November 16, 2022


If you’re looking to give the gift of privacy this holiday season, you might want to check out the 2022 edition of Mozilla’s Privacy Not Included buyer’s guide, which was released on Wednesday. The annual guide includes privacy reviews of over 75 popular consumer electronics goodies and will be continually updated throughout the season.

Possible gifts in the guide so far include the Apple Watch, Nintendo Switch, Amazon Echo, Garmin fitness trackers, Google Chromecast, Steam Deck, and the Meta Quest Pro.

According to Mozilla researchers, MetaQuest Pro can be especially challenging for privacy seekers. To get the full scoop on privacy for the gadget, a buyer would need to have at least 14 browser tabs open to peruse the privacy documents totaling 37,700 words — which is roughly 6,747 words longer than Dickens’ “A Christmas Carol.” And very little is interesting to read.

,[T]The question it comes down to is, does Meta/Facebook have your best interests at heart when it collects all the data Quest Pro is capable of collecting? Mozilla asks in its guide. “From Cambridge Analytica to where we are today with Mark Zuckerberg’s hopes for the metaverse, the answer to that question is an overwhelming no.”

Mozilla Privacy Not Involved Holiday Buyers Guide Infographic

Image credit: Mozilla

Meta is not alone in creating prolix privacy policies. The researchers noted that even products like the Amazon Echo Dot and Google Pixel watch come with multiple privacy policies for the hardware, apps and companies with which they share data.

“It sounds like the Rube Goldberg experiment privacy documentation companies are trying to throw at consumers,” Jan Caltrider, the guide’s lead researcher, said in a statement.

“If I am struggling to understand it as a privacy researcher, the situation for consumers is much worse. It’s not right,” he added.

Caveats and Hairsplitting

Jawwad Malik, security awareness advocate for KnowBe4, a security awareness training provider in Clearwater, Fla., stressed that the purpose of privacy policies is to inform users about how their information will be used and for what purposes so they can make informed decisions. Huh.

“When the policies are so complex and prohibitive to read, most people will just click through to use the app or service,” Malik told TechNewsWorld. “This puts them at risk because they may be consenting to have their information used in ways they are not aware or comfortable with.”

“Complex privacy policies make it more difficult than necessary for end users to fully understand the privacy they expect from the company and their rights as a user,” said Paul Bischoff, privacy advocate at Comparitech. consumer protection products.

“The more complex the privacy policy, the more you’ll find exceptions, warnings, hidden terms, and haircuts,” Bischoff told TechNewsWorld.

However, Daniel Castro, vice president of the Information Technology and Innovation Foundation, a research and public policy organization in Washington, DC, pointed out that privacy policies are often complex because digital products and services are complex.

Plus, he continued, the companies making these products face regulators not only in the 50 states but all over the world. “With these companies facing heavy penalties for any errors or omissions, it’s not surprising that lawyers have started writing these terms,” ​​Castro told TechNewsWorld.

“Many of these privacy policies are often ‘for lawyers, by lawyers’ for consumers,” he added. “These companies are not trying to defraud consumers – they are trying to avoid penalties. But if they oversimplify or generalize, they will face penalties like the nearly $400 million Google settlement.”

Save the Jargon for the TOS

Malik countered that while privacy policies are important to legally protect organizations that use customer data, they should be done in a transparent and easy-to-understand manner so that people can make the right decisions for themselves.

“While complex policies may provide some protection from litigation, they can open up a whole new set of challenges for organizations if they are found to be intentionally vague about how they deal with customers,” he said.

Because tech companies are so concerned about privacy-related litigation with their products or services, they are willing to write complex privacy documents that protect their own interests, often at the expense of the consumer, said Mark, president and principal analyst at SmartTech. Ann Vena of the Research in San Jose, Calif.

“Tech companies should be required to write more simplified privacy documents that consumers can understand,” Vena told TechNewsWorld. “Apple, in particular, is very good about this in its privacy policies which are often written in easy-to-understand language.”

“Privacy policies should be simple and human-readable. Save the legal jargon for terms of service,” Bischoff said.

Too many connections

Researchers at Mozilla noted that their privacy guide has become tighter than ever due to the increase in connected devices on the market.

“We are living through an unprecedented explosion of connected products,” researcher Misha Rykov said in a statement. “Now there are children’s toys, litter boxes, sunglasses and vacuums that connect to the Internet – and then scoop up and share precious personal information.”

Caltrider said what many consumers don’t realize is that every connection from a device to the Internet opens an entry point into their homes. He told TechNewsWorld, “Combine that with the apps you need to control these devices — apps that control microphones and cameras and can access contacts and location information — and it’s about privacy.” Raises a lot of questions.”

“If you try to read the privacy policies of everything you bring into your home, it’s nearly impossible,” she said. “I do this for a living, and it makes my head spin trying to understand Amazon, Meta, or Verizon’s vast network of privacy policies.”

privacy trade-offs

For people who want to protect their privacy and don’t want to read privacy policies, there are measures they can take, although they often require trade-offs.

“It’s possible to prevent unwanted tracking by disabling Wi-Fi connections on devices that don’t require core functionality, such as smart TVs,” explained Chris Clements, vice president of solutions architecture at Cerberus Sentinel, a cybersecurity consulting and penetration consultancy. Testing Company in Scottsdale, Ariz.

“Not connecting the TV to a network prevents the manufacturer from collecting tracking data or injecting ads into the interface, but the trade-off is that you may not get any firmware updates that could introduce additional features.” is or can fix known issues,” Clements told TechNewsworld.

“Consumers should be especially wary of cheap no-name devices equipped with microphones or cameras,” he warned. “There are numerous examples of manufacturers recording and sending all sensor data back to overseas servers without the user’s consent or knowledge.”

However, he acknowledged that in practice, it can be challenging to thoroughly understand the privacy implications for any given product. “There are a lot of legal loopholes that can be built into complex confidentiality agreements, as well as few good ways for the average person to confirm whether manufacturers are living up to their end of the agreement,” he added.