I really don't like this website. The criteria appears to be "things Mozilla thinks technology companies should be doing", and not necessarily related to privacy.
For example—sites get downgraded if they don't require strong passwords. Now, maybe websites should require strong passwords, that's a completely reasonable position to take. But if you, the user, are using a strong password, whether or not others are required to use strong passwords has no impact on your privacy. Especially because privacy ≠ security.
I agree. This site seems unnecessarily inflammatory and confrontational. Purely elitist PR publicity nonsense instead of educational. It's a bad look on Mozilla and it turns me off.
Talk up your own features instead of smearing other people's products. Products that aren't even your competition, I might add!
It's flame bait for its own sake, trying to take advantage of outrage culture in an attention economy.
> if you, the user, are using a strong password, whether or not others are required to use strong passwords has no impact on your privacy
That only applies if the site only gives you access to your own data. If your friends grant you access to some of their data, your poor security compromises their privacy.
> whether or not others are required to use strong passwords has no impact on your privacy.
It's worth considering, though, that attackers may target sites that don't mandate strong passwords, because the password hashes in the site's database are likely to be easier to crack (and users with simple passwords are likely to reuse those passwords).
Once an attacker has chosen to target that site, that increases the chances that they find themselves able to read your data regardless of the password you used, because they'll have access to the whole database.
In fact, a site which hasn't put the engineering effort into enforcing strong passwords (not even a simple regex, let alone more complex approaches like checking for compromised passwords against the haveibeenpwned database) is also likely to have undervalued security in other areas, again making them a target.
It also works the other way though. If attackers target the site, they'll know some users have weak passwords, so if you have a strong password, they'll move on quickly to easier targets.
I don’t see this as even remotely “evening out” the parent comment.
If a site mandates strong passwords, it is more likely to follow other best practices like throttling login attempts and locking accounts after too many failed attempts (either per account or per IP).
If attackers target the site, they should only have a limited number of attempts before they start getting thwarted.
It would take a lot of attempts (exact numbers will vary) just to determine if a given user’s credentials are strong or not, so the adversary has already wasted significant effort on the accounts they will eventually “move on” from. If the site has throttling and/ or account lockout, the adversary should not be able to determine who has weak versus strong passwords.
> sites get downgraded if they don't require strong passwords
Assuming "strong", as usual, means uses upper+lower letters, numbers, symbols, etc., this directly contradicts NIST's current password recommendations. They recommend enforcing a minimum length instead, and recommend a "minimum minimum" of 8. They also recommend checking passwords against a set of the most common ones from leaks. The NCSC's top 100k list is good (pre-filtering those under your minimum helps too--only 47k remain after removing pws under 8 chars): https://github.com/danielmiessler/SecLists/blob/master/Passw...
From my understanding, the only real way to create a password is to make it really, really long. Like, "Sometimes 10 people will get together on Friday night. Wow!" Or whatever you want. Makes it easy to remember. Personally I just usually string a bunch of random numbers and upper/lower/special characters - 40 of them. Just like this: https://www.youtube.com/watch?v=rERApU26PcA
I tried long memorable passphrases for a time, but a few of my passphrases were not as memorable as I expected and I ended up having to reset several of them. Eventually I got fed up with it and switched to an offline FOSS password manager and use generated passwords from that. To unlock the password manager, I use a single long passphrase that I am confident I can remember. Now I worry that I'm putting all my eggs in one basket, but at least my passwords won't be guessed or forgotten.
Right. I always make sure to write them all down, as I won't remember either.
But they are to make sure that random hackers don't gain access. Nobody is really going to break into my office and steal my passwords, as I am not an international spy.
The site has a section that explains the criteria including that Mozilla didn't decide on them alone but with other non-profits.
Regarding passwords: "If the product uses passwords for remote authentication, it must require that strong passwords are used, including having password strength requirements. Any non-unique default passwords must also be reset as part of the device’s initial setup. This helps protect the device from vulnerability to guessable password attacks, which could result in a compromised device."
The most absurd claims are for the Nintendo Switch. They blame it for having a third-party software which collect real vehicle driving data and send its data to the third-party's server.
They conclude it's safe because they can use it offline... after they download and install the special smartphone apps to their smartphone. Seriously I see no smartphone that honor my privacy. By using the smartphone, it's already fail. Also, It seems they don't say that based on reverse engineering effort to make sure the app do nothing wrong. If I was a malicious app developer, I just store the data to the local storage and upload it the next convenient time the network access is available.
One was on there because last year they didn't meet their "security standards" whatever those are but this year they do. So they improve in your eyes but you're still going to bash on them. Another one was that in the past there was a security hole. Those were the first two items I clicked.
Honestly, I think this is the worst Mozilla thing I've seen. It's all preachy on things from the past.
