Which Browser Is Better for Privacy?
With Firefox getting ads and Chrome extensions spying on me, is there really one browser that's better than the others when it comes to privacy? Does it matter if I use something like Opera or Safari instead? Is my browser watching what I'm doing and reporting back?
Dear Concerned Browser,
That's a great question, and the answer isn't as clear cut as you might think. Different browsers handle user data in different ways, and when you toss add-ons and extensions into the mix, the picture changes even more. Let's take a look at some of the most popular browsers from a privacy angle, and see who has your back when it comes to tracking-or not tracking-what you do online.
Chrome, and Google's Position on Browser Privacy
Google Chrome, being the dominant web browser in most of the world, has taken a few hits lately in the privacy department. Between adware-filled extensions
Like most browsers, Chrome has useful features that phone home to Google or use Google services. If you sign in to Chrome with your Google account, you can make use of Chrome Sync, which lets you sync your bookmarks, passwords, and tabs for later or to use on other devices. Logging in to Chrome also lets you use Chrome Apps, and while you don't have to sign in to install add-ons, Google definitely encourages it.
Chrome has discrete privacy settings, where you can enable or disable services like URL prediction, page pre-rendering, spelling correction, and usage statistics and crash reports. By default, most are turned on, but they're all under chrome://settings and "Show advanced settings." This is also the place you can enable Do Not Track, which, as long as sites honor it, also also helps protect your privacy
The amount of information Google gets varies depending the features you use. If you use conversational search or voice search, a recording of your audio, the URL requesting speech input, and the grammar settings of the page you're visiting are all sent to Google's servers, but all of that is required for the feature to work. If you use spell check, any text you type in Chrome is sent to check for spelling mistakes or errors. If you have usage statistics and bug reporting enabled, additional information is included. It's a lot of data, but Google is absolutely clear: none of it is personally identifying.
That said, Google doesn't say how long they store that information or how easy it would be to build a personal profile based on all of that non-personally identifiable information. We spoke to Google about their approach to privacy, and they replied in no uncertain terms: Privacy and security is a top priority. They cited their background fighting for internet privacy and against governments and companies that want to harvest data. Indeed, Google is leading the charge for transparancy in government data requests, and recently publisehd their first government transparency report.
Google reps also pointed to Chrome's safety record, their monetary rewards for bug reports, and their Pwnium contests, which encourage hackers to beat on Chrome and Chrome OS until they find vulnerabilities. Finally, since most of Chrome is open source, users can visit Chromium.org to look under the hood (emphasis on most of, as the issue of how open Chrome is, versus Chromium is a hotly debated ongoing issue.) Google also noted that Chrome was one of the first browsers to incorporate sandboxing as a security measure. When asked specifically about Chrome Sync, Google explained that sync data is always encrypted. As for the adware add-on debacle in recent weeks, Google explained to us that developers who inject ads are in violation of their upcoming policy change that demand that extensions be "simple and single-purpose." That policy change is due to take effect in June 2014, although they're enforcing it to some degree now. Google said they were looking into it, and recommend users report offending add-ons in the Chrome Web Store and they'll review them. That's a change of tone compared to when ArsTechnica and How-To Geek brought up the adware extension issue a few weeks ago. Back then, Google made it clear that the issue wasn't really their problem, and users should be careful what they install.
We talked to the Electronic Frontier Foundation for a second opinion, and while they noted that Chrome does give users control over their privacy, they explained that between NSA spying allegations
So bottom line: Google is confident in Chrome's overall security and its privacy protection features. Independent privacy advocates aren't so convinced, and note that Google is walking a line between dictating how much privacy their users get and giving them control over it themselves, which is a difficult place to be since they also make money off of user data. Debate aside, one thing is clear: Google obtains a great deal of information about you, but Chrome isn't a primary source of any of it. Gmail, your Google Search history, your YouTube account, your Google+ account, the files you store on Google Drive, and other browser-independent features are where your data really comes from, and in all of those cases, it doesn't matter what browser you use.
