OK Google, don’t delay real browser privacy until 2022
Google recently announced that their Chrome Web browser will — with luck, and if a bunch of other conditions come to pass — probably start blocking third-party cookies. And they’re optimistic that, with all of Google’s engineering expertise behind the project, they should be able achieve this goal within the next two years.
Privacy-focused Web browsers like Brave and Safari have been blocking third-party cookies for years. It’s not much of a technical challenge. And blocking third-party cookies barely scratches the surface of what’s needed to protect against web tracking. Here at Brave, we’d like to congratulate the Chrome team at Google being willing to consider the possibility of deploying a basic browser privacy protection some time in the next two years.
Two years is a long time, but there’s no need to hold your breath. Using Brave will get you third-party cookie blocking today, and our privacy protections go way beyond third-party cookies. Just imagine how much better that protection will be with two more years of feature development and engineering behind it!
|Feature||Brave Today||Chrome Today||Chrome (in 2022)|
|Third party cookies||Blocked1||Sent||Blocked|
|Connections to known trackers||Blocked||Allowed||Allowed|
|Identifier lifetimes||Limited (to stop tracking)||Unlimited (allows tracking)||Unlimited (allows tracking)|
|Tracking through referrers||Blocked2||Allowed||Allowed|
|Fingerprinting by third party sites||Blocked||Allowed||Allowed|
|Secure HTTPs connections||For sites that request it and for sites identified by EFF's HTTPS Everywhere list||For sites that request it||For sites that request it|
Google could block web tracking in Chrome just like we do in Brave. Brave is open source; it wouldn’t be hard for the Chrome team to use exactly the same code we do. But Google can’t kick the tracking habit. Tracking you is essential to their business model and at the core of their shareholder value proposition. Brave and others have been taking Google to task for how they track you across the web and how they’ve orchestrated the largest ongoing data breach that the world has ever seen. What the Web needs is a privacy-by-default approach that counteracts the surveillance economy. So far, Google has resisted improving Chrome’s privacy protections at every step of the way.
Suppose Google makes good on their commitment to stop tracking users via third-party cookies by 2022, does that make much of a difference for the advertising giant? Not likely.
Google is present in one form or another on more than 80% of the Web. Google Analytics is by far (with 85% market-share) the means by which web authors analyze their traffic. Gmail is the single most popular email provider with 16.4% of all email addresses. Google Hosted Libraries accounts for more than 54% of CDN usage. Google Ads dominates the digital advertising industry with 96.2% market-share. And lastly, Google’s Tag Manager enjoys a whopping 99.1% of the tag-manager market.3
Consider also Chrome’s position and composition. Google Chrome, as the most popular web browser on the market, ought to be closely watched. The community was surprised to find version 69 introduce “Identity Consistency,” which would log you into the browser if you logged into Gmail, YouTube, or any other Google property. Then there’s the default behavior of the omnibox address bar, which acts as an on-by-default key-logger, sending each keystroke, accidental paste, and more off to Google for suggestions.
What privacy by default really means
When we talk about privacy by default, we’re talking about putting you first. The Web exists to serve you, not the other way around. You shouldn’t have to read thousands of pages of privacy policies to know what’s going to happen when you browse the Web. You shouldn’t have to trust sites’ words about whether they’re following you across the Web; Web browsers should protect your privacy, even when sites want to track you.
With Brave, we’re doing our best to protect you from the tracking that’s built into today’s Web. But the Web doesn’t have to be this way — it doesn’t have to be built to enable tracking. And we’re working to fix that bug in the Web’s foundation. That’s what we’re working so hard on at the W3C, the standards body which oversees the technical specifications which underpin the Web. Brave isn’t just trying to protect you from tracking when you use our browser, we’re working to prevent tracking in any browser.
Google’s plan to block third-party cookies is contingent on the success of their “Privacy Sandbox” idea. Their blog post acclaims the positive feedback they’ve received on their proposal… in the W3C’s advertising business group. The reception in the W3C’s privacy oversight group has been much less rosy.
This proposal to make the smallest of baby steps to block web tracking in Chrome should be good news. But Google has attached numerous asterisks to the already vast two-year timeline, and this news comes at the same time that Chrome is planning to pull the rug out from under the most popular and effective tracker-blocking extensions. So it’s hard to hear this as much more than a move to consolidate Google’s power over online tracking and advertising, papered-over with some flimsy privacy window-dressing.
- Brave makes a very small number of exceptions here, for popular third-party embedded sites. These exceptions can be disabled through Brave’s settings.
- Brave makes a small number of exceptions here, where needed to unbreak websites. We expect these small number of alternatives to be temporary and replaced when we work on non-breaking, privacy preserving alternatives. Like all of Brave Browser, these exceptions are public and open source.
- Figures based on W3Tech Daily Reports.
Continue reading for news on ad blocking, features, performance, privacy and Basic Attention Token related announcements.
This is the eleventh post in an ongoing, regular series describing new privacy features in Brave. This post describes work done by Senior Software Engineer Mark Pilgrim and Filter List Engineer Ryan Brown, and was written by Director of Privacy Peter Snyder.
Brave, along with a team of DNS experts from the industry and open source communities, recently helped publish an IETF standard (RFC 9103) to fix a long-standing privacy and security hole in the DNS.
Today, Brave launched Brave Talk, a new privacy-focused video conferencing feature built directly into the Brave browser.