Mozilla Launches Annual Digital Privacy 'Creep-o-Meter'. This Year's Status: 'Very Creepy' (mozilla.org) 60
"In 2023, the state of our digital privacy is: Very Creepy." That's the verdict from Mozilla's first-ever "Annual Consumer Creep-o-Meter," which attempts to set benchmarks for digital privacy and identify trends:
Since 2017, Mozilla has published 15 editions of *Privacy Not Included, our consumer tech buyers guide. We've reviewed over 500 gadgets, apps, cars, and more, assessing their security features, what data they collect, and who they share that data with. In 2023, we compared our most recent findings with those of the past five years. It quickly became clear that products and companies are collecting more personal data than ever before — and then using that information in shady ways...
Products are getting more secure, but also a lot less private. More companies are meeting Mozilla's Minimum Security Standards like using encryption and providing automatic software updates. That's good news. But at the same time, companies are collecting and sharing users' personal data like never before. And that's bad news. Many companies now view their hardware or software as a means to an end: collecting that coveted personal data for targeted advertising and training AI. For example: The mental health app BetterHelp shares your data with advertisers, social media platforms, and sister companies. The Japanese car manufacturer Nissan collects a wide range of information, including sexual activity, health diagnosis data, and genetic information — but doesn't specify how.
An increasing number of products can't be used offline. In the past, the privacy conscious could always buy a connected device but turn off connectivity, making it "dumb." That's no longer an option in many cases. The number of connected devices that require apps and can't be used offline are increasing. This trend, coupled with the first, means it's harder and harder to keep your data private.
Privacy policies also need improvement. "Legalese, ambiguity, and policies that sprawl across multiple documents and URLs are the status quo. And it's getting worse, not better. Companies use these policies as a shield, not an actual resource for consumers." They note that Toyota has more than 10 privacy policy documents, and that it would actually take five hours to read all the privacy documents the Meta Quest Pro VR headset.
In the end they advise opting out of data collection when possible, enabling security features, and "If you're not comfortable with a product's privacy, don't buy it. And, speak up. Over the years, we've seen companies respond to consumer demand for privacy, like when Apple reformed app tracking and Zoom made end-to-end encryption a free feature."
You can also take a quiz that calculates your own privacy footprint (based on whether you're using consumer tech products like the Apple Watch, Nintendo Switch, Nook, or Telegram). Mozilla's privacy advocates award the highest marks to privacy-protecting products like Signal, Sonos' SL Speakers, and the Pocketbook eReader (an alternative to Amazon's Kindle. (Although 100% of the cars reviewed by Mozilla "failed to meet our privacy and security standards.")
The graphics on the site help make its point. As you move your mouse across the page, the cartoon eyes follow its movement...
Products are getting more secure, but also a lot less private. More companies are meeting Mozilla's Minimum Security Standards like using encryption and providing automatic software updates. That's good news. But at the same time, companies are collecting and sharing users' personal data like never before. And that's bad news. Many companies now view their hardware or software as a means to an end: collecting that coveted personal data for targeted advertising and training AI. For example: The mental health app BetterHelp shares your data with advertisers, social media platforms, and sister companies. The Japanese car manufacturer Nissan collects a wide range of information, including sexual activity, health diagnosis data, and genetic information — but doesn't specify how.
An increasing number of products can't be used offline. In the past, the privacy conscious could always buy a connected device but turn off connectivity, making it "dumb." That's no longer an option in many cases. The number of connected devices that require apps and can't be used offline are increasing. This trend, coupled with the first, means it's harder and harder to keep your data private.
Privacy policies also need improvement. "Legalese, ambiguity, and policies that sprawl across multiple documents and URLs are the status quo. And it's getting worse, not better. Companies use these policies as a shield, not an actual resource for consumers." They note that Toyota has more than 10 privacy policy documents, and that it would actually take five hours to read all the privacy documents the Meta Quest Pro VR headset.
In the end they advise opting out of data collection when possible, enabling security features, and "If you're not comfortable with a product's privacy, don't buy it. And, speak up. Over the years, we've seen companies respond to consumer demand for privacy, like when Apple reformed app tracking and Zoom made end-to-end encryption a free feature."
