If you want to give the gift of privacy this holiday season, you can check out the 2022 edition of Mozilla’s Buyer’s Guide to Privacy Not Included, released Wednesday. The annual guide contains privacy reviews of over 75 popular consumer electronic gifts and will be continually updated throughout the giving season.
Among the potential giveaways in the guide so far are the Apple Watch, Nintendo Switch, Amazon Echo, Garmin fitness trackers, Google Chromecast, Steam Deck, and the Meta Quest Pro.
According to Mozilla researchers, the Meta Quest Pro can be particularly difficult for people seeking privacy. To get the full scoop on the gadget’s privacy, a shopper would need to open at least 14 browser tabs to make sense of the privacy documents totaling 37,700 words — about 6,747 words longer than Dickens’s “A Christmas Carol” and much less. interesting to read.
“[T]The question boils down to, does Meta/Facebook have your best interests at heart when collecting all the data the Quest Pro is capable of collecting? asks Mozilla in its guide. “From Cambridge Analytica to where we are today with Mark Zuckerberg’s hopes for the metaverse, the answer to that question is a resounding NO.”
Image credit: Mozilla
Meta isn’t alone in formulating verbose privacy policies. The researchers noted that products like the Amazon Echo Dot and Google Pixel Watch also come with multiple privacy policies for the hardware, apps, and companies they share data with.
“It feels like a Rube Goldberg experiment trying to navigate the privacy literature companies throw at consumers,” the guide’s lead researcher Jen Caltrider said in a statement.
“While I struggle to understand this as a privacy researcher, consumers are much worse off. That’s not true,” she added.
Warnings and Hair Sharing
The purpose of privacy policies is to inform users about how their information will be used and for what purposes so they can make informed decisions, said Javvad Malik, security awareness advocate at KnowBe4, a security awareness training provider in Clearwater, Florida.
“When policies are so complex and prohibitive to read, the majority of people just click through to use the app or service they need,” Malik told TechNewsWorld. “It puts them at risk because they may be consenting to their information being used in ways they are unfamiliar with or uncomfortable with.”
“Complex privacy policies make it harder than necessary for end users to fully understand the privacy they should expect from a company and their rights as a user,” added Paul Bischoff, Privacy Advocate at Comparitech. , a review, advice and information website for consumer safety products.
However, Daniel Castro, vice president of the Information Technology & Innovation Foundation, a research and public policy organization in Washington, DC, pointed out that privacy policies are often complex because digital products and services are complex.
Plus, he continued, companies making these products face regulators not just in 50 states, but around the world. “Given the huge penalties these companies can face for any errors or omissions, it’s no surprise that attorneys have taken over the drafting of these terms,” Castro told TechNewsWorld.
“A lot of these privacy policies are often ‘for lawyers, by lawyers’ rather than consumers,” he said. “These companies are not trying to deceive consumers, they are trying to avoid fines. But if they oversimplify or generalize, they will be hit with penalties like Google’s nearly $400 million settlement.
Save the jargon for the TOS
Malik countered that while privacy policies are important for legally protecting organizations that use customer data, they should be made transparent and easy to understand so people can make the decisions that are right for them.
“While complex policies can provide some protection against litigation, they can open up a whole new set of challenges for organizations if found to deliberately cloud the way they operate with customers,” a- he declared.
Because tech companies are so concerned about privacy disputes with their products or services, they are prone to drafting complex privacy documents that often protect their own interests at the expense of the consumer, added Mark N. Vena, president. and Principal Analyst at SmartTech. Research in San Jose, California.
“Tech companies should be required to write more simplistic privacy documents that consumers can understand,” Vena told TechNewsWorld. “Apple, in particular, is very good at this in its privacy policies, which are often written in easy-to-understand language.”
“Privacy policies should be simple and human readable. Save the legalese for the terms of service,” Bischoff added.
too many connections
Mozilla researchers noted that crafting their privacy guide has become more difficult than ever due to the increase in connected devices in the market.
“We are experiencing an unprecedented explosion of connected products,” researcher Misha Rykov said in a statement. “There are now children’s toys, litter boxes, sunglasses and vacuum cleaners that connect to the internet and then collect and share valuable personal information.”
What many consumers don’t realize is that every connection a device has to the internet opens up an entry point into their home, Caltrider noted. “Add to that the apps you need to control these devices — apps that control microphones and cameras and can access contacts and location information — and it raises a lot of questions about privacy,” he said. she told TechNewsWorld.
“If you try to read the privacy policies of everything you bring into your home, it’s next to impossible,” she added. “I do this for a living, and it makes my head spin trying to figure out the vast webs of privacy policies from Amazon, Meta, or Verizon.”
For people who want to protect their privacy and not read privacy policies, there are steps they can take, although they often require compromises.
“Unwanted tracking can be prevented by turning off Wi-Fi connections on devices that don’t need them for basic functionality, like a smart TV,” explained Chris Clements, vice president of the solution architecture at Cerberus Sentinel, a cybersecurity consulting and penetration firm. testing company in Scottsdale, Arizona.
“Not connecting the TV to the network may prevent the manufacturer from collecting tracking data or injecting advertisements into the interface, but the trade-off is that you may not receive any firmware updates that may introduce additional functionality or fix known issues,” Clements said. TechNewsWorld.
“Consumers should be especially wary of inexpensive no-name devices with microphones or cameras,” he warned. “There have been many cases where manufacturers have logged and sent all sensor data back to foreign servers without the user’s consent or knowledge.”
He acknowledged, however, that in practice it can be difficult to fully understand the privacy implications for a given product. “There are simply too many legal loopholes that can be squeezed into complex confidentiality agreements, and few good ways for the average person to confirm whether the manufacturer is keeping their end of the bargain,” he said. declared.