personal data, which they use for product and feature development purposes.
If you request data deletion, your personal information will be purged from iRobot’s servers within 30 days. If you want access to your information, the company says it will comply with all applicable laws. If there isn’t a law like this where you live, iRobot will hand over the information within 45 days.
These days, robotic vacuum cleaner manufacturers go to great lengths to ensure that their devices are protected from unscrupulous hackers.
However, if these security precautions don’t seem sufficient, you can always purchase a robotic vac without Wi-Fi connectivity. Also, you can use a Roomba without Wi-Fi, although some of the functionalities (such as cleaning maps and push notifications) won’t be available.