Wi-Fi router companies say they don't track the websites you visit, but all of them collect and share user data for marketing
by Ry Crist
Part 2 - The problem(s) with privacy policies
I combed through about 30,000 words of terms of use and other policy documents as I tried to find answers for this post -- but privacy policies typically aren't written with full transparency in mind.
"All a privacy policy can really do is tell you with some confidence that something bad is not going to happen," said Bennett Cyphers, a staff technologist with the privacy-focused Electronic Frontier Foundation, "but it won't tell you if something bad is going to happen."
"All a privacy policy can really do is tell you with some confidence that something bad is not going to happen," said Bennett Cyphers, a staff technologist with the privacy-focused Electronic Frontier Foundation, "but it won't tell you if something bad is going to happen."
"Often, what you'll see is language that says, 'we collect X, Y and Z data, and we might share it with our business partners, and we may share it for any of these seven different reasons', and all of them are very vague," Cyphers continued. "That doesn't necessarily mean that the company is doing the worst thing you could imagine, but it means that they have wiggle cover if they choose to do bad stuff with your data."
He's not wrong: Most of the privacy policies I reviewed for this post included plenty of the "wiggle cover" Cyphers described, with broad, vague language and relatively few actual specifics. Even worse, many of these policies are written to cover the entire company in question, including all of its products, services and websites, as well as the way it handles data from sales transactions and even job applications. That means that much of what's written might not even be relevant to routers.
He's not wrong: Most of the privacy policies I reviewed for this post included plenty of the "wiggle cover" Cyphers described, with broad, vague language and relatively few actual specifics. Even worse, many of these policies are written to cover the entire company in question, including all of its products, services and websites, as well as the way it handles data from sales transactions and even job applications. That means that much of what's written might not even be relevant to routers.
Then there's the issue of length. Simply put, none of these privacy policies make for quick reading. Most of them are written in carefully worded legalese that's crafted more to protect the company than to inform you, the consumer. A few manufacturers are starting to get a bit better about this, with overview sections designed to summarize the key points in plain English, but even then, specifics are typically sparse, meaning you'll still need to dig deeper into the fine print to get the best understanding of what's going on with your data. In cases where a company uses a third-party partner to offer additional services like threat detection or a virtual private network, you may need to read multiple privacy policies in order to follow your data to the fullest.
All of that made for a daunting task as I set out to read through everything, so I focused my attention on finding the answers to a few key questions for each manufacturer. All of the policies I read confirmed that the company in question collected personal data for the purpose of marketing, but I wanted to know which ones, if any, track user web activity, including websites visited while browsing. I also tried to determine if any manufacturers were sharing the personal data they collect with third parties outside of their control, and whether or not they were "selling" personal data as defined by the California Consumer Privacy Act.
Source, links, further info:
Related:
Comments
Post a Comment