SAN FRANCISCO - Despite many claims, privacy is hardly dead - at least for web browser makers. How browsers protect user privacy is likely to be a major factor in the competition over the next decade, but it turns out that the two sides disagree on how to do it.
Although there were no vegetables thrown or fistfights at the debate between representatives of Google Chrome, Microsoft Edge, Mozilla Firefox, and Brave at the Enigma Conference here Tuesday morning (January 28), each browser distinct and different approaches to how they protect user privacy more than made up for it.
It's not just vendors that take privacy seriously. On Monday, following allegations that antivirus vendor avast was collecting and selling user browsing data without permission (in fact, avast had permission), Senator Mark Warner (R-Va.) accused the Federal Trade Commission (FTC ), who blasted the FTC for "not doing enough to protect consumers.
"Realistically, it would never occur to consumers that antivirus software could be selling browsing data, and even more sensitive information such as mouse movements, to third parties," Warner told Vice and PC Magazine. "It's becoming increasingly clear that the FTC is not keeping up with these data market developments and is reluctant to exercise its authority to do so. Congress can no longer ignore this issue.
While it is nearly impossible for browser vendors to stop monitoring by add-ons and extensions after users have installed them, there are other privacy options and innovations that browser vendors have already successfully implemented.
Forcing websites to use secure HTTPS encryption by default and downgrading sites in search results if they do not was a Google project to encourage more standardized privacy on the web.
Similarly, most modern browsers have taken steps to reduce or eliminate fingerprinting, the act of identifying users across the Internet through a combination of browser user agents, tracking cookies, HTML5 tracking, and other signs
However, the Internet has not yet adopted a policy to prevent fingerprinting.
However, solving other privacy issues, such as protecting data in transit, blocking trackers, and allowing privacy-enhancing extensions, has proven to be thornier.
This is not only because each vendor has a different approach to presenting privacy settings to users, but also because advertisers have a major influence on browser design and development.
Display advertising plays a major role in keeping commercial websites in business, and ad networks often request more user data to display (partially) more targeted ads. Advertisers stand to benefit most from weak privacy protections.
Instead, advertisers were the elephant in the room when Justin Hsu, Chrome's director of trust and security engineering, outlined the difference between what advertisers want and what they need.
"Advertisers don't really need your data. They just want to monetize it efficiently."
He believes advertisers can continue to effectively target browser users and measure ad effectiveness through a proposed set of new privacy-preserving web standards called the Chrome Privacy Sandbox.
There were no advertising representatives on stage, but there was at least one in the audience. Gabriel DeWitt, vice president of product and technical operations for ad network Index Exchange, disputed the claim that advertisers do not care about privacy.
He pointed to recently enacted European Union and California online privacy regulations and asked, "How can the advertising industry work with you guys to avoid GDPR issues and CCPA issues? He replied, "Change is happening so fast that we feel a little mosquitoed out. We are also concerned about user privacy. 0]
Tanvi Vyas, principal engineer at Firefox, agreed with Schuh's concerns about ads, but said Mozilla supports a different approach.
Firefox currently blocks tracking cookies, but it has also developed its own privacy-friendly add-ons, such as Facebook Container, which prevents Facebook from seeing activity on other websites. (Facebook itself yesterday made all users worldwide start using its Off-Facebook Activity tool to do the same thing.)
"Safari, Firefox, Brave, and Edge have tracking protection by default. We differ from Chrome in that we don't want to maintain the existing model."
The newly restructured Microsoft Edge now shares the same Chromium open source foundation as Chrome and Brave, but with privacy goals complicated by the broad needs of its diverse user base, according to Edge Product Manager Eric Lawrence said.
To that end, Edge will soon support the ability to remove (or change) a website's referrer, so that it cannot tell where you were before you visited the website, he said.
"Simplicity is important," Lawrence said. Compatibility is important." If we offer great privacy, but it's not compatible with the web, people will choose another browser or turn off the privacy features.
Apple did not send a Safari representative to the panel, but its fingerprints were still present.
Yang Zhu, Brave's chief information security officer, said that when making privacy design decisions, Brave often checks what Safari has changed recently. If those changes do not break Apple users' sites, Brave will also consider implementing those changes.
"Because Brave is smaller and has more privacy-conscious people, it can be more experimental and aggressive in what it offers people," Zhu said.
"The most fundamental difference is that we have a revenue model that replaces tracking-based advertising on the web," Zhu said, referring to Brave's own privacy-conscious micropayment-based advertising network." We can reject the whole idea that websites need to track you wherever you go."
.
Comments