When it comes to privacy by default, settings matter!
Good analysis Patrick,
Provides interesting perspectives.
Best Regards
On 6/5/19, Patrick A. M. Maina via kictanet
<[email protected]> wrote:
> I recently did a side-by-side comparison of several mainstream (and some
> emerging browsers e.g. Brave) and found Firefox to be the least intrusive of
> the better browsers.
> Using a network traffic monitor, I peeked under the hood to see what the
> browsers were secretly doing in the \”background\” and lo-and-behold, Chrome
> was so aggressive that it looked like a data-harvesting malware, even with
> add-ons and extensions disabled. I did some research on it and noted that
> users who had raised similar issues (several years earlier) had apparently
> been stonewalled for some reason. This led to a prompt and permanent
> uninstall of Chrome on that device.
> Surreptitious data harvesting is problematic because it enhances online
> risks (e.g. risk of \”spear phishing\” attacks, as well as theft of business
> trade secrets – including theft by inference). This should be of concern to
> emloyees, enterpreneurs and government workers. So why aren\’t users
> switching in droves to less intrusive browsers?
> I have two hypotheses about this:
> 1. Privacy awareness campaigns don\’t appear to be strategically
> contextualized and/or targeted. For example, the word \”privacy\” has a
> personal activity context connotation and may not trigger alarm bells in
> official contexts. I think words like \”spying\” or \”snooping\” or \”stealing\”
> need to be used a lot more as they convey, with far greater clarity, the
> idea of surreptitious activity and/or motives, while instilling a sense of
> urgent need for action.
> 2. Alternative browsers have to overcome network effects (and build their
> own). This requires long-game strategies that, on casual inspection, don\’t
> appear connected to browser adoption / lock-in. The strategy has to align
> with (and leverage) anthropological insights as well.
> Let\’s use Chrome as an example:
> Chrome users are locked-in to Google\’s strong network effects, which exist
> at the Android ecosystem level (developers, tech support, advertisers and
> end-users).
> Google works hard to grow/maintain its dev community by offering a vast
> array of tools as well as monetization opportunities. Google\’s secret value
> proposition across all their products is… wait for it… \”success\”.
> Once onboarded, cool, proprietary (but apparently inconsequential) features
> tempt devs to tailor their webapps towards Chrome as the \”main\” browser and,
> slowly but surely, dev lock-in creeps in. The difference between Google and
> Microsoft in terms of dev lock-in strategy is that Google\’s approach is more
> subtle: it doesn\’t cause hard breaks in functionality on different browsers
> (which would be a big no-no for devs – it only degrades it.. quietly passing
> the UX pain to end users as \”punishment\” for using the \”wrong\” browser).
> This leads to \”works best on Chrome\” advisories on millions of help pages /
> documentation, which in turn *heavily* influences end-user (and tech
> support\’s) preferences and more importantly, perceptions about quality and
> performance advantage. It\’s like a massively viral reverse ad campaign where
> the advertisers pay you to advertise *your* product.
> Humans are creatures of habit and consistency. So the browser you use more
> frequently (or at work) is likely the one you\’ll want to use on your
> personal devices. Soon the user starts \”advising\” others on which browser is
> \”best\” (more free marketing). This reinforces the user\’s own perception of
> preferences, boosting perceived loyalty and making it even harder to switch
> even when the browser has issues the user doesn\’t like (cognitive
> dissonance).
> I noticed this effect on myself when switching from IE (after almost two
> decades) to Chrome, and a few years later, from Chrome to Firefox. Switching
> is hard.
> To get users to change their browser habits, it makes sense to target the
> dev & support ecosystem agressively with a different value proposition (i.e.
> \”success\”). This could mean being more flexible and pragmatic on certain
> core philosophies like FOSS, which pushes poor/hungry/enterpreneurial
> developers into the arms of monetized platforms. Food is no longer FOSS
> (unfortunately)… people need money to eat, and bills have to be paid. FOSS
> values are noble and important, but they become elitist when implemented as
> universal dogma without regard to economic context (e.g. for devs in low
> income countries).
> Legal and policy tools have to be leveraged as well. Google rode on
> antitrust regulations, for example, to penetrate Microsoft\’s IE moat and
> give chrome a chance on the PC (they then cheekily went on to do what
> Microsoft had been penalized for doing, with their inbuilt OS integrated
> apps).
> Slightly off-topic, but might be of interest to some.
> Good day & brgds,
> Patrick.
> Patrick A. M. Maina[Cross-domain Innovator | Public Policy Analyst –
> Indigenous Innovations]
>
>
> On Wednesday, June 5, 2019, 5:40:42 AM GMT+3, Alice Munyua via kictanet
> <[email protected]> wrote:
>
>
> blog.mozilla.org/blog/2019/06/04/when-it-comes-to-privacy-default-settings-matter/
>
>
>
> What if I told you that on nearly every single website you visit, data about
> you was transmitted to dozens or even hundreds of companies, all so that the
> website could earn an additional $0.00008 per ad! This is a key finding from
> a new study on behaviorally targeted advertisements from Carnegie Mellon
> University and it should be a wake-up call to all of us. The status quo of
> pervasive data collection in service of ad targeting is untenable. That is
> why we’re announcing some key changes to Firefox.
