Big changes are afoot in the ad-sponsored web, and the browser has become a key battleground for end-user privacy. While Chrome is by far the most widely used browser in the world, there are alternative browsers and ways to improve your privacy when using Chrome.
Unfortunately, there’s no easy way yet to ensure total privacy through browsers, according to Dr Lukasz Olejnik, an independent privacy researcher and consultant, who led a large scale study in 2009-2011 that found web browsing histories can be used by online ad companies to fingerprint individual browsers over time.
Researchers from Firefox-maker Mozilla emulated his study in 2020 with 52,000 Firefox users, which confirmed Olejnik’s findings. They warned that Google’s and Facebook’s tighter grip on online advertising today makes the practice of re-identification through browsing histories an even more pressing privacy problem today.
ZDNet sought some exert tips from Olejnik, who these days is working on privacy-related specifications for the World Wide Web Consortium (W3C), including those connected to Google’s controversial Privacy Sandbox in Chrome and its related FLoC (Federated Learning of Cohorts) substitute for third-party cookies, which Google plans to block in 2022.
FLoC is being trialed now with some Chrome users in the US and other markets except Europe, where Google recently admitted FLoC might not be compatible with the EU’s General Data Protection Regulation (GDPR).
But FLoC won’t solve the problem of browser fingerprinting. “Fingerprinting is here to stay and the removal of third-party cookies indeed does not impact on this technique,” says Olejnik.
Easy to install, a burden to manage
However, he warns NoScript may be “quite cumbersome” since it takes time to click-through to decide which websites should be allowed what.
“But it is worth it,” he adds.
“Disabling scripting on weird or random sites is the biggest impact. Scripting is responsible for most of the most important privacy risks. It is also responsible for the delivery of some web browser exploits. So not having scripting on by default may actually save you from being hacked,” says Olejnik.
Of course, there are other approaches users can take too, including using a browser other than Chrome. To this end, Olejnik suggests it is wise to use several browsers for different tasks.
- Freely available for Firefox, Chrome and Chromium-based browsers
- Protects against the most common privacy and security threats on the web
- Doesn’t collect your web history
- A bit cumbersome to set up the allow list
View Now at NoScript
Is this really the most privacy-focused browser?
Brave is a Chromium-based browser that by default blocks ads, fingerprinting and ad-trackers. Brave in February announced it had passed 25 million monthly active users, which is still a fraction of Chrome’s 2 billion users across desktop and mobile.
Brave’s business model relies on privacy-protecting ads that can pay publishers and users with Basic Attention Tokens (BAT) when users pay attention to ads. It also recently acquired Tailcat to launch Brave Search, so it can provide a privacy-focussed alternative to Google Chrome and Google Search.
Brave’s privacy record isn’t unblemished. Eich in 2020 apologized to customers after being caught sharing default autocomplete answers with an affiliate cryptocurrency exchange.
Still, a recent study by Professor Douglas J. Leith at Trinity College at the University of Dublin rated Brave as the most private browser over Google Chrome, Mozilla Firefox, Apple Safari, and Chromium-based Microsoft Edge.
Leith looked at how much browsers communicate to each browser maker’s backend servers. Brave did not use any identifiers allowing the IP addresses to be tracked over time, and did not share details of web pages visited with its backend servers. By contrast Chrome, Firefox and Safari tagged telemetry data with identifiers linked to each browser instance.
Brave has removed a ton of Google code from its version of Chromium to improve user privacy and has also come out hard against Google’s FLoC ID proposal, which is beginning to roll out to Chrome users but will not been enabled in Brave.
Brave has several privacy-enhancing settings with options to block third-party ad trackers, a toggle for upgrading unsecured connections to HTTPS, cookie blocking and fingerprinting blocking. Users can adjust these in Settings with in the Shields and Privacy and security sections.
Despite alarm over FLoC, Olejnik says it is preferable to third-party cookies from a privacy standpoint, but he’s holding off judgement until he sees the final design.
