Slashdot Mirror
Mozilla's 'Privacy Not Included' Gift Report Highlights Security Concerns (wired.com)
Mozilla has released its second annual "Privacy Not Included" guide that rates 70 products to help give you an idea as to how secure or insecure they are. "We want to provide people information about how to make informed decisions when shopping for gifts that are connected to the internet," says Ashley Boyd, vice president of advocacy at Mozilla. "These products are becoming really popular. And in some cases, it's easy to forget that they're even connected to the internet." Wired reports: Among the important signifiers of a trustworthy stocking stuffer, according to Mozilla's rubric: the use of encryption, pushing automatic software security updates, strong password hygiene, a way to deal with vulnerabilities should they arise, and a privacy policy that doesn't take a PhD to parse. The most surprising result of Mozilla's testing may be how many products actually earned its seal of approval. Thirty-three of the 70 items in the "Privacy Not Included" guide passed muster; fans of the Nintendo Switch, Google Home, and Harry Potter Kano Coding Kit can sleep a little easier.
On the other end of the scale, Mozilla highlighted seven products that may not hit the mark -- yes, including the sous vide wand, the Anova Precision Cooker. Also scoring low marks in Mozilla's accounting: the DJI Spark Selfie Drone (no encryption, does not require users to change the default password), the Parrot Bebop 2 drone (no encryption, complex privacy policy), and unsurprisingly, at least one baby monitor. The remaining 30 items on the list all exist somewhere in the murky middle, usually because Mozilla was unable to confirm at least one attribute. Which may be the real takeaway from the report: Typically, you have no reasonable way to find out if a given internet-connected device is secure. "If you can't tell, that says that there's a problem of communication between manufacturers and consumers," says Boyd. "We would love for makers of these products to be more clear and more transparent about what they're doing and not doing. That's a big place we think change is needed."
On the other end of the scale, Mozilla highlighted seven products that may not hit the mark -- yes, including the sous vide wand, the Anova Precision Cooker. Also scoring low marks in Mozilla's accounting: the DJI Spark Selfie Drone (no encryption, does not require users to change the default password), the Parrot Bebop 2 drone (no encryption, complex privacy policy), and unsurprisingly, at least one baby monitor. The remaining 30 items on the list all exist somewhere in the murky middle, usually because Mozilla was unable to confirm at least one attribute. Which may be the real takeaway from the report: Typically, you have no reasonable way to find out if a given internet-connected device is secure. "If you can't tell, that says that there's a problem of communication between manufacturers and consumers," says Boyd. "We would love for makers of these products to be more clear and more transparent about what they're doing and not doing. That's a big place we think change is needed."
I bought a DJI Spark last year. It does not need an active internet connection to fly. It also does not upload your flight records, photos, or videos to DJI's servers without manual intervention. The pictures/videos are stored on a standard MicroSD card. Mozilla is also incorrect in claiming it has a microphone - it does not (if it had one, all it would record would be the noise from the motors/propellers).
Yes, the drone doesn't require you to change the default WiFi password, but that's because a unique password is already printed on each drone. While people have hacked control of these things under laboratory conditions, the extremely short battery life (approximately 14 minutes of actual time in the air) means you'll have landed and be long gone before anyone could "hack" your drone. All of that is assuming a malicious actor even knows your drone is in the air in the first place. At 400' up, the Spark is incredibly hard to see and nearly inaudible.
The real reasons you wouldn't want to buy one of these things is that they're banned almost everywhere you'd really want to use one, and they're still kind of pricey for what is essentially a flying cell phone camera with extremely short battery life. As far as privacy risks go, again, it's a (flying) camera that geotags your photos/footage, which can lead to exactly the same privacy concerns as the camera which is already built into your smartphone.
---
DRM is like antifreeze, to the MPAA/RIAA it's sweet, to the consumers it's poison.
What a terrible web site. They only have photos of the items, no text descriptions of alt tags so you can't even identify some of them. And the good/bad icons are tiny and grey on white.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
Actual link https://foundation.mozilla.org/en/privacynotincluded/
when I am trying to work on Mozilla, I am facing Linksys Login issue. I have visited https://routerguide.org/how-to... for solution, didn't get the satisfying solution. Can anyone tell me the best solution?
For what it's worth I highly recommend getting a Sous vide wand, online or otherwise.
Even if the term Sous vide is as goddamn idiotic as calling pan frying "sur le fer". A better name is "non gradient cooking" and it is fantastic.
...but why have I never heard of Mycroft before? That looks interesting.
Couldn't just link to the guide, could you? 25,000 thumbs down
It's a bad scenario if the person cooking my food thinks that overcooking is the worst-case scenario.
Legionnaires' disease
Lots of sous-vide recipes specify less than 140 degrees F. This is already in the wheel house of one strain of bacteria, with a 10% human fatality rate once contracted.
This is why sous-vide cookers go the extra mile to ensure precise thermal regulation.
Not too many bacteria in food will actually kill you (yet) if only undercooked by a small amount. But as they say in antibiotics and cipher breaking, your adversary's attacks and defenses only ever improve.
The only thing that people with degrees in grievance studies know how to do is criticize others. With mozilla having been largely taken over by such people in recent years, it's to be expected that they at least need something to work on.
Hence, project that tries to paint anyone who is in any kind of potential competition, or a target for the next takeover by people with degrees in grievance studies as "bad and in need of corrective action" makes perfect sense. It's not about the gutted and slowly dying mozilla. It's about spreading the parasitic ideology of the people that gutted it from inside to other companies, using the dying husk of mozilla as a host for as long as it can last.
Erm, as others pointed out, mozilla is a non-profit organisation which does more than just create the Firefox browser.
And yes, Firefox does absolutely obey the hosts file, that's how I'm blocking countless google spyware.
Perhaps you're mistaking Firefox with Windows 10?
With regards to privacy, they do what they can to the extent possible without getting under the skin of their funders, thus the reason for including 'tracking blocker' by default. i.e. you can't cut the hand that feeds you!
Who else will donate money - you?!
Firefox is the only browser of hope left!
If they didn't go down the route of compiling JS code, most people wouldn't be using Firefox as their browser in this day and age!
Don't blame Mozilla/Firefox for the problems caused by hipster web devs creating a new damned JS framework every month which manages to consume twice the processing power and cause massive browser bloat!
Yes, this whole Mozilla effort, as useful and important as it could have been, falls completely flat for me. The parent's observation makes this site a prime example of mystery meat; and webpagesthatsuck.com has been documenting such bad web design for many years. One of the responses suggests trying to click on the product photos; that's just yet more click-bait design. The best I could do was to enable "display URL on hover" in my favorite browser, and hope that the URLs were at least somewhat self-identifying. Given the site's target audience, that's not helpful.
And now about the reviews themselves. Mozilla's "minimum security standards" bar seems pretty darned low. Just look at all of their "thumbs-up" products that on further inspection say "Yes" to the all-important factor "Shares your information with 3rd parties for unexpected reasons". In fact many "thumbs-up" reviews have 2 out of 3 sad faces in the "What does it know about me" category. How is the target audience supposed to have any confidence in these reviews?
And though there are some tablets in the list, where are the smartphones?
Humms, sadly, you're right... Firefox isn't blocking domains based on hosts file :/
I'm using OpenDNS for blocking various domains too, so didn't notice.
Just checked and it appears both IE11 as well as latest Google's Chrome browser are honouring the hosts file.
Shocking.