ANALYZE: You open your browser to see the web. Do you know who's looking at you?
During a recent week of web browsing, I peeked under the hood of Google Chrome and discovered that it brought in a few thousand friends. Shopping, news, and even government websites quietly tagged my browser to allow ad and data companies to access the shotgun while I clicked the Web.
This was made possible by the increased espionage of the web: Google. Seen from within, your Chrome browser looks a lot like surveillance software.
Lately I've been investigating the secret life of my data, experimenting to see what technology really does under cover for privacy policies that no one reads. It turns out that having the biggest advertising company in the world making the most popular browser was as smart as letting the kids run a candy store.
CONSULT MORE INFORMATION:
* While you are sleeping, data companies investigate your iPhone
* Get your life in order with these apps
* Ways to block or minimize online tracking
* Why you should use anonymous browsing mode when browsing online
This made me decide to leave Chrome to get a new version of Mozilla Firefox, a non-profit organization that has standard privacy protections. Trading involved less inconvenience than you realize.
My tests of Chrome versus Firefox have revealed a snapshot of personal data of absurd proportions. In a week of web browsing, I discovered 11,189 crawler "cookie requests" that Chrome would have directed directly to my computer but were automatically blocked by Firefox. These little files are the hooks that data companies, including Google itself, use to follow the sites you visit, so they can create profiles of your interests, income, and personality.
Chrome received crawlers on sites that you think would be private. I watched Aetna and the Federal Student Aid site set cookies for Facebook and Google. They covertly told the data giants every time I took out the login pages of the insurance and loan service.
And that's not half that.
Look in the upper right corner of your Chrome browser. See a photo or a name in the circle? If so, you're connected to the browser, and Google may be accessing your web activity to target ads. Do not you remember coming in? Me neither. Chrome recently started doing this automatically when you use Gmail.
Chrome is even stranger on your phone. If you use Android, Google Chrome sends Google your location every time you do a search. (If you turn off location sharing, it still sends its coordinates, less precisely.)
Firefox is not perfect – it still standardizes searches on Google and allows for another crawl. But it does not share browsing data with Mozilla, which is not in the data collection business.
At the very least, spying on the web can be annoying. Cookies are like a pair of pants that you look at on a website just following you in ads elsewhere. More fundamentally, web history – like the color of the panties – is nobody's business except yours. Allowing someone to collect this data leaves them matured by attackers, spies and hackers.
Google product managers told me in an interview that Chrome prioritizes privacy choices and controls, and they are working on new ones for cookies. But they also said they have to get the right balance with a "healthy web ecosystem" (read: business ads).
Firefox product managers told me they do not see privacy as an "option" relegated to controls. They've started a war on surveillance, starting this month with "enhanced crawl protection" that blocks stuck-in cookies by default on new Firefox installations. But to be successful, Firefox must first convince people to care enough to overcome the inertia of the exchange.
It is a tale of two browsers – and the divergent interests of the companies that make them.
COMBATING THE COOKIES
A decade ago, Chrome and Firefox were facing Microsoft's giant Internet Explorer. The new Chrome solved real problems for consumers, making the web safer and faster. Today it dominates more than half of the market.
Lately, however, many of us have realized that our privacy is also a major concern on the web – and the interests of Google Chrome no longer seem to be in line with ours.
This is most noticeable in the fight for cookies. These code snippets can do some useful things like remembering the contents of your shopping cart. But now many cookies belong to data companies, which use them to bookmark their browser so they can go their way like crumbs in the proverbial forest.
They are everywhere – a study discovered third party tracking cookies on 92% of sites. O Washington Post The site has about 40 crawler cookies, the average of a news site, which the company said are used to display more targeted ads and track the performance of the ads.
You'll also find them on non-ads sites: both Aetna and the FSA service said cookies on their websites help measure their own external marketing campaigns.
The blame for this mess belongs to the entire advertising, publishing, and technology industry. But what responsibility does a browser have to protect us from the code that is not doing much more than espionage?
