You open your browser to see the web. Do you know who's looking at you?
During a recent week of web browsing, I peered under the hood of Google Chrome and discovered that it brought in a few thousand friends. Shopping, news, and even government websites discreetly tagged my browser to allow ad and data companies to access the shotgun while I clicked the Web.
This was made possible by the increased espionage of the Web: Google. Seen from within, your Chrome browser looks a lot like surveillance software.
Lately, I've been investigating the secret life of my data, conducting experiments to see what technology actually does under the cover of privacy policies that no one reads. It turns out that having the biggest advertising company in the world making the most popular browser was as smart as letting the kids run a candy store.
This made me decide to leave Chrome to get a new version of Mozilla Firefox, a non-profit organization that has standard privacy protections. Trading involved less inconvenience than you realize.
My tests of Chrome vs. Firefox revealed a snapshot of personal data of absurd proportions. In a week of web browsing on my desktop, I discovered 11,189 crawler "cookie" requests that Chrome would have entered directly into my computer but were automatically blocked by Firefox. These little files are the hooks that data companies, including Google itself, use to follow the sites you visit, so they can create profiles of your interests, income, and personality.
Chrome hosted the crawlers on sites that you think would be private. I watched Aetna and the Federal Student Aid site set cookies for Facebook and Google. They covertly told the data giants every time I opened the login pages of the insurance and loan service.
And that's not half that.
Look in the upper right corner of your Chrome browser. See a photo or a name in the circle? If so, you're connected to the browser, and Google may be accessing your web activity to target ads. Do not you remember coming in? Me neither. Chrome recently started doing this automatically when you use Gmail.
Chrome is even stranger on your phone. If you use Android, Google Chrome sends Google your location every time you do a search. (If you turn off location sharing, it still sends its coordinates, less precisely.)
Firefox is not perfect – it still standardizes searches on Google and allows for another crawl. But it does not share browsing data with Mozilla, which is not in the data collection company.
At a minimum, Web spying can be annoying. Cookies are like a pair of pants that you look at on a website just following you in ads elsewhere. More fundamentally, Web history, like the color of the panties, is nobody's business, but yours. Allowing someone to collect this data leaves them matured by attackers, spies and hackers.
Google product managers told me in an interview that Chrome prioritizes privacy choices and controls, and they are working on new ones for cookies. But they also said they have to get the right balance with a "healthy Web ecosystem" (read: ad business).
Firefox product managers said they do not see privacy as an "option" relegated to controls. They have launched a war on surveillance, beginning this month with "enhanced crawl protection" that blocks bystanders by default on new Firefox installations. But to be successful, Firefox must first convince people to care enough to overcome the inertia of the exchange.
It is a tale of two browsers – and the divergent interests of the companies that create them.
The fight of cookies
A decade ago, Chrome and Firefox were facing Microsoft's gigantic Internet Explorer. The new Chrome solved real problems for consumers, making the Web safer and faster. Today it dominates more than half of the market.
Lately, however, many of us have realized that our privacy is also a major concern on the Web – and the interests of Google Chrome do not seem to be more in line with ours.
This is most noticeable in the fight for cookies. These code snippets can do some useful things like remembering the contents of your shopping cart. But now many cookies belong to data companies, which use them to bookmark their browser so they can go their way like crumbs in the proverbial forest.
They are everywhere One study found third-party tracking cookies on 92% of sites. The Washington Post website has about 40 crawler cookies, on average for a news site, which the company said are used to provide better targeted ads and track ad performance.
You'll also find them on non-ads sites: both Aetna and the FSA service said cookies on their sites help you evaluate your own external marketing campaigns.
The blame for this mess belongs to the entire advertising, publishing, and technology industry. But what responsibility does a browser have to protect us from the code that does not do much more than espionage?
In 2015, Mozilla debuted a version of Firefox that included anti-tracking technology, enabled only in its "private" browsing mode. After years of testing and tuning, this is what has activated this month on all websites. It's not about blocking ads – they're still showing. Instead, Firefox is analyzing cookies to decide which ones to keep for the site's critical functions and which ones to block for spying.
