COMPANIES TO AVOID
Many companies have behaved badly. Sometimes it seems like they all have. The Defensive Computing thing to do is avoid their products.
This list is no particular sequence.
- Twitter. Twitter (aka X) is here for so many reasons, all of which are pretty obvious. A suggestion for dealing with Twitter: If someone there says that ice cubes are cold,
don't believe it.
- I would avoid Gazelle, which buys and sells smartphones. I tried to buy a used iPhone from them, the order was delayed. Why? They would not say. When would it ship?
They would not say. Would it ever ship? No comment. And, they would not cancel the order either. Other opinions:
My experience with Gazelle, a learning experience from Reddit, more about selling a used phone rather than buying.
Gazelle Reviews at ConsumerAffairs.com
Gazelle at the Better Business Bureau
Their Terms and Conditions
- Western Digital and SanDisk fall into that category according to this August 2023 article. WD refused to answer our questions about its self-wiping SanDisk SSDs by
Sean Hollister for The Verge. "For months, the company has been laughably silent about how its pricey portable SanDisk Extreme SSDs might lose all your data ... Months after our inquiries, Western Digital continues to sell these drives due to deep discounts, fake Amazon reviews, and issues with Google Search that rank favorable results far higher than warnings about potential failures." This issue has generated three lawsuits. "Western Digital was already forced into a class action settlement over a previous questionable practice: in 2020, the company brazenly tried to sneak SMR drives into its WD Red lineup marketed for network-attached storage devices. The company paid $5.7 million to settle those claims."
- Sandisk: A personal story - I bought a Sandisk Ultra Dual Drive USB Type-C flash drive in September 2023. The packaging (and the linked PDF) said to go to a URL for a list of compatible devices. The URL did not exist. When I navigated through the Western Digital Support website and found the support page for the thing, there was no list of compatible devices anywhere.
- If you are buying a printer, probably best to avoid HP. For more, see the Printers page here.
- If you are choosing a cell service provider, be aware that T-Mobile has the most hacks and data breaches.
- Another cell service provider, AT&T has also done bad. In July 2024 we learned that much of their data was stolen. So, they practice bad security. In addition, they chose a cloud storage provider that also practices bad security as many customers of this cloud provider were also hacked. A third strike is in this New York Times article: The Massive AT&T Data Breach Doesn't Just Affect AT&T Customers. Here's How to Protect Yourself by Max Eddy (July 16, 2024) which says: "AT&T said that the information from mobile virtual network operators (MVNOs) was also exposed in the attack ... Boost Mobile, Consumer Cellular, and Cricket Wireless are just a few of the MVNOs that use AT&T's network. AT&T has not provided information about which specific MVNOs may have been affected. We also reached out to AT&T for more information about how MVNOs were affected by this breach, but the company declined to comment."
- As a rule, avoid software from Microsoft. Don't use their web browser (Edge), don't use Skype, don't use Teams, don't use Office (go with Libre Office instead), don't use Windows, etc.
- Avoid Lastpass (a password manager).
- Avoid Cisco, they have a miserable record in terms of software bugs, hard coded admin passwords and fake hardware. More details are on both the News and Bugs
pages of my RouterSecurity.org site. Here is but one example: Vulnerability in Cisco Smart Software Manager lets attackers change any user password by Dan Goodin for Ars Technica (JUly 17, 2024)
- Avoid Microsoft. Enough said.
- Avoid Paypal. I say this based on personal experience. Someone opened a Paypal account using one of my email addresses. This despite the fact that I never responded to either of the emails from Paypal that asked for information as part of the account setup process. The bad guy scammed Paypal, not me. When I reported this, Paypal said that it was a scam, just like the many other standard scams. Their tech support was too stupid to realize that they sent the messages.
- Maybe avoid Tesla. This Reuters article describes how they have been dis-honest:
Tesla blamed drivers for failures of parts it long knew were defective by Hyunjoo Jin, Kevin Krolicki, Marie Mannes and Steve Stecklow December 20, 2023.
Also see Tesla's Dieselgate by Cory Doctorow July 28, 2023
- AT&T has behaved miserably in regard to a data breach they suffered in 2019. Simply put, the company is a lying weasel.
It took them almost five years to confirm that the stolen data actually belonged to them and to alert their customers.
And, they have said nothing about how the data was stolen. See
AT&T now says data breach
impacted 51 million customers by Bill Toulas of Bleeping Computer April 10, 2024
The article details how AT&T said as little about this as they could get away with.
In 2021 they told BleepingComputer that the data did not belong to them and that their systems had not been breached. In March 2024 they again told Bleeping Computer
that the data did not originate from them and their systems had not been breached. Then it was confirmed that the data did belong to AT&T (and DirectTV).
