Mozilla
Privacy Not Included
A buyer’s guide from the Mozilla Foundation evaluating the privacy and security of popular IoT products
1
Project Overview
What is Privacy Not Included?
Privacy Not Included is a digital buyer’s guide created by Mozilla that evaluates popular Internet-of-Things (IoT) products based on their privacy, safety, and security standards. The initiative helps consumers make informed purchasing decisions while holding tech manufacturers accountable for user data practices.
2
The Opportunity
Understanding the Privacy Gap in Connected Products
As internet-connected devices became part of daily life, from smart speakers to wearable trackers, many consumers were unaware of how much personal data these products collected and shared. Most reviews focused on price, convenience, and performance, while information about privacy, encryption, or data use was missing. People had no simple way to compare how safe or private their devices really were.
This created a significant information gap. Consumers cared about privacy but did not have the tools or technical knowledge to assess it. The few resources that existed were highly technical and written for developers or researchers, not for everyday users. As a result, the majority of people purchased connected devices without understanding the risks involved.
Mozilla saw this as both a public education challenge and an opportunity to extend its mission of promoting internet health. The organization was widely known for Firefox but not for its broader advocacy around data rights and digital safety. A new initiative could raise awareness, expand Mozilla’s reach, and help people make better decisions about the technology they bring into their homes.
Key challenges identified:
Low awareness
Many users did not fully understand what data privacy meant in the context of smart devices.
Lack of transparency
Companies controlled the privacy narrative, and there was no standardized way for consumers to compare products.
Trust deficit
People expressed concern about data collection but had little confidence in existing information sources.
Complexity of information
Most privacy reviews were technical, lengthy, and inaccessible to the average reader.
Mozilla needed a way to make privacy information simple, visual, and participatory. The goal was to turn complex data into clear insights that could engage a broad, non-technical audience and promote digital literacy through design.
3
Design Research and Insights
Revealing How Awareness, Trust, and Privacy Intersect in Connected Life
To inform the structure and intent of the Privacy Not Included guide, our team began with a discovery phase focused on understanding how people perceive privacy in connected devices. We collaborated with Mozilla’s Advocacy and Insights teams to combine quantitative survey data with qualitative user feedback gathered from multiple regions.
Our research involved an online survey distributed to over 190,000 respondents across several countries, supported by focused interviews and feedback sessions with Mozilla community members and everyday device users. The goal was to identify how people understood privacy, what they worried about, and what factors influenced their trust in a product.
Key findings from the survey included:
61% of respondents reported being concerned about their personal information being shared with companies.
35% said they knew very little about artificial intelligence or how it affected privacy.
57% regularly used video call applications for both personal and professional purposes, and many were new to this technology.
34% believed that manufacturers, not consumers, should be responsible for ensuring privacy and security.
These insights revealed a clear gap between awareness and understanding. While people expressed concern about privacy, they lacked accessible ways to verify how products handled their data. They also felt excluded from technical discussions, often describing privacy policies as confusing or intentionally opaque.
Key Themes Identified
Awareness vs. Action
People were aware of privacy risks but did not feel equipped to act on them.
Trust in Brands
Users associated trust with well-known tech brands rather than verified privacy practices.
Need for Simplicity
Participants preferred clear, visual comparisons instead of long reports or legal terms.
Desire for Accountability
Many respondents wanted companies to be transparent about how their devices collect and use data.
4
Requirements and Goals
Establishing an MVP
Following the research phase, our team defined the essential goals and content priorities that would form the first release of the buyer’s guide. The intent was to create an experience that could grow over time, while still delivering meaningful value from the start.
We identified the minimum viable product as a public, browseable digital guide that offered users clear comparisons, transparent product evaluations, and a way to express their own perceptions of privacy and trust.
Core MVP Objectives included:
Clarity and Accessibility
Present complex privacy information in plain language that anyone could understand.
Comparability
Allow users to easily browse, filter, and contrast products by privacy and security standards.
Credibility
Base all product reviews on consistent evaluation criteria, verified by Mozilla’s Advocacy team.
Engagement
Encourage participation through interactive elements that make users feel part of the privacy conversation.
Scalability
Create a flexible information architecture that could grow as new devices and categories were added.
I collaborated with another UX/UI designer within the organization and the Advocacy team to create the buyer’s guide. We were responsible for the entire design process, including research and discovery, defining the project scope, ideation, testing and refinements, and handoff and delivery to our development team.
Privacy Not Included sitemap
5
Design Approach
Translating Findings into Design Direction
Our design approach focused on transforming complex privacy information into a clear, approachable, and visually engaging experience. We wanted the guide to feel informative but not intimidating. Each design choice was guided by the principles of transparency, participation, and trust, ensuring that users could explore privacy topics at their own pace and in their own way.
The visual system balanced educational content with an element of playfulness to encourage exploration. Instead of treating privacy as a dense subject, we framed it as something relatable and human, helping users make emotional connections to how technology affects their daily lives.
