Just in time for the holiday shopping season, Mozilla has released a privacy report on some popular gift options, which tells you if a gadget meets basic security standards like encrypting data and offering a clear privacy policy.

While the list isn’t comprehensive, it looked at 70 popular items and found that a little over 25 of them meet Mozilla’s minimum security standards. The most secure gadgets: the Nintendo Switch, a Harry Potter Kano Coding Kit that mixes wand magic and teaching kids how to code, and an open-source smart speaker called Mycroft Mark 1.

The PlayStation 4 and AirPods do fairly well but lose out on data-sharing

The PlayStation 4 and Apple’s AirPods do well on the test, too, but they get dinged for having privacy policies that are difficult to decipher as well as unexpected data sharing with third parties. The Xbox One also loses points for the same unexpected data sharing.

“Sometimes consumers don’t recognize that their gifts are connected to the internet. Now they can make purchasing decisions based on privacy. It’s part of our work to start conversations about online privacy,” Ashley Boyd, Mozilla’s VP of advocacy, explains to The Verge. “One thing we’ve noticed is that for a lot of the products in the current guide, we couldn’t figure out whether they met the minimum security guidelines because the information wasn’t available on companies’ websites.”

On the other side of the privacy spectrum, you have companies like Amazon and Google. The Google Home can track you through its connected app and share data with third parties for unexpected reasons, the report says. Mozilla also notes that the Google Home listens in on your conversations, although, as a smart speaker, it’s hard to see what else it’s supposed to do.

People think the Google Home and Amazon Echo are a bit creepy

The Amazon Echo is in a similar position. Mozilla reports that it doesn’t delete stored data on you, has a complex privacy policy, and shares data with third parties. The app is capable of accessing your camera, microphone, and tracking your location.

The report also includes users’ feedback on whether they find a device “super creepy” or “not creepy.” Mozilla told The Verge that it doesn’t verify whether people have used the products before they vote, so the votes are mainly based on people’s existing impressions and Mozilla’s privacy report.

According to Mozilla, the creepiest gadget out there is the FREDI Baby Monitor, which has a history of easily being hacked and a default password of “123” that you’re not prompted to change. The FREDI Baby Monitor also lacks a privacy policy, and its company doesn’t push out security updates to its devices.

From last year’s results, Mozilla says it’s been in discussions with manufacturers who have reached out, and in some cases, adjusted, their privacy policies and upgraded security. In a separate campaign, Mozilla asked Amazon to provide more information on how data was being collected through the Echo Dot for Kids. While Amazon did provide more information after the inquiry, Mozilla says it’s still in talks to get more clarity on how the data is stored.