Firefox, and the Mozilla Foundation
Firefox has long been touted as the best browser for privacy. It's open source, managed by the non-profit Mozilla Foundation (of which, it should be noted, Google is an investor), and is at the core of most privacy-focused browsers (like the previously mentioned Tor Browser Bundle.) Even on the mobile side, Firefox for Android is open source and its code available to anyone who wants it. By most accounts, Mozilla is completely above board with what Chrome does, and the Foundation doesn't trade in user data, so there's no reason for them to harvest it.
Firefox does collect some information though. Firefox Sync uses your tab, password, bookmark, and other browser information to sync across devices, but that data is, like Chrome, encrypted. Firefox's privacy settings are easy to get to, and while they're not as granular as Chrome's, that's largely because there isn't as much to manage. All add-ons for Mozilla browsers are-unlike Chrome-reviewed before they're posted (although some are labeled "experimental" until they're tested.) This approach has helped them largely avoid the adware problem Chrome is suffering, although not completely. Some adware extensions for Firefox were identified, and others are just up front with what they do with your information.
We reached out to the Mozilla Foundation for their input on this piece, but despite lead time, multiple follow-ups, and repeated requests, they declined to comment, and wouldn't even direct us to documents publicly available about their own commitment to privacy. Regardless, Mozilla has its own privacy woes as of late. Recently Mozilla announced that they are planning to introduce ads in Firefox in the form of "sponsored tiles." In short, the first time you open Firefox after a fresh install, the "speed dial" you see will be pre-populated with sites relevant to your location or sponsored by Mozilla. It's resulted in a bit of backlash. Some people have said the move will alienate new users by shoving ads in their face as soon as they install, and SiliconAngle said Mozilla "sold its soul." Mitchell Baker, Chair of the Mozilla Foundation, recently stepped up to defend the move on her blog. In any event, for a privacy-forward browser, it's a bold move.
We asked the EFF about Firefox's privacy stance and the decision to venture into contextual advertising, and while they said it was a bit soon to have an official opinion on the latter, they did praise the former. Everyone agrees that Mozilla on the whole has a more privacy-friendly and user-focused track record than its competition. They pointed out that Firefox's open APIs give developers leeway to build add-ons that protect user privacy beyond what the browser already does, and the fact that Firefox is open source means there's a community of developers sifting through the code, reporting issues, and submitting fixes. That also means it's easier to trust that Firefox isn't doing anything shady in the background, as someone would have called it out by now. Firefox's user community is its real strength, even in spite of the Mozilla Foundation itself.
What About Opera, Safari, and Internet Explorer?
So if you don't use Firefox or Chrome, where does that leave you? We asked the EFF, but none of their experts had any knowledge when it came to browsers that weren't Chrome or Firefox. They did, however, note that privacy advocates generally prefer open source browsers like over closed-source, proprietary ones like Apple's Safari and Microsoft's Internet Explorer. The EFF praised both however for pioneering their own privacy features, like Safari's 3rd party cookie blocking and IE's Tracking Protection Lists. Still, the fact that you can't see under the hood and that neither have developer APIs makes them tough to analyze.
Opera is more interesting. When Opera ditched its priorietary engine for Blink, the same engine in Chrome
The Bottom Line: No, Your Browser Doesn't Make a Huge Difference
So where does that leave us? Well, your browser is probably sending some information back to the company that created it, but that information is explicitly used to support the features you have turned on. As long as you trust the developer behind your favorite browser, this isn't an issue. Bonus: there's nothing dangerous or invasive about using Chrome sync or Firefox sync.
However, what we learned underscores a few things. First, it's critical that you get familiar with your privacy settings. Look at the features you have enabled, and what information is required for them to work. Remember, that's the key to trading privacy for services
Also, the real privacy problems don't come from the browser itself, but from the third-party tools and sites you visit. Google has other ways to obtain the data they want-they have Gmail, your Google Search history, YouTube, Android app install history, and anything else you can see on the Google Dashboard. Most web companies use persistent tracking cookies to collect information about you
As always, we recommend that you get the best privacy-protecting add-ons
Have a question or suggestion for Ask Lifehacker? Send it to email@example.com.
Photos by Kostenko Maxim (Shutterstock).