Having trouble shopping for the techy in your life this holiday season? Look no further! For the second year in a row Mozilla has released *Privacy Not Included, their security and privacy focused shopping guide.
There’s no shortage of holiday shopping guides. But most focus on price and performance, not privacy. These devices can track our locations without us knowing; they can sell our data to a galaxy of parties; and they often can be hacked or manipulated. In recent years, even stuffed animals and a children’s doll have been compromised.
*Privacy Not Included is part of Mozilla’s work to spark mainstream conversations about online privacy and security — and to put individual internet users in control of their own data.
Their researchers focused on this season’s most popular connected devices from the Nintendo Switch and the latest Roku to Fitbits and assorted drones, smart watches, and even a smart dinosaur. This year’s guide features:
- In-depth reviews of 70 products across six categories: Toys & Games; Smart Home; Entertainment; Wearables; Health & Exercise; and Pets.
- 32 products were awarded a badge for meeting the Minimum Security Standards created by Mozilla, Internet Society and Consumer International. To receive a badge, products must: use encryption; have automatic security updates; manage security vulnerabilities using tools like bug bounty programs and clear points of contact; and require users to change the default password if a password is required. Products receiving a badge include: Nintendo Switch, Google Home, Harry Potter Kano Coding Kit, Athena Safety Wearable, and the Behmor Brewer Coffee Maker.
- Mozilla researchers did not make a conclusive determination if over half of the products met Minimum Security Standards. This was based on factors including if a company did not respond to inquiries or if a company’s response conflicted with recent independent security audits or penetration tester reports.
- Answers to important questions like, “Can this product spy on me?” “Is it tracking my location?” and “Can I control the data it collects about me?”.
- The debut of the Creep-O-Meter, an interactive tool allowing readers to rate how creepy they think a product using a sliding scale of “Super Creepy” to “Not Creepy,” as well to share how likely or unlikely they are to buy it. The home page of the *Privacy Not Included guide lists product based on rankings from Not Creepy to Super Creepy (Nearly 2,500 ratings were submitted by users during the guide’s beta testing period that began in late October.)
- An assessment of how easy — or hard — it is to read a products’ privacy policies using Carnegie Mellon’s Explore Usable Privacy project, which created an algorithm to determine reading levels. The most common reading level required is a college reading level (grade 14). Tile Mate’s privacy policy is identified as the most difficult, requiring a college graduate reading level (grade 18), while the Tractive GPS 3G Pet Tracker is identified as the easiest to read, requiring a middle school reading level (grade 8).
*Privacy Not Included
Information sourced from: https://blog.mozilla.org/blog/2018/11/14/your-privacy-centric-holiday-shopping-guide/