FLoC is a type of fingerprint designed to replace third-party cookies. In this scheme, Google assigns a FLoC ID to clusters of Chrome users with similar interests, allowing for some privacy by letting individuals ‘hide within crowds’, as Google put it, while still delivering targeted ads to advertisers.
Still, Olejnik found the initial implementation of FLoC can leak users web browsing histories, so taking cover in the crowd might not actually work as intended yet.
“If I had to choose between third-party cookies or FLoC, I would choose FLoC. But it all depends on the final design and configuration. Care must be exerted in the design to avert the risk of data leaks,” Olejnik says.
“In my tests of the initial version, I verified that leaks of web browsing histories are indeed possible. But I am sure that the final solution would have to have some privacy settings designed and implemented. In current testing FloC, this is not the case.”
- Privacy-focussed by default
- Not in the traditional online ad business
- A fast experience
- No obvious negatives but issues in the past show it is not perfect
View Now at Brave
Probably the best privacy-preserving browser on the web
Chrome’s security and patching make it the most secure browser available today, but when looking solely at privacy, Olejnik rates Mozilla Firefox as the best of the pack. So, for those using a multi-browser strategy to improve privacy, Firefox is a must-have.
One of Firefox’s most important privacy features is Enhanced Tracking Protection. Mozilla has also borrowed Tor techniques to block browser fingerprinting and, despite its declining monthly active user numbers (it’s at 220 million today, down from 250 million a year ago), Firefox developers are on a constant quest to improve tracking-prevention features, such as its work on browser data storage that can be used for tracking users across the web, which goes beyond just stored cookies and targets multiple caches.
Firefox is rich with choices to customize the browser for privacy by typing about:preferences#privacy in the address bar. The “standard” Enhanced Tracking Prevention blocks social media trackers, cross-site tracking cookies, and blocks tracking in private windows, cryptominers, and fingerprinting scripts. There is a “strict” mode too that might break some sites, but there are ways to whitelist Enhanced Tracking Protection for trusted sites. And for those with the time, Mozilla provides a way to customize the privacy feature.
The other option for Firefox fans is Firefox Focus, a privacy-focussed browser for iOS and Android that blocks ad trackers and has a built-in ad blocker.
And if you’re against Chrome’s FLoC, Mozilla this week told Digiday that it too would oppose the fingerprinting technique and won’t be implementing it in Firefox.
“We are currently evaluating many of the privacy preserving advertising proposals, including those put forward by Google, but have no current plans to implement any of them at this time,” a Mozilla spokesperson said.
“We don’t buy into the assumption the industry needs billions of data points about people, that are collected and shared without their understanding, to serve relevant advertising,” they added.
- Firefox has invested a lot into Enhanced Tracking Prevention
- No interest in profiting from online ads
- Trusted by 220 million users
- Despite a major overhaul Firefox is still losing users
- Mozilla is pushing its read-it-later service Pocket through Firefox
View Now at Mozilla
Is an extension from a privacy search engine the answer?
DuckDuckGo, a privacy-focused search engine, is a vocal supporter of consumer’s privacy rights and in January hit a milestone of reaching 100 million user search queries in a day.
DuckDuckGo and the rise of encrypted messaging app Signal, shows there is a growing appetite for privacy-focussed alternatives to tech giants like Facebook and Google. Still, DuckDuckGo’s daily search numbers are minuscule compared to Google’s five billion daily search queries.
DuckDuckGo’s Privacy Essentials extension for Chrome, Firefox and Microsoft’s new Edge has been installed by four million Chrome users. Its reputation is built on the idea it does not collect user data but can provide the same search results as those that do collect user data.
In a seeming reaction to Google’s unchallenged dominance in search, some browser makers such as the To web-anonymizing project, made DuckDuckGo the default search engine to ship with its Firefox-based browser.
DuckDuckGo was founded by entrepreneur Gabriel Weinberg as a self-funded project in 2008.