The Nest device doesn't use GPS, but it does use a variety of sensors (sound, IR, etc) to try to determine if you're home or not, thus technically establishing your location.
Technically, you don't need GPS for location tracking. All you need is to scan for BSSIDs around you and then check in a database, where in the world they are. Conveniently, Google has one such database ;).
(That's also the reason why Android gates wifi network scanning behind location permission).
Snark aside, were I in the market for such a device, I would absolutely want to know how privacy focused it was. I appreciate that Mozilla includes the category in the list. They exist, people will buy them. There's no sense in acting like CES and plugging their ears whenever they're brought up.
The corporation is a wholly owned subsidiary of the foundation. It's effectively one organization structured to minimize taxes. What exactly is your point anyways?
My point is that I find it difficult to understand your comment because the Foundation does 2 things - advocacy, and holds the trademarks. The Corp is the one who built out Servo, and due to a lack of foresight on management's part, amongst other things, had to cut costs due to a dwindling browser share.
You sound like the non-profit should start funneling its money into the corporation to secure its finances. Why?
The corporation subsidizes the foundation, not the other way around. It's just a question of how much. Here's a toy example that illustrates Mozilla's situation. Let's say you have XYZ Corp and XYZ Foundation (501c3).
XYZ Corp revenue (search engine deal): $90
XYZ Foundation revenue (donations): $10
Total revenue: $100
XYZ Corp costs (browser dev): $50
XYZ Foundation costs (advocacy, etc): $50
Total costs: $100
You have to spend the 501c3 income on appropriate costs first, so the $10 from the foundation revenue gets put towards the foundation's advocacy costs. The remainder ($40) gets covered by revenue from the corporation.
Now let's say you cut $10 in advocacy costs from the foundation, realizing that it's more important to have a viable browser competitor to Chrome than sex doll privacy evaluations. Now the corporation reduces its transfer to $30, and has $10 left over to, say, avoid laying off devs when the search engine deal revenue drops. Fundamentally most of the money is fungible, and wasting money on unproductive initiatives takes money away from making Firefox a viable Chrome competitor.
A non profit organization can't just use a for profit subsidiary like a bank account. Mozilla Corporation licenses trademarks from Mozilla Foundation for 2% of net revenue.
Not even a real or useful measure of privacy implications. Just the completely subjective feeling of being "creepy" expressed as a percentage as if it were a precise and objective measurement.
They say sonos does a good job on privacy. Did I miss something? Did they finally drop their approach of GPS-locating each speaker, phoning home what you listen to every couple of minutes and bricking the speakers to avoid re-sales?
An Aliexpress like shop that tries to capitalize on whatever brand value they think they have left? Does the internet really need another janky affiliate page full of IoT crap?
I've said it before and I'll say it again: guys, focus on making a good browser.
I really don't like the comments here. Why do people assume that the Mozilla foundation is a clueless scammer? Before questioning their methods and motives, how about reading what the site says:
"Welcome to Mozilla’s Privacy Not Included buyer’s guide. Our goal is to help you shop smart—and safe—for products that connect to the internet.
In 2017, when we first started Privacy Not Included, we didn’t know if people would be interested in a guide about the privacy and security of connected toys, gadgets, and smart home products. Turns out, they were. [--]"https://foundation.mozilla.org/en/privacynotincluded/about/w...
Can you point to something concrete that makes Privacy Not Included clueless or scammy? EDIT: Or if it's that the foundation did some clueless and scammy things earlier that cost them all their reputation, what were they?
Scammy: years of soliciting donations from the public without making it explicitly clear that none of those donations will ever fund firefox development, and instead go to BS projects like this and bloated salaries for under-performing busybodies in management.
The votes seem... pretty useless for most products? :-D
For example, by the votes the Sony WF-1000XM3s[1] are 31% "half-creepy", 12% find them even "super creepy".
Why? Hot take, but IMO these headphones are as "not creepy" as it gets. You don't have to use the app, they work fine as is. The app doesn't need any permissions. Still, the majority find them at least "half-creepy".
Or this Canon Printer [2] here. It's... a printer? Which allows to print stuff from the cloud via your own device. (Discontinued) Google Cloud Print could be creepy for some, but the printer works fine without it, locally. The majority thinks "Yep, that's pretty creepy"? Or are they just voting with the default setting "half-creepy", without moving the slider? :-P
10%~30% "not creepy", 30% "half-creepy", 10% "very creepy" seems to be the default distribution of votes for all more or less harmless products. Maybe the default value of a vote should be "not creepy", not "half-creepy" :-D
Just my two cents, a product having an optional app at all makes me disinclined to buy it. It's not a strict disqualification, but it's definitely a negative to me. I really dislike when companies even suggest I install their apps, and prefer to do business with companies that don't do that. The best sort of company is one that doesn't even know what an app is.
