Breathe, Think, Do with Sesame

Aviso: *Privacidade não incluída neste produto

Breathe, Think, Do with Sesame

Data da avaliação: 25 de Abril de 2023

|
A Mozilla investigou por 16 horas
|

Opinião da Mozilla

|
Votos das pessoas: Razoavelmente assustador

"Help a monster friend with big feelings learn to calm down and solve everyday challenges." Yes please! Elmo and the gang at Sesame Street's app, aimed at parents and caregivers of kids aged 2-5, is designed to help the young ones learn how to calm down, learn self-control, and expand their emotional vocabulary. The app is bilingual in English and Spanish, research-based, and free to download and use. How does this app do from a privacy perspective? Well, good and bad. The app itself doesn't seem to collect much personal information. However, Sesame Workshop, which makes all the apps for the Sesame Street gang, well, their privacy policy does raise privacy concerns for us.

O que pode acontecer se algo der errado?

First reviewed April 20, 2022. Review updated, April 25, 2023
Unfortunately, the changes Sesame Workshop has made to their privacy policy since we last reviewed them leave us feeling a bit like Oscar the Grouch. Grumble grumble grumble. That's the bad news. The good news is, this app is still probably pretty OK from a privacy perspective as it doesn't seem to collect much, if any, personal information. That leaves us with a conundrum. We have a good app, with a bad privacy policy.

When we first reviewed Sesame Workshop's Breath, Think, Do app in 2022, we found a few concerns -- their privacy policy was last updated in 2013, we couldn't confirm they meet our Minimum Security Standards, and no one responded to the questions we sent to the email address listed in their privacy policy for privacy related questions. After publishing our review, Sesame Workshop reached out to us and made some important changes to their privacy and security practices. They acknowledged no one had been monitoring the privacy question email address, and said they would fix that. They established an email for people to report security vulnerabilities in their apps, and they updated their privacy policy. We were quite happy with how willing they were to improve their privacy and security practices.

Unfortunately, in 2023 Sesame Workshop has updated their privacy policy to one that leaves us with some pretty serious concerns. In fact, this app, and all apps covered by Sesame Workshop's privacy policy, now earn our *Privacy Not Included warning label. The things that concerns us most are the fact that they clearly state in their privacy policy they can collect data on you from data brokers and other third party sources, "We may receive Personal Information about you from other sources, including our data broker services, data enhancement companies, list rental services, third-party analytics providers, and social media-owned databases..." They go on to say they can use all this information they collect about you to make inferences about you "to generate information about your likely preferences or other characteristics." Uhg...comes on Sesame Workshop! Can't you just let us play with Elmo and the gang without trying to know our "characteristics"? Is nothing sacred anymore!

We're also bummed because it was unclear to us if all users, regardless of where they live, could have their data deleted. In fact, they state, "No matter where you are located, we provide every user with the right to: Erasure. It’s your right to request that we erase your Personal Information, under certain conditions." Sounds good right? Until you ask, well, what are these mysterious "certain conditions?" And then there's the use of the words "right to request". We know anyone can request anything. We would much rather see this worded in a way that makes it clear all requests will be honored.

Anyway, the good news is, the Breathe, Think, Do with Sesame app itself doesn't require a log in to start using, so it is likely not collecting much or any personal information at all. So, you are probably safe from the concerns we've outlined about the privacy policy that covers this app. However, it is really disappointing to see something so beloved as Sesame Street lean into the data collection, combination, and inference trends chipping away at our privacy everywhere on the internet these days.

Read our 2022 review:

We're not too worried about the privacy of Sesame Workshop's mental development app for young children. The privacy policy does say that sometimes personal information like name and email might be collected but only with parental consent. And with no behavioral advertising (read, targeted ads) on the platform, parents should be able to breathe a small sigh of relief. Sesame Workshop is an educational non-profit, so they aren't trying to make money off you or your child's data, which is a breath of fresh air.

Our biggest privacy flag for this app is the privacy policy hadn't been updated since 2013, which is a very long time in privacy policy years. We're proud to report that after working with Sesame Workshop, they have now updated their privacy policy, as of June 1, 2022! And remember parents, please follow the basic guidelines for protecting young children online (please always do this parents and caregivers!), your child's privacy will likely be pretty safe.

As part of their updated privacy policy, Sesame Workshop has now added a way for people to report security vulnerabilities, which was our biggest outstanding security concern. They now meet our Minimum Security Standards. We have to say, we're pleased to see them be responsive to our research and love that they updated their policies. Good work. We feel pretty good now about the privacy and security of this app for children.