>
> Today marks an important milestone in the history of Firefox and the web. As
> of today, for new users who download and install Firefox for the first time,
> Enhanced Tracking Protection will automatically be set on by default,
> protecting our users from the pervasive tracking and collection of personal
> data by ad networks and tech companies.
>
> It seems that each week a new tech company decides to decree that privacy is
> a human right. They tout how their products provide people with “choices” to
> change the settings if they wish to opt into a greater level of privacy
> protection to exemplify how they are putting privacy first. That begs the
> question — do people really want more complex settings to understand and
> fiddle with or do they simply want products that respect their privacy and
> align with their expectations to begin with?
>
> Privacy shouldn’t be relegated to optional settings
>
> When thinking about consumer privacy online, I’m reminded of the behavioral
> economics studies which led to 401K plans (US retirement savings plans)
> moving from voluntary enrollment to auto-enrollment. Not too long ago most
> defined contribution retirement savings plans in the US required employees
> to sign-up and volunteer to start participating. Participation rates were
> very low. Why was that? Was it because people didn’t care about saving for
> retirement? Not at all! There were simply too many barriers to aligning with
> people’s expectations and desires and the benefits of saving for retirement
> aren’t felt immediately.
>
> We are in a similar position with respect to software privacy settings.
> Pervasive tracking is too opaque and potential privacy harms are never felt
> immediately. The general argument from tech companies is that consumers can
> always decide to dive into their browser settings and modify the defaults.
> The reality is that most people will never do that. Yet, we know that people
> are broadly opposed to the status quo of pervasive cross-site tracking and
> data collection, particularly when they learn the details on how tracking
> actually works.
>
> We also know that traditional privacy features such as Chrome’s Incognito
> mode are failing to live up to consumer expectations. The feature might keep
> your spouse from knowing what you’re thinking about getting them for your
> anniversary by erasing your history, but it does not prevent third-party
> tracking. Our research shows that Firefox users are seeking out privacy
> protection, particularly through the use of Firefox’s Private Browsing mode.
> In fact, nearly 25% of web page loads in Firefox take place in a Private
> Browsing window. The good news for these users is that Firefox’s Private
> Browsing mode has long put users first by blocking tracking. The bad news is
> that this generally isn’t true for many popular browsers, which allow
> tracking even in private browsing/incognito mode. A recent study found that
> users don’t understand this and think their data is being protected, when it
> is actually not.
>
> As was the case with retirement savings plans, what this shows us is that
> the burden needs to shift from the consumers to the companies whereby the
> complexity of privacy settings shouldn’t be placed on users to figure out.
> The product defaults should simply align with consumer expectations. That is
> the approach we are taking in Firefox.
>
> Enhanced Tracking Protection by Default
>
> As stated above, new Firefox users will have strong privacy protection from
> the moment they install. We also expect to deliver the same functionality to
> existing users over the coming months. Because we are modifying the
> fundamental way in which cookies and browser storage operate, we’ve been
> very rigorous in our testing and roll-out plans to ensure our users are not
> experiencing unforeseen usability issues. If you’re already using Firefox
> and can’t wait, you can turn this feature on by clicking on the menu icon
> marked by three horizontal lines at the top right of your browser, then
> Content Blocking. Go to your privacy preferences and click on the Custom
> option on the right side. Mark the Cookies checkbox and make sure that
> “Third-party trackers” is selected. To learn more about our privacy and
> security settings and get more detail on what each section — Standard,
> Strict, and Custom — includes, visit here.
>
> For existing users, go to your privacy preferences and click on the Custom
> option, ark the Cookies checkbox
>
> If you are new to Firefox, we’d love for you to give it a try. Download the
> latest version here.
>
> When it comes to privacy, default settings matter! We hope that the actions
> we are taking can ultimately compel change in the industry. Afterall,
> consumers deserve better.
>
> _______________________________________________
> kictanet mailing list
> [email protected]
> lists.kictanet.or.ke/mailman/listinfo/kictanet
> Twitter: http://twitter.com/kictanet
> Facebook: www.facebook.com/KICTANet/
>
> Unsubscribe or change your options at
> lists.kictanet.or.ke/mailman/options/kictanet/pmaina2000%40yahoo.com
>
> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for
> people and institutions interested and involved in ICT policy and
> regulation. The network aims to act as a catalyst for reform in the ICT
> sector in support of the national aim of ICT enabled growth and
> development.
>
> KICTANetiquette : Adhere to the same standards of acceptable behaviors
> online that you follow in real life: respect people\’s times and bandwidth,
> share knowledge, don\’t flame or abuse or personalize, respect privacy, do
> not spam, do not market your wares or qualifications.
>