Only then, did AT&T come clean. They are facing multiple class-action lawsuits in the U.S.
- D-Link. In November 2024, we learned that thousands of D-Link NAS devices are accessible from the Internet and have critical flaws that bad guys are exploiting. But, D-Link will not issue bug fixes because the devices are too old. The world suffers. They do the same thing with their routers. In April 2024, it came out that some D-Link NAS devices had a backdoor. That is, D-Link could get into the devices remotely, whenever they pleased. This is not something a reputable company does. See Critical takeover
vulnerabilities in 92,000 D-Link devices under active exploitation by Dan Goodin for Ars Technica.
- Avoid Substack where Nazis are good and tits are bad. I say this not because of privacy or security or any Defensive Computing reason. I say it after reading
this Ed Bott article from January 4, 2023: Happy New Year to everyone except Substack's
owners. The company is managed by miserable human beings. If you want to create a newsletter, do not use them. This is not to say that everything there is bad, not at all.
Many people creating newsletters do not have the technical ability of Ed Bott and can not move to another newsletter company. But, be aware that hate is good (and profitable) to the
people in charge of Substack.
- Tripadvisor is not trustworthy. I got burned by them when I stayed in a miserable hotel that had a great rating. After my trip I tried to give the hotel a more appropriate rating but because I had not booked the hotel stay through TripAdvisor, I could not review the hotel.
- Sonos privacy: Sonos draws more customer anger - this time for its privacy policy by Chris Welch for The Verge (June 14, 2024). Quoting: "Sonos has made a significant change to its privacy policy, at least in the United States, with the removal of one key line. The updated policy no longer contains a sentence that previously said, 'Sonos does not and will not sell personal information about our customers.' That pledge is still present in other countries, but it is nowhere to be found in the updated US policy, which went into effect earlier this month."
- Oracle (personal opinion). To backup my opinion, this January 2025 article in The Register tells of an HR and finance system that started in 2019 and was supposed to go live in 2021. The original cost was $3.1 million (US). It is still not completed and the cost is now expected to be $50 million (US). UK council selling the farm (and the fire station) to fund ballooning Oracle project by
Lindsay Clark. If you read the article, take note of the other articles from The Register, at the bottom of the page, about Oracle. Among them, this: Eight things that should not have happened last year, but did by Rupert Goodwins January 1, 2025.
- Linksys (personal opinion)
- Norton and Symantec (personal opinion)
- Meta / Facebook / Threads
- Avoid the Cash app from Block
- Avoid the MOVEit secure file transfer software from Progress Software. Maybe avoid all of their products.
- Avoid GoDaddy. I have felt this way for many years, for multiple reasons. No need to trust me, see this January 15, 2025 action by the FTC: FTC Takes Action Against GoDaddy for Alleged Lax Data Security for Its Website Hosting Services.
- For great Wi-Fi coverage, many people opt for a mesh system that covers much/all of their home. When shopping for a mesh system, avoid Plume SuperPods because they spy on you. In Canada they are sold by Bell, their largest ISP, and labeled as Bell, but are really made by Plume. For more, see: The spies in your home: How WiFi companies monitor your private life by Edward Komenda of ProtonVPN (June 5, 2024).
- Crowdstrike. Anyone alive on July 19, 2024 when their software caused world-wide chaos, knows why they are listed here. They will tell the public it was one bad file, but one bad file causes a trivial amount of problems if you plan for that, which clearly they did not. They are on this list not because of one bad file but because of miserable disgraceful internal controls before sending the bad file out to the world. And, for not detecting it before sending it.
- June 2024: Anyone buying digital certificates should probably avoid Entrust as per this: Google cuts ties with Entrust in Chrome over trust issues by Connor Jones for The Register (June 28, 2024) and Sustaining Digital Certificate Security - Entrust Certificate Distrust by Google (June 27, 2024)
- Bad security camera companies
- August 30, 2024: Verkada: Press release from the FTC
FTC Takes Action Against Security Camera Firm Verkada over Charges it Failed to Secure Videos, Other Personal Data and Violated CAN-SPAM Act
They were fined almost $3 million for assorted violations and promised to do better regarding security.
- August 5, 2024: AVM: Its not just that their cameras are buggy with a major vulnerability as per: ICS ADVISORY AVTECH IP Camera by CISA, but mostly the response by the company, AVTech,
to the bug report. They completely ignored it, and thus don't deserve your business for any of their products.
Slightly off-topc: There is much that can be said about Boeing and their planes but, as this is a Checklist website, I will simply suggest not flying on any plane made Boeing. Their 737 Max gets most of the bad publicity, but the real problem, in my opinion, is the company itself.