If you allow it to so that it can do location based profiles. You can not allow that feature and during the onboarding screens it asks if you want that feature.
Right, that explains why some users would vote for "creepy".
But the information in this section is not really true. The user is not forced (or nudged / dark-patterned / etc) in any way to give those permissions.
Location: Yes, it can ask for the Location permission, but it does that only if the user explicitly wants it to do so, doesn't it? You have to activate "Adaptive Sound Control", and also explicitly activate location based ANC control. And then you still have to give it the permission in the operating system dialog.
Camera: You can make pictures of your ears to use some kind of strange "sound optimization", which only works with a few apps. Only then does it ask for the Camera permission, and it never uses / asks for it again afterwards.
So the information Mozilla provides is not really accurate, and that could skew the votes. I don't know if that's any better. :-D
Most modern printers are creepy AF. They constantly phone home their ink status etc. A lot of them apart set up helpful WiFi access points where anyone can connect and see what you've left on the scanner plate. HP I'm looking at you.
A ton of the products have a plurality of "Half Creepy" votes. I suspect it's because people wanted to see the results and you have to vote to see them. Half-creepy is populated by default.
Fun idea, but I don't think there is much valuable information to glean from the ratings.
This is utterly phony, coming from the company that updated their browser some time back to send its users' DNS data to fucking Cloudflare unless they opted out.
A bit off-topic: is there a law requiring that sex toys must be blurred out? Even the ones that just look like a bent piece of silicon (not dildo-like)…
How about extending that list to software and add something like "Firefox mobile" to that list, that comes advertised as privacy focused, fighting all those evil ad tracking technologies - but comes bundled with their own ad-tracking enabled by default!? And telemetry. And "participating in studies".
So yes, if you are a little bit tech-savy, it is easy and the first thing to disable. But it is still a very "creepy" to me, that those things are enabled by default, which means it stays enabled for the majority of users.
I use a VPN and Firefox with NoScript installed. You might think I would be on board with Mozilla's privacy zealotry, but this page rubs me the wrong way. Dunking on IoT and wearables as "Super Creepy!" just seems out of touch with consumer preferences. My Amazon Halo is the first piece of technology I've been excited to use in a long time. I guess Mozilla thinks I'm creepy by association.
71 comments
[ 1.8 ms ] story [ 145 ms ] threadFor example—sites get downgraded if they don't require strong passwords. Now, maybe websites should require strong passwords, that's a completely reasonable position to take. But if you, the user, are using a strong password, whether or not others are required to use strong passwords has no impact on your privacy. Especially because privacy ≠ security.
I know this is a typo, but it's also an excellent pun.
Blue Oyster Cult - Godzilla.
Talk up your own features instead of smearing other people's products. Products that aren't even your competition, I might add!
It's flame bait for its own sake, trying to take advantage of outrage culture in an attention economy.
Be better, Mozilla.
That only applies if the site only gives you access to your own data. If your friends grant you access to some of their data, your poor security compromises their privacy.
It's worth considering, though, that attackers may target sites that don't mandate strong passwords, because the password hashes in the site's database are likely to be easier to crack (and users with simple passwords are likely to reuse those passwords).
Once an attacker has chosen to target that site, that increases the chances that they find themselves able to read your data regardless of the password you used, because they'll have access to the whole database.
In fact, a site which hasn't put the engineering effort into enforcing strong passwords (not even a simple regex, let alone more complex approaches like checking for compromised passwords against the haveibeenpwned database) is also likely to have undervalued security in other areas, again making them a target.
I'd say on the whole it evens out.
If a site mandates strong passwords, it is more likely to follow other best practices like throttling login attempts and locking accounts after too many failed attempts (either per account or per IP).
If attackers target the site, they should only have a limited number of attempts before they start getting thwarted.
It would take a lot of attempts (exact numbers will vary) just to determine if a given user’s credentials are strong or not, so the adversary has already wasted significant effort on the accounts they will eventually “move on” from. If the site has throttling and/ or account lockout, the adversary should not be able to determine who has weak versus strong passwords.
This is not a best practice, this is a DoS.
Assuming "strong", as usual, means uses upper+lower letters, numbers, symbols, etc., this directly contradicts NIST's current password recommendations. They recommend enforcing a minimum length instead, and recommend a "minimum minimum" of 8. They also recommend checking passwords against a set of the most common ones from leaks. The NCSC's top 100k list is good (pre-filtering those under your minimum helps too--only 47k remain after removing pws under 8 chars): https://github.com/danielmiessler/SecLists/blob/master/Passw...
But they are to make sure that random hackers don't gain access. Nobody is really going to break into my office and steal my passwords, as I am not an international spy.
