If you’re looking to give the gift of privacy this holiday season, you might want to check out the 2022 edition of Mozilla’s Privacy Not Included buyer’s guide, which was released on Wednesday. The annual guide includes privacy reviews of over 75 popular consumer electronics goodies and will be continually updated throughout the season.

Possible gifts in the guide so far include the Apple Watch, Nintendo Switch, Amazon Echo, Garmin fitness trackers, Google Chromecast, Steam Deck, and the Meta Quest Pro.

According to Mozilla researchers, MetaQuest Pro can be especially challenging for privacy seekers. To get the full scoop on privacy for the gadget, a buyer would need to have at least 14 browser tabs open to peruse the privacy documents totaling 37,700 words — which is roughly 6,747 words longer than Dickens’ “A Christmas Carol.” And very little is interesting to read.

,[T]The question it comes down to is, does Meta/Facebook have your best interests at heart when it collects all the data Quest Pro is capable of collecting? Mozilla asks in its guide. “From Cambridge Analytica to where we are today with Mark Zuckerberg’s hopes for the metaverse, the answer to that question is an overwhelming no.”

Mozilla Privacy Not Involved Holiday Buyers Guide Infographic

Image credit: Mozilla

Meta is not alone in creating prolix privacy policies. The researchers noted that even products like the Amazon Echo Dot and Google Pixel watch come with multiple privacy policies for the hardware, apps and companies with which they share data.

“It sounds like the Rube Goldberg experiment privacy documentation companies are trying to throw at consumers,” Jan Caltrider, the guide’s lead researcher, said in a statement.

“If I am struggling to understand it as a privacy researcher, the situation for consumers is much worse. It’s not right,” he added.

Caveats and Hairsplitting

Jawwad Malik, security awareness advocate for KnowBe4, a security awareness training provider in Clearwater, Fla., stressed that the purpose of privacy policies is to inform users about how their information will be used and for what purposes so they can make informed decisions. Huh.

“When the policies are so complex and prohibitive to read, most people will just click through to use the app or service,” Malik told TechNewsWorld. “This puts them at risk because they may be consenting to have their information used in ways they are not aware or comfortable with.”

“Complex privacy policies make it more difficult than necessary for end users to fully understand the privacy they expect from the company and their rights as a user,” said Paul Bischoff, privacy advocate at Comparitech. consumer protection products.

“The more complex the privacy policy, the more you’ll find exceptions, warnings, hidden terms, and haircuts,” Bischoff told TechNewsWorld.

However, Daniel Castro, vice president of the Information Technology and Innovation Foundation, a research and public policy organization in Washington, DC, pointed out that privacy policies are often complex because digital products and services are complex.

Plus, he continued, the companies making these products face regulators not only in the 50 states but all over the world. “With these companies facing heavy penalties for any errors or omissions, it’s not surprising that lawyers have started writing these terms,” ​​Castro told TechNewsWorld.

“Many of these privacy policies are often ‘for lawyers, by lawyers’ for consumers,” he added. “These companies are not trying to defraud consumers – they are trying to avoid penalties. But if they oversimplify or generalize, they will face penalties like the nearly $400 million Google settlement.”

Save the Jargon for the TOS

Malik countered that while privacy policies are important to legally protect organizations that use customer data, they should be done in a transparent and easy-to-understand manner so that people can make the right decisions for themselves.

“While complex policies may provide some protection from litigation, they can open up a whole new set of challenges for organizations if they are found to be intentionally vague about how they deal with customers,” he said.

Because tech companies are so concerned about privacy-related litigation with their products or services, they are willing to write complex privacy documents that protect their own interests, often at the expense of the consumer, said Mark, president and principal analyst at SmartTech. Ann Vena of the Research in San Jose, Calif.

“Tech companies should be required to write more simplified privacy documents that consumers can understand,” Vena told TechNewsWorld. “Apple, in particular, is very good about this in its privacy policies which are often written in easy-to-understand language.”

“Privacy policies should be simple and human-readable. Save the legal jargon for terms of service,” Bischoff said.

Too many connections

Researchers at Mozilla noted that their privacy guide has become tighter than ever due to the increase in connected devices on the market.

“We are living through an unprecedented explosion of connected products,” researcher Misha Rykov said in a statement. “Now there are children’s toys, litter boxes, sunglasses and vacuums that connect to the Internet – and then scoop up and share precious personal information.”

Caltrider said what many consumers don’t realize is that every connection from a device to the Internet opens an entry point into their homes. He told TechNewsWorld, “Combine that with the apps you need to control these devices — apps that control microphones and cameras and can access contacts and location information — and it’s about privacy.” Raises a lot of questions.”

“If you try to read the privacy policies of everything you bring into your home, it’s nearly impossible,” she said. “I do this for a living, and it makes my head spin trying to understand Amazon, Meta, or Verizon’s vast network of privacy policies.”

privacy trade-offs

For people who want to protect their privacy and don’t want to read privacy policies, there are measures they can take, although they often require trade-offs.

“It’s possible to prevent unwanted tracking by disabling Wi-Fi connections on devices that don’t require core functionality, such as smart TVs,” explained Chris Clements, vice president of solutions architecture at Cerberus Sentinel, a cybersecurity consulting and penetration consultancy. Testing Company in Scottsdale, Ariz.

“Not connecting the TV to a network prevents the manufacturer from collecting tracking data or injecting ads into the interface, but the trade-off is that you may not get any firmware updates that could introduce additional features.” is or can fix known issues,” Clements told TechNewsworld.