You can also take a quiz that calculates your own privacy footprint (based on whether you're using consumer tech products like the Apple Watch, Nintendo Switch, Nook, or Telegram). Mozilla's privacy advocates award the highest marks to privacy-protecting products like Signal, Sonos' SL Speakers, and the Pocketbook eReader (an alternative to Amazon's Kindle. (Although 100% of the cars reviewed by Mozilla "failed to meet our privacy and security standards.")
The graphics on the site help make its point. As you move your mouse across the page, the cartoon eyes follow its movement...
That's rich (Score:5, Interesting)
Coming from a company that embeds telemetry and data collection into its products, enabled by default, and makes it difficult amd/or time consuming to completely disable...
Re: (Score:2)
Re: That's rich (Score:2)
On some cars you can't remove the telemetry module because then they won't work.
Re: (Score:2)
I hadn't heard that yet... but have been fearing it. Do you know of any specific examples?
Re: (Score:2)
Recent Land Rover Discovery.
Re: (Score:2)
Thanks, very interesting. I'm very curious to know more about what's going on. Like if the car can't "phone home", does it self-brick? Or "limp"? Or disable features, or nag, or some other behavior that will make me remember to only buy older cars next time, or at least be sure the new car doesn't have to phone home.
Re: (Score:2)
Just look at these videos by Pine Hollow Auto Diagnostics, there are some interesting things found there:
https://www.youtube.com/watch?... [youtube.com]
https://www.youtube.com/watch?... [youtube.com]
https://www.youtube.com/watch?... [youtube.com]
Overall a pretty good channel to find out some quirks about cars.
Re: (Score:2)
Thank you, that's extremely helpful.
While I'm on the subject of difficult repairs, a few months ago I bought an '06 Volvo S40 very cheap, knowing it had problems. Most were fairly straightforward stuff, but kept getting trouble codes. Spent many hours trying things, including looking for connector corrosion, non found but silicone greased and exercised them anyway. Also unbundling wire harness areas looking for shorts / breaks, found no problems. Replaced a few things that were perfectly okay (bought used o
Re: (Score:2)
That's good. Seems like the ignition lock is another weak point on some Volvo cars causing strange erratic issues.
Re: (Score:2)
Yes, I've heard that and many other nightmare scenarios in the car. I had so many error codes with literally everything- some things more often than others, like power steering, HVAC, ambient temperature sensor. I couldn't believe they were all bad. One day a few weeks ago isolated the problem to the ECM and in a bit of a fit of running out of ideas, again tore into the ECM. Significant tarnish on the connector pins inside at solder points. Under microscope you could see solder not whetted to many pins. On
Re: That's rich (Score:2)
But you are OK with Microsoft doing it since Windows XP at least.
Re: That's rich (Score:4, Insightful)
Microsoft isn't rating everyone else's products and harping about how crappy their privacy policies are.
Re: That's rich (Score:4, Insightful)
Wait. Is the argument you are presenting saying that as long as a company doesn't say shit, it's okay for them to be shady as fuck? Like I get the glass house analogy you're trying to make, but I don't think you just made your argument in the best of terms. Like perhaps you mean something along the lines of, "if Mozilla opens the door to criticism, then they shouldn't be absolved of criticism."
Re: (Score:2)
You get the glass house analogy... what makes you jump to any further conclusions?
Re: (Score:2)
The current conversation is about Mozilla's hypocrisy. That other companies commit similar sins doesn't change the fact that Mozilla does, and is hypocritical about it.
Why are you so intent on changing the subject? Were you paid by Mozilla to try to distract everyone from their hypocrisy? Are you sleeping with some executive at the company? Or are you just a slobbering fanboi?
In any event, you're trying to change the subject. And failing.
Re: (Score:2)
The current conversation is about Mozilla's hypocrisy
Then that is what you should state.
Why are you so intent on changing the subject?
I'm asking you to clarify your point that you woefully provided. Your words.
Were you paid by Mozilla to try to distract everyone from their hypocrisy? Are you sleeping with some executive at the company?
Paranoid much? Out of tinfoil?
Or are you just a slobbering fanboi?
I can ask the exact same for your apologetic take for Microsoft's spyware. So whatever point you were trying to make with your comment here, fell really short by your own conspiratorial delusions.
In any event, you're trying to change the subject. And failing
And you're replying to the comment with deflection, I hardly chalk that up as failing. It would be something different if any of your comment held water.
So perhaps take th
Re: (Score:2)
Then that is what you should state.
I did. You tried to change the subject. And failed.
Now, we're talking about how dishonest and stupid you are.
