Last week, the Federal Trade Commission tried to goad the federal government into entering the Web browser design business. In an advisory report, the FTC advocated the addition of a persistent “Do Not Track” setting to “consumers’ browsers—so consumers can choose whether to allow the collection of data regarding their online searching and browsing activities.”
As it turns out, not much goading will be necessary. Rep. Ed Markey, D-Mass., has proclaimed his intention to craft a bill that would mandate a similar privacy setting, one that would prevent the tracking of children using the Internet.
I won’t dwell on the irony that the government that’s keen to protect you from privacy-violating Web trolls also wants the Web’s plumbing retrofitted to make wiretapping easier. But the last organization I want designing my Web browser is the federal government.
That doesn’t mean that the first organization I want building privacy into my browser is a top software firm. There is no way to get around the fact that the current batch of top Web browsers were designed as advertising delivery systems first and editorial delivery systems second. The companies behind three of the four top browsers, Microsoft (Internet Explorer), Google (Chrome), and Apple (Safari), are all deeply invested in the advertising business. The company that makes the Firefox browser has been the benefactor of Google millions, which come primarily from advertising. The folks who make the Opera browser have likewise cashed Google’s checks.
None of the software companies set out to make porous, easily breached browsers. But it hasn’t been in their interests to make impregnable ones. The best illustration of who is driving Web-browser development can be found in the Aug. 2, 2010, Wall Street Journal article “Microsoft Quashed Effort to Boost Online Privacy.” The piece documents how Microsoft product planners wanted to bake security features into the company’s Internet Explorer 8 Web browser that would “automatically thwart common tracking tools,” as the Journal reports.
But Microsoft executives were keen on selling advertising. After all, Microsoft blew $6 billion on the purchase of the Web-ad firm aQuantive in 2007. Its fellow browser-builders went on advertising-company shopping sprees of their own: Google purchased DoubleClick for $3.1 billion in 2007 and AdMob for $750 million in 2009, and Apple bought AdMob competitor Quattro Wireless this year for $275 million. In the case of Internet Explorer 8, the Microsoft product planners were overruled—the automatic privacy guard settings were canceled, to the great pleasure of the advertising industry.
Giving advertisers control of the browser is like putting the ad industry in charge of television design. I’m sure if the advertising industry had its way, your television would report back to them your every burp and fart.
I don’t mean to imply a software-advertising conspiracy. Since the early days of the Web, the top players have been aboveboard about the ultimate costs of free browsers and free content: advertisements. And hand-in-hand with those advertisements have been the privacy-complicating cookies that track where you are, time how long you stay, note what you do, and then follow you where you go on the Web.
The best journalism about how marketers hunt and record your journeys into Cyberia can be found in the Wall Street Journal’songoing What They Know series. They aggressively spy on Web users, building dossiers on your likes and dislikes, your gender, your income level, your place of residence, and even your health. They then sell this information to other firms. For instance, this Journal piece shows how InfoCheckUSA “scrapes” social-media data and markets them to companies that are assessing job applicants. This piece reports the comeback of “deep packet inspection,” which profiles Internet users based on the data generated by their Web surfing. These companies and others make browsing the Web akin to walking down a block with 47 security cameras peering into your wallet and psyche. This spying has become so rampant that even Web giants like Comcast and Microsoft aren’t always aware of every powerful tracking cookie they drop on users’ computers, as this report from the Journal series shows.
Expert users already know how to minimize unwanted Web intrusions. They use their existing browser settings to block cookies or use a third-party program to manage them. They kill hard-to-kill Flash-cookies. They install Web add-ons that kill ads (some of which monitor surfing history) and programs like Noscript that block intrusive programs, some of them potentially dangerous to your computer’s health and your privacy. I am one such expert user, and my main browser is Firefox. But all that blocking and tackling can be exhausting. Just give a gander at this primer on Web browser security published by the Department of Homeland Security. It’s 5,775 words long!