What's the worst that could happen? Hopefully nothing more than your child learns how to be a little bit calmer. Calm is good. But we should remind parents that anything that connects to the internet your child plays with has potential vulnerabilities so it's always good to supervise them when they use your devices

Dicas para se proteger

  • Parents should read up and implement the guidelines on how to protect children online.
  • Never share your child's personal information online
  • Do not provide data about others (your relationships, family, etc.) without their permission.
  • Do not log in using third-party accounts
  • Do not connect to any third party via the app, or at least make sure that a third party employs decent privacy practices
  • Do not give consent for sharing of personal data for marketing and advertisement.
  • Chose a strong password! You may use a password control tool like 1Password, KeePass etc
  • Do not use social media plug-ins.
  • Use your device privacy controls to limit access to your personal information via app (do not give access to your camera, microphone, images, location unless neccessary)
  • Keep your app regularly updated
  • Limit ad tracking via your device (eg on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization)
  • Request your data be deleted once you stop using the app. Simply deleting an app from your device usually does not erase your personal data.
  • When starting a sign-up, do not agree to tracking of your data if possible.
  • mobile

Pode me bisbilhotar? informações

Câmera

Dispositivo: Não aplicável

Aplicativo: Não

Microfone

Dispositivo: Não aplicável

Aplicativo: Sim

Rastreia localização

Dispositivo: Não aplicável

Aplicativo: Não

O que pode ser usado para se inscrever?

Que dados a empresa coleta?

Como a empresa usa esses dados?

We ding this product as it may be combining data on you with data obtained from third parties, such as data brokers. And for creating a profile based on that data to target interest-based advertisement.

"We may receive Personal Information about you from other sources, including our data broker services, data enhancement companies, list rental services, third-party analytics providers, and social media-owned databases, including via your interaction with our social media pages (this includes aggregate data on our social media followers (e.g., age, gender and location), engagement data (e.g., “likes,” comments, shares, reposts and clicks), awareness data (e.g., number of impressions and reach) and individual users’ public profiles). We may also collect certain donation information from our Service Providers, including past donation history, amount donated each time, and frequency of donations. "

"We may also infer certain Personal Information from any combination of the information that we collect directly or that we receive from third-parties, including using automated means to generate information about your likely preferences or other characteristics."

The app can use your data "to create a profile of you in order to provide you with marketing materials that we believe would be likely to interest you."

"It is always your choice whether to provide us your Personal Information and we will always expressly ask you in advance of collecting such information. However, depending upon the activity, some Personal Information will be mandatory for participation, and we will indicate it as such. If you do not provide the mandatory Personal Information with respect to an activity, you will not be able to engage in that activity."

"We do not serve targeted advertising on our Platforms. However, when you use the Internet, third parties that we are not affiliated with may use tracking technologies, including cookies and pixels, to collect information about your online activities over time and across our Platforms and other websites."

Como você pode controlar seus dados?

It is not clear if all users can get their data deleted, under what conditions, and how to do it.

"We will retain your Personal Information in accordance with the time period allowed under applicable law, and with consideration for the sensitivity, volume, and type of Personal Information, as well as the purpose for which we have collected it, after which time we will take steps to delete it.

We will retain deidentified, aggregate data for lawfully allowed purposes."

"No matter where you are located, we provide every user with the right to: <...> Erasure. It’s your right to request that we erase your Personal Information, under certain conditions."

Qual é o histórico conhecido da empresa na proteção de dados dos usuários?

Médio

No known privacy or security incidents discovered in the last 3 years.

Informações de privacidade infantil

"Some of our Platforms are intended for children under the age of 13 (we refer to these individuals as a “Child” or “Children”). If we learn that we have inadvertently collected Personal Information from a Child on any of our Platforms that are not intended for Children, we will take steps to promptly delete that information."

Este produto pode ser usado offline?

Não

Informações de privacidade fáceis de entender?

Não

Links para informações de privacidade

Este produto atende aos nossos padrões mínimos de segurança? informações

Sim

Criptografia

Sim

Senha forte

Sim

Atualizações de segurança

Sim

Gerencia vulnerabilidades

Sim

To report potential security vulnerabilities, please write to [email protected].

Política de privacidade

Sim

O produto usa inteligência artificial? informações

Não

*Privacidade não incluída

Comentários

Tem um comentário a fazer? Nos diga.