In 2015, Mozilla debuted a version of Firefox that included anti-tracking technology, enabled only in its "private" browsing mode. After years of testing and tuning, that's what activated this month on all sites. It's not about blocking ads – they're still showing. Instead, Firefox is analyzing cookies to decide which ones to keep for the site's critical functions and which ones to block for spying.
Apple's Safari browser, used on iPhones, also began applying "smart tracking protection" to cookies in 2017, using an algorithm to decide which ones were bad.
Chrome is currently open to all cookies by default. Last month, Google announced a new effort to force third-party cookies to identify better, and said we can expect new controls for them after they are released. But it would not offer a timeline or say if the pattern would stop the crawlers.
I'm not holding my breath. Google itself, through Doubleclick and other advertising companies, is the # 1 cookie maker – Mrs Fields on the web. It's hard to imagine Chrome hacking Google's money generator.
"Cookies play a role in user privacy, but a narrow focus on cookies obscures the wider privacy discussion because it's just a way to track users on websites," said Ben Galbraith, director of product management for Chrome. "This is a complex problem, and simple, straightforward cookie blocking solutions force the crawling to more opaque practices."
There are other tracking techniques – and the arms race of privacy will become more difficult. But saying that things are too complicated is also a way of doing nothing.
"Our point of view is to deal with the biggest problem first, but anticipate where the ecosystem will change and work to protect against those things too," said Peter Dolanjski, product leader of Firefox.
Both Google and Mozilla said they are working on "fingerprint" combat, a way to detect other markers on your computer. Firefox is already testing its features and plans to activate them soon.
Choosing a browser is no longer just about speed and convenience – it's also about data patterns.
It's true that Google generally gets the consent before collecting data and offers many buttons that you can adjust to turn off crawling and targeted advertising. But their controls often look like a shell game that results in sharing more personal data.
I felt cheated when Google silently started signing Gmail users on Chrome last year. Google says changing Chrome did not make anyone's browsing history "synced," unless you specifically opted for it – but I discovered that mine was being sent to Google and I do not remember asking for surveillance extra. You can disable Gmail auto-login by searching for "Gmail" in Chrome settings and by turning off "Allow Chrome login."
After the turn-in, Matthew Green, a Johns Hopkins professor, made waves in the computer science world when he wrote on the blog that he was ready with Chrome. "I lost faith," he told me. "It takes only a few minor changes to make privacy very hostile."
There are ways to get rid of Chrome, which is much more complicated than just using "Incognito Mode". But it is much easier to switch to a browser that does not belong to an advertising company.
Like Green, I chose Firefox, which works on phones, tablets, PCs, and Macs. Apple Safari is also a good choice on Macs, iPhones and iPads, and the Brave browser niche goes even further by trying to mess up the ad technology industry.
What does switching to Firefox cost you? It's free, and downloading a different browser is much simpler than changing phones.
In 2017, Mozilla released a new version of Firefox called Quantum, which made it considerably faster. In my tests, it looks almost as fast as Chrome, although benchmark tests have found that it may be slower in some contexts. Firefox says that it is better to manage memory if you use many and many tabs.
Switching means you have to move your bookmarks and Firefox offers tools to help. Changing passwords is easy if you use a password manager. And most browser add-ons are available, although it is possible that you may not find your favorite.
Mozilla has challenges to overcome. Among privacy advocates, the non-profit organization is known for caution. It took another year than Apple to make blocking cookies a standard.
And as a non-profit organization, it makes money when people do browser searches and click ads – which means their biggest source of revenue is Google. Mozilla CEO says the company is exploring new paid privacy services to diversify its revenue.
Its biggest risk is that Firefox may lose strength in its battle against the giant Chrome. Even though it is the desktop browser number 2, with around 10% of the market, the main sites may decide to abandon the support, leaving Firefox shuffled.
If you care about privacy, let's wait for another result of David and Goliath.