Re: (Score:1)
That just means they are smart enough to not project their ambitions, which seem to be exactly the same.
Oh wait... EEE. There is that.... they don't harp about it, they just Embrace the crap, Extend the crap, and finally flush the crap down the special crapper they keep out behind the lunchroom. Can't plug that one apparently.
Re:You turned off telemetry (Score:1)
And then complained when your favorite features disappeared.
Re:That's rich (Score:5, Funny)
Settings --> Privacy & Security --> Firefox Data Collection, uncheck the boxes.
Is that what qualifies as "difficult and/or time consuming" these days?
Re: (Score:1)
Settings --> Privacy & Security --> Firefox Data Collection, uncheck the boxes.
Telemetry isn't the only way a browser can infringe on someone's privacy. Don't pretend to be so naive. Firefox is my preferred browser and it takes much more than unchecking a couple boxes to fix. Why don't you take a look at Mozilla's own support page for unsolicited outgoing connections. https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections [mozilla.org]
Re: That's rich (Score:1)
Re: That's rich (Score:1)
You should probably turn that off, then.
Re: (Score:2)
Re: (Score:2)
Having spent some time dealing with Firefox stupidity and looking at the actual source code, I can confirm that the GUI settings usually don't work. There's a number of secret settings in "about:config" that really change the internal behavior of the browser, and they usually cascade, so they ALL have to be changed at once for settings to be effective.
One of my favorite examples was local storage. Unchecking the box in the GUI was literally a placebo and did nothing, as the GUI code was not attached to an
Re: (Score:2)
Settings --> Privacy & Security --> Firefox Data Collection, uncheck the boxes.
Is that what qualifies as "difficult and/or time consuming" these days?
It's not about being time consuming. Why is it that a self proclaimed privacy respecting browser even has these features, let alone requiring you to opt out of them instead of being opt-in? There's dozens of 'hardening' user.js tweaks like Arkenfox which should not need to exist in the first place.
Re: (Score:3)
It's almost like the situation is slightly more complex than a binary "has/does not have telemetry".
For example, some anonymous statistics about things like what threads are using the most energy, or which module caused the browser to crash, can be extremely useful when improving the browser. It's why Chrome is so good in terms of performance and battery life. As long as it is properly anonymised, doesn't contain any sensitive information, and is opt-in, it's fine.
What is objectionable is telemetry that con
Mixed feelings. (Score:5, Interesting)
I don't know what to think; I see Mozilla as so fundamentally defined by Firefox and that software's continued funding is so dependant on the funding of one corporate backer that Mozilla as a whole need to stay on excellent terms with Alphabet/Google that they're less the source of an independent fully featured alternative to Google Chrome (a browser as repackaged much like Malibou Stacey with a new hat...) and more a hedge to prevent any antitrust threat to Alphabet/Google for monopolising the browser space.
It's to the point that if Mozilla did seem to act against their interest I'd suspect it as part of a need repair their credibility as independent rather than as happened because of any actual views held by anyone at Mozilla.
Re: (Score:2)
It sort of reminds me of the time when MS invested in Apple to help make sure Apple stuck around. So that they can point to Apple as a competitor if needed.
They don't eat their own dogfood (Score:5, Insightful)
The "privacy not included" site has multiple pitches for you to subscribe to Mozilla. Should be called "credibility not included."
Re: (Score:2)
I looked just now, ctrl-f and entered "sub" - zero results. Scanning the page manually, there was a single email subscription box to get newer editions of their privacy report in your inbox. It links to their privacy policy, which is GDPR complaint.
What is the URL of this website you saw where they have multiple pitches for you to "subscribe to Mozilla"? What service actually is that? You can create a Firefox account for easy syncing of data between browsers and for certain features on their add-ons site, b
Re: (Score:1)
Even if they do want you to subscribe to something, that in itself doesn't violate privacy. You might as well be complaining about billboards on a highway.
sexual activity? (Score:2)
Re: sexual activity? (Score:2)
Probably. Many cars have passenger detection for the seat belt warnings.
Re: (Score:2)
Mozilla's gripe with Nissan mostly seems to stem from the NissanConnect app having a bad privacy policy. Granted, for an EV these smart car apps are kind of useful for things such as checking how far along it is with charging, but for an ICE car they're mostly a gimmick that you can live without.
Re: (Score:3)
> Granted, for an EV these smart car apps are kind of useful for things such as checking how far along it is with charging
Do you need an app for that?
