Back to case StudiesBack to Case Studies

Mozilla Foundation

*Privacy Not Included

Privacy Not Included is a buyer’s guide that informs consumers about the privacy and security of products connected to the internet.

Location

San Francisco, CA

Official Website

Overview

*Privacy Not Included is a buyer’s guide that informs consumers about the privacy and security of products connected to the internet. The Mozilla Foundation launched the guide in 2017 and has since reviewed over 180 products. Mozilla Foundation’s technical experts evaluate each product against a set of criteria called the Minimum Security Standard. The standard focuses on encryption, automatic security updates, strong password requirements, managing system vulnerabilities, and the accessibility of privacy policies.

The guide also allows users to share their opinions on products’ safety and security standards through a simple survey called the “Creep-O-Meeter.”

Inspired by *Privacy Not Included, in December 2020, Mozilla hosted an event to explore the state of privacy and security in consumer tech gadgets. Inspired by *Privacy Not Included, in December 2020, Mozilla hosted an event to explore the state of privacy and security in consumer tech gadgets.

The Challenge

Consumer privacy and security are under siege. Many connected devices and apps — from doorbells to watches — collect our data, then sell it, exploit it, or simply do not protect it. Meanwhile, consumers have few options to push back: privacy regulations are scarce, policies are indecipherable, and privacy-centric alternatives are not always well known.

Another part of the challenge is capturing, and building upon, user opinion. *Privacy Not Included believes it is critical that companies, and other consumers, see which products people think are safe and which products people feel are too invasive.

*Privacy Not Included publishes an annual holiday ranking of the creepiest and safest connected devices. *Privacy Not Included publishes an annual holiday ranking of the creepiest and safest connected devices.

About the Intervention

Each product featured in the *Privacy Not Included guide is assessed against the Minimum Security Standard. This standard was designed by Mozilla, Consumers International, and Internet Society in 2018 and focuses on encryption, automatic security updates, strong password requirements, managing system vulnerabilities, and the accessibility of privacy policies.

Additionally, products are evaluated based on how collected data is used, the ability of a user to control collected data, and a company’s known track record on protecting user data over the past two years. This information, in combination with the Minimum Security Standard evaluation, determines whether a product will be tagged with a *Privacy Not Included warning label. The guide also reviews questions such as a product’s use of AI, what data can be collected, how creepy people think a product is, and more.

The guide also tailors product reviews to specific audiences or moments in time. For example, in 2020, *Privacy Not Included published their first review of video call apps to help users understand which apps were better than others at connecting them to loved ones while also protecting their privacy.

Ultimately, *Privacy Not Included is focused on informing consumers. As Ashley Boyd, vice president for advocacy and engagement at the Mozilla Foundation, stated in an interview with NBC News, “We know there’s a lot of money being made by collecting and packaging our data. Our position is: Let consumers opt-in to that kind of data collection rather than opt-out. Our concern lies in the lack of transparency or even basic information about the data that’s being collected.”1

Impact & Future Plans

*Privacy Not Included has been translated into four languages (English, French, Spanish, and German) and written about in numerous outlets, including NPR, WIRED, the New York Times, USA Today, and more. The guide has helped hold companies accountable for their privacy and security policies and, through features like the Creep-O-Meter, has shown companies that consumers care about these issues. For example, after *Privacy Not Included published its edition on video call services, companies like Discord changed their policies to better protect consumers.

In 2020, Mozilla won a Webby Award for *Privacy Not Included in the “People’s Voice Award for Activism” category, stating “Privacy is power. Demand it.”

For the future, the Mozilla Foundation is constantly evaluating how to evolve the guide to better help consumers. For example, the *Privacy Not Included team plans to add privacy user manuals into the guide to help people know which settings on an app or device will help consumers most protect their privacy. The Mozilla Foundation will continue to publish and update *Privacy Not Included year-round.

  1. ¹ Alex Jones, IBM Watson OpenScale and AI Fairness 360: Two new AI analysis tools that work great together (Medium Blog, May 2019) 

NextNavigate to next case study

2020 Census Disclosure Avoidance System

The 2020 Decennial Census used differential privacy to preserve the anonymity of U.S. residents