From her remote mountaintop home in the Colorado wilderness, Jen Caltrider has an ideal vantage point to ponder privacy, which she basically does full time. Caltrider leads the Mozilla Foundation’s *Privacy Not Included guide, an online consumer resource that reveals how privacy-respecting some products are — and are not. She and a researcher pick through product claims, fine print and miles of privacy policies to figure out how much we should trust various connected toys, gadgets, services and smart home products. The guide has grown in scale from its launch in 2017, now covering nearly 200 products in seven categories. The latest “Valentine’s Edition” launched in early February, rating dating apps and sex toys, many of which, you may not realize, are now part of the internet of things.
— — —
We’re mostly at home these days, but if you were out meeting people, how would you describe your job?
Oh, I try to make the internet suck less, mainly by telling people how to shop for better connected devices and apps because so many of them are terrible with privacy and security.
And you do that through the *Privacy Not Included guide.
Yes. Back in 2017, we wanted to do a guide, but we didn’t think we had the resources to actually review products. But I was determined. You can’t do a buyer’s guide without actually reviewing products. I stumbled across Janice Tsai, who had been researching connected products at Mozilla, and we decided to team up. The *Privacy Not Included Guide is now in its fourth edition, and we just did our second Valentine’s Day edition.
How has the response been?
When we started, we just wanted to see if anybody would be interested. As it turns out, people were, so we’ve evolved over the last four years. We added in a Creep-o-Meter, so people could add their own input. Last year we added in the *Privacy Not Included warning label. The goal isn’t just for us to tell people information, it’s also to get feedback on how creepy they think something is because companies pay attention to the guide.
What are some things you’ve heard from companies about the guide?
We have gotten complaints over the years from some makers of the products we’ve reviewed. I remember one tense moment when we noted that a little toy had a small microphone inside, and the manufacturer didn’t like us pointing that out. But some companies are willing to work with us, which is great. The goal is to get companies to do better, not just bash them in public, so it’s cool when we get them to change behaviors.
In our review of video call apps last year, one platform didn’t require a strong password. When we were going to go out with that information, they were immediately like oh crap. They fixed it within a day or two of us putting out the guide, and changed their login requirements to require a strong password.
Have you heard from individual consumers, too?
Oh, I get some fascinating stuff from people. I did get a few angry emails recently because we took our video call apps section down. It just wasn’t accurate any more, and we haven’t had the time to refresh. One guy was so upset because his HOA was going to make a decision on what platform to use. I wish I could have helped him.
A middle school teacher reached out right before the holiday gift guide [which featured Games + Toys and Smart Home products] launched last November. We had a fun exchange where students reviewed some of the products and shared what they found creepy.
How do you conduct the research?
Everything is either publicly available in privacy policies or through searching, or we reach out and ask companies directly. We have a lot of fun customer service chats on websites with things like I don’t know if we use encryption, can I get back to you on that? Technically any consumer could do this research before buying these products, but no one really has the time to do it. So we’re doing it for them.
This Valentine’s edition includes a spicier section that gets into dating and sex, territory that people might naturally find more private. What’s the take-away?
Our overall research at Mozilla shows how terrible Facebook is about collecting data, protecting data and then being honest about what they do with data. But here I am reviewing dating apps for this edition, and dating apps are as bad or worse than Facebook! They’re just terrible. They collect so incredibly much personal information.
They can collect things like HIV status, drug use, are your parents married, how many pets do you have, what kind of car do you drive, and who are you attracted to. They collect all this stuff, and then they either turn around and use it to make a bunch of money off you through marketing and advertising, or they don’t protect that data very well. Almost all the major dating apps at some point in the past 10 years have had these huge data breaches or data leaks.
It’s just kind of bonkers. but people are okay with this, in part, I think, because what’s the alternative, especially now during the pandemic?
Roses are red
Violets are blue
How much does your dating app
Know about you?
— Mozilla (@mozilla) February 9, 2021
What else was eye opening to you while researching this edition?
I think people don’t know that Match Group owns a lot of the major dating apps, like Plenty of Fish, Tinder and Hinge to name a few. Many dating apps also share information with advertisers, and have had information improperly disclosed because they haven’t secured it properly.
We’ve also dipped our toe into looking into the AI algorithms behind the apps. They’re not transparent at all, they’re proprietary. A lot of these companies asked for ethnicity and religion and political views, and some of them even let you filter by these things. We don’t know how they work, so that means these mystical algorithms they’re using to match people could also be biased and applying that bias in ways you wouldn’t agree with.
What’s up next for the guide?
I want to do a refresh on the video call apps. Smart TVs are an area that a lot of people have asked about. It’s very complicated, though, because there are so many models and things going on with them. Another space that I’m really hoping we can dig into is insurance and all the personal data that is collected, then fed into algorithms to potentially determine how much you’re going to pay for your health coverage or your car insurance.
What’s something you do to protect your own digital privacy?
Well, I live alone, on top of a mountain and that’s probably how I mostly protect my privacy. There’s nobody that can scan for bluetooth anywhere near me, that’s for sure. Also, I’m still on Facebook, but I don’t have the app, and I don’t use Facebook Messenger. I don’t use Facebook on my computer. I only use it on one little browser on my phone. I don’t share much online. If I’m going to share something, I’ll share it directly by texting on Signal.
On the flip side, what’s a digital tool that’s been essential and why?
Oh gosh, I have to say the Calm app is the thing that’s gotten me through the pandemic. I just plug in and listen to them meditate me into serenity after getting super anxious about everything that’s been going on in the world.
Let’s shift gears into some quick response questions.
Oatmeal every day with berries and nuts.
Cats or dogs?
Two dogs and one cat.
Car, bus, bike, walk?
Where I live, my four-wheel-drive pickup is the only alternative.
Where do you get your news?
If I had to pick one or two that are my favorites, I’d say Heather Cox Richardson. I’m obsessed with her telling me what’s happening in the world in a way that makes sense. Also, MIT Technology Review does a morning email newsletter called the Download where they give you the top 10 stories and some funny stuff and a couple of high level deeper dives, and I love it.
What’s the last thing you saved to Pocket?
A recipe for vegan moussaka that I want to make with my girlfriend when I go visit her next week.
What’s an internet gem that you’d like to share?
The Indian Hills Community Sign. My mom loves it, and when she came to visit me, I took her to see it because it’s close by. I have a picture of her at the Indian Hills Community sign looking so proud. It’s an internet gem that’s also an offline gem.
When it comes to GIFs, hard or soft G?
Hard-G all day long.
What’s something about yourself that people would be surprised to know?
People might be surprised to know that I already have my gravestone set up and ready for use. Back home in West Virginia where I grew up, we have a small, kind of family cemetery that we took care of. It’s where my grandparents are buried. When my dad died, my mom got me a gravestone, too. I love to visit cemetaries, and I always want to sit down when I’m walking around a cemetary. So my gravestone is a bench with a Phantom Tollbooth quote on it: “Whether or not you find your own way, you’re bound to find some way. If you happen to find my way, please return it, as it was lost years ago. I imagine by now it’s quite rusty.”
How creepy is that dating app, smart speaker, fitness tracker, litter box? We created the *Privacy Not Included guide to help you shop for safe, secure connected products. Read up and find out.