Mozilla's 'Privacy Not Included' Gift Report Highlights Security Concerns (wired.com) 45
Mozilla has released its second annual "Privacy Not Included" guide that rates 70 products to help give you an idea as to how secure or insecure they are. "We want to provide people information about how to make informed decisions when shopping for gifts that are connected to the internet," says Ashley Boyd, vice president of advocacy at Mozilla. "These products are becoming really popular. And in some cases, it's easy to forget that they're even connected to the internet." Wired reports: Among the important signifiers of a trustworthy stocking stuffer, according to Mozilla's rubric: the use of encryption, pushing automatic software security updates, strong password hygiene, a way to deal with vulnerabilities should they arise, and a privacy policy that doesn't take a PhD to parse. The most surprising result of Mozilla's testing may be how many products actually earned its seal of approval. Thirty-three of the 70 items in the "Privacy Not Included" guide passed muster; fans of the Nintendo Switch, Google Home, and Harry Potter Kano Coding Kit can sleep a little easier.
On the other end of the scale, Mozilla highlighted seven products that may not hit the mark -- yes, including the sous vide wand, the Anova Precision Cooker. Also scoring low marks in Mozilla's accounting: the DJI Spark Selfie Drone (no encryption, does not require users to change the default password), the Parrot Bebop 2 drone (no encryption, complex privacy policy), and unsurprisingly, at least one baby monitor. The remaining 30 items on the list all exist somewhere in the murky middle, usually because Mozilla was unable to confirm at least one attribute. Which may be the real takeaway from the report: Typically, you have no reasonable way to find out if a given internet-connected device is secure. "If you can't tell, that says that there's a problem of communication between manufacturers and consumers," says Boyd. "We would love for makers of these products to be more clear and more transparent about what they're doing and not doing. That's a big place we think change is needed."
On the other end of the scale, Mozilla highlighted seven products that may not hit the mark -- yes, including the sous vide wand, the Anova Precision Cooker. Also scoring low marks in Mozilla's accounting: the DJI Spark Selfie Drone (no encryption, does not require users to change the default password), the Parrot Bebop 2 drone (no encryption, complex privacy policy), and unsurprisingly, at least one baby monitor. The remaining 30 items on the list all exist somewhere in the murky middle, usually because Mozilla was unable to confirm at least one attribute. Which may be the real takeaway from the report: Typically, you have no reasonable way to find out if a given internet-connected device is secure. "If you can't tell, that says that there's a problem of communication between manufacturers and consumers," says Boyd. "We would love for makers of these products to be more clear and more transparent about what they're doing and not doing. That's a big place we think change is needed."
Re: Firefox = keylogger malware by default. (Score:1, Offtopic)
Re: (Score:1)
On top of that, Mozilla Foundation doesn't understand why javascript (ecmascript) should be an interpreted language and instead they compile javascript strait to exploitable [meltdownattack.com] machine code for performance. (Like everyone else, Chrome / Google do the same thing and that's pretty much the whole browser market right there.)
Mozilla is not who I'd be taking security advice from.
Re: (Score:2)
If they didn't go down the route of compiling JS code, most people wouldn't be using Firefox as their browser in this day and age!
Don't blame Mozilla/Firefox for the problems caused by hipster web devs creating a new damned JS framework every month which manages to consume twice the processing power and cause massive browser bloat!
Re: (Score:2)
Erm, as others pointed out, mozilla is a non-profit organisation which does more than just create the Firefox browser.
And yes, Firefox does absolutely obey the hosts file, that's how I'm blocking countless google spyware.
Perhaps you're mistaking Firefox with Windows 10?
With regards to privacy, they do what they can to the extent possible without getting under the skin of their funders, thus the reason for including 'tracking blocker' by default. i.e. you can't cut the hand that feeds you!
Who else will donat
Re: (Score:2)
Humms, sadly, you're right... Firefox isn't blocking domains based on hosts file [mozilla.org] :/
I'm using OpenDNS for blocking various domains too, so didn't notice.