But even after you take all the recommended cookie-crushing precautions and turn on the “private browsing” features of your browser, you can still be tracked, as this recent CNET piece reports. Modern browsers send Web sites a slew of seemingly innocuous information (browser version, OS, screen size, fonts installed, etc.) that can identify you.
Instead of letting the government decide what my browser does or doesn’t do, or trusting my Web access to Google and Microsoft’s conflicted executives, I’d prefer that a team of software engineers—who aren’t knee-deep in the advertising business—build a browser from the ground up that guarantees whatever privacy level I desire. I’d pay the going rate for such a piece of software, just as I’d pay for a security fence for my property or an anti-theft device for my car. Hell, I’d subscribe to such a super-browser if it promised regular updates to protect me from intrusions and infections.
Slatetechnology columnist Farhad Manjoo likes my argument but says: “I doubt there’s a market for such a browser. People don’t care about privacy. They just say they do. If they did, they wouldn’t use Facebook.”
So maybe I’m tilting at windmills. Don’t get me wrong. I’m not an anti-cookie raver who insists on invisibility every time I prowl the Web. Cookies make “logging in” to a Web site possible. They simplify the shopping experience. They deliver advertising that might interest me. But as the Journal series makes apparent, too many Web entrepreneurs observe no limits when they decide to snoop. It’s not in Microsoft, Google, or Apple’s interest to create browsers that serve me first and advertisers second.
What would a secure and private browser that users pay for look like? I’m not a software engineer, but it’s obvious that I would want it to do all the things that I currently kludge together on my own: provide cookie control and make it easy to block unwanted content—ads, video, malware, tracking software, scripts, etc. It would learn from my browsing patterns which sites I considered safe and “whitelist” them, and which sites I considered obnoxious and put them on a “blacklist.” It would offer genuine anonymous browsing, keeping “innocuous information” generated by your browser from identifying you. It wouldn’t wait for FTC saber-rattling before introducing more aggressive “tracking protection” and “tracking protection lists,” as Microsoft did yesterday for its upcoming Internet Explorer 9. It would establish inviolable “opt-in” privacy-and-security standards for participating Web sites and similar opt-in standards for advertisers who agreed to respect the new rules. (As I said, I’m not against advertising!)
Who could build such a browser? Makers of anti-virus software (a group that’s not already vested in the advertising industry) would be good candidates, as they’re accustomed to thinking the worst about the code spreading on the Web. And how would such a browser be received by Web sites? Well, if a site determines that you’re blocking advertising and tracking cookies, it might decide not to let you in its front door, which would be its right. There is no such thing as a free lunch—either at a bar or on the Web. Web sites that reject the privacy browsers could set up parallel pages that required payment for entry. I could live with that. We’ve been spoiled by “free software” and “free services” for too long. As Andrew Lewis wrote in August, “If you are not paying for it, you’re not the customer; you’re the product being sold.”
Unsell yourself. Demand a browser that you’d be happy to pay for.
Which current browser is the best? A study released in the spring found that Internet Explorer 8 was the best at blocking socially engineered malware, but that’s not the final word. As for the other browsers—Avant, Flock, Green Browser, K-meleon, Rockmelt, Maxthon, Sleipnir, and Slim—none of them measures up to my privacy ideal. Send your software fantasies to email@example.com and browse my Twitter feed. Thanks to Rebecca Rothfeld for research help. (E-mail may be quoted by name in “The Fray,” Slate’s readers’ forum; in a future article; or elsewhere unless the writer stipulates otherwise. Permanent disclosure: Slate is owned by the Washington Post Co.)
Track my errors: This hand-built RSS feed will ring every time Slate runs a correction for one of my pieces. For e-mail notification of errors in this specific column, type the word cookie in the subject head of an e-mail message, and send it to firstname.lastname@example.org.
Like Slate on Facebook. Follow us on Twitter.