(Please note that this post does not reflect Mozilla’s position or policies.)
Like many parts of our computing systems, some of the core parts of the Web platform weren’t designed with security in mind and as a result, users are suffering to this date. The web platform has tried to provide a secure sandboxed environment where users can run applications from untrusted sources without the fear of their devices or data being compromised. But the fact is that if we were to design a second iteration of this platform from scratch, we would probably make vastly different choices when it comes to issues such as execution of third-party code, or persistence of global data exposed to third-parties.
Over the years, browsers have spent significant efforts to restrict the attempts that these third-parties that are present on the Web today can do. However, these basic foundational problems have remained unsolved in most browsers. As a result, third-parties have been engaged in activities like collecting the user’s browsing history, personal data, information about their device, and so on, which is a subversion of the built-in protections that browsers provide to prevent the “straightforward” ways of getting this data from the third-party’s own website (aka, their own users). Safari is the notable exception in at least the area of exposure of global data to third-parties. I think they got the right defaults from the beginning which was hugely advantageous for both Safari and the browser community at large — for the latter since it showed that the “holy grail” of exposing no global data to third-parties is achievable, not some far-into-the-future dream which will never happen.
What’s worse, the presence and actions of these third-parties is often hidden from the user. Even when their presence is obvious (e.g. through a visible iframe) their appearance may give the impression that they’re inert until interacted with, which is far from what’s actually going on behind the scenes. As a result, when the user uses a browser, they often have very little knowledge of the implications of any of the actions they’re taking while browsing, in terms of the presence of these third-parties. After all, the browser interface has traditionally been designed around the concept of a safe sandboxed environment where the user can navigate from page to page freely (and the browser would intervene if something would go wrong by putting up a prompt). The whole online tracking ecosystem is fundamentally incompatible with the basic UI principles of browser design IMO. Not that the problem is on the browser design side. 🙂
One thing that has been interesting is the response of the industry to the norms enforced by the browser. Safari’s privacy protections have been under attack many times (such as by Google and Criteo). This pattern of circumvention of browser provider privacy protections shows a will to exceed the limits of doing what’s allowed. It also demonstrates that the third-party side of the picture here is willing to enter an arms race.
But what about users in this picture? Right now, they have very little power, if any at all, in this picture. In social and political sciences, power is defined as the ability to control or shape other people’s behavior. Users need to have some ability to change the behavior of these third-parties, if we have any hopes of the Web improving. There are many potential solutions one could think of, and some have been tried, but I think users could use more technical leverage here. One problem is that most browsers have traditionally been on the side of the third-parties, through not clamping down on the problematic practices hard enough, so the playing field is highly skewed for the benefit of these actors.
I think there is also an equity aspect to this. Those with technical know-how typically learn enough to protect themselves through installation of tracking protection extensions, and using more privacy friendly browsers. But based on the public data available we know the reach of these add-ons is quite tiny compared to the population of users who are on the Web. Furthermore, the situation is astonishingly bad in Chrome-majority Android markets on mobile, where users often stick to the OS-provided browser, contractually required by Google, which currently has no plans to support extensions on mobile, even though they have been shown viable for years by competitors such as Firefox for Android, Yandex Browser (based on Chromium), etc. So many users there are stuck with a browser that doesn’t even allow them to find a way to protect themselves, unless if they seek a secondary browser, and know which one to pick. The technical know-how required for this sometimes corresponds to aspects of the individual such as the background of their family, where they came from, their wealth and social class, etc. Whereas privacy should really be considered a human right, irrespective of any of these factors. In order to address this aspect, we need protections that work out of the box, don’t need configuring anything, and don’t get in the way of the user, and don’t need educating the user, and don’t put any burden on the user by assuming they’re going to understand or care about the technical details of how online tracking works.
Safari has led the way here in the past few years with ITP, and Mozilla recently announced that Firefox will be changing its approach going forward as well. We need other browsers to join us in this battle as well, and we need to engage on many fronts and try to win back our users’ privacy bit by bit. When thinking about the future, one can look at browsers realigning themselves with the user’s privacy expectations as leveling the playing field between the user, the website and the third-party. We may never find the perfect balance, but we can surely do better than the Web that we have on our hands so far.