Regarding passwords: "If the product uses passwords for remote authentication, it must require that strong passwords are used, including having password strength requirements. Any non-unique default passwords must also be reset as part of the device’s initial setup. This helps protect the device from vulnerability to guessable password attacks, which could result in a compromised device."
https://foundation.mozilla.org/en/privacynotincluded/about/m...
https://foundation.mozilla.org/en/privacynotincluded/nintend...
By the same logic, Firefox has a third-party software(Hacker News) which collect and send data to the third-party's server. Gosh I shall be scared.
Or they are so lacking the technical analysis. Lego apps for example:
https://foundation.mozilla.org/en/privacynotincluded/lego-hi...
They conclude it's safe because they can use it offline... after they download and install the special smartphone apps to their smartphone. Seriously I see no smartphone that honor my privacy. By using the smartphone, it's already fail. Also, It seems they don't say that based on reverse engineering effort to make sure the app do nothing wrong. If I was a malicious app developer, I just store the data to the local storage and upload it the next convenient time the network access is available.
Honestly, I think this is the worst Mozilla thing I've seen. It's all preachy on things from the past.
There might be reasons to not want one, for sure, but inventing reasons isn't a good sign.
Edit: I was wrong, ignore me.
https://support.google.com/googlenest/answer/9250972?hl=en
Now I need to revisit the teardowns I've seen to see how they missed this.
(That's also the reason why Android gates wifi network scanning behind location permission).
You sound like the non-profit should start funneling its money into the corporation to secure its finances. Why?
XYZ Corp revenue (search engine deal): $90
XYZ Foundation revenue (donations): $10
Total revenue: $100
XYZ Corp costs (browser dev): $50
XYZ Foundation costs (advocacy, etc): $50
Total costs: $100
You have to spend the 501c3 income on appropriate costs first, so the $10 from the foundation revenue gets put towards the foundation's advocacy costs. The remainder ($40) gets covered by revenue from the corporation.
Now let's say you cut $10 in advocacy costs from the foundation, realizing that it's more important to have a viable browser competitor to Chrome than sex doll privacy evaluations. Now the corporation reduces its transfer to $30, and has $10 left over to, say, avoid laying off devs when the search engine deal revenue drops. Fundamentally most of the money is fungible, and wasting money on unproductive initiatives takes money away from making Firefox a viable Chrome competitor.
Huh??!
An Aliexpress like shop that tries to capitalize on whatever brand value they think they have left? Does the internet really need another janky affiliate page full of IoT crap?
I've said it before and I'll say it again: guys, focus on making a good browser.
"Welcome to Mozilla’s Privacy Not Included buyer’s guide. Our goal is to help you shop smart—and safe—for products that connect to the internet.
In 2017, when we first started Privacy Not Included, we didn’t know if people would be interested in a guide about the privacy and security of connected toys, gadgets, and smart home products. Turns out, they were. [--]" https://foundation.mozilla.org/en/privacynotincluded/about/w...
It's not an assumption, it's an evaluation they are continuing to earn by quacking like a duck.
https://backgroundchecks.org/justdeleteme/
For example, by the votes the Sony WF-1000XM3s[1] are 31% "half-creepy", 12% find them even "super creepy".
Why? Hot take, but IMO these headphones are as "not creepy" as it gets. You don't have to use the app, they work fine as is. The app doesn't need any permissions. Still, the majority find them at least "half-creepy".
Or this Canon Printer [2] here. It's... a printer? Which allows to print stuff from the cloud via your own device. (Discontinued) Google Cloud Print could be creepy for some, but the printer works fine without it, locally. The majority thinks "Yep, that's pretty creepy"? Or are they just voting with the default setting "half-creepy", without moving the slider? :-P
10%~30% "not creepy", 30% "half-creepy", 10% "very creepy" seems to be the default distribution of votes for all more or less harmless products. Maybe the default value of a vote should be "not creepy", not "half-creepy" :-D
[1] https://foundation.mozilla.org/en/privacynotincluded/sony-wf... [2] https://foundation.mozilla.org/en/privacynotincluded/canon-p...
It says so in the “Can it snoop on me?” section… for example the app tracks your location…
Location: Yes, it can ask for the Location permission, but it does that only if the user explicitly wants it to do so, doesn't it? You have to activate "Adaptive Sound Control", and also explicitly activate location based ANC control. And then you still have to give it the permission in the operating system dialog.
Camera: You can make pictures of your ears to use some kind of strange "sound optimization", which only works with a few apps. Only then does it ask for the Camera permission, and it never uses / asks for it again afterwards.
So the information Mozilla provides is not really accurate, and that could skew the votes. I don't know if that's any better. :-D
As if someone would try to photocopy notes on a $100 printer :P
Fun idea, but I don't think there is much valuable information to glean from the ratings.
So yes, if you are a little bit tech-savy, it is easy and the first thing to disable. But it is still a very "creepy" to me, that those things are enabled by default, which means it stays enabled for the majority of users.