Apple's Safari browser, used on iPhones, also began to apply "smart crawl protection "for cookies in 2017, using an algorithm to decide which ones were bad.
Chrome is currently open to all cookies by default. Last month, Google announced a new effort to force third-party cookies to identify better, and said we can expect new controls for them after they are released. But it would not offer a timeline or say if the pattern would stop the trackers.
I'm not holding my breath. Google itself, through Doubleclick and other advertising companies, is the number one cookie producer – Ms Fields, from the Web. It's hard to imagine Chrome hacking Google's money generator.
"Cookies play a role in user privacy, but a tight focus on cookies obscures the wider privacy discussion because it's just a way to track users on websites," said Ben Galbraith, director of product management for Chrome. "This is a complex problem, and simple, straightforward cookie blocking solutions force the crawling to more opaque practices."
There are other tracking techniques – and the arms race of privacy will become more difficult. But saying that things are too complicated is also a way of doing nothing.
"Our point of view is to deal with the biggest problem first, but anticipate where the ecosystem will change and work to protect against those things too," said Peter Dolanjski, product leader of Firefox.
Both Google and Mozilla said they are working on fighting fingerprints, a way to detect other markers on their computer. Firefox is already testing its features and plans to activate them soon.
Making the switch
Choosing a browser is no longer just about speed and convenience, but also about data patterns.
It is true that Google generally obtains consent before collecting data and offers many buttons that you can adjust to disable tracking and targeted advertising. But their controls often look like a shell game that results in sharing more personal data.
I felt cheated when Google silently started signing Gmail users on Chrome last year. Google says Google Chrome's change did not "sync" anyone's browsing history unless he specifically opted for it, but I discovered that mine was being sent to Google and I do not remember asking for extra surveillance. You can disable Gmail auto-login by searching for "Gmail" in Chrome settings and by turning off "Allow Chrome login."
After the turn-in, Matthew Green, a Johns Hopkins professor, made waves in the computer science world when he wrote on the blog that he was ready with Chrome. "I lost faith," he told me. "It takes only a few minor changes to make privacy very hostile."
There are ways to get rid of Chrome, which is much more complicated than using "Anonymous Mode". But it is much easier to switch to a browser that is not owned by an advertising company.
As Prof. Green, I chose Firefox, which works on phones, tablets, PCs and Macs. Apple Safari is also a good choice on Macs, iPhones and iPads, and the niche Courageous browser goes even further trying to disrupt the ad technology industry.
What does switching to Firefox cost you? It's free and downloading a different browser is much simpler than switching smartphones.
In 2017, Mozilla released a new version of Firefox called Quantum, which made it considerably faster. In my tests, it's almost as fast as Chrome, although benchmark tests have found that it may be slower in some contexts. Firefox says that it is better to manage memory if you use many and many tabs.
Switching means you need to move your bookmarks and Firefox offers tools to help. Changing passwords is easy if you use a password manager. And most browser add-ons are available, although it is possible that you may not find your favorite.
Mozilla has challenges to overcome. Among privacy advocates, the non-profit organization is known for caution. It took another year than Apple to make blocking cookies a standard.
And as a non-profit organization, it makes money when people do browser searches and click ads – which means their biggest source of revenue is Google. Mozilla CEO says the company is exploring new paid privacy services to diversify its revenue.
Its biggest risk is that Firefox may lose strength in its battle against the giant Chrome. Even though it is the second desktop browser, with about 10% of the market, major sites may decide to abandon the support, leaving Firefox shuffled.
If you care about privacy, wait for another result about David and Goliath.
Read more advice and technical analysis of Geoffrey A. Fowler:
Do not smile at surveillance: why airport face scans are a trap for privacy
What's new at Apple? "Dark Mode" on iOS, the end of iTunes, and privacy settings.
Help Desk: Stop sextortion online, maximize laptop battery life, and protect Word secret documents