T’was the night after Christmas, when all through the house

Every stripe of device with no need of a mouse

Sent oodles of data to that Cloud in the Air

While their owners slept soundly, with nary a care…

When it comes to gifts from the Internet of Things department, there’s no jolly guy in a white-trimmed red suit with a bag full of presents, no magic reindeer clip-clopping on the roof. In fact, it’s far more likely that you’ll never discern the pitter-pat of digital feet when you connect that IoT gift to your WiFi — whether it belongs to members of a marketing team, cyber thieves or your garden-variety voyeur.

You know what I mean here. I’m talking about the new smart everything: televisions, various household help such as thermostats and water heaters, garage door openers, alarms, lights, medical devices, fitness wearables and baby monitors with many more connected devices coming early and often to a store near you.

You’ve hopefully heard this before with regard to your Facebook account and other social media sites, but it bears repeating: Whenever you are offered something free of charge or for a negligible fee, assume that you are the product. Often you are unwittingly pitching the product to acquaintances who are likely to buy the same thing — this goes for all those products that ask to share information about your new acquisition on social media upon registration — or you are helping the service that you just subscribed to (by purchasing their device) to perfect itself.

In a perfect world, this would be…well, perfect. In the real world, IoT is still in the Wild West stage of its evolution. Indeed, smaller companies are rushing IoT products to market in a mad dash to beat bigger brands that have more at stake when it comes to security and therefore roll out new products and services with more deliberation and caution. As a result, you can’t always be so sure that your data is going to be safe. Over the past few years, we’ve learned the hard way that there is no such thing as too safe or secure when it comes to cybercrime, and there are a whole host of organizations out there — both big and small — that are doing a miserable job of protecting you.

Just this year, a fitness wearable sold by Jawbone collected data about users’ sleeping patterns after an earthquake in California and published it. The data was anonymized but still many users protested because they didn’t realize that the product’s privacy policy allowed Jawbone to do that. A similar device called FitBit transmitted information about users’ sex lives. FitBit stopped tracking sex activity, Forbes reported, and Jawbone said its privacy policy is really clear and the company doesn’t share individual data without consent, Re/Code reported.Both information gushers were enabled by untoward privacy policies unread by early adopters and users’ false assumption that these products came with privacy controls set tightly as a default. The rule here should be as follows: Assume you need to set your own long and strong password, and that every shred of your personal information is being passed along to third (and fourth and fifth) parties, and to set your permissions accordingly.

The fact is that few of us know much about the Internet of Things, but that doesn’t stop us from wanting it in our homes and on our bodies. But as we snatch up connectable products with reckless abandon this Christmas season, the number one issue we face is the protection of our privacy and the security of our data.

The market for IoT products is snowballing. There are as many connected devices out there as there are human beings on the planet, and while estimates vary wildly, the lowball projection for 2020 is 25 billion IoT devices (the upper range is double that number). That’s three to six IoT devices per person on the planet.

This year, on Christmas day, a record number of products that connect to the Internet will be turned on and start conversing with the companies that manufactured them. If the lucky owners of this holiday season’s latest crop of IoT products only knew the downside of the seamless convenience promised (but not always delivered) by web-enabled products, they might be as sleepless as every child was on the night before Christmas.