London - It's the cute toy tipped to be a Christmas hit, but there are fears Dino the dinosaur may be vulnerable to hackers who could steal information about its young owners.
The "smart toy", which is able to "learn", answer questions and read bedtime stories, is among a series of technology gifts that have failed to win approval from the Mozilla Foundation, a not- for-profit organisation that campaigns for better internet accessibility and safety.
The group said it had been unable to determine if Dino – an internet-connected toy made by CogniToys and priced at £89.99 (about R1 600) on Amazon – uses sufficient encryption to guard against hackers.
It was also critical of the complexity of its privacy policy which includes an admission in the small print that, when a child plays with Dino, it automatically collects information about a child’s "likes and dislikes, interests, and other educational metrics".
It can also collect a child’s name, date of birth and gender.
Users of the Mozilla website have labelled the toy "creepy" in an online vote.
Mozilla’s concerns stand in contrast to the advertising spiel for the toy, which is aimed at children as young as five.
On its website, CogniToys says: "Dinos aren’t 'digital assistants' like Siri or Alexa, they are friends who answer questions, tell stories, practice spelling… play games."
Fewer than half of the 70 gadgets rated on the foundation’s website met its minimum security standards test for Christmas 2018.
Those failing the test include the Bebop 2, a drone that follows its owner when a button is pressed. Mozilla claims the toy, manufactured by Parrot, was "easily hackable". Other toys that failed to pass included singing robots, a teddy bear that links to your smartphone and a high-tech musical bracelet.
Elemental Path, the parent company of CogniToys, said Dino "does use full encryption on audio going to and coming from the device".
They said the information held about children was to "personalise the experience" of users and said: "We would never share this information with anyone outside of our company, no marketers, no third parties, just our internal teams."
Parrot did not respond to a request for comment.