Browseable products
The landing experience was designed around a “Creepiness Scale” that invited users to explore products through curiosity rather than fear. Each product was placed along a visual continuum ranging from “Not Creepy” to “Super Creepy.” This interaction immediately communicated that privacy could be both serious and engaging.
The product grid allowed users to browse, sort, and filter across multiple IoT categories, such as Smart Home, Wearables, and Entertainment. The structure supported fast comparisons while maintaining visual interest through consistent card layouts and recognizable brand imagery.
Color, typography, and iconography were intentionally simplified to avoid cognitive overload. The interface used high contrast and direct labeling to help users quickly interpret information without needing prior technical knowledge.
Comprehensive Product Reviews
Each product page was designed to deliver a consistent and trustworthy experience, using a “Minimum Security Standards” section that broke complex technical information into five simple indicators:
Encryption
Whether the device encrypts data in transit or storage.
Security Updates
The frequency and transparency of software updates.
Strong Passwords
Whether the product enforces secure authentication practices.
Vulnerability Management
How the company handles security flaws when discovered.
Privacy Policy Transparency
Whether the privacy policy is accessible, readable, and clear about data collection.
By structuring every review with these same five metrics, users could easily move between products and see where privacy standards were strong or lacking. Visual indicators, such as color-coded icons and concise labels, helped communicate each score at a glance.
Audience Participation
Early usability testing revealed that users wanted to share their personal opinions and emotional reactions to each product. Many felt conflicted—liking the convenience of a device but distrusting the brand’s privacy reputation.
To address this, we introduced two interactive components:
A Creep-O-Meter, allowing users to rate how “creepy” they found a product.
A “How likely are you to buy it?” poll that captured intent alongside perception.
These additions shifted Privacy Not Included from being a static content site to a participatory experience where users could express values, compare their responses with others, and contribute to a collective sense of accountability.
The data gathered from these interactions provided Mozilla with valuable community insights, helping identify patterns in user sentiment and informing future iterations of the guide.
Desktop
6
Reflection
Balancing Global Relevance with Design Consistency
Like any integration involving third-party platforms and regulatory constraints, the WhatsApp project surfaced a number of challenges that shaped both the design and the final product. Some obstacles were technical, rooted in the limitations imposed by Meta’s security framework. Others were organizational, reflecting the realities of limited time and resources within the design and development teams. Each of these constraints required creative problem-solving and compromise—while also providing valuable lessons about designing for compliance-heavy environments and cross-platform integrations.
Challenge 1: Western-Centric Product Coverage
During the first launch phase, most of the IoT devices reviewed were North American or European products. This limited the guide’s relevance to users in other parts of the world, where connected technologies and privacy expectations differ significantly.
To address this, Mozilla began working on localized versions of the guide and a strategy for international expansion. This included translating the site into additional languages, adjusting the cultural framing of privacy examples, and planning to feature devices popular in Asia, South America, and Africa.
This experience emphasized the importance of inclusive design at a global scale—creating frameworks that could adapt to regional contexts while maintaining a consistent voice and visual system.
Challenge 2: Stakeholder Alignment Across Diverse Teams
The project brought together contributors from Mozilla’s Advocacy, Design, Development, and Communications teams. Each group had its own objectives, timelines, and perspectives on how privacy should be represented.
At times, differing priorities created friction between creative direction, content tone, and technical constraints. We resolved this by establishing a clear decision-making framework, weekly alignment meetings, and shared documentation that outlined the rationale behind each major design choice.
This process taught us that alignment is not about consensus but about clarity of purpose—ensuring that each team understands how their goals contribute to the shared outcome.
Challenge 3: Simplifying Complex Information Without Losing Credibility
Presenting privacy data in a way that was both simple and credible was one of the most nuanced design challenges. Overly simplified language risked losing authority, while highly technical descriptions alienated users.
Through iterative testing and feedback sessions, we learned to strike a balance: using plain language supported by consistent visual cues and definitions that retained integrity. The addition of the Minimum Security Standards section was key to achieving this balance, allowing for both transparency and readability.
7
Next Steps
Evolving the Privacy Not Included
By treating design as a process of learning and collaboration, the project succeeded in transforming abstract data into actionable public awareness. It demonstrated that clear design and open communication can bridge the gap between complexity and comprehension, and that trust is earned through both consistency and transparency.
Three years after the launch of Privacy Not Included (2020), the Mozilla Foundation saw significant jumps in our measurable categories: our yearly user base for the guide reached 1.2 million people—a 38% increase from previous years and the largest of any Mozilla Foundation site, and we won a People’s Voice Webby Award.
The next phase focuses on refining the Minimum Security Standards criteria to reflect evolving privacy regulations and industry expectations and expanding coverage to include more global IoT devices and regional markets. The guide will continue to grow as a living platform—regularly refreshed through user feedback, new research, and ongoing collaboration across Mozilla’s design and advocacy teams.
