
Privacy not included: Holiday gift list for privacy and security - tareqak
https://foundation.mozilla.org/en/privacynotincluded/
======
bhauer
I see this as nothing more than a fun poke by Mozilla at the overwhelming
majority of the technology industry—those who treat privacy as a nuisance at
best and as a non-event at worst. Mozilla are giving people like myself the
fun of clicking on the Amazon Echo or Google Home and voting "Super creepy,"
chuckling to ourselves about our virtuousness before closing the tab in
Firefox.

I doubt they expect this page to be used by many laypeople. Maybe a few
techies will toss a link out to their families as a rough crowdsourced
assessment of the degree to which some popular devices respect user privacy.
The inclusion of several nearly-unknown high-privacy options seems to be a
reminder that there are alternatives; probably more difficult to use or less
capable, but alternatives to the mainstream data-harvesting devices you see
routinely advertised.

I think it's lighthearted fun intended to illustrate Mozilla's mission of
being advocates for privacy, to a degree that we have become unfamiliar as a
society in the age of everything-as-a-service.

Yeah, there are probably some inaccuracies. But frankly, unless you're selling
a device that allows you to run the services on your own host using open
source software (the way Mozilla does [1]), it's fair game to say that it's
_possible_ you are not sufficiently respecting user privacy. How can we as
users be sure if all we can measure is that, indeed, the device sends data
off-network to the "cloud?"

If you genuinely respect user privacy, you should allow a user to wholly own
the data in the most pure form possible: they never send it to you.

[1] [https://github.com/mozilla-services](https://github.com/mozilla-services)

~~~
variable11
I think it's an important list, even if somewhat sloppy. It would be to
everyone's advantage if product reviewers like Consumer Reports, various tech
columnists, blogs and so on, got the message that privacy matters. They need
to start including privacy as a component of their review.

Pressure for companies to go green has worked over time; pressure for
companies to go "quiet" \-- that is pro-privacy -- could have the same effect.

------
NickBusey
I think this page shows some of the disconnect between the people raising the
privacy alarm and your average consumer.

The page looks to be targeted at consumers, with the 'creepy' meter that
changes as you scroll. However the PS4 and Xbox are considered 'A little
creepy' and a sous vide cooker is listed as 'Somewhat creepy'.

Despite the arguments made on the respective pages for why they are creepy
(generally "Shares your information with 3rd parties for unexpected reasons")
I don't think any consumer on the planet is going to consider any of those
gifts even slightly creepy.

In my opinion it weakens the argument for the legitimately creepy products
when such innocuous things are included in the list.

~~~
thisone
take the nest

'has parental controls': can't determine

well, it's a blooming thermostat. You can lock the thing out.

That's more 'parental control' than any standard thermostat.

creepy meter? as a gift for a non-family member? yeah, that's weird.

~~~
Spivak
Standard anecdata disclaimer but Nests are a pretty universally liked gift in
my circle. It passes the bar of being cool, tasteful, useful, and unlikely
that the recipient would purchase one for themselves.

------
closetohome
I don't see the purpose of this page. It's not a guide, it's a poll. Why would
I base my decisions about personal privacy on the uninformed opinions of a
bunch of random people?

~~~
sazfedjhrgnukc
It's a poll because this way Mozilla wont have to, be held responsible for,
not defend any of the opinions presented there.

> We created this guide to help you buy safe, secure products this holiday
> season.

Because "we created this poll so you can see what other people think is safe,
secure products this holiday season" doesn't sound nearly as good.

So they made a guide, that's really a poll. What do you mean you can have your
cake and eat it too?

------
tfmatt
How is the Roku on this list? I have a pihole setup to do network level
adblocking and telemetry disabling and the Roku is the absolute worst device.
Thousands and "phone homes" per day that are not needed for the device to
function properly. I can only assume it is feeding data back to the mothership
at a very high rate.

------
dualboot
The most disturbing thing about the state of privacy is the households that
purchase a multitude of devices that collect, link, and resell data about you.

As an example, Imagine the household that has multiple gmail accounts,
multiple android phones, everyone uses google maps, Chrome on every desktop,
google for search, they add a Nest thermostat, a few Dropcams, and for good
measure they use 8.8.8.8 and 4.4.4.4 for all of their DNS queries.

You can live in nearly the same world with Amazon and others.

Sigh.

------
amelius
By the way I think this Santa guy himself is high on the creepiness scale when
it comes to privacy infringement :)

------
SilasX
Firefox web browser:

[X] Can install extensions without my knowledge or consent that do not explain
their functionality, and were added based on pressure from the marketing team.
[https://news.ycombinator.com/item?id=15956325](https://news.ycombinator.com/item?id=15956325)

Edit: Am I being unfair here?

~~~
brlewis
I think you're being unfair.

"This add-on was installed and set to ‘OFF’ and made no changes in the user
experience unless it was explicitly turned on by a user, but it was added.
Even when turned on no user data was collected or shared."