Re: (Score:2)
Do you need an app for that?
I could think of a few situations where it would be useful. If you've stopped somewhere to charge are just milling around inside a store to kill time, you might want to know when the car has been charged enough so you can resume your trip.
Tesla pretty much expects you to use their mobile app, so obviously some people are using apps which link to their cars.
Re: (Score:2)
Don't most BEVs tell you the time to full charge, like phones / tablets / laptops do?
Re: (Score:2)
I don't image they're always wanting to do a full charge, usually 80% will do.
Re: (Score:2)
In fact, friend's Bolt was recalled for battery problems, and new battery and instructions tell him to not charge above 80%, unless he knows he's going on a long trip.
More and more phones and tablets I've seen can self-limit at 85%. Very good idea.
But what I was getting at is, I don't need an "app" or notification to notify me that the car is fully charged. I should be able to know from the dash instruments the time needed until charged, and use normal timekeeping (watch, clocks, cell phone clock, etc.) to
Re: (Score:2)
> Granted, for an EV these smart car apps are kind of useful for things such as checking how far along it is with charging
Do you need an app for that?
The issue, as I've seen it, is that it's basically *impossible* to get useful, actionable data about cars anymore...and Mozilla's list here is as unhelpful as the dealers themselves.
Your point is a good one, that the mobile app probably has a crappy privacy policy...but if I don't install the app, is the car sending telemetry data to third parties anyway? Mozilla isn't pointing to any car models that respect an opt-out toggle any more than the dealerships tell you that an opt-out is possible. ...Okay, fine,
"You’re off the grid." (Score:2)
It says I need to tell my friends and community how to enable privacy measures like I do.
I love... (Score:3)
....when advocacy groups start a 'clock' or 'meter' and their STARTING POINT is like 95% to the end (which of course represents the sky completely fallen).
I will certainly take you seriously.
Just gotta wonder... (Score:2)
The Japanese car manufacturer Nissan collects a wide range of information, including sexual activity, health diagnosis data, and genetic information — but doesn't specify how.
I gotta wonder: HOW does Nissan collect sexual activity info?? Remind me to never buy a Nissan vehicle..
Re: (Score:3)
Head bobs per mile.
Re: (Score:2)
My question is rather, who is the poor SOB who gets to watch me fuck?
That's A Relief (Score:2)
An increasing number of products can't be used offline.
So there are an increasing number of products that I have no interest in buying. Saves money and shopping time. Having a random product that is "connected" or "wireless" is already a non-starter with me unless it is essential for its basic function.
Re: (Score:3)
So there are an increasing number of products that I have no interest in buying.
The problem is some of those products are products much of society - maybe even a near total majority - are content to abandon traditions to adopt because they're (ugh) **so convenient!** (If you have a family with boomers that insist on using WhatsApp to keep in touch this is not news to you)
I'm old enough to have grown up at the last moment in history it was normal to not have a mobile phone. In the space of a few years parenting went from a normality of accepting you don't know where they are all the tim
Re: (Score:1)
WhatsApp said they might open the protocol and federate in order to be compliant with EU rules, so hopefully there will be better open source clients available soon.
In the mean time, check out Shelter. It's an open source app that uses Android's built in Personal/Work profiles feature to quarantine apps. You move WhatsApp over to the work side and it can no longer access any of your personal data, e.g. your main contact list or any files you saved on the personal side. It's not perfect but it's not bad eith
Determine your Digital Privacy Footprint? (Score:2)
Just keeps getting worse (Score:2)
Double authentication everywhere so they have your number, VPN is getting broken on more and more sites. Want to log in on VPN somewhere important? Won't let you. Databrokers keep collecting this information as companies are more than happy to sell your information.
So everyone is selling your info, those same people are making it harder and harder to stay private. Coincidence?
Secure (Score:2)
I remember a scene in a Monty Python movie, where a woman is having a baby, and 20 people are in the room staring at her cootch.
Oh boy, you have a secure connection from your computer to a web site. But the web site lets any number of advertisers, their AI, and whoever the advertiser sells the info to, stare at your cootchie.
Oooooh, SPOOKY! (Score:2)
> As you move your mouse across the page, the cartoon eyes follow its movement...
That's nothing. Wait until they click on one of those underlined words and the website takes control of their computer and replaces the page they were reading with a completely different one!