Hello Barbie
Hello Barbie is designed to take part in conversations with kids. (Mattel Photo)

The kids who play with internet-connected toys such as Hello Barbie and CogniToys Dino may not fully realize their voices are being recorded – but when they find out, University of Washington researchers say even the little ones understand the privacy concerns.

“That’s pretty scary,” one child was quoted as saying.

The researchers explored the attitudes of kids and parents toward Wi-Fi-enabled toys in a study presented today at the CHI 2017 computer conference in Denver.

The study found strong support for parental controls, leading the researchers to recommend taking such controls to the next level. They suggested that toys should be designed to delete their recordings after a week, or that parents should be given the ability to delete conversations permanently.

“It’s inevitable that kids’ toys, as with everything else in society, will have computers in them, so it’s important to design them with security measures in mind,” Franziska Roesner, an assistant professor at UW’s Allen School of Computer Science & Engineering, said in a news release.

Roesner is one of the co-authors of the study, which was funded by the Consumer Privacy Rights Fund at the Foundation for Communities and the Environment and by UW’s Tech Policy Lab.

The research team observed nine children, ranging in age from 6 to 10, as they played with the talking Hello Barbie and CogniToys Dino figures. Those two toys were chosen because they’re highly regarded within the toy industry for their privacy measures. Other toys in the internet-connected category include TROB, SmartToy Monkey, Jibo and My Friend Cayla.

The idea is that the toys can listen to what a child says and adapt their responses accordingly. CogniToys Dino, for instance, makes use of the IBM Watson artificial intelligence platform to craft answers to out-of-the-blue questions such as “Why is the sky blue?”

But the debate surrounding such toys isn’t mere child’s play.

This year, sales of My Friend Cayla were banned in Germany due to concerns that personal data could be stolen. In the U.S., advocacy groups have filed a complaint with the Federal Trade Commission over Cayla and i-Que Robot. (The FTC is reviewing the complaint.)

Hello Barbie is designed to be activated only after parents go through a process to set up permissions. Parents can also delete the child’s interactions with the toy. But during interviews with the kids and their parents, the UW researchers found that all those measures don’t fully address the privacy issues.

“The toys are a social agent where you might feel compelled to disclose things that you wouldn’t otherwise to a computer or cell phone. A toy has that social exterior which might fool you into being less secure on what you tell it,” said study co-author Maya Cakmak. “We have this concern for adults, and with children, they’re even more vulnerable.”

The researchers say toy designers, parents and policymakers should become more aware of the potential vulnerabilities. and the potential solutions. One of the suggested strategies is to program the toys themselves to tell kids that they’re being recorded – and to alert parents to any concerns that come up.

Who knows? The next generation of connected playthings may turn out to be tattletale toys.

In addition to Cakmak and Roesner, the authors of “Toys That Listen: A Study of Parents, Children and Internet-Connected Toys” include Emily McReynolds, Sarah Hubbard, Timothy Lau and Aditya Saraf.

Like what you're reading? Subscribe to GeekWire's free newsletters to catch every headline

Job Listings on GeekWork

Find more jobs on GeekWork. Employers, post a job here.