Happy Valentine’s Day! Since it's the age of technology, you and a partner could celebrate by installing an app on your phone that lets you control a vibrator your partner discreetly wears in their underwear all day. I mean, if you wanted to! Thanks to the burgeoning industry of teledildonics, as internet-connected sexual pleasure products are known, there’s a wealth of innovative options: vibrating Wi-Fi-enabled butt plugs, webcam-connected dildos. Even the CES-banned Ose vibrator uses AI to provide biofeedback. That’s all good---pleasure is great!---but like all internet-of-things devices, smart sex toys are also incredibly vulnerable. From over-exuberant manufacturers who slurp up data to security flaws that hackers could exploit, teledildonics can be a privacy nightmare.

“Privacy counts across everything, and when it comes to connected sex toys it seems like it should count even more,” says Jen Caltrider, content strategy lead at the Mozilla Foundation.

That’s why this month Mozilla released a special Valentine’s Day section of its “Privacy Not Included” guide, featuring romantic gadgets like smart beds, fitness trackers, and yes, teledildonics. Carltrider explains that they picked products based on what seemed popular online, while also trying to be inclusive of all sexual orientations, genders, and physical abilities.

So what makes for a cyber-safe sex toy? According to Mozilla, you'll want to look out for things like whether the product uses encryption, automatic security updates, strong password requirements (where applicable), an accessible privacy policy, and a way for the company to manage security vulnerabilities in its products. Mozilla considers these five things minimum security standards for connected devices. And like its other gift guides, Mozilla highlights products that appear to meet that baseline with a badge.

Of the 18 items that Mozilla assessed—a small fraction of what’s actually out there—half didn’t pass muster. Of those that did, only six could really be called teledildonic: the Lioness Vibrator, the We-Vibe Sync, and four pleasure devices from Lovense. (Mozilla counts the Lovense Nora and Max, which work together, as two products.)

“At the end of the day, this can be serious,” Caltrider says. “These [devices] exist in the world, they're likely to be gifts, and so we wanted to get people to sit back and think, What are the privacy implications?”

The Risks

Experts have been raising the alarm about teledildonic security risks for years. Poor teledildonic security could enable not just an invasion of your most intimate information but even, hypothetically, remote-controlled assault, wherein an attacker takes over the remote app of a sex toy without its user’s consent. Right now the only confirmed hacks have been done by security researchers studying these devices, but experts WIRED spoke to believe that the possibility of such attacks is real---and caution that it could be hard to even know if one had occurred.

“In the IoT space, [teledildonics] is one of the biggest threats that exists,” says Amie Stepanovich, US policy manager at the nonprofit advocacy group Access Now. Researchers have demonstrated how easy it is to hack into popular products time and again. “These devices, like other IoT devices, are being produced by companies that have never connected products to the internet before,” Stepanovich says. Most have never had to worry about the pitfalls of big data collection or internet security.

In Mozilla’s review, the products that failed, failed hard. Take the Vibratissimo Panty Buster. Mozilla writes that “this product seems to be made only for those who enjoy the thrill of potentially having their smart sex toy hacked.” Caltrider was baffled by how bad it was at protecting users. “The Vibratissmoo doesn’t even have a privacy policy!” she said in an interview with WIRED. An independent report commissioned by Mozilla last year concluded that “the Vibratissimo Panty Buster vendor seems to have no regards for security.” Its problems are numerous: the device allows for remote access without consent, there’s no encryption, and it connects via insecure Bluetooth. Amor Gummiwaren GmbH, the vendor, did not respond to requests for comment.