“Consumers should be especially wary of cheap no-name devices equipped with microphones or cameras,” he warned. “There are numerous examples of manufacturers recording and sending all sensor data back to overseas servers without the user’s consent or knowledge.”

However, he acknowledged that in practice, it can be challenging to thoroughly understand the privacy implications for any given product. “There are a lot of legal loopholes that can be built into complex confidentiality agreements, as well as few good ways for the average person to confirm whether manufacturers are living up to their end of the agreement,” he added.

Mozilla believes the high-tech industry has lost its soul by putting profits before the people and is going to try to do something about it. It has announced Mozilla Ventures, a US$35 million venture capital fund to finance early-stage startups producing products and technologies that advance values ​​such as privacy, inclusion, transparency and human dignity.

“Many say the tech industry has lost its soul. Some even say it is impossible to improve. My response: We won’t know until we try together,” said Mozilla executive Director Mark Surman said in a blog post.

“Mozilla Ventures is all about promoting companies and products that put people before profits,” he continued. “And it’s about fueling enough of these companies and products that we can finally move the Internet in a better direction.”

According to Mozilla, its enterprise arm will initially invest in companies that protect privacy, decentralize digital power, build more trustworthy AI, and have great potential for business success. Companies that received initial investment from venture funds include:

  • Secure AI Labs (SAIL), which uses advanced security and AI technology to protect patient data and advance medical collaboration. It aims to advance bioinformatics research and innovation with a platform that allows faster, more secure access to data.
  • Block Party, a social media safety app designed to address the realities of online harassment. It allows individuals who regularly experience harassment to safely engage in public conversations on social media by setting their own content limits.
  • Heylogin, a ‘swipe-to-login’ password management solution designed for businesses. Aimed primarily at SMEs, the app charges a per-user fee and allows businesses to share passwords and manage personal accounts.

Is Rome burning?

While Mozilla cites some lofty goals for its new venture, how it meets those goals may require closer scrutiny, said Mark N. Venna, president and principal analyst at SmartTech Research in San Jose, Calif. Maintained.

“While this effort can be at a high level, I am always skeptical about initiatives like this to fund ‘responsible’ startups, as those who define ‘responsible’ mean may have an agenda. is or may not really be objective,” Vena told TechNewsWorld.

“The reporting I’ve seen doesn’t share much about what the process is and who specifically will be part of the selection process,” he said, “but I worry it will be too agenda-driven.” ‘Responsible’ as that word requirement is ambiguous and means different things to different individuals.”

“I think the comment that ‘the tech industry has lost its soul’ is an exaggeration,” he said.

“Sure, there are serious dealings in social media and a select few tech companies, but I’m not sure that such over-the-top statements help the situation and come across to many individuals in a non-supportive ‘Rome is burning’ way.” Huh. .”

A question for insiders

Has the tech industry lost its soul? “The cynical in me wants to answer, ‘Which spirit?’ But Realist says that even if the soul of the industry is not destroyed, the spirit of today’s users and what they expect from their experiences needs to be taken seriously,” said Liz Miller, vice president and head of Constellation Research said analyst. technology research and advisory firm in Cupertino, Calif.

“For Mozilla, from the outset, their spirit has been associated with equal access to privacy, identity and opportunities balanced by the ethical use of technology,” Miller told TechNewsWorld. “Their stand has always been that the smaller player deserves as much stake in the digital opportunity as anyone else.”

“So from that vantage point,” she continued, “the soul of individual sovereignty and respected identity may very well be seen as having been lost.”

Whether the tech industry has lost its spirit is one of the questions that inside observers tend to think about, said Ross Rubin, principal analyst at Reticle Research, a consumer technology consulting firm in New York City.

“Most consumers focus on usability and whether something does something better than anything else,” he told TechNewsWorld.

“TikTok became wildly popular because it was a more fun entertainment experience than Instagram,” he explained. “Firefox, on the other hand, has a better privacy protection message than its competitors, but that’s not enough to overcome its competitors’ pre-bundling.”

too little too late?

In the past, the open-source community focused on what felt appropriate and left those online mining customers alone for information and money. “But that has changed,” observed Rob Enderle, president and principal analyst at Enderle Group, an advisory services firm in Bend, Ore.

“Mozilla is using its limited funds to help run Counter-Revolution,” Enderle told TechNewsworld. “I hope it’s too little and too late.”

“Thirty-five million dollars isn’t a lot of money,” he said, “and if they spread it as little as they likely would, it might just be a waste of money.”

“Mozilla is not set up to be a VC,” he argued. “The organization lacks the business basic skills that make good VCs successful.”

He said Mozilla isn’t the only one focusing on online privacy concerns.

“PC and consumer companies, including Apple and Samsung, have been successfully focusing on those messages for some time, as have some social media alternatives,” Enderle said.

“Hardware companies have had some success, but paid social media company efforts haven’t had as much success,” he continued. “People think free is better than private.”

imagine a better net

To lead its venture operations, Mozilla has named Mohammed Nanabhai, who has held leadership positions at Al Jazeera and the Media Development Investment Fund.

“Many of us cannot imagine life without internet. But are we ready to imagine life with a better internet for all?” Nanabhay asked in a statement.

“That’s why we are starting Mozilla Ventures – to build an ecosystem of entrepreneurs from around the world who are building companies that build a better internet,” he continued.

“We want to support the founders who are working on the many challenges we face online – from misinformation to censorship, from security to privacy, and the potential to cause immediate and massive harm,” he said. “These issues are too important to leave for any one institution to resolve.”

Mozilla Ventures is expected to officially launch in early 2023.