These product listings are USER RATED! And they're sorted based on users ratings.
General users will vote for anything positive to indicate they like it, and anything negative to indicate they hate it. "Is this product good value?" "Yes." "Is this a luxury product?" "Yes." "Is this product affordable?" "Yes." All stand in's for good. So if you ask a general user if something is creepy, the answer you will get back is either "It's good" or "It's bad".
These aren't products that meet rigorous privacy guidelines, or are open source, or products from companies that go out of their way to keep their services zero-knowledge. This is a popularity contest page. This is not the place to get advice on privacy respecting products.
Take note on what guidelines Mozilla here seems to establish, one of them is hilariously: "Privacy Policy. Yes they have one"
That said I think this idea has a lot of potential, but this is perhaps not the best form for it to take.
I see all the flaws you're talking about, but the one thing I was looking for, and this simple delivered, is to relay the message
"Ring and Nest are bad, like really bad"
Sure they _say_ they're for it but their actions and products have been leaning the opposite way lately.
The explanation of their Minimum Security Standards is pretty helpful and reasonable though: https://foundation.mozilla.org/en/privacynotincluded/about/m...
This reminds me of Mozilla's Observatory project (https://observatory.mozilla.org/) in a more consumer-focused package. I just wish they'd make it less confusing.
In almost every case I saw, perfect Neutral was skewed very highly so this UX is clearly polluting the results.
I don't understand why they didn't display an ordinary table with checkboxes for each security feature.
https://assets.mofoprod.net/static/_images/buyers-guide/badg...
My concerns for my own privacy are not grounded in some emotional dislike of "creepiness", they are grounded in reasonable apprehension of the potential negative real world consequences.
> Does it have a privacy policy?
I don't really care about a product's privacy policy; I care about what's in the policy!
> Do you have to create a strong password?
It makes little sense to avoid a product because they let you set a four character password. Just use a longer password! (If they have a maximum length or some such, that's of course a different story.)
> Does it get regular software/firmware updates?
Updates can be a good sign, I guess, but as with the privacy policy, doesn't it matter more what's in those updates? Zoom gets regular updates, but that doesn't make more confident in the software—at all.
If anyone that worked on this reads this, a suggestion: Please rank products based on Mozilla's rating and not user supplied sentiment.
For example, it's hard to make sense of products that are "very creepy" or "somewhat creepy" yet have 4/5 or 5/5 overall security rating from Mozilla.
It's not clear unless you really look that creepiness rating is not from Mozilla.
I had to enable a script hosted on mofoprod.com to get the smiling face to indicate that products were voted as creepy. Also voiting options did show.
Text explaining that users are rating products and they are ordered by creppy rating could be helpful.
Mostly context-free. I'm guessing they're targeting mostly non-technical, retail consumers. Which is fine, but raises a number of other questions. Like, why is Mozilla especially well-positioned to review consumer electronics? And why are random consumers going to trust Mozilla?
Related, but this reinforces several bad messages about security:
- That it is an objective, scalar property of a thing,
- That "one size fits all",
- That infosec is a shopping exercise, not a process the user has to participate in.
Also, just, why? Who really thinks there's a Mozilla-shaped hole in the shopping-guide world?
> Facebook says that it does not listen to, view or keep the contents of any video or audio calls on your Portal.
No mentions about on their servers though, which we know they do!
How do I report articles on HN for misleading trash? This needs to be deleted from the internet.
How dare they give 5* to a fucking FB property.
A while ago I got Tile, though it was a good idea. Returned the same day, because in order to add a device I needed to create an account. The device is in my hand, the phone is in my hand, Bluetooth is the protocol. I don't need a server to arbiter a pretty straight-forward interactions between them. There is absolutely no need to require account creation, until I request cloud dependent features. Should be functional offline without any data sent to server.
Same with GoPro, they app required you to signup before you can use it.
On the other hand, I can pair and update my Bose headphones without having an account. I can do it without an app by plugging in a cable. I don't need to bother about their cloud security or privacy policy, because they simply don't have PI they can loose or misuse. I only need to be concerned about security of Bluetooth and Updates delivery.
Because it is hard not to use various services and you can't possibly asses security and privacy policies easily, the first question is: What information it collects and does it really need it to function or merely for marketing et al? If it does need, then you need to worry about security and privacy.
It seems they've been using Leanplum for some time; I'm surprised I hadn't heard anything about it. It looks like they're not using it for advertising purposes, at least.
I'm surprised they wouldn't at least restrict it to only users who had enabled usage data (i.e., not enable it for users who had clearly already expressed a preference for privacy).
I'm also surprised they didn't do this in-house. Sending data to a third party, no matter how trustworthy that party seems, is not good a good look for a product that is advertised as privacy preserving.
Automatic updates would seem to be a negative for privacy. They imply a backdoor to force changes on a device. Automatic update features have often been used to reduce consumer rights.
It's not even clear they're a win for security. If you shipped some simple device with so much attack surface it needs security fixes, you're doing it wrong.
Of course. If it needs a fix, it was built wrong. We've become too accepting of low-security software. There's no excuse for this in embedded devices that don't do much.
It contains 3 trackers [1]:
Adjust
Google Firebase Analytics
LeanPlum
It also has telemetry selected by default and is NOT opt-in. So yeah, whether it's hardware or software, you're being spied on any time you use an internet connected device.
[1]: https://reports.exodus-privacy.eu.org/en/reports/org.mozilla...
I'm too inundated with this stuff!
This fancy looking site is pretty unhelpful, and also has sinister tracking analytics which does not help their 'privacy cause'.
My assessment is that I would highly not recommend this site.
While these devices might have encryption, security updates, etc, many of the devices listed ABUSE user privacy. Many of the devices here ARE creepy!
I could provide 10 links as proof, but it's not even worth the time. You can go ahead and 'Google' the proof.
This is horrible.
Edit- want some proof? Listen to these: https://www.wfmu.org/playlists/TD
They rank all the ones you mentioned as "Super creepy".
The 'meets our minimum security standards' seal is still next to the product.
