Privacy Not Included

I wanted to give everyone a heads up here, this is genuinely a terrible site. I like the things mozilla does more generally. But this site...

These product listings are USER RATED! And they're sorted based on users ratings.

General users will vote for anything positive to indicate they like it, and anything negative to indicate they hate it. "Is this product good value?" "Yes." "Is this a luxury product?" "Yes." "Is this product affordable?" "Yes." All stand in's for good. So if you ask a general user if something is creepy, the answer you will get back is either "It's good" or "It's bad".

These aren't products that meet rigorous privacy guidelines, or are open source, or products from companies that go out of their way to keep their services zero-knowledge. This is a popularity contest page. This is not the place to get advice on privacy respecting products.

Take note on what guidelines Mozilla here seems to establish, one of them is hilariously: "Privacy Policy. Yes they have one"

This is a good resource, but the presentation needs work. The big emoji smiley face on top implies that all the products listed below are "good," but you have to actually click through on the product to see the actual rating (like Amazon's Ring Doorbell is rated by users as "Super Creepy").

The explanation of their Minimum Security Standards is pretty helpful and reasonable though: https://foundation.mozilla.org/en/privacynotincluded/about/m...

This reminds me of Mozilla's Observatory project (https://observatory.mozilla.org/) in a more consumer-focused package. I just wish they'd make it less confusing.

The UI is quite bizarre. The "not creepy" face changes based on scroll position, not what you point at. It's unclear which products it's even referring to.

I don't understand why they didn't display an ordinary table with checkboxes for each security feature.

Am I the only person who dislikes the word "creepy"? It is of unclear meaning, and is based on emotion (even prejudice) rather than reasoned judgement.

My concerns for my own privacy are not grounded in some emotional dislike of "creepiness", they are grounded in reasonable apprehension of the potential negative real world consequences.

Security ≠ Privacy. Several of their "minimum standards" seem odd to me.

> Does it have a privacy policy?

I don't really care about a product's privacy policy; I care about what's in the policy!

> Do you have to create a strong password?

It makes little sense to avoid a product because they let you set a four character password. Just use a longer password! (If they have a maximum length or some such, that's of course a different story.)

> Does it get regular software/firmware updates?

Updates can be a good sign, I guess, but as with the privacy policy, doesn't it matter more what's in those updates? Zoom gets regular updates, but that doesn't make more confident in the software—at all.

This is great and helpful, thank you Mozilla!

If anyone that worked on this reads this, a suggestion: Please rank products based on Mozilla's rating and not user supplied sentiment.

For example, it's hard to make sense of products that are "very creepy" or "somewhat creepy" yet have 4/5 or 5/5 overall security rating from Mozilla.

It's not clear unless you really look that creepiness rating is not from Mozilla.

This page wasn't immediately clear to me. I have a lot of third party requests blocked when most pages load. Looking at this a first the fact they're organized from less creepy to most creepy was lost. The page just appeared to be seals of mozila approval and a smiling face above products. see https://imgur.com/a/48a8QmX

I had to enable a script hosted on mofoprod.com to get the smiling face to indicate that products were voted as creepy. Also voiting options did show.

Text explaining that users are rating products and they are ordered by creppy rating could be helpful.

I'm feeling this is well-meaning but really misguided, in multiple ways.

Mostly context-free. I'm guessing they're targeting mostly non-technical, retail consumers. Which is fine, but raises a number of other questions. Like, why is Mozilla especially well-positioned to review consumer electronics? And why are random consumers going to trust Mozilla?

Related, but this reinforces several bad messages about security:

- That it is an objective, scalar property of a thing,

- That "one size fits all",

- That infosec is a shopping exercise, not a process the user has to participate in.

Also, just, why? Who really thinks there's a Mozilla-shaped hole in the shopping-guide world?

Facebook Portal meets your "strict" privacy standards? GTFO Mozilla, stick to web browsers

Maybe a good start, but I don't think it's too useful. Creepiness is not just security, it's both: privacy and security.

A while ago I got Tile, though it was a good idea. Returned the same day, because in order to add a device I needed to create an account. The device is in my hand, the phone is in my hand, Bluetooth is the protocol. I don't need a server to arbiter a pretty straight-forward interactions between them. There is absolutely no need to require account creation, until I request cloud dependent features. Should be functional offline without any data sent to server.

Same with GoPro, they app required you to signup before you can use it.

On the other hand, I can pair and update my Bose headphones without having an account. I can do it without an app by plugging in a cable. I don't need to bother about their cloud security or privacy policy, because they simply don't have PI they can loose or misuse. I only need to be concerned about security of Bluetooth and Updates delivery.

Because it is hard not to use various services and you can't possibly asses security and privacy policies easily, the first question is: What information it collects and does it really need it to function or merely for marketing et al? If it does need, then you need to worry about security and privacy.

As a technical user I like the emoji and think it's creative. Just wanted to add some positivity to a sea of negative comments.

I opted out of the Firefox/Android data collection setting. Then I was recently updated to the new Firefox Beta: https://snipboard.io/139WEH.jpg Privacy not included.

Right.

Automatic updates would seem to be a negative for privacy. They imply a backdoor to force changes on a device. Automatic update features have often been used to reduce consumer rights.

It's not even clear they're a win for security. If you shipped some simple device with so much attack surface it needs security fixes, you're doing it wrong.

This page is a real bummer. Of all the products I looked at they all collect your data by default. Thats creepy, and yet merely having a privacy policy, not having a good one, earns the product a little award wreath. This is utter nonsense and has not highlighted privacy-respecting products. It's simply false. So dissapointed that this is mozilla.

A thread from 2018: https://news.ycombinator.com/item?id=18453550

Is this based on votes?

Is Mozilla's new browser on Android not included on that list?

It contains 3 trackers [1]:

Adjust

Google Firebase Analytics

LeanPlum

It also has telemetry selected by default and is NOT opt-in. So yeah, whether it's hardware or software, you're being spied on any time you use an internet connected device.

[1]: https://reports.exodus-privacy.eu.org/en/reports/org.mozilla...

I think I'll go live in a cave if I hear privacy debated once more!

I'm too inundated with this stuff!

An updated list of minimum security iot things is a good start. Those get shady fast.

It would be a much shorter list if they just do "privacy included"

At the very bottom is the Facebook Portal. How did that get on this list?

It's worth noting that Mozilla is not a very good privacy advocate since they are a puppet to Google, a surveillance capitalist.

This fancy looking site is pretty unhelpful, and also has sinister tracking analytics which does not help their 'privacy cause'.

My assessment is that I would highly not recommend this site.

What is Mozilla doing? They are endorsing the 'Google Home'? The 'Ring Doorbell'? Products from Nest? I guess it makes sense, with the amount of money they get from Google- they have to.

While these devices might have encryption, security updates, etc, many of the devices listed ABUSE user privacy. Many of the devices here ARE creepy!

I could provide 10 links as proof, but it's not even worth the time. You can go ahead and 'Google' the proof.

This is horrible.

Edit- want some proof? Listen to these: https://www.wfmu.org/playlists/TD