This Christmas, you may be considering just how much your family would appreciate a cool new gadget – that latest internet-enabled watch for dad, a smart speaker for your grandmother’s kitchen, or an amazingly interactive talking doll for your niece.

But what if you knew that these handy devices would record your conversations, expose you to malicious hacking or even create risks for your children’s online and physical safety? Might think twice about it then, huh? Good. Because there is a very real and present danger that comes from the rise in surveillance devices that are permeating our homes and invading our personal privacy.

Many of us are unwittingly contributing to the world of surveillance capitalism – making our homes, cars and lives part of a vast machine that sucks our personal privacy up and spits out the promise of ease and access. As we all rush to fill the Christmas stocking, let’s spare a thought to whether the trade-off is worth it.

The term surveillance capitalism was coined by academic Shoshana Zuboff to explain the market-driven process in which the commodity for sale is your personal data. The capture and production of this data relies on mass surveillance of what we do online and in our homes. It is the dominant mechanism behind the success of many Silicon Valley tech companies, and increasingly a daily invasion into our own personal space.

The huge trove of data necessary for this system has to be collected from somewhere – traditionally from our browser histories, shopping habits and interactions on the internet. Increasingly, we’re seeing a rise in the collection of data from internet-connected devices such as smart hubs, fridges, drones, cameras and other items that we place in our homes without full control over the data they produce.

It should be no surprise that the Silicon Valley goliaths of Amazon, Google and Facebook are driving this trend, with an impressive range of privacy-invading tech toys available for purchase around the world. Each has a variation on the smart home device that promises to search for recipes, control music systems or tell you the weather.

It’s not too late to make considered decisions about what ends up under your tree this festive season

These devices utilise internet connections to send your data back to central servers, purportedly to allow them to cross-reference information, receive updates and learn to be more intuitive and reactive to their user’s requests. The amount of data that is recorded and transferred is staggering, with stories of devices sending private information to colleagues, or the always-on recording ability being used to provide recordings to police.

Amazon’s “Ring” doorbell allows owners to link their front door to integrated security systems, recording and viewing video footage from anywhere via a mobile app. In the US, this has led to a rapid take-up of the tiny cameras on front porches and doorsteps. In turn, this has been too tempting an opportunity for US law enforcement, which earlier this year went into partnership with Amazon to gain unprecedented and unfettered access to video footage. There have also been reports of Ring owners being hacked by would-be thieves, using the devices to check if homeowners are present before breaking in. Hacking tools to break into these systems are cheaply available online and are considerably easier to use than a set of lock picks.

The threat from the tech bogeyman also comes in the form of children’s toys, which are often now more connected and technologically advanced than the old-fashioned teddy bear. Toys that contain cameras, microphones and other sensors to note their environment and respond accordingly; remote-controlled robots that can be operated over wireless or Bluetooth control; or anything that connects to the internet – these can be hacked or controlled without the owner’s knowledge.

In 2017, a relatively benign-looking child’s doll named My Friend Cayla was labelled an illegal espionage device by German authorities, who issued warnings asking parents to disable it. The doll recorded conversations with children, uploaded these to internet-connected servers, translated them to text and were shown to be easily hacked via remote access. This becomes especially creepy when you learn that if a child asked the doll “can you keep a secret?” it would reply: “I promise not to tell anyone – it’s just between you and me.”

In January 2018, Hong Kong toy manufacturer VTech paid out US$650,000 in settling a case brought against them by the US Federal Trade Commission that it had failed to adequately protect the privacy of children using its devices. VTech provided its Kid Connect app to operate digital cameras and other devices, which allowed for the transfer of visual and audio files but did so without seeking consent from parents or informing them what data was being collected.

While connected devices are a tempting way to fill Christmas stockings, this track record shows that our privacy is often traded away while we’re swept up in the fun. Fortunately, it’s not too late to make considered decisions about what ends up under your tree this festive season.

The first and arguably the most important step is to be informed and aware of the risks. Any device that can connect to the internet is an immediate risk. If possible, its internet access should be limited or shut-off. Robotic toys, interactive voice-controlled toys, “smart home” devices that require external data connections to the internet or utilise Bluetooth to connect to other devices – all of these run the risk of having data intercepted, recorded or manipulated. These risks should be considered carefully before bringing one into your home.

As with most purchases, it’s important you make an informed decision before grabbing the latest tech toy. What information will you be giving up to access its functionality? What risks exist for a potential violation of your privacy rights? Does the manufacturer treat you as the owner of your data, or merely a source of information for their advertising customers? The Mozilla foundation publishes an annual list of those devices that fail their privacy test. Closer to home, the Australian eSafety Commissioner has an excellent resource for parents to learn more about the potential dangers of ill-informed purchases.

Ultimately, it is the persistence and pervasiveness of surveillance capitalism that is of real concern. Just as the ever-present eye of the Elf on the Shelf reinforces an acceptance of constant surveillance, the introduction of surveillance devices into our personal lives will normalise a world in which our individual privacy is a commodity to be sold. So what do digital rights activists want for Christmas? An end to the insidious data-sharing industry, which exploits our goodwill and profits from opaque privacy policies.

Maybe socks and undies aren’t so bad a present after all – at least until they start coming with GPS trackers built-in.

• Tim Singleton Norton is the chair of Digital Rights Watch