The Internet of Dongs remains a security dumpster-fire -- UPDATED

The Internet of Dongs is Brad Haines's term for the world of internet-connected, "teledildonic" sex toys, and Haines, along with Sarah Jamie Lewis, have exhaustively documented all the ways in which internet-connected sex toys can screw you, from leaking private data to physically attacking your junk.

But Lewis and Haines's work remains an obscure curiosity that is mostly followed by information security geeks; and now the do-not-buy advice for these gadgets is going mainstream. Just in time for Valentine's Day, Mozilla updated its Privacy Not Included guide (previously) (a review of tech gadgets' security and privacy practices),to include a suite of "romantic" gifts, from fitness trackers to "smart beds" to sleep trackers to sex toys, that track you, transmit your personal details to distant corporations, and sell, leak, or endanger your private information.

I was pleased to see Lovesense blacklisted by name, given the company's incredible, appalling history of security blunders, including making secret audio recordings of your sex sessions (the company called this a "minor bug").

Not all the products are do-not-buys: there's a kegel exerciser that looks pretty good, but others, like the Lovense Lush 2 get failing grades for "shar[ing] your information with 3rd parties for unexpected reasons"; while the charmingly named Vibratissimo Panty Buster flunks for not using encryption (!).

Update: Internet of Dongs has produced its own supplementary assessments that delve into more nuance on these devices, they make a good case that Mozilla's criteria are too coarse to assess smart sex toys.

So what makes for a cyber-safe sex toy? According to Mozilla, you'll want to look out for things like whether the product uses encryption, automatic security updates, strong password requirements (where applicable), an accessible privacy policy, and a way for the company to manage security vulnerabilities in its products. Mozilla considers these five things minimum security standards for connected devices. And like its other gift guides, Mozilla highlights products that appear to meet that baseline with a badge.

Of the 18 items that Mozilla assessed—a small fraction of what’s actually out there—half didn’t pass muster. Of those that did, only six could really be called teledildonic: the Lioness Vibrator, the We-Vibe Sync, and four pleasure devices from Lovense. (Mozilla counts the Lovense Nora and Max, which work together, as two products.)

Valentine's Day [Privacy Not Included/Mozilla Foundation]

Don’t Get Your Valentine an Internet-Connected Sex Toy [Emily Dreyfuss/Wired]