~~~
SilasX
What part of my description does that contradict?

Edit: Also, the "no data was shared" is a lie or two inches short of one. It
injected http headers on requests to NBC sites once activated. No one was
logging that?

~~~
brlewis
The unfairness is to raise such a minor issue compared to the issues this
holiday gift list is intended to address.

~~~
sazfedjhrgnukc
Mozilla is not allowed to get away with being a little bit shady because they
ultimately have good intention.

There is a price to pay to be the "good guy". If Mozilla doesn't want to be
good they don't have to be. They don't have to make the mistake Google did.

------
RcouF1uZ4gsC
This is kind of like the boy that cried wolf:

Thy are listing the PS4 and XBox as a "a little creepy" They are listing Apple
iPad, Apple Watch, Apple TV, Apple Air Pods, Roku, ChromeCast, and Kindle as
"somewhat creepy".

I am concerned about my privacy and avoid "smart" speakers, appliances, etc,
but do not find the devices I listed above "creepy".

~~~
brlewis
Do you trust the xbox one to keep its microphone always off? I own one but do
find it a little creepy. I keep the kinect turned around away from the room,
and have the setting to make it turn fully off. This means annoying waits
sometimes when it insists on a software update when turned on, but I think the
setting is worth it.

------
krferriter
I don't really get some of these ratings. They give a thumbs-down to fitbit
and other gps watches because they track location and speed, etc. Yes that is
the entire purpose of buying those products, so I don't really get the
presenting of that as a negative feature. It's like rating an email app poorly
because it processes your emails.

~~~
brlewis
Disclaimer: I work for Fitbit but speak only for myself.

The guide says of Fitbit Versa, "Shares your information with 3rd parties for
unexpected reasons: yes". This is false.

The rating may just be by vote, but there's no excuse for getting the facts
wrong.

~~~
craftyguy
> This is false

Since the software is proprietary, and you are not making an official
announcement on behalf of fitbit, why should we believe you? What you say
directly contradicts the privacy policy[0] on your employer's website, which
certainly states that they have the freedom to share your information 'with
others': "You may also authorize us to share your information with others" and
"We transfer information to our corporate affiliates, service providers, and
other partners who process it for us"

0\. [https://www.fitbit.com/legal/privacy-policy#how-info-is-
shar...](https://www.fitbit.com/legal/privacy-policy#how-info-is-shared)

~~~
brlewis
Please stay on topic. The claim I said was false was "shares your information
with 3rd parties _for unexpected reasons_ ".

~~~
craftyguy
Who expects a fitness tracker to share information to 3rd parties at all? I
bet if you asked any of fitbit's customers if they expected fitbit to share
their information with <insert random 'data processing' company here>, they
would not have expected that.

~~~
brlewis
Who? Anyone who knows that companies contract work out. At very few companies
is every single function performed by employees.

~~~
cyphar
I don't see what employing contractors has to do with sharing user data with
third-parties.

~~~
brlewis
A contractor is a third party.

~~~
cyphar
But a contractor working on your codebase (which is what I believe you were
implying) isn't the same as providing user data to a third party (for
processing or for advertising and so on).

Providing data to third parties for processing is clearly different (and as an
ex-user of one of Fitbit's products I definitely wouldn't have expected that
this is the case -- Fitbit's fitness tracking is so core to the company that I
wouldn't expect the processing of said data to be outsourced.) Yeah, it's in
your privacy policy but that's just a cop-out (by that metric, no product can
unexpectedly send data to third-parties).

~~~
brlewis
I think you're making assumptions about the kind of information that's shared.
The kind of example to think of is when you buy from Fitbit and your
information gets sent to a payment processor.

Here's the whole paragraph:

We transfer information to our corporate affiliates, service providers, and
other partners who process it for us, based on our instructions, and in
compliance with this policy and any other appropriate confidentiality and
security measures. These partners provide us with services globally, including
for customer support, information technology, payments, sales, marketing, data
analysis, research, and surveys.

------
scarejunba
My favourite thing about these lists is that they're dominated by the views of
mild paranoiacs. A normal person will open the page, see a frowny face next to
an Xbox One, and decide that the list is bullshit.

Most privacy advocates are the strongest enemies of their own causes. They
only accept purity and it encourages everyone to ignore them.

------
Animats
The first time I saw an Elf on the Shelf in boxed form, and how heavy the box
was, I assumed it had a surveillance camera in it. Apparently it doesn't,
usually.

------
quickthrower2
About the voting system:

1\. Anonymous

2\. Hard to game

3\. User privacy

Pick two!

------
a_imho
Privacy should be a non issue with strictly enforced GDPR, for Europeans at
least.