The DuckDuckGo extension was also quick to block Google’s FLoC fingerprinting identifier.
And the company is a founding member of the Global Privacy Control (GPC) standard (which is still being hashed out) as an answer to consumer privacy protections under the California Consumer Protection Act (CCPA) and Europe’s General Data Protection Regulation (GDPR).
But it is browser extension and, like all software, there are vulnerabilities that crop up. In March, researchers discovered a cross-site scripting flaw in the DuckDuckGo Privacy Essentials that could allow an attacker to observe all websites that the user is visiting. Fortunately DuckDuckGo fixed the flaw fairly swiftly for both Chrome and Firefox.
- Supported on Chrome, Chromium-based browsers and Firefox
- DuckDuckGo appears to have a solid commitment to user privacy
- If you don’t like FLoC, it blocks it automatically
- It’s a software extension and that creates another avenue for security flaws to creep in
View Now at DuckDuckGo
The wild card for online privacy
Microsoft Edge, being based on Google’s Chromium project, is now available for Windows 10, macOS and Linux.
Microsoft was rated the worst browser for privacy by Professor Leith because of how often it sent identifiers, including IP address and location data to Microsoft servers — even worse than Google Chrome.
Microsoft told ZDNet it was just diagnostic data that can be easily disassociated from the device ID. Microsoft confessed its collection does include information about websites visited but said this information is not used to track users browsing history or URLs specifically tied to the user. Windows 10 telemetry data collection shows Microsoft can be clumsy on privacy despite Microsoft president Brad Smith’s principled statements on the use of facial recognition in public arenas.
Microsoft also has an interesting take on Google’s FLoC. A Microsoft spokesperson told ZDNet it does not support fingerprinting because users can’t consent to it. It is however developing its own alternative to FLoC called PARAKEET, which has similar goals to FLoC, like retargeting browsers over time.
“Like Google, we support solutions that give users clear consent, and do not bypass consumer choice. That’s also why we do not support solutions that leverage non-consented user identity signals, such as fingerprinting. The industry is on a journey and there will be browser-based proposals that do not need individual user ids and ID-based proposals that are based on consent and first party relationships. We will continue to explore these approaches with the community. Recently, for example, we were pleased to introduce one possible approach, as described in our PARAKEET proposal. This proposal is not the final iteration but is an evolving document,” Microsoft said.
Microsoft PARAKEET proposal says it supports an “ad-funded web because we don’t want to see a day where all quality content has moved behind paywalls, accessible to only those with the financial means.”
While Microsoft’s Bing search engine may not be widely-used, it does own LinkedIn and that brand’s online ad division brought in $2.58 billion in revenue in quarter ending December 2020 quarter, up 23% year on year, making up about 5% of Microsoft’s total $43.1 billion in revenue for that quarter.
Microsoft has never claimed to be a guardian of end-user privacy but it does at least provide a support page explaining what data Edge collects and why Microsoft collects it.
- It’s not Google Chrome
- Edge is gaining new features rapidly
- It has a burgeoning online advertising business
- Microsoft’s position on FLoC is ambiguous
View Now at Microsoft
Are there other browsers worth considering?
Another great choice for improving your privacy on the web is the Tor browser, which is based on Mozilla’s Firefox Extended Support Release (ESR). It’s been tweaked to help users use the Tor anonymizing network — a collection of distributed nodes versus a more centralized design like a VPN service. The Tor browser’s default search engine is DuckDuckGo.
While it isn’t a mainstream browser choice, the Tor browser is a well-regarded browser for people who don’t want to be tracked across the web and it gets updated on a monthly basis by the Tor Project.
However, page loads in the Tor browser can be slower and some sites might not work due to the architecture of the Tor network. Using the Tor browser for Google Search, for example, might require going through additional CAPTCHA challenges to prove you’re not a bot. Page loads are also noticeably slower on streaming services like Netflix.
Nonetheless, the Tor browser is worthy addition for people who use multiple browsers to get life done on the web.