The Fractured Future of Browser Privacy

In the 1990s, web browsers like Netscape Navigator and Microsoft Internet Explorer competed bitterly to offer the snazziest new features and attract users. Today, the browser landscape looks totally different. For one thing, Chrome now dominates, controlling around two-thirds of the market on both desktop and mobile. Even more radical, though, is the recent competitive focus on privacy, a welcome change for anyone who’s gotten sick of creepy ad tracking and data mismanagement. But as browsers increasingly diverge in their approaches, it’s clear that not all privacy protections are created equal.

At the USENIX Enigma security conference in San Francisco this week, developers, security researchers, and privacy advocates presented differing views of how browsers should protect their users against data abuses. In a panel discussion that included representatives from Mozilla Firefox, Google Chrome, Microsoft Edge, and Brave, all participants agreed that collaboration across the industry has driven innovation and helped make privacy a priority. But some browsers are taking a hardline approach, while others prefer to increase protections within the status quo.

“I think competition pushes everyone toward being more private by default,” Yan Zhu, chief information security officer of the Brave browser, said during the panel. “For instance, when Brave sees Safari rolling out a new protection we think ‘Oh, we should at least try to match that,’ because as a privacy-first, privacy-focused browser that is one of our main selling points.”

Browsers can take a number of steps to thwart the tracking efforts of websites and ad networks. They can add anti-fingerprinting measures, which make it harder for sites and services to connect your browsing to you based on unique characteristics—a “fingerprint”—of your browser and device. They can block trackers embedded in sites. They can take extra steps to encrypt information about what websites you visit. And they can support third-party extensions that allow users to further adapt and customize their privacy protections.

Another longstanding topic of debate is how to handle third-party website “cookies” that browsers store to customize your web experience, but that sites often also use for tracking. Safari, Firefox, and Brave have all decided to block third-party cookies by default—much to advertisers’ chagrin. Google announced earlier this month that it will eventually take this step as well, though not for two years. As a major ad distributor itself, Google also stands to benefit from blocking third-party trackers that other browsers don’t.

Almost all mainstream browsers take these privacy-friendly steps in some form, but under different conceptual approaches. A lot of the debate hinges on the question of how far to push screening and blocking, given that these protections can sometimes create collateral damage. Privacy defenses can sometimes break legitimate website functionality; comments that load from a third-party hosting service, for example, could be mistaken for a sketchy targeted ad module. So each browser has to weigh how it prioritizes privacy versus ease of use.

“Firefox, Edge, Brave, and Safari all have anti-tracking protections by default, and they all vary a little bit, they all have different tradeoffs,” Tanvi Vyas, Mozilla’s principal engineer, said during the panel. “But in the end we’re all trying to improve those protections and we’re learning from each other on how to do that. I think we [Firefox] differ from Chrome in that we’re not trying to preserve the existing model. For us our highest priority is privacy, so when we choose between the existing model and privacy we’ll always choose privacy.”

That existing model allows companies and advertisers at least some access to marketing data; one argument for preserving it is that if browsers become too restrictive, those parties will pull content from the open web and move it to mobile apps instead.

“The web doesn’t exist in a vacuum. People who are building sites and services have choices about the platforms they target,” says Eric Lawrence, an Edge program manager. “They can build a mobile application, they can take their content off the open web to put it into a walled garden. And so if we do things in privacy that hurt the open web, we could end up pushing people to less privacy-preserving ecosystems.”

Justin Schuh, Chrome’s director of engineering, says Google is already seeing this migration toward apps and other closed platforms. He argues that while there’s nothing wrong with this evolution in theory, it shouldn’t come at the web’s expense. So Chrome has been working on a set of open standards, collectively known as the Privacy Sandbox, that aims to find a middle ground on privacy protections to keep advertisers in the fold.

“Broadly speaking, advertisers don’t actually need your data. All that they really want is to monetize efficiently,” Schuh said during the Enigma panel. “So what we’re proposing here is we can just give them the tools to do that without actually building user profiles and tracking them.” With the Privacy Sandbox, Google plans to propose standards that would anonymously aggregate ad data for marketers and put more of the processing of ad targeting on users’ own devices.

Chrome has been adamant that this proposal is about strengthening the open web; if content moves to closed-off apps, users won’t benefit from the transparency and protections technologists have worked so hard to develop and standardize for everyone online. But it’s hard to ignore that Google, which runs one of the largest online ad networks in the world, also has a clear economic interest in safeguarding that industry.

Critics of that approach argue that adding a layer of privacy to the status quo doesn’t resolve the fundamental issues that make digital marketing so invasive. It’s a hard enough problem to solve even with the best intentions, as efforts to reduce tracking and fingerprinting can actually have the opposite effect. For example, Apple has been working to solve issues with Safari’s Intelligent Tracking Prevention that could allow someone to use the feature’s blocking patterns themselves to identify and track users. Researchers continue to find flaws in the company’s fixes.

“The public attention on how we are tracked every day, and the efforts in several regions of the world, seem to have put more pressure on browsers to do right by their users and make privacy the default,” says Andrés Arrieta, director of consumer privacy engineering at the Electronic Frontier Foundation, who also presented browser privacy research at USENIX Enigma. “But they don’t do it the same way and it doesn’t have the same effect. Some tout themselves as doing much for their users, but in reality aren’t, and in some cases are doing even worse, like standardizing other ways of tracking users, removing user control, and making tracking the default.”

Disagreements over the best approach to web privacy issues have gotten so heated that some players have opted to keep a low profile. Microsoft Edge, for example, is looking to shed the baggage of poor choices Internet Explorer made in the early 2000s, and rebrand as a trustworthy but neutral option.

“One of the things that thus far we’ve tried to do in Edge is be a little more quiet about it,” Edge’s Lawrence says. “We don’t really show off the privacy features at the top level, there’s not a lot of communicators saying, ‘Hey, we’re protecting you in this way or that way.'”

Edge is now built on Google’s open source Chromium software, but it still uses Microsoft-developed features in place of anything that would involve Google as a third party. This way Edge users don’t have to trust a second ubiquitous tech giant and risk more ad networks feasting on their data just to use Microsoft’s browser. For example, Edge uses a feature called Microsoft Defender SmartScreen in place of Google’s Safe Browsing. Edge also offers a feature called Tracking Prevention, Microsoft’s take on a tracker blocker that users can adjust to be more or less strict depending on their tolerance for false positives.

The showdown is clearly just beginning over the best path for browsers to take. But it’s refreshing, at least, for these platforms to finally be debating user protections and competing to offer the strongest defenses. The question is still whether they can get it right.


More Great WIRED Stories

Read More