Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Mozilla Encryption Firefox Privacy Security Software The Internet United States

Mozilla's 'Privacy Not Included' Gift Report Highlights Security Concerns (wired.com) 45

Mozilla has released its second annual "Privacy Not Included" guide that rates 70 products to help give you an idea as to how secure or insecure they are. "We want to provide people information about how to make informed decisions when shopping for gifts that are connected to the internet," says Ashley Boyd, vice president of advocacy at Mozilla. "These products are becoming really popular. And in some cases, it's easy to forget that they're even connected to the internet." Wired reports: Among the important signifiers of a trustworthy stocking stuffer, according to Mozilla's rubric: the use of encryption, pushing automatic software security updates, strong password hygiene, a way to deal with vulnerabilities should they arise, and a privacy policy that doesn't take a PhD to parse. The most surprising result of Mozilla's testing may be how many products actually earned its seal of approval. Thirty-three of the 70 items in the "Privacy Not Included" guide passed muster; fans of the Nintendo Switch, Google Home, and Harry Potter Kano Coding Kit can sleep a little easier.

On the other end of the scale, Mozilla highlighted seven products that may not hit the mark -- yes, including the sous vide wand, the Anova Precision Cooker. Also scoring low marks in Mozilla's accounting: the DJI Spark Selfie Drone (no encryption, does not require users to change the default password), the Parrot Bebop 2 drone (no encryption, complex privacy policy), and unsurprisingly, at least one baby monitor. The remaining 30 items on the list all exist somewhere in the murky middle, usually because Mozilla was unable to confirm at least one attribute. Which may be the real takeaway from the report: Typically, you have no reasonable way to find out if a given internet-connected device is secure. "If you can't tell, that says that there's a problem of communication between manufacturers and consumers," says Boyd. "We would love for makers of these products to be more clear and more transparent about what they're doing and not doing. That's a big place we think change is needed."

This discussion has been archived. No new comments can be posted.

Mozilla's 'Privacy Not Included' Gift Report Highlights Security Concerns

Comments Filter:
  • Drone FUD (Score:4, Interesting)

    by Powercntrl ( 458442 ) on Thursday November 15, 2018 @02:36AM (#57647494) Homepage

    I bought a DJI Spark last year. It does not need an active internet connection to fly. It also does not upload your flight records, photos, or videos to DJI's servers without manual intervention. The pictures/videos are stored on a standard MicroSD card. Mozilla is also incorrect in claiming it has a microphone - it does not (if it had one, all it would record would be the noise from the motors/propellers).

    Yes, the drone doesn't require you to change the default WiFi password, but that's because a unique password is already printed on each drone. While people have hacked control of these things under laboratory conditions, the extremely short battery life (approximately 14 minutes of actual time in the air) means you'll have landed and be long gone before anyone could "hack" your drone. All of that is assuming a malicious actor even knows your drone is in the air in the first place. At 400' up, the Spark is incredibly hard to see and nearly inaudible.

    The real reasons you wouldn't want to buy one of these things is that they're banned almost everywhere you'd really want to use one, and they're still kind of pricey for what is essentially a flying cell phone camera with extremely short battery life. As far as privacy risks go, again, it's a (flying) camera that geotags your photos/footage, which can lead to exactly the same privacy concerns as the camera which is already built into your smartphone.

  • Web Design (Score:5, Informative)

    by AmiMoJo ( 196126 ) on Thursday November 15, 2018 @04:14AM (#57647646) Homepage Journal

    What a terrible web site. They only have photos of the items, no text descriptions of alt tags so you can't even identify some of them. And the good/bad icons are tiny and grey on white.

    • Re: (Score:2, Informative)

      by Carewolf ( 581105 )

      What a terrible web site. They only have photos of the items, no text descriptions of alt tags so you can't even identify some of them. And the good/bad icons are tiny and grey on white.

      Try clicking on one of them..

      Not obvious I admit, but the text is there.

    • Yes, this whole Mozilla effort, as useful and important as it could have been, falls completely flat for me. The parent's observation makes this site a prime example of mystery meat [webpagesthatsuck.com]; and webpagesthatsuck.com has been documenting such bad web design for many years. One of the responses suggests trying to click on the product photos; that's just yet more click-bait design. The best I could do was to enable "display URL on hover" in my favorite browser, and hope that the URLs were at least somewhat self-ident

      • by gnunick ( 701343 )

        The best I could do was to enable "display URL on hover" in my favorite browser, and hope that the URLs were at least somewhat self-identifying.

        Yikes. I can't imagine a browser being my favorite if it didn't already display the URL on hover, by default.

        I'm so glad that they've focused so much attention on Firefox (still my favorite browser by far, though it was painful there for a while). It sounds like the criticisms of this web site are reasonable (I haven't bothered to look), and that's a pity.

        But whole

      • by gnunick ( 701343 )

        Sorry, I didn't mean to imply that Flexagon was dismissing Mozilla because of this. That was in response to other comments, elsewhere!

        • No worries. I'm a happy long-time Firefox and Thunderbird user. My post was strictly about gift report.
  • by Anonymous Coward

    Actual link https://foundation.mozilla.org/en/privacynotincluded/

  • when I am trying to work on Mozilla, I am facing Linksys Login issue. I have visited https://routerguide.org/how-to... [routerguide.org] for solution, didn't get the satisfying solution. Can anyone tell me the best solution?
  • For what it's worth I highly recommend getting a Sous vide wand, online or otherwise.

    Even if the term Sous vide is as goddamn idiotic as calling pan frying "sur le fer". A better name is "non gradient cooking" and it is fantastic.

  • ...but why have I never heard of Mycroft before? That looks interesting.
    • by q4Fry ( 1322209 )

      I am moderately excited and plan to run a server at home. (Please do not confuse that with "Home," which confusingly is Mycroft's cloud service.) See my comment from February. [slashdot.org]

      We'll see if I can mollify the paranoid side of the family and educate the "Alexa" side when the Mark II comes out.

  • Couldn't just link to the guide, could you? 25,000 thumbs down
  • Take, for example, that sous vide: "Someone could hack your Wi-Fi, crank up the cooking temperature on your sous vide, and overcook your steak," reads the entry, presenting a worst-case scenario that's not quite grade A.

    It's a bad scenario if the person cooking my food thinks that overcooking is the worst-case scenario.

    Legionnaires' disease [wikipedia.org]

    The bacteria grow best at warm temperatures. It thrives at water temperatures between 25 and 45 C with an optimum temperature of 35 C.

    Temperatures above 60 C (140 F) kil

It is now pitch dark. If you proceed, you will likely fall into a pit.

Working...