Just checked and it appears both IE11 as well as latest Google's Chrome browser are honouring the hosts file.
Shocking.
Drone FUD (Score:4, Interesting)
I bought a DJI Spark last year. It does not need an active internet connection to fly. It also does not upload your flight records, photos, or videos to DJI's servers without manual intervention. The pictures/videos are stored on a standard MicroSD card. Mozilla is also incorrect in claiming it has a microphone - it does not (if it had one, all it would record would be the noise from the motors/propellers).
Yes, the drone doesn't require you to change the default WiFi password, but that's because a unique password is already printed on each drone. While people have hacked control of these things under laboratory conditions, the extremely short battery life (approximately 14 minutes of actual time in the air) means you'll have landed and be long gone before anyone could "hack" your drone. All of that is assuming a malicious actor even knows your drone is in the air in the first place. At 400' up, the Spark is incredibly hard to see and nearly inaudible.
The real reasons you wouldn't want to buy one of these things is that they're banned almost everywhere you'd really want to use one, and they're still kind of pricey for what is essentially a flying cell phone camera with extremely short battery life. As far as privacy risks go, again, it's a (flying) camera that geotags your photos/footage, which can lead to exactly the same privacy concerns as the camera which is already built into your smartphone.
Web Design (Score:5, Informative)
What a terrible web site. They only have photos of the items, no text descriptions of alt tags so you can't even identify some of them. And the good/bad icons are tiny and grey on white.
Re: (Score:2, Informative)
What a terrible web site. They only have photos of the items, no text descriptions of alt tags so you can't even identify some of them. And the good/bad icons are tiny and grey on white.
Try clicking on one of them..
Not obvious I admit, but the text is there.
And not just mystery meat (Score:2)
Yes, this whole Mozilla effort, as useful and important as it could have been, falls completely flat for me. The parent's observation makes this site a prime example of mystery meat [webpagesthatsuck.com]; and webpagesthatsuck.com has been documenting such bad web design for many years. One of the responses suggests trying to click on the product photos; that's just yet more click-bait design. The best I could do was to enable "display URL on hover" in my favorite browser, and hope that the URLs were at least somewhat self-ident
Re: (Score:2)
Yikes. I can't imagine a browser being my favorite if it didn't already display the URL on hover, by default.
I'm so glad that they've focused so much attention on Firefox (still my favorite browser by far, though it was painful there for a while). It sounds like the criticisms of this web site are reasonable (I haven't bothered to look), and that's a pity.
But whole
Re: (Score:2)
Sorry, I didn't mean to imply that Flexagon was dismissing Mozilla because of this. That was in response to other comments, elsewhere!
Re: (Score:2)
First link is to Wired article (Score:1)
Actual link https://foundation.mozilla.org/en/privacynotincluded/
Router issue (Score:1)
Is this on topic? You decide! (Score:1)
For what it's worth I highly recommend getting a Sous vide wand, online or otherwise.
Even if the term Sous vide is as goddamn idiotic as calling pan frying "sur le fer". A better name is "non gradient cooking" and it is fantastic.
I know I live under a rock.... (Score:2)
Re: (Score:2)
I am moderately excited and plan to run a server at home. (Please do not confuse that with "Home," which confusingly is Mycroft's cloud service.) See my comment from February. [slashdot.org]
We'll see if I can mollify the paranoid side of the family and educate the "Alexa" side when the Mark II comes out.
damnit again (Score:2)
Re: (Score:2)
The only thing that people with degrees in grievance studies know how to do is criticize others. With mozilla having been largely taken over by such people in recent years, it's to be expected that they at least need something to work on.
Hence, project that tries to paint anyone who is in any kind of potential competition, or a target for the next takeover by people with degrees in grievance studies as "bad and in need of corrective action" makes perfect sense. It's not about the gutted and slowly dying moz
glass half full (of Legionairre's disease) (Score:2)
It's a bad scenario if the person cooking my food thinks that overcooking is the worst-case scenario.
Legionnaires